Hornsby Fountain Medical Centre is committed to best practice in relation to the management of information we collect. We have developed a policy to protect patient privacy in compliance with privacy legislation and the Guidelines on Privacy in the Private Health Sector developed by the Office of the Federal Privacy Commissioner.
Our policy is to inform you of:
The kinds of personal information that we collect and hold includes personal information about:
your name, address, date of birth, email and contact details
Medicare number and concession card number if applicable
your current and past health information and other sensitive information such as your family health history, social history and your ethnicity.
We will generally collect personal information by the following methods:
from you directly when you provide your details to us, through written questionnaires or verbally by the nurse and/or doctor
from a person responsible for you
We hold information in your electronic health record which is stored in a computer database secured by firewalls, pass codes, and maintained by an up-to-date secure on- and off-site back-up system.
The purposes for which we collect, hold, use and disclose personal information are;
to provide health services to you;
to allow other health care providers to be involved in your care through sharing of selected information with your consent;
to communicate with you;
to comply with our legal obligations such as mandatory notification of communicable diseases or in suspected child abuse;
to participate in the analysis of health data in our community by authorised bodies, only ever for de-identified information or with your consent; and
to help manage our accounts and administrative services.
We will communicate with you by telephone, or email with your prior consent. By letter to your home address or via SMS to your mobile telephone.
Communication via email of identifiable information about you to health professionals involved in your care is done using an encryption program. You may choose to have direct email communication with staff at the Practice or allow direct email communication with other providers but you need to be aware that this is not secured. For this communication we will need your consent. We will take steps to reduce the risk of unsecured information being seen by others including confirming the email address of the intended recipient.
You may access your personal information subject to the exceptions set out in the Privacy Act, you may seek access to and correction of personal information which we hold about you in accordance with our access policy. Some circumstances which may restrict this access include if your doctor believes there may be a risk of any physical or mental harm to you or any other person. In most cases this is managed by the doctor going through the health record with you. If your information is requested by another practice, it will be forward only with your authorised permission, and a private fee may be payable for this administration service.
If a data breach occurs that is likely to cause serious harm , the Practice will notify you and inform you of the type of data breach and information involved as soon as practicable. The Practice will also notify the Office of the Australian Information Commissioner.
If you need to make a complaint about a breach of the Australian Privacy Principles, we will take reasonable steps to protect the security of your information and comply with our legal obligations. Our staff are trained and required to respect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure.
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, please contact our Privacy Officer, Kathy Carr through firstname.lastname@example.org.
You may lodge your complaint in writing. Any complaint will be investigated by the Privacy Officer and you will be notified of the making of a decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.
Further information on Privacy Legislation is available from:
The Office of the Federal Privacy Commissioner on 1300 363 992, https://www.oaic.gov.au
The Health Care Complaints Commission on 1800 043 159. http://www.hccc.nsw.gov.au/