Grange Road Medical Privacy Policy

Grange Road Medical is committed to providing our patients with optimal healthcare. Part of his commitment is to ensure that all patients are informed and involved with their health. We respect your privacy and are bound by a legal obligation to abide by the legislation of the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2014, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek correction of your personal information. It also provides you with the steps to take if you should wish to make a complaint about a breach of privacy.

This Policy is current as at November, 2016 and is available to you, our patient, on request from our staff. At times, we may need to amend this policy, change processes and systems in regard to how we handle your personal information. Any changes will be advised on our website and in the practice.

What is Personal Information:
Personal information is information which may identify an individual. All information received in the course of consultation between your doctor and yourself is considered personal health information. This will include personal details as well as medical history.

Collection:
Only information that is necessary and relevant to provide you with medical care and treatment and to manage our medical practice will be collected. This may include:
•    Name, date of birth, address, telephone numbers, gender, ethnicity, occupation
•    Medicare number, Veterans' Affairs number, Health Care Card and Pension numbers
•    Payment details e.g credit card, banking details
•    Medical history, social and family history, if clinical relevant
•    Consultation notes made by your doctor or other allied health professionals, during the course of your consultation
•    Referrals to other health service providers
•    Results and reports from other health service providers

How we collect and hold your personal information:
The medical record and its contents is the property of the Practice. The Practice ensures the security of this information by:

•    Securing the premises
•    Security of electronic data – e.g. passwords, anti-virus protection, back-ups

We collect your information directly from you, if possible by:
•    You completing one of our new patient registration forms
•    As disclosed by you during a consultation
•    Other medical and allied health sources – e.g. specialists, hospitals, pathologists and radiologists
•    Other third parties, with your written consent – e.g. law enforcement agencies.


In an emergency, we may need to collect information from a relative or friend.

We are required by law to retain medical records for certain periods of time, depending on your age at the time of services provided.

Use and Disclosure:
Your personal information will not be shared, sold or disclosed other than stated in the practice policy or as permitted under the Privacy Act. We treat your personal information as strictly private and confidential. We collect, hold, use and disclose your personal information about you so that we can perform and provide the best possible quality of care and service to you.

•    To provide medical services and treatment to you
•    For administrative purposes in running our medical practice
•    For billing purposes, including compliance with Medicare and the Health Insurance Commission requirements.
•    To ensure that your personal details are kept current
•    Disclosure to others involved in your healthcare including treating doctors and specialists outside this practice. This may occur by referring you to other doctors or for medical tests and in the reports or results returned to us following referrals.
•    For disclosure to locums, medical students attached to the practice for the purpose of patient care and teaching.
•    For research and quality assurance activities to improve individual and community health care and practice management. Usually, this information does not identify you but should information that would identify you be required, you would be informed and given the opportunity to 'opt out' of any involvement.
•    To comply with any legislative or regulatory requirements – eg notifiable diseases
•    To process and respond to any complaint made by you

Your health information will be accessed by your regular medical practitioner and in his/her absence by other medical and clinical staff within the practice.
It will be necessary for administrative staff to access your record for administrative purposes.
Levels of access to your record is determined by staff roles within the practice.

It may also be necessary for an external organisation to view your medical records from time to time – an example of this would be during an accreditation visit by AGPAL. This is a process undertaken every 3 years whereby a practice is evaluated against the standards set by the Royal Australian College of General Practitioners. These surveyors are themselves medical practitioners and are bound by the same confidentiality and privacy laws as your own doctor.

Corrections:
If you believe that any information we hold about you is incorrect,  in complete or inaccurate, you may request an amendment. This request must be in writing. We will then consider if it requires amendments. If we do not agree, we will give you the reason in writing and we will add a note to your record.

Data Quality and Security:
We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For that reason, our staff may well ask you to confirm that contact details are correct whenever you attend for a consultation. We do ask that you let us know if any of the information we hold about you is incorrect or out of date.

As part of our commitment to maintaining the confidentiality and privacy of your personal information, we have strict, regularly monitored secure storage policies within the practice.
Your electronic records are protected by:

•    Specific user passwords
•    Anti-virus software
•    Off-site backups
•    Regular monitoring by our IT consultants, who are bound by the same confidentiality and privacy regulations as all practice staff
•    Existing paper records are stored and archived in a securely locked compactus
•    All staff receive regular training in Privacy Laws and Confidentiality protocols. All staff are bound by the confidentiality contract they sign on commencement of employment and are fully aware that a breach of patient confidentiality / privacy may be a dismissable offence.
•    Personal information no long required (paper form) is destroyed by shredding.

As our website and email are linked to the internet which is an insecure medium, we cannot guarantee the security of transmission of information you communicate to us by this medium.  Neither are we able to guarantee that it will not be intercepted by another party. Accordingly, we draw your attention to the fact that any information you transmit this way is transmitted at your own risk.

Access to your record:
As a general rule, we will not release the contents of your medical records without your consent.    However, there may be occasions where we will be required by law to release details of your file without your consent.. An example of this would be if your doctor was issued with a subpoena by the courts.

You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, eg if disclosure may cause a serious threat to your health and safety. We will always tell you why access is denied and the options you have to respond to this decision.

If your records are to be transferred to another medical practice, we require a transfer form signed by your new doctor and including your written consent.

Overseas transfer of data:
We will not transfer your personal information to an overseas recipient unless we have your written consent or we are required to do so by law.

Direct Marketing:
During the course of collecting personal information from you, we will ask if you are agreeable to receiving reminder notices from us in relation to your health care, educational material from time to time, and information about various services we offer, eg extended hours, annual flu clinics, and SMS text messages for appointment reminders. These may be sent in various formats, eg mail, SMS email, fax, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth).

At any time, you may 'opt-out' of receiving these by contacting us and we will ensure that your name is removed from the list.

How to make a complaint about a breach of privacy:
If you have a concern or complaint about the privacy of your personal information, we request that you contact in writing. Upon receipt of such a complaint we will consider the complaint and attempt to resolve it in accordance with our complaints handling procedures.

Please address any concern or complaint to:

Mary Condon
Practice Manager
Grange Road Medical Services,
92 Grange Road,
Eastern Heights, 4305

Email: cmp@grms.com.au

If you are not satisfied with our handling of the complaint or the outcome, you may make an application to the:
Office of the Australian Information Commissioner (OAIC)
website:  www.oaic.gov.au/privacy/making-a-privacy-complaint
and follow the instructions.
Or phone: 1300 363 992



Location

92 Grange Road,
Eastern Heights 4305

Ph: 07 3281 9133

Hours

Monday to Thursday 7.00am - 7.00pm
Friday 7.00am - 5.30pm
Saturday 8.00am - 12.00noon
Sunday 9.00am - 12.00 noon