Introduction  

We are committed to protecting the privacy of patient information and to handling your personal information in a  responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy  Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as  privacy legislation).  

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that  information and how you may seek the correction of any information. It also explains how you may make a complaint  about a breach of privacy legislation. 

From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal  information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and  in the practice. 

Collection 

We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our  medical practice. This information may include your name, address, date of birth, gender, health information, family  history, credit card and direct debit details and contact details. This information may be stored on our computer medical  records system and/or in handwritten medical records. 

Wherever practicable we will only collect information from you personally. However, we may also need to collect  information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care  providers, and the My Health Record system. 

We collect information in various ways, such as over the phone, in writing, in person in our rooms or over the internet or  videoconferencing if you transact with us online or engage in telehealth. This information may be collected by medical and  non-medical staff.  

In emergency situations we may also need to collect information from your relatives or friends. 

We may be required by law to retain medical records for certain periods of time depending on your age at the time we  provide services. 

Use and Disclosure 

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes  directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your  ongoing care and treatment. For example, the disclosure of blood test results to your GP or other specialist or requests for  x-rays.  

There are circumstances where we may be permitted or required by law to disclose your personal information to third  parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law,  hospitals, debt collection agents, the electronic transfer of prescriptions service or to the My Health Record system. We  may use your de-identified data for assist with the training and education of other health care professionals. This may be  in the form of using your de-identified data for medical lectures, research articles published in medical journals and/or  providing statistical data to third parties for research purposes.  

We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service  provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your 

personal information. Outside contractors are required not to use information about you for any purpose except for those  activities we have asked them to perform.  

Data Quality and Security 

We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date and relevant. For  this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. Being  able to contact you is necessary to ensure we can deliver care to you. We request that you let us know if any of the  information we hold about you is incorrect or out-of-date. 

We store information in different ways, including: 

• our document and records management systems 

• cloud storage on servers located in Australia 

Personal information that we hold is protected by: 

• securing our premises;  

• placing passwords and varying access levels on databases to limit access and protect electronic information from  unauthorised interference, access, modification and disclosure; and  

• providing locked cabinets and rooms for the storage of physical records.  

Where it is necessary to conduct a telehealth consultation from our doctors’ private premises they will take reasonable  steps to maintain a private and secure environment to conduct such consultations.  

Corrections  

If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us  in writing (see details below).  

Access 

You are entitled to request access to your medical records. We request that you put your request in writing and we will  respond to it within a reasonable time. There may be a fee for the administrative costs of retrieving and providing you with  copies of your medical records.  

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may  cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to  respond to our decision.  

Complaints  

If you have a complaint about the privacy of your personal information (including complaints about our use of the My Health Record system), we request that you contact us in writing. Upon receipt of a complaint we will consider the details  and attempt to resolve it in accordance with our complaints handling procedures.  

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian  Information Commissioner or the Victorian Information Commissioner at ovic.vic.gov.au and/or the Victorian Health  Services Commissioner at health.vic.gov.au  

Overseas Transfer of Data 

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to  do so by law.  

Contact

Please direct any queries, complaints, requests for access to medical records to: rooms@dradrianpraeger.com.au