Privacy Policy

Current as of: 10 th October 2024

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as Medicare Claims, practice audits and accreditation, and business processes (eg staff training).
Patient Health Records
We retain electronic Patient Health Records on a secure server. Patient health records include information about a patient such as:
  • names, date of birth, addresses, contact details (this is also used to identify you as part of our patient identification process)
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
Our practice may collect your personal information during your registration and subsequent visits, or if you contact the practice via telephone or online appointment*.
Personal information may also be collected from other sources. This may include information from:
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services.
  • Medicare or the Department of Veterans’ Affairs (as necessary)
  • Your guardian or responsible person
 
If unsolicited personal information is received from any other source, it will be reviewed by the Clinical Services Manager.
*Our online appointment software provider also complies with relevant privacy legislation.
Updating personal information
Our practice will routinely ask you to verify that your information is correct and current. You may also request that we correct or update your information, and you should make such request in writing, addressed to The Practice Manager.
When, why and with whom do we share your personal information?
Our practice will not share personal information with any other third party without your consent.
We sometimes share your personal information:
  • To other healthcare providers such as specialists, pathology and radiology servies (note that automated referral templates are reviewed to ensure only relevant medical information is included)
  • Via ‘My Health Record’ (eg via Shared Health Summary)
  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • when it is required or authorised by law (eg court subpoenas)
  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent (eg contact tracing for serious infectious disease such as meningococcus)
  • when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
Only authorized staff who need to access your information will be able to do so via medical records software access passwords. Passwords are strictly confidential and lock-out will occur after three unsuccessful login attempts to an account and passwords will be removed upon staff leaving the employment of the practice.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent. However, the Practice will ensure that the security and privacy of the information will comply with Australian Privacy Principals.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
How do we store and protect your personal information?
Your personal information will be stored at our practice in various forms eg electronic records, limited paper records and X-Rays.
Our practice stores all personal information securely and on-site. All electronic records are stored on a secure server and can only be accessed by authorized staff passwords. All paper records are stored in a lockable staff restricted area. All staff sign a confidentiality agreement as part of their contractual obligations.
 
How can you access your personal information at our practice?
You have the right to request access to, and correction of, your personal information.
Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within 30 days. There will be fee charged to cover printing and administrative costs of retrieving and providing you with copies of your medical records.
Privacy Complaints
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing, addressed to The Practice Manager or telephone (03) 5787 2277. We will then attempt to resolve it in accordance with our resolution procedure. We will acknowledge the receipt of your complaint within seven days and endeavor to address your complaint within 30 days.
If you remain unsatisfied, you can contact the Office of the Australian Information Commissioner (OAIC). For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992 or the Privacy Commissioner in your State or Territory.
Policy review statement
This policy is reviewed annually to ensure it is in accordance with any changes that may occur.

Electronic Communication Policy
Telephone:
The preferred method of contact with Wandong Medical Centre is by telephone.
Patients are able to contact the Practice via telephone between the hours of 9.00am and 5.00pm Monday to Friday.
Our Doctors are available to speak with patients if necessary. Reception staff will ask the patient to briefly explain the reason for the call to determine if the Doctor should be interrupted during a consultation or an internal message sent.
Fax:
All patient related faxes are scanned directly into the patients’ medical record for review by doctor. Any urgent patient related faxes are immediately handed to the Doctor. Any faxes not patient related are handed to the relevant staff member.
Information sent by facsimile includes a Fax Cover sheet that states “CONFIDENTIAL FAX”, and contains a disclaimer notifying the recipient of the potential confidential nature of the fax content, and what to do in the event that the fax is received in error. Communication by fax is generally only done between Wandong Medical Centre and another healthcare provider.
Communication by facsimile with patients is not encouraged as persons other than the patient may have access to the recipient fax machine.
Email:
Wandong Medical Centre email addresses are not encrypted and therefore is not a secure way of communicating patient health information. We do not encourage medical and allied professionals to use this form of communication. We encourage all health professionals to send patient information using an encrypted messaging system.
Wandong Medical Centre has an email address that patients can use to send through simple communications to the practice. While we make every effort to keep your information secure, we want to remind our patients that electronic
communications can potentially be compromised and accessed by persons outside of our practice. Patients must be aware that any communication they direct to the surgery via email is NOT secure and confidentiality cannot be guaranteed. Patients’ communication through email do so at their own risk.
If you do choose to contact the surgery via email this will be considered as patient consent to reply via email.
We endeavour to reply to all emails with 1 business day. Our emails are checked on a regular basis, however they are not constantly monitored. If you have an issue that requires urgent attention, we request that you contact the practice via telephone.
SMS:
We send SMS appointment reminders the day before appointments and recall/results reminders by consent.
Password Maintenance:
Each of our team members have unique identification (Passwords) for all protected systems. Passwords are private and will not be shared. Lock-out will occur after three unsuccessful login attempts to an account and passwords will be removed upon staff leaving the employment of the practice.

Who we are

Suggested text: Our website address is: http://wandongmedical.com.au.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.