PRIVACY POLICY – Managing patient Health information


1. POLICY


The management of One Centre Square Medical Hub are committed to protecting the privacy of our patients within our practice. Information collected is kept strictly confidential and used only for the medical and health care of patients. We respect your rights to privacy and have a legal obligation to abide by the provisions of the Privacy Act 1988 (Cth) (the Act). The rules that an organisation must follow under the Act are known as the Australian Privacy Principles, and cover areas including the collection, use, disclosure, quality, and security of personal information. Our Centres, Clinics and Call Centres are also governed by the state-specific privacy laws.


2. PURPOSE


To ensure patients who receive care from the practice are comfortable in entrusting their health information to the practice. This policy provides information to patients as to how their personal information is collected and used within the practice and the circumstances in which we may disclose it to third parties.


3. SCOPE


This policy applies to all employees and patients of One Centre Square Medical Hub


4. PRACTICE PROCEDURE


The Practice will:

  • Provide a copy of this policy upon request
  • Ensure staff comply with the policy and deal appropriately with inquiries or concerns
  • Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments


Staff Responsibility


The practice staff will take reasonable steps to ensure patients understand

  • What information has been and is being collected
  • Why the information is being collected
  • How the information will be used or disclosed
  • Why and when their consent is necessary
  • Whether this is due to a legal requirement
  • The Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy


Patient Consent


The practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff will seek additional consent from the patient if the personal information collected is to be used for any other purpose.


5. COLLECTION, USE AND DISCLOSURE


One Centre Square Medical Hub recognises that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the privacy compliance standards relevant to One Centre Square Medical Hub to ensure that personal information is secure.

For administrative and billing purposes and to ensure quality and continuity of patient care, a patient’s health information is shared between medical practitioners of One Centre Square Medical Hub.


The personal information we collect include.


  • Names, addresses and contact details
  • Medicare number for identification and claiming purposes
  • Healthcare identifiers and Health fund details
  • Medical information including medical history, medications, allergies, immunisations, social history, social history, family history and risk factors.


A patient’s personal information may be held at the practice in various forms


  • As paper records
  • As electronic records
  • As visuals such as x-rays, CT scans, videos & photos
  • As audio recordings


The practice’s procedures for collecting personal information is set out below:


  • Practice staff collect patient’s personal and demographic information through registration when patients present to the clinic for the first time. Patients are encouraged to pay attention to the collection statement that they complete as a new patient.
  • During the provision of medical services, the practice’s healthcare practitioners will consequently collect further personal information.
  • Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary) or from other involved healthcare specialists.


The practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.


Personal information collected by One Centre Square Medical Hub may be used or disclosed in the following instances:


·          with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these               third parties are required to comply with APPs and this policy

·          with other healthcare providers

·          when it is required or authorised by law (eg court subpoenas)

·          when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain               the patient’s consent

·          to assist in locating a missing person

·          to establish, exercise or defend an equitable claim

·          for the purpose of confidential dispute resolution process

·          when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)

·          during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary). The practice                 will not disclose personal information to any third party other than while providing medical services, without full disclosure to the patient or the                 recipient, the reason for the information transfer and full consent from the patient.


The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.


The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent.


The practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon, or destroyed.


One centre Square Medical Hub will employ all reasonable endeavours to ensure that a patient’s personal information is not disclosed without their prior consent.


6. DATA QUALITY


Patient information collected and retained in our records for the purpose of providing quality health care will be complete, accurate, and up to date at the time of collection. Doctors are reminded to review past medical history at least every 3 years.


7. DATA SECURITY


All due care will be taken to ensure the protection of patient privacy during the transfer, storage, and use of personal health information.

Retention of medical records is for a minimum of 7 years from the date of last entry into the patient record unless the patient is a child in which case the record must be kept until the patient attains the age of 25 years of age.


8. ACCESS TO PATIENT INFORMATION AND CORRECTION


The following will apply regarding accessing personal and private medical information by an individual:


  • An individual has the right to request access their own personal information and request a copy or part of the whole record.
  • Individuals have the right to obtain their personal information in accordance with the Federal Privacy Act from 20 December 2001 onwards. Requests must be made in writing and an acknowledgement letter will be sent to the patient within 14 days confirming the request and detailing whether the request can be complied with, and an indication of any costs associated with providing the information. Time spent and photocopying costs when processing a request can be passed on to the requesting patient. Information can be expected to be provided within 30 days.
  • Whilst the individual is not required to give a reason for obtaining the information, a patient may be asked to clarify the scope of the request.
  • In some instances, the request to obtain information may be denied, in these instances the patient will be advised.
  • The material over which a doctor has copyright might be subject to conditions that prevent or restrict further copying or publication without the Doctors permission.
  • The practice will take reasonable steps to correct personal information where it is satisfied, they are not accurate or up to date. From time to time the practice will ask patients to verify the personal information held by the practice is correct and up to date.
  • Patients may also request the Practice corrects or updates their information and patients should make such requests in writing.
  • Upon request by the patient, the information held by this clinic will be made available to another health provider.


9. PARENTS/GUARDIANS AND CHILDREN


To protect the rights of a child’s privacy, access to a child’s medical information may at times be restricted for parents and guardians. Release of information may be referred to the treating Doctor where their professional judgement and the law will be applied.


10. COMPLAINTS


The management of One Centre Square Medical Hub understands the importance of confidentiality and discretion with the way we manage and maintain the personal information of our patients. The Practice takes complaints and concerns about the privacy of patient’s personal information seriously. Patients should express any privacy concerns in writing. The Practice will then attempt to resolve it in accordance with its complaint resolution process.


All staffs of One Centre Square Medical Hub are required to observe the obligations of confidentiality in the course of their employment and are required to sign Confidentiality Agreements.


In the instance where you are dissatisfied with the level of service provided within the clinic, we encourage you to discuss any concerns relating to the privacy of your information with the Practice Manager or your Doctor.


If the complaint has not been resolved to your level of satisfaction all complaints should be directed to: You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992


11. PRIVACY, OUR WEBSITE, AND LINKS


Third party websites are responsible for informing you about their own privacy practices. Our websites may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of a third-party website, and we are not responsible for the privacy policies or the content of any third-party website.


12. SOCIAL MEDIA Introduction


One Centre Square Medical Hub recognizes the practice team requires access to email and the internet to assist in the efficient and safe delivery of healthcare services to our patients. One Centre Square Medical Hub supports the right of staff to have access to reasonable personal use of the internet and email communications in the workplace using the devices and networks provided by the practice.


Purpose and Objectives


This policy sets out guidelines for acceptable use of internet and email by the practice team, contractors and other staff of One Centre Square Medical Hub. Internet and email are provided primarily to assist the team carry out their duties of employment.


Scope


This internet and email policy applies to the practice team, contractors and other staff of One Centre Square Medical Hub who access the internet and email on practice owned devices, including, but not limited to all desktop computers available to perform their work.

Use of the internet by the practice team, contractors and other staff is permitted and encouraged where this supports the goals and objectives of One Centre Square Medical Hub. Access to the internet is a privilege and the practice team, contractors and other staff must adhere to this policy.


Violation of these policies could result in one or more of the following:

  • disciplinary and/or legal action
  • termination of employment
  • the practice team, contractors and other staff being held personally liable for damages caused by any violations of this policy


Email communication with patients is permitted if written consent is obtained. Risks and conditions of email use are explained to all parties involved in this form communication and are outlined below.


All employees are required to confirm they have understood and agree to abide by this email and internet policy by responding to the email that was sent with this policy attached.


Policy Content


The practice team, contractors and other staff may use the internet and email access provided by One Centre Square Medical Hub for:

  • Any work and work-related purposes
  • Limited personal use
  • More extended personal use under specific circumstances as outlined below.


Communication / Telephone / Email Policy


Staff will take your details and will only interrupt a consultation if your matter is urgent. If not, the doctor will return your call as soon as possible or advise staff to relay a message. Staff will attempt to respond to all electronic communication (via email or website enquiry) within 2 business days. Please note that an email communication consent form is required before any correspondence can be sent to your email. Please call us if your matter is urgent.


If you are requiring a telehealth appointment with your doctor, please note you must have been seen by a doctor in person at the clinic within the last year. Telehealth appointments should be requested by calling our practice.


Limited Personal Use of Email and Internet


Limited personal use is permitted where it:


  • infrequent and brief use
  • does not interfere with the duties of the practice team, contractors and other staff
  • does not interfere with the operation of the practice
  • does not compromise the security of the practice
  • does not impact on your general practice electronic storage capacity
  • does not decrease your general practice network performance (eg large email attachments can decrease system performance and potentially cause system outages)
  • does not incur any additional expense for the practice
  • does not violate any legislation
  • does not compromise any confidentiality requirements of the practice


Examples of what could be considered reasonable personal use:


  • conducting a brief online bank transaction
  • paying a bill
  • sending a brief personal email, similar to making a brief personal phone call


Unacceptable Internet and Email Use


The practice team, contractors and other staff may not use internet or email access provided by One Centre Square Medical Hub to:


  • creating or exchanging messages that are offensive, harassing, obscene or threatening
  • visiting web sites containing objectionable (including pornographic) or criminal material
  • exchanging any confidential or sensitive information held by the practice
  • creating, storing or exchanging information in violation of copy right laws
  • using internet-enabled activities such as gambling, gaming, conducting a business or conducting illegal activities
  • creating or exchanging advertisements, solicitations, chain letters and other unsolicited or bulk email
  • playing electronic or online games in work time.


Risks


Email communication has a number of risks, and it is important that all staff understand these risks which include, but are not limited to, the following:


  1. One Centre Square Medical Hub cannot guarantee that all emails will be read or responded to due to software internal filtration.
  2. Emails maybe circulated, forwarded and stored in files for the purposes of maintaining care which increases risk of possible security breaches.
  3. Backup copies of emails and their contents may still exist even after the recipient has deleted their copy.
  4. Senders can misaddress emails.
  5. Emails are not secured beyond a TLS (Transport Layer Security) and therefore maybe intercepted, duplicated and altered or used without authorisation or detection as emails are not end-to-end encrypted.
  6. Workplace email services and other online services may have the right to archive and inspect emails transmitted through their systems.


Conditions of Use


One Centre Square Medical Hub will not engage in email communication until written consent is obtained from the patient. In cases where the email address on the patient’s registration form does not match the one in which they wish to use for correspondence the staff will ask for a picture to be sent with the patient’s photo ID held from the new email address in order for the clinic to verify their identity.


One Centre Square Medical Hub uses reasonable means to protect the security and confidentiality of email information sent and received. However, given the risks outlined above, One Centre Square Medical Hub will not be liable for the inadvertent disclosure of confidential information.


Email is not appropriate for urgent or emergency situations, nor a substitute for care that may be provided in person or via telehealth consultation. No consultations will ever be conducted via email.


The onus to maintain a current email address remains with the patient, however staff are encouraged to regularly ask if all contact details are update for patients.


When the clinic receives an email from a patient, staff members will respond within 3 business days. Staff are permitted to make bookings and or alter appointments via email. Once consent has been obtained and treating Doctors have given approval; staff are permitted to send referrals to patients and other healthcare providers via email.


Policy Review Statement


This policy will be reviewed regularly to ensure it reflects the current processes and procedures of One Centre Square Medical Hub and current legislation requirements.


13. CHANGES TO OUR PRIVACY POLICY


We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. This privacy policy was last updated on 1 April 2025

 

14. SUPPORTING DOCUMENTATION


·        Privacy Act 1988 (Cth) (the Act).

·        National Privacy Principles. Freedom of Information Act 2001