How do we protect your privacy?

Privacy considerations apply during: contact with practitioners, telephone or video conversations, discussions with other staff and patient medical records. They also apply during any contact with your broader treating team outside of our practice, and third party interactions.

The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, must not be disclosed in any form (verbally, in writing, electronic forms inside/outside our practice) except for strictly authorised use within the patient care context at our practice or as legally directed.

Rosedale Medical Practice in West Pennant Hills will need to collect your personal information to provide healthcare services to you. Your personal information is primarily collected, used, held and shared so that we can help you manage your health. We also use your personal information for activities directly related to our practice and business. This includes financial transactions, Medicare claims and payments, practice audits, accreditation-related activities, business processes (eg staff training), as well as processes related to quality, safety, and improvement.

What personal information do we collect?

The information we collect about you includes:

• Your name, date of birth, address and contact details

•  Your email address to communicate with you about health and practice-related matters

• Your mobile phone number so we can send you an SMS to confirm appointments and/or otherwise communicate with you (eg for reminders and recalls)

• Your medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, personal risk factors, and cultural history

• Your Medicare number (where available) for claiming purposes

• Your healthcare identifiers

How do we collect your personal information?

Our practice will collect your personal information:

1. Our practice staff will collect your personal information when you make your first appointment.

2. Our healthcare team may collect further personal information during the course of providing you with healthcare services. With your verbal (and/or written) permission, we may sourced this information from other healthcare and pathology providers, hospitals, specialists, allied health providers, pharmacists, as well as your MyHealth Record (where applicable).

3. We may also collect your personal information when you visit our website, send us an email or SMS, call us, make an online appointment or communicate with us using social media.

4. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

• Your guardian or responsible person

• Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services

• Your health fund, Medicare, or the Department of Veteran’s Affairs (as necessary).

• Your relatives or friends in an emergency

Who do we share your personal information with?

We sometimes share your personal information:

• With third parties who work with our practice for business purposes, such as accreditation agencies, information technology providers, and clinical team members such as allied health providers and non-dispensing pharmacists

• With other healthcare providers, both within and outside of the practice

• When it is required or authorised by law (eg court subpoenas)

• When it is necessary to lessen or prevent a serious threat to a you or another patient’s life, health or safety, or public health or safety, or when it is impractical to obtain your consent

• To assist in locating a missing person

• To establish, exercise or defend an equitable claim

• For the purpose of confidential dispute resolution processes

• When there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)

• During the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), MyHealth Record system (eg via Shared Health Summary, Event Summary), CareMonitor system, SmartVax vaccine monitoring system.

We use deidentified information both internally and externally for the purpose of quality improvement and population health management. Examples of this include our Primary Health Network and NSW Ministry of Health.

Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

From time to time, we may contact you in relation to your health and the services that we provide.

How do we store and protect your personal information?

Our practice is multi-disciplinary. This means we have a range of health care providers, including general practitioners, nurses, allied health providers and non-clinical staff.

To ensure effective management of each patient’s health, each of the providers require access to relevant information. This information is primarily stored on the practice management software or on paper. Information about you is also stored in email servers (Office 365). Access to this information is secure, encrypted, and password protected, and subject to Australian Privacy Principles (APP).

Our practice stores all personal information securely, and advises patients of our approach on the patient registration form and in practice information.

Health records are kept where constant staff supervision is easily provided. Personal health information is kept out of view so that it is not accessible by the public. 

All patient health information is considered private and confidential, and is not disclosed to family, friends, staff or others without the patient’s consent. This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception.

In our practice:

• Computer screens are positioned so that individuals cannot see information about other individuals
• Access to computerised patient information is strictly controlled with passwords and personal logins
• Automatic screen savers
• Computer terminals are logged off when the computer is left unattended for a significant period of time.

In our practice, prescription pads, prescription computer generated paper, letterhead, scripts, medications, health records and related patient information are stored in locked store cupboard in the staff rooms. We use an electronic facsimile system. Printers and other electronic communication devices are located within consult rooms and behind the reception desk.

In our practice, items for pathology couriers or other pickups are left in a secure location.

Our practice has a designated person (Dr Jaspreet Saini) with primary responsibility for the practice’s electronic systems, computer security and adherence to protocols as outlined in our Computer Information Security policy. We have confidentiality agreements signed by all staff. To protect and securely store your personal information we use an electronic format in a secured environment that is password protected.

How can you access and correct your personal information at our practice?

Patients of our practice have the right to access their personal health information. We inform patients that they are able to access their health information via a notice in the waiting area and on the practice website.

On request for access to personal health information, our practice documents each request and endeavours to assist patients in granting access where possible and according to the privacy legislation. Exemptions to access must be noted and each patient or legally nominated representative must have their identification checked prior to access being granted.

Our practice follows this procedure on request for access to personal health information in accordance with privacy legislation:

1. Document the patient’s request and forward a request to the patient’s GP to check for exemptions
2. Check the patient’s or legally nominated representative’s identification prior to access being granted.
3. Provide personal health information within reasonable period of time as outlined in the Privacy legislation.

Our practice will respond to your request for personal health information within a reasonable time, which is generally under 30 days. We reserve the right to charge a reasonable administrative fee to provide you with a copy of your records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time-to-time, we will ask you to verify your personal information held by our practice to make sure it is correct and up-to-date. You may also request that we correct or update your information. We cannot delete clinical information, but we can append your corrections.

How can you make a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Please contact our practice manager Gurleen Saini at the practice. We aim to have a turnaround timeframe of 30 days.

You may also contact the OAIC. Generally the OAIC will require you to give them time to respond, before they will investigate. For further information visit http://www.oaic.gov.au or call the OAIC on 1300 336 002.

Call: 1300 363 992 Email: enquiries@oaic.gov.au Address: GPO Box 5218 Sydney NSW 2001

Privacy and our website

We do not collect or use any personal information on visitors to our website, through the use of “cookies” or other software or hardware techniques. We look at the number of hits the website receives and keep track of the domains from which this website is accessed. To determine what our users are interested in, we may also look at the frequency of search words used in connecting you to this website.

Policy review statement

This privacy policy will be reviewed from time to time to ensure it is in accordance with privacy legislation and our practice policies. We will put the new privacy policy up on the patient noticeboard and website after it has been amended. 

Book an Appointment