We collect no personal information about you when you visit this web site unless you choose to provide this information to us. However, certain information about site visitors is automatically collected and stored.
The provision of quality health care requires a doctor – patient relationship of trust and confidentiality. Consistent with our commitment to quality care, my practice has developed a policy to protect patient privacy in compliance with privacy legislation.
Our policy informs you:
- That we need your consent to collect information about you;
- The kinds of personal information that we collect and hold;
- How we collect and hold your personal information;
- The purposes for which we collect, hold, use and disclose your personal information;
- How you may access the personal information we hold about you and seek the correction of such information;
- How you may complain about a breach of the Australian Privacy Principles (APP), and how we will deal with such a complaint;
- and Whether we are likely to disclose personal information to overseas recipients, and if so, the countries in which such recipients are likely to be located if it is practicable to specify those countries.
Your Privacy Is Our Business
Open and Transparent Management of Personal Information
We have made this and other material available to you to inform you of our policies on management of personal information. On request, we will let you know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold, use and disclose that information.
Anonymity and Pseudonymity
You have a right to be dealt with anonymously or by using a pseudonym, provided this is lawful and practicable. However, in the medical context this is not likely to be practicable or possible for Medicare and insurance rebate purposes. It could also be dangerous to your health.
Collection of Solicited Personal Information
It is necessary for us to collect personal information from patients and sometimes from others associated with their health care in order to attend to the patient’s health needs and for associated administrative purposes. ‘Personal information’ is any information recorded about a person where their identity is known or could be reasonably worked out. We will be fair in the way we collect information about our patients. This information is generally collected directly from our patients, but from time to time we may receive patient information from other sources. When this occurs we will, wherever possible, make sure you know we have received this information. Personal information also includes photographs (see our ‘policy on patient photographs’ later). If you are unwilling to provide any of the information we request please discuss it with us. In certain circumstances this may require you to seek professional services elsewhere and not from us.
Health information is ‘sensitive information’ for the purposes of privacy legislation. This means that generally your consent will be sought to collect such health information that is necessary to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in your health care.
Dealing with Unsolicited Personal Information
If we receive unsolicited personal information we will determine, within a reasonable period after receiving the information, whether or not we could have collected the information under APP 3 – as if we had solicited the information. For instance, we often receive unsolicited personal information in the form of referrals directly from referring medical practitioners. We will assess the information to ensure it is addressed to me or my associates – if this is the case, the personal information will be treated as if we had solicited the information.
We may use or disclose the personal information for the purposes of making the determination. If we determine that we could not have collected the personal information under APP 3, for example, the information is addressed to the wrong practice/medical practitioner; and the information is not contained in a Commonwealth record, as soon as practicable, and lawful and reasonable to do so, we will destroy the information or ensure that the information is de-identified.
Notification of the Collection of Personal Information
Use and Disclosure
A patient’s personal health information is used (i.e. by this practice) or disclosed (i.e. to others) for purposes directly related to their health care and in ways that are consistent with patients’ expectations (the primary purpose). In the interests of the highest quality and continuity of health care this may include sharing information with other healthcare providers who comprise a patient’s medical team from time to time. In addition there are circumstances when information will be disclosed without patient consent such as:
- Emergency situations;
- By law, doctors are sometimes required to disclose information for public interest reasons, e.g. mandatory reporting of some communicable diseases;
- It may be necessary to disclose information about a patient to fulfil a medical indemnity insurance obligation and medical defence purposes;
- Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes;
- To credit agencies and debt collection agencies in the event of default on bill payment after fair warning;
- A patient’s involvement in unlawful activity. In general, a patient’s health information will not be used for any other purpose without their consent. There are some necessary purposes of collection for which information will be used beyond providing health care (the secondary purpose), such as professional accreditation, quality assessments, clinical audit, billing and so forth. I use shared patient files and therefore all patient records collected at this practice will be available to any medical practitioner you see at this practice.
Direct marketing involves the promotion of goods or services directly to patients, for example advertising via post, email, and SMS.
Where we collect personal information directly from an individual, we may use or disclose that information (other than sensitive information) for the purpose of direct marketing if:
- the individual would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
- we provide a simple way of opting out of direct marketing;
- and the individual has not already requested to opt out of direct marketing from us.
- We do not disclose personal information to third parties for the purposes of direct marketing.
- Individuals may request that we provide its source of their information. If such a request is made, we must notify the individual of its source without any charge within a reasonable period of time, unless it is impracticable or unreasonable to do so.
- Related Commonwealth laws such as the Spam Act 2003, the Freedom of Information Act 1982 and the Do Not Call Register Act 2006 apply.
Cross-border Disclosure of Personal Information
An individual’s privacy is protected Australia wide by privacy laws. We will take steps to protect patient privacy if information is to be sent interstate or outside Australia. We will not disclose personal information to recipients overseas, without that individual’s consent. No data is stored or processed offshore.
Adoption, use or disclosure of Government Related Identifiers
These are the numbers, letters or symbols that are used to identify you with or without the use of a name (e.g. Medicare/DVA numbers). We will limit the use of identifiers assigned to you by Commonwealth Government agencies to those uses necessary to fulfil our obligations to those agencies.
Quality of Personal Information
We will take such steps as are reasonable to ensure that the personal information that it collects, uses and discloses is accurate, up-to-date, complete and relevant.
Security of Personal Information
The storage, use and, where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for medical practices to keep patient information after a patient’s last attendance for as long as is required by law or is prudent having regard to administrative requirements.
Access to Personal Information
You may request access to your personal health information held by this practice. While not required to give reasons for your request, you may be asked to clarify the scope of the request:
- There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained.
- A charge may be payable when the practice incurs costs in providing access.
- The material in which the doctor has copyright might be subject to conditions that prevent further copying or publication without the doctor’s permission.
- This practice acknowledges the right of children to privacy of their health information. Based on the professional judgment of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents or guardians.
- Upon your request your health information held by this practice will be made available to another health service provider.
Correction of Personal Information
We will take all reasonable steps to amend or correct any personal information held that is not accurate, complete or up-to-date. If we corrects personal information about an individual that we have previously disclosed to another party and the individual requests that we notify the other party of the correction, we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
If you and my practice disagree about whether your information is accurate, complete and up-to-date, you may request that we associate the information with a statement claiming that the information is not accurate, complete or up-to-date.
We will provide reasons for denial of access or a refusal to correct personal information.
It is important to us that your expectations about the way in which we handle your information are the same as ours. You should feel free to discuss any concerns, questions or complaints about any issues related to the privacy of your personal information with us. If you believe a privacy breach has occurred, please contact:
The Privacy Officer
Dr Howard Webster
Level 2 650 Bridge Rd
If you are still dissatisfied you can complain to the Australian Information Commissioner. Further information about an individual’s privacy rights can be obtained from the Office of the Australian Information Commissioner
GPO Box 5218,
Sydney NSW 2001
Privacy Hotline: 1300 363 992
Our Policy On Patient Photographs
Photographs are an important part of your medical record, and are a form of personal information that is ‘sensitive information’.
During the course of your treatment, photographs may be taken for our records (i.e. our ‘use’). These are necessary for accurate record keeping, comparison and reference. These photographs are accessible only by the staff in this practice.
Identifiable photographs (i.e. those that are identifiable as you) will not be shown to other patients or published in medical literature (i.e. ‘disclosed’) without your consent.
However, identifiable photographs may occasionally be shown without your express consent in closed medical sessions with other doctors or nurses for educational purposes only. These sessions are bound by a code of strict confidentiality. Should you object please let us know.
Pre- and post-operative photographs are useful in helping a patient make a decision about whether to go ahead with a procedure, and demonstrate the quality of our work. In cosmetic procedures such as liposuction, breast enlargement or reduction, and abdominoplasty (‘tummy-tuck’), photographs are not identifiable. In others such as facelift, rhinoplasty (nose surgery), eyelid surgery, and ear surgery, photographs are identifiable. In order to show patients such identifiable pictures of other patients we need their express consent. We are extremely grateful to those patients who give us such consent. Of course, this consent may be given or withdrawn at any time.