Privacy Policy

Introduction

Croydon Medical Centre is committed to ensuring patients who receive care from our practice are comfortable in entrusting their health information to us. This policy provides information to patients as to how their personal information (which includes their health information) is collected and used within the practice, and the circumstances in which we may disclose it to third parties.

Your personal information will be handled in a responsible manner in accordance with the Australian Privacy Principles (APP). The 13 APP from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 amends the Privacy Act 1988 and replaced the National Privacy Principles and Information Privacy Principles from 12 March 2014.

To ensure our patient’s privacy is maintained at all times, we are dedicated to training our staff with the application of this policy and continually reviewing our policy, processes, and systems in relation to how we handle your personal information. This policy will be updated to reflect any changes.

The APP

The APP provides a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing, and correcting personal information. The APP consists of 13 principle-based laws and these apply equally to paper-based and digital environments. The APP complements the long-standing general practice obligation to manage personal information in a regulated, open, and transparent manner.

Practice Procedure

The Practice will:

  • provide a copy of this policy upon request

  • ensure staff comply with the APP and deal appropriately with inquiries or concerns

  • take such steps as are reasonable in the circumstances to implement practices, procedures, and systems to ensure compliance with the APP and deal with inquiries or complaints

  • collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.

Staff Responsibility

The Practice’s staff will take reasonable steps to ensure patients understand:

  • what information has been and is being collected

  • why the information is being collected, and whether this is due to a legal requirement

  • how the information will be used or disclosed

  • why and when their consent is necessary

  • the Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy

Patient Consent

The Practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.

Collection of information, storage, and security

The Practice will need to collect personal information as a provision of clinical services to a patient at the Practice. Collected personal information will include patients’:

  • names, addresses, date of birth, gender, and contact details

  • Medicare number (where available) (for identification and claiming purposes)

  • healthcare identifiers

  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, and risk factors

  • payment information such as credit card and direct debit details

  • information from patient enquires

  • communication between the Practice and the patient.

A patient’s personal information may be held at the Practice in various forms:

  • as paper records

  • as electronic records

  • as visual – x-rays, CT scans, videos, and photos

The Practice’s procedure for collecting personal information is set out below:

  1. Practice staff collectsT patients’ personal and demographic information via registration when patients present to the Practice for the first time. Patients are encouraged to pay attention to the collection statement attached to/within the form and information about the management of collected information and patient privacy.

  2. During the course of providing medical services, the Practice’s healthcare practitioners will consequently collect further personal information.

  3. Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.

Information may be collected in various ways, such as over the phone, in writing, in person in our Practice or at home visits, over the internet if you communicate with us online as well as information which is entered into our Practice’s website.

The Practice holds all personal information securely, whether in electronic format, in protected information systems, or in hard copy format in a secured environment.

Use and Disclosure of Information

Personal information will only be used for the purpose of providing medical services and for claims and payments unless otherwise consented to. Some disclosure may occur to third parties engaged by or for the Practice for business purposes, such as accreditation, for the provision of information technology and medical studies. These third parties are required to comply with this policy. The Practice will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).

The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer, and full consent from the patient. We will not transfer your personal information to an overseas recipient unless we have your consent.

Exceptions to disclose without patient consent are where the information is:

  • required by law

  • necessary to lessen or prevent a serious threat to a patient’s life, health or safety, or public health or safety, or it is impractical to obtain the patient’s consent

  • to assist in locating a missing person

  • to establish, exercise, or defend an equitable claim

  • for the purpose of a confidential dispute resolution process.

Your privacy and confidentiality are paramount; if you require any relative/friend/neighbor to access information, you will need to complete a “3rd Party” authorisation form. This includes, but is not limited to, picking up documents, requesting appointment details/dates, or any other medical information. Our staff is trained to adhere to these privacy guidelines for the protection of the patient.

The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt out of direct marketing at any time by notifying the Practice in a letter or email.

The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.

Access, Corrections, and Privacy Concerns

The Practice acknowledges patients may request access to all their personal information held, subject to limited exceptions. The Practice is not required to provide access if we reasonably believe it would unreasonably impact the privacy of another or that it may threaten the life, health, or safety of another or the public. Other exceptions to providing access may apply.

At our Practice, patients are required to have an appointment with their usual GP to discuss the release of their full medical records. Following this, the practice will respond to said request, within a reasonable period (this is generally 30 days).
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
In the case of any current court orders in place regarding a patient/child, the Practice will need to obtain a copy of the court order for patient medical records and the Practice will act in the best interest of the patient/child's health care.

The Practice will take reasonable steps to correct personal information where it is satisfied, they are not accurate or up to date. From time to time, the Practice will ask patients to verify the personal information held by the Practice is correct and up to date. Patients may also request the Practice to correct or update their information, and patients should make such requests promptly upon such details changing, either face-to-face or in writing.

Feedback and Concerns

The Practice takes feedback and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing and mail to, or email the center ATTN: Practice Manager. The Practice will then attempt to resolve it in accordance with its complaint resolution procedure. We will investigate the complaint and endeavor to respond as quickly as possible.

If you feel your complaint has not been dealt with correctly or you are unsatisfied with the response, you may lodge a complaint with the Health Complaints Commissioner by calling 1300 582 113 or visiting hcc.vic.gov.au.