Purpose

Ross Street Surgery is committed to ensuring the privacy and confidentiality of your personal information. This policy aims to clearly define how Ross Street Surgery handles your personal information. From collecting, use, disclosure, security and any personal information collected through our website. Ross Street Surgery complies with the Privacy Act 1988 (Cth) (Privacy Act), the associated Australian Privacy Principles (APPs) and state or territory legislation that governs how private sector health service providers should handle your personal information, including, but not limited to, health information. We may amend and update this policy from time to time at our discretion. Any changes are effective immediately once posting the reviewed policy onto our website. We will consider that you agree to such changes if you continue to access our services following any changes. If under any circumstances you do not accept the terms of this policy, you must cease using our services. 

Definition

Patient Health Record is all information including but not limited to notes, correspondence from other health providers and/ or information from third parties, requests, results such as pathology, radiology, referrals. All personal information provided from the patient including name, date of birth, address, Medicare and concession entitlements, veteran information, emergency and next of kin contact details. And other details relevant to the patients care such as employment and employment history, family history and personal history. 

Consent 

Ross Street Surgery is dedicated to ensuring that any personal information we collect is obtained lawfully, transparently and with your consent. By providing personal information to Ross Street Surgery, you consent to us collecting, using and disclosing your personal information as described in this policy. In some instances, where it is not possible or practical for us to collect this information directly from you, responsible persons (EG. Partner or spouse, family member, emergency contact or NOK, enduring guardian or power of attorney) may consent on your behalf. 

Collection

Ross Street Surgery may collect personal information from patients, healthcare professionals, employees, contracted service providers, suppliers and other individuals whom we engage in the course of our usual business operations. It is not mandatory that you provide your personal information to us, however, if the information you provide to us is inaccurate or incomplete – the services we provide may be affected by this.

Usually we collect your personal information directly from you or by email, telephone, written correspondence or via our website (VIA our contact section). Where it is not possible or practical for us to collect information directly from you, we may need to collect your information from a third party. We may also collect personal information from a third party when your health may be at risk and we need your personal information to provide you with emergency medical treatment. the third parties whom we may collect your personal information include:

● Other health service providers, including health professionals, hospitals, clinics and other pathology practices if they are involved in your care. Your nominated responsible persons – such as a relative or carer

● The My Health Record program operated by the Australian Commonwealth Department of Health, if you have chosen to participate 

● Health insurers, law enforcement or other government departments 

Information we collect and hold

The personal information we collect depends on the nature of our interaction with you, our relation with you and who you are. We only collect information about you that is necessary or required for Ross Street Surgery to be able to provide you with our services. 

The personal information we collect may include:

● Your name, age, gender, date of birth, contact details

● Information relating to your lifestyle and medical history relevant to providing health services (such as your medications, diagnostic tests and treatments, family medical history, occupational history, genetic or biometric information and copies of correspondence to and from your healthcare providers

● Relevant government and insurance identifiers (Such as your Medicare Number or Private Health Insurance details), for administrative and billing purposes

● Personal information collected in the form of clinical images and samples

● Records of our past engagement with you

● Any information regarding your employment, employment histories, applications, pre-employment checks, qualifications and information required by law, regulations or standards

● Other information, such as your religion, ethnicity that may be relevant in our dealings with you

Anonymity and pseudonymity

You may choose to deal with us anonymously or by using a pseudonym – Unless it’s impractical for us to do so, or unless we are required or authorised by law to only deal with identified individuals. With the understanding that doing so may mean that we may not be able to provide certain services to you, either at our usual standard, or at all.

How we use your information

We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected. There may be exceptions to this if you have consented for other purposes or if we are permitted/ required to do so by law.

Which may include:

● To coordinate and/or communicate with healthcare providers involved in your care ¡ to procure additional healthcare services on your behalf (such as referrals to other providers or obtaining second opinions)

● To conduct activities related to quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training ¡ to liaise with your health fund, insurer, Medicare, Department of Veterans’ Affairs, Department of Health or another payer or contractor of services ¡ to fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law

● To send you standard reminders (for example, for appointments for follow-up care, account management), by text message, mail or email, to the number or address that you have provided to us 

● To handle a complaint or respond to anticipated or existing legal actions

● To obtain feedback about our services or provide advice or information to you about products, services, treatment options and clinical trials that are relevant to you 

● For billing and payments

In addition, we may de-identify and/or aggregate the personal information that we collect to carry out clinical research, quality assurance or analytics relating to customer service, health outcomes and other business activities. Ross Street Surgery may use electronic processes when using your personal information as specified above. We may link, combine or share personal information about you in various databases. We will not seek your consent to use your personal information for the above purposes. However no information is disclosed to any overseas parties. 

We may use your personal information for marketing that is directly related to our services, in compliance with applicable laws, such as the Privacy Act 1988 (Cth) and Spam Act 2003 (Cth). We may engage third parties, under contract, to provide marketing services on our behalf. You may advise us that you do not wish to receive direct marketing from us at any time by contacting us or by using the opt-out facilities provided in our patient registration forms.

Disclosure of Personal Information to Third Parties

When providing services to you or otherwise engaging with you, we may disclose your personal information to trusted third parties, including:

● Healthcare service providers or other relevant parties involved in your care or requesting services on your behalf (including to obtain second opinions or make referrals, on your behalf, for specialist medical services) 

● Registries, statutory bodies and other third parties, where requested to do so by you or as required by law (such as national cancer registries) 

● Approved and trusted contractors engaged in providing professional services (such as debt collection, information and communication technology providers, specialist clinical services).

Where we outsource any of our services or hire contractors to perform professional services, we will require them, under contract, to comply with the Privacy Act, or other relevant privacy legislation and, where applicable, our Privacy Policy. We may use electronic processes to disclose your personal information as specified above, where available or relevant. Where we use document automation technologies to disclose your personal information (such as to generate referrals, results or e-scripts), we will only disclose your information to the extent reasonably necessary and only for the purposes specified above. We will not seek your additional consent to disclose your personal information for the purposes described above. No information is passed onto any third parties overseas, de-identified or not.

Overseas disclosure

Our practice uses an IT team who is located in Australia, whom is supported by overseas technicians. Our medical system (Best Practice) is protected by a cloud based storage as an extra protection which is monitored by our IT team (CSPRO).  Our system is encrypted and backed up regularly by  IT. 

No information de-identified or not, besides for the above reason is ever disclosed to any overseas parties.

Documentation Automation Technologies

Our Practice Manager and Principle Doctor are continually updating our referral templates, editing and importing new referrals from Hospitals, Specialist teams. We make sure to have only relevant information relating to the reason of the referral. Doctors have the ability to add information where needed if it is not in our standard template.

Informed consent

At the beginning of all consultations the doctors will obtain your consent for either a bulk billing service or a private billing service. We do this to ensure all patients are aware that the consultation has started and the doctor will document all things moving forward – Including the agreement of consent. The doctor will also confirm during a telehealth or telephone consultation that it is an appropriate time to talk, and only continue if the patient consents to do so.

My Health Record

My Health Record If you choose to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access the personal information it contains. We may also disclose your personal information by uploading your health information electronically to the My Health Record system if requested to do so. If you do not want us to access personal information stored in your My Health Record or upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.

Website 

When you use our website, we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us. Our website may use cookies that allow us to gather anonymised statistics relating to the management of our website. These analytics may include, but are not limited to, your internet service provider (ISP), domain name, browser type and the pages you visit. Our website and our email communications may contain links to third-party websites. We do not control third-party websites or any of their content and if you visit these websites, they will be governed by their own terms of use (including privacy policies). You should familiarise yourself with the personal information handling policies of third-party website operators.

Protecting your personal information

We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure. 

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes. 

We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures to protect your privacy. We regularly review our information security processes to ensure they continue to offer an appropriate level of protection for your information.

When we no longer need your personal information for the purposes described in the Policy, and we are not required to retain it under relevant accreditation standards or law, we will destroy or permanently de-identify it. 

If we become aware that unauthorised access or disclosure of your information has occurred and there is a likely risk of serious harm associated with that unauthorised access or disclosure, we will notify you promptly and provide you with a recommended course of action where necessary.

Access to, and correction of, your personal information

You have the right to request access to the personal information about you which we hold. We will provide you with access to your information, unless there is a reason under the Privacy Act or other relevant law to refuse or limit such access, such as if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or giving access would have an unreasonable impact on the privacy of other individuals. 

To protect your privacy, we will need you to verify your identity before providing access to your information. We may recover reasonable costs associated with supplying this information to you. In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner so that complex clinical information can be explained to you within the context of your individual circumstances. 

You have the right to request an amendment to the information we hold, should you believe it to be inaccurate. If we are satisfied that any part of the information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant, having regard for the purpose for which it is held, we will take reasonable steps to amend that information. If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information.

Contacting Ross Street Surgery About Privacy Issues and Complaints 

If you have comments or concerns relating to this Policy, or wish to make a complaint about our handling of your personal information, please contact Practice Manager. We may need to verify your identity and ask for further details to investigate and respond to your concern or complaint.

If we cannot satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination. If your concern or complaint relates to health information, you may also contact the relevant state or territory privacy commissioner. 

Office of the Australian Information Commissioner (OAIC) 

Address GPO Box 5218 Sydney NSW 2001 

Email enquiries@oaic.gov.au 

Telephone 1300 363 992 

Webwww.oaic.gov.au

 Last updated 8/2/2024

Next Review 8/2/2025