The Australian Privacy Principles (APP) provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consists of 13 principle-based laws that apply equally to paper-based and digital records.
This policy is aimed to guide staff in meeting APP obligations, and also details to patients how Prahran Market Clinic uses their personal information. This policy must be made available to patients upon request and is available on our website.
Prahran Market Clinic will:
• Provide a copy of this policy or privacy brochure upon request
• Ensure staff comply with the APP and deal appropriately with inquiries and concerns
• Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
• Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.
The Clinic’s staff will take reasonable steps to ensure patients understand:
• What information has been and is being collected
• Why the information is being collected, and whether this is due to a legal requirement
• How the information will be used or disclosed
• Why and when their consent is necessary
• The Clinic’s procedures for access and collection of information, and responding to complaints of information breaches, including by providing this policy
Prahran Clinic will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Clinic staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of Information
Prahran Market Clinic will need to collect personal information as a provision of clinical services to a patient at the practice. Collected personal information will include patients’:
• Names, addresses and contact details
• Medicare number (where available) (for identification and claiming purposes)
• Healthcare identifiers if registered (My Health)
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
A patient’s personal information may be held at the Clinic in various forms:
• As paper records
• As electronic records
• As visual – x-rays, CT scans, videos and photos
• As audio recordings
The Clinic’s procedure for collecting personal information is set out as follows:
1. Clinic staff collect patients’ personal and demographic information via registration when patients present to the Clinic for the first time. Patients are encouraged to pay attention to the collection statement contained with the form and information about the
management of collected information and patient privacy.
2. During the course of providing medical services, the Clinic’s healthcare practitioners will consequently collect further personal information.
3. Personal information may also be collected from the patient’s guardian or responsible person (where practical and necessary), or from any other involved healthcare specialists with consent.
The Clinic holds all personal information securely, whether in electronic format, in protected information systems, or in hard copy format in a secured environment.
Use and Disclosure of Information
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. Some disclosure may occur to third parties engaged by or for the Clinic for business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy. Prahran Market Clinic will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).
The Clinic will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. The Clinic will not disclose personal information to anyone outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
• Required by law
• Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
• To assist in locating a missing person
• To establish, exercise or defend an equitable claim
• For the purpose of a confidential dispute resolution process
The Clinic will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt out of direct marketing at any time by notifying the Clinic in a letter or email.
The Clinic evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
Access, Corrections and Privacy Concerns
The Clinic acknowledge that patients may request access to their medical records. Patients are encouraged to make this request in writing, and the Clinic will respond within a reasonable time.
The Clinic will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, the Clinic will ask patients to verify that the personal information held by the Clinic is correct and up to date. Patients may also request that the Clinic corrects or updates their information, and patients should make such request in writing.
Office of the Victorian Information Commissioner
Office of the Health Services Commissioner
Victoria 1300582 113
Office of the Australian Information Commissioner