Current as at 25/03/2017
1. Overview and purpose
Pymble Dermatology respects your rights to privacy and takes our privacy obligations seriously. We comply with the Australian Privacy Principles (APPs) as per schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) act 2012 (Cth) forming part of the Privacy Act 1988 (Cth), SPAM Act 2013 (Cth) and also complies with the Health Records and Information Privacy Act 2002(NSW) and NSW Health Privacy Principles
When you first register as a patient, our new patient registration & consent form requests your consent so that we can collect, use, hold and share your personal information in order to provide you with the best possible healthcare and to allow us to manage our practice. If we intend to use your personal information for any other purpose, we will seek your consent first.
- how we manage your personal information (including your health information), including the collection, use, disclosure, quality and security of your personal information.
- the kinds of information we collect and how that information is held;
- the purposes for which we collect, hold, use and disclosepersonal information;
- how you can access your personal information and how you can request to correct such information; and
- how you can complain about a breach of your privacy and how we will handle your complaint.
Post: 897 Pacific Highway, Pymble 2073 NSW
“Personal information” as defined in the Privacy Act. This means:
“information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not”;
“Health information” as defined in the Privacy Act. This is a subset of “personal information” and means information or an opinion about:
- the health or a disability (at any time) of an individual;
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided or to be provided to an individual.
Personal information also includes “sensitive information” which is information such as your race, religion, political opinions, sexual preferences and/or “health information”. Information which is “sensitive information” attracts a higher privacy standard under the Privacy Act and is subject to additional mechanisms for your protection.
We, Us, Our, shall mean:
- Pymble Dermatology
- Employed, contracted and independent medical and healthcare practitioners who practice from our rooms.
2. Collection of personal information
Pymble Dermatologycollects information which is necessary to provide you with healthcare services and to appropriately manage and conduct our business. This includes collecting personal information and such as your name and contact details, medical history, family history, past and current treatments, Medicare number and health fund details, lifestyle factors and any other information which is necessary to assist us in providing you appropriate care. This information is stored on our computer medical records system.
Pymble Dermatology will also collect clinical and dermatoscopic photographsfor the purposes of monitoring conditions, research and will only do so upon prior written consent from the patient. All photographs are electronically stored and placed with the patient’s file. For research purposes all photographs will be de-identified to ensure the privacy of the patient is maintained
Whenever practicable we will only collect information from you personally. However we may also need to collect information from other sources such as treating general practitioners, specialists, radiologists, pathologists, hospitals and other health care providers.
In emergency situations we may also need to collect information from your relatives or friends. We may be required by law to retain medical records for certain period of time depending on your age at the time we provide services.
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. It is important to be aware that if you provide incomplete or inaccurate information or withhold information we may not be able to provide you with healthcare services.
We will only collect information from third parties where:
- you have consented to such collection; or
- such collection is necessary to enable us to provide you with appropriate healthcare services (such as emergency medical treatment or where your health is at risk);
- such collection is reasonably necessary to enable us to appropriately manage and conduct our business; or
- it is legally permissible for us to do.
Pymble Dermatology has CCTV systems operating at our premises for the purposes of maintaining safety and security for our patients, visitors, staff and other attendees. Our CCTV system may collect and store personal information and the use of our CCTV will be in accordance with the Privacy Act.
3. How we use your personal information
Pymble Dermatologyonly uses your personal information to provide you with healthcare services or to enable us to appropriately manage and conduct our business, unless:
- there is a secondary purpose which directly relates to the primary purpose, and you would reasonably expect, or Pymble Dermatology has informed you, that your information will be used for that secondary purpose, or you have given your consent for your personal information to be used for a secondary purpose;
- the disclosure of your information is necessary for the enforcement of criminal law or a law imposing a penalty or sanction, or for the protection of public revenue;
- the disclosure of your information will prevent or lessen a serious and imminent threat to somebody’s life or health; or,
- Pymble Dermatology is required or authorised by law to disclose your information for another purpose.
For example, Pymble Dermatology uses your personal information:
- to provide healthcare services to you;
- to appropriately manage our practice, such as conducting audits and undertaking accreditation processes, manage billings and training staff;
- effectively communicate with third parties, including private health insurers, Medicare Australiaand other government departments
Research Participants; if you participate in the research and clinical trial activities and program conducted by us, we collect personal information to record your involvement and to process the results of research and clinical trails. We may also use this information to contact you about participation in future studies. The information we collect will generally be sensitive information as it will include your health information. Some examples of the kinds of information we may collect are
i. Your medical history, where relevant, a family medical history
ii. your racial or ethnic origin, where this pertains to a relevant patient care question
iii. Your Medicare number and information about your private health insurance
iv. Current medications or treatment used by you
v. the name of any care provider, health service provider or medical specialist to whom we refer you back to or has referred you to us, copies of any referrals and reports; and
vi. Test results and samples.
We only collect health information that is relevant, accurate, current and non-excessive.
All research and clinical trails undertaken at the practice are approved by an external Human Research Ethics Committee (National Health and Medical Research Council, NHMRC). Research participants enrolled in trials or research will be given further information detailing how their personal information (including health information) will be handled prior to their involvement in the research study.
4. Disclosing your personal information
Pymble Dermatologymay disclose your personal information to our employees, contractors and service providers in order for us to provide healthcare services to you and to allow us to manage our business. We will also disclose your personal information to healthcare professionals directly involved in your treatment. Where your medical records are required in the case of a medical emergency, we will provide these to the relevant medical professional without waiting for your consent, where we believe this is in your interests.
Your personal information may also be provided to third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action.
We may provide your personal information to third parties involved in your care, such as:
- your parents, children, relatives and close friends, guardians or a person exercising a power of attorney or enduring power of attorney. Please advise us if it is your wish no third party as stated is to have access to your personal information;
- government departments and agencies, such as Defence or Department of Veterans Affairs, or departments responsible for health, aged care and disability where we are required to do so;
- private health insurers and Medicare Australia;
- anyone authorised by you to receive your personal information
5. Overseas recipients
Pymble Dermatology does not engage with any overseas entities or persons where your personal information will be transferred, stored or disclosed. Should we wish to transfer your personal information overseas, we will ask for your consent before we do so.
6. Data storage, quality and security
We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. All personal information stored is protected from unauthorised access, misuse, interference, loss, modification or disclosure. Some of the steps we take to ensure your personal information is secure include:
- We maintain physical security over our paper and electronic data and premises
- Our staff and practitioners are trained on privacy and we have detailed internal processes and systems to protect your privacy
- We have a clean desk policy where all our staff are expected to clear and clean their desk at the end of each working shift.
- Our practice uses sophisticated virus and firewall protection which includes numerous security features, such as real-time threat intelligence.
- We provide annual risk management training to all our staff and practitioners.
7. Destroying your personal information
Subject to applicable laws, Pymble Dermatology may destroy records containing personal information when the record is no longer required by Pymble Dermatology
It is likely your medical records held by us contain sensitive information. We are required to abide by relevant legislation in the retention and disposal of your medical records.
Subject to applicable laws, we may destroy records containing personal information when the record is no longerrequired by us, subject to relevant legislation in the retention and disposal of your medical records.We keep electronic medical records in our system indefinitely so as to maintain your medical history with us. If you are no longer a patient you can advise us you wish your record to be deactivated (subject to applicable laws).
8. Accessing and amending your personal information
We encourage you to contact us if you have a query regarding your personal information. You may request an amendment to your personal information if you consider that it contains inaccurate, incorrect or incomplete information.
You have a right to request access to any information we hold about you. If you make a request to access personal informationthat you are entitled to access, we will provide you suitable means of accessing it. We will not charge you for making the request.
There may be instances where we cannot grant you access to some of the information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others. If that is the case, we will provide you with a written explanation of those reasons.
You can contact us about any privacy issues as follows:
Post: 897 Pacific Highway, Pymble 2073
If you have a complaint about how we have dealt with your personal information or believe we have breached your privacy, please contact us on the details below so that we may investigate it. We will deal with your complaint fairly and confidentially. On receipt of your complaint we will contact you within 10 business days to confirm what investigation action will occur. We will then communicate the outcome to you in writing and invite a response to our conclusion about the complaint. If we receive a response from you, we will also assess it and advise if we have changed our view.
If you are unsatisfied with our response, you may make refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/) or to the NSW Privacy Commissioner, if your complaint relates to our handling of your health records in that state.
Post: 897 Pacific Highway, Pymble 2073
- by contacting reception on 02-8068 5006