We are committed to handling personal information about you, including health information about you, in accordance with the requirements of the Commonwealth Privacy Act 1988.
In this Policy, we explain:
• what kind of information we collect and hold about you
• how and why we collect it
• what we do with that information and who we share it with (and when)
• your right to seek access to, and if required correction of, the records we hold about you • your right to make a privacy complaint, to us and others
• whether we are likely to disclose information about you to overseas recipients.
We collect and hold the following kind of information about you:
• your name, address, date of birth, email and contact details
• information about your family or relatives
• information about other health professionals involved in your care
• any government identifiers such as Medicare number, DVA number. However, we do not use these for the purposes of identifying you in our practice
• other health information about you such as: a record of your symptoms, your relevant medical history, the diagnosis made and the treatment we give you:
- specialist reports
- test results
- your appointment and billing details
- your prescriptions
- your healthcare identifier
- your health fund details
- other information about you collected for the purposes of providing care to you.
We primarily collect and use personal information about you to provide our physiotherapy and allied health services to you and to communicate with you and others involved in your care in relation to those services.
We also sometimes use that information for other purposes, including:
• to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our IT systems and
• to conduct accreditation, quality assurance or internal audits.
We may disclose information about you to others outside of our practice as permitted or required under law. This will include situations where we disclose information about you in order:
• to comply with our legal obligations (eg. mandatory reporting under legislation, responding to a court order or subpoena)
• to consult with other health professionals involved in your healthcare
• to retrieve test results from diagnostic and pathology services
• to claim on insurance
• to communicate with your health fund, with government and other regulatory bodies such as Medicare
• to help us manage our accounts and administrative services (eg. billing or debt recovery, arrangements with health funds, pursuing unpaid accounts etc.)
• if you have My Health Record, to upload and to download personal information about you from it’
• to lessen or prevent a serious threat to a patient’s life, health or safety or a serious threat to public health or safety
• to help in locating a missing person
• to establish, exercise or defend an equitable claim through the My Health Record
• to prepare the defence of anticipated or existing legal proceedings
• to discharge notification obligations to liability insurers.
• We may provide some of your personal information from time to time to third party service providers so that they can help us to serve you.
• We may use third party service providers to assist with information storage (such as cloud storage).
• We may provide some of your personal information to third party service providers for the purpose of analysing data or tracking usage. For example, we may use these services to find out where page requests come from, dates and times of page requests, details of any website that referred you to the website and other details about your usage of the website. This information enables us to understand patterns of usage of the website, and to improve the website.
• We may use third party service providers to host the website. If this occurs, that third party service provider is likely to have access to some of your personal information.
• Notwithstanding the other provisions of this Privacy Policy, we may provide your personal information to a third party or to third parties in order to protect the rights, property or safety of us, our customers or third parties, or as otherwise required by law.
• We will not knowingly share your personal information with any third parties other than in accordance with this Privacy Policy.
• If your personal information might be provided to a third party in a manner which is other than as explained in this Privacy Policy, you will be notified. You will also have the opportunity to request us not to share that information.
• You expressly consent to us using your personal information (other than sensitive information), including any email address you give to us, to provide you with information and to tell you about our products, services or events when you are a patient of ours (or otherwise request to receive such information) which we consider may be of interest to you.
• If it is within your reasonable expectations that we send you Personalised Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Personalised Marketing Communications which we consider may be of interest to you.
• If at any time you do not wish to receive any further Direct Marketing Communications from us, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the email or by contacting us at [email protected] or write to us 4/18 John Oxley Drive, Port Macquarie NSW 2444.
You have the right to seek access to and correction of the personal information we hold about you.
We will normally respond to your request within 30 days. To make the request, you should contact 02 6516 2222 or email [email protected]. You can also visit the practice in person and speak with the Practice Manager.
If you think that the information we hold about you is not correct, let us know in writing. We will take reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time to time, we may also ask you to verify that the information we hold about you is correct and current. Please notify us if and when your contact details change
(see ‘how to contact us’).
We take reasonable steps to protect the information we hold about you. These are designed to prevent unauthorised access, modification or disclosure and to prevent misuse and loss. This includes:
• holding information on an encrypted database
• holding information in secure cloud storage
• having staff to sign confidentiality documents
• providing staff with training or induction etc. about confidentiality and (in particular) security issues
• access to information is restricted on a ‘need to know’ basis and
• strong password protections when accessing the information on a computer.
Where it is lawful and practicable for us to do so, you can be treated anonymously or through use of a pseudonym (a name other than yours).
We do not propose to disclose information about you to anyone overseas. If we want to transfer your personal information overseas, we will first seek your consent, unless we are required by law to do the transfer.
If you have concerns about the way we’ve handled your privacy, let us know. You should do that in writing. We will then try to respond to you within 30 days.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commission, whose contact details are:
Phone: 1300 363 992
Email: [email protected]
Post: GPO Box 5218 Sydney New South Wales 2001
Website: https://www.oaic.gov.au/privacy/privacy-complaints/
We will update this policy from time to time, to reflect any changes in our information-handling practices or the law or both.
We will notify you of changes to the policy by updating the policy on our website,
www.physioandhealth.com.au, and by sending you an email detailing the changes.
To contact us about any privacy related issues, please call the Practice Manager on 02 6516 2222 or email [email protected].