This general practice collects information from you for the primary purpose of providing quality health care. We require you to provide us with your personal details and a full medical history so that we may properly assess, diagnose and treat illnesses and medical conditions, ensuring we are proactive in your health care. To enable ongoing care, and in keeping with the Privacy Act 1988 and Australian Privacy Principles, we wish to provide you with sufficient information on how your personal information may be used or disclosed; we will record your consent or restrictions to this consent.

Your personal information will only be used for the purposes for which it was collected or as otherwise permitted by law, and we respect you r right to determine how your information is used or disclosed.

This information we collect may be collected by a number of different methods, and may include, but not limited to: medical test results, notes from consultations, Medicare details, data collected from observations and conversations with you, and details obtained from other health care providers (e.g. specialist correspondence).

We aim to protect the privacy and secure storage of your health information. You can request a copy of our privacy policy which includes information about the collection, use and disclosure of your health information. We may use the personal information you provide us in the following ways;

• Administrative purposes in the operation of our general practice.
• Billing purposes, including compliance with Medicare and Health Insurance Commission requirements.
• Follow-up reminder/recall notices for treatment and preventative healthcare, frequently issued by SMS.
• Disclosure to others involved in your healthcare, including treating doctors and specialists outside this medical practice. This may occur through referral to other doctors, or for medical tests and in the reports or results returned to us following the referrals.
• Accreditation and quality assurance activities to improve individual and community health care and practice management.
• For legal related disclosure as required by a court of law.
• For the purposes of research only where de-identified information is used.
• To allow medical students and staff to participate in medical training/teaching using only de-identified information.
• To comply with any legislative or regulatory requirements, e.g. notifiable diseases.
• For use when seeking treatment by other doctors in this practice.

At all times we are required to ensure your details are treated with the utmost confidentiality. Your records are very important and we will take all steps necessary to ensure they remain confidential.

Practice Pamphlet at reception – “Keeping your personal information private in our Practice”

This pamphlet explains how personal information about you and your health is recorded and managed in our practice. We also have a written privacy policy describing how we manage personal information. You can receive a copy of our policy free of charge upon request or access it via our practice website.

Personal information

The ‘personal information’ we collect includes your name, date of birth, address/es, contact details, Medicare number, healthcare identifiers and health fund details. Medical information may include medical history and any care you may need. GPs need information about your past and present health in order to provide you with high-quality care.

Our practice follows the guidelines of the RACGP’s Handbook for the management of health information in general practice, 3rd edition (the Handbook). The Handbook incorporates federal and state privacy legislation, and the Australian Privacy Principles, which requires that your personal information is kept private and secure.

Your medical records

This practice takes steps to ensure that your medical records:

• are accurate, complete, well-organised and legible

• are up-to-date

• contain enough information to allow another GP to care for you

• contain a summary of your care

• can be used to remind you, with your permission, to return for follow up, check-ups and reviews.

If you are uncertain why information is being requested, please ask your GP or the practice staff.

If you wish to remain anonymous while accessing healthcare services, please talk to the practice staff.

Providing your information to other GPs

In this practice, it is normal for all GPs to have access to your medical records. If you have any concerns about this please discuss them with your GP or practice staff.

It is important that other people involved in your care, such as medical specialists and other healthcare professionals, are informed of the relevant parts of your medical history, so they can provide the best care for you. Your GP will let you know when this is necessary.

 Providing your information to others

GPs respect your right to decide how your personal information is used or shared. For example, this may be sharing your health information with specialist doctors. Personal information that identifies you will only be sent to other people with your consent, unless there are exceptional circumstances. Gaining your consent is the guiding principle used by this practice in using and sharing your information.

Our practice will not share your personal health information with anyone else or another organisation unless:

• you have consented to this sharing, or

• they are legally obliged to disclose the information, in which case your GP will first discuss with you the information that she or he is legally obliged to disclose, or

• the information is necessary for you to obtain Medicare payments or other health insurance rebates, or

• there is an overriding public health and safety interest in the release of the information.

In the above cases, only information necessary to meet the requirements will be provided. Your health information will not ordinarily be sent overseas unless:

• you are informed and provide consent for this to occur, and

• the overseas country receiving the information has privacy laws that are very similar to the Australian Privacy Principles.

Using health information for quality improvement and research

This practice may use patient health information to assist in improving the quality of care we give to all our patients, by reviewing the treatments used in the practice.

Your information held by the practice may be used in research projects to improve healthcare in the community; however, this information will not include data that can identify you.

The information used for research, including the publication of research results, will not be in a form that would allow you to be identified, unless the research serves an important public interest. In such cases, identifiable medical records can be used for medical research without your consent under guidelines issued by the Australian Government. Before providing such identified information, your GP will discuss with you the information that she or he is obliged to disclose.

Security of information in the practice

Australian privacy legislation applies to all personal health information recorded in electronic and paper records. All records must be kept secure to protect against unauthorised access. This practice complies with these requirements to protect your information.

Australian Privacy Principles

A summary for APP Entities – (from 12 March 2014)

APP 1 — Open and transparent management of personal information

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 2 — Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

APP 4 — Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 7 — Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10 — Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11 — Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12 — Access to personal information

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13 — Correction of personal information

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

For private sector organisations, Australian Government and Norfolk Island agencies covered by the Privacy Act 1988 www.oaic.gov.aufrom 12 March 2014