Policies and Procedures

PRIVACY POLICY

Introduction
We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth) ‘Privacy Act’, the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles (APP) and the Health Records and Information Privacy Act 2002 (NSW) (referred to as privacy legislation).
We request you to sign our privacy consent upon registration at the practice, in order to provide you with the best possible healthcare and to allow us to efficiently manage our practice.

This Privacy Policy explains how we collect, use, store and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This policy is current from February 2018. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information, without notice. We will update this Privacy Policy to reflect any changes. Those changes will be available for you in the practice.

In this Privacy Policy, we use the terms:
“Personal information” as defined in the Privacy Act. This means:
“information or an opinion about an identified individual, or an individual who is reasonably identifiable:
• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not”;
“Health information” as defined in the Privacy Act. This is a subset of “personal information” and means information or an opinion about:
• the health or a disability (at any time) of an individual; or
• an individual’s expressed wishes about the future provision of health services to him or her; or
• a health service provided or to be provided to an individual.
“Health information” is classified as “sensitive information” under the Privacy act, and is subject to additional mechanisms for your protection.

NSW Cardiology: what we do and how we use your personal information
We are a private practice that specialises in Cardiology. The practice has consulting rooms in Level 1 Suite 1, 341 George St Sydney and 2 Oxford St Paddington.

The practice is affiliated with St Vincent’s Clinic. Our specialists hold accreditation at various public and private hospitals in New South Wales.

NSW Cardiology uses your personal and health information:
• to provide healthcare services to you;
• to appropriately manage billings and train staff;
• to effectively communicate with third parties, including other medical practitioners, private health insurers, Medicare Australia and other government departments; and
• for research, audit, quality assurance, teaching and education, in order to improve current methods of diagnosis and treatment. Identifying information may be used to temporarily link with other medical data, or with your permission. At other times de-identified information is utilised for these purposes.

De-identified disclosure requires removal of personal identifiers (name, address, date of birth, or other identifying information) and other information which may allow you to be identified.

Collection of your information
We collect information that is necessary and relevant to provide you with appropriate medical care and to manage our medical practice. This information includes personal details such as your name, address, date of birth, gender, family history, next of kin, and contact details. Your racial or ethnic origin may be collected, where this pertains to a relevant patient care question. Health information includes your medical history, past and current treatments, lifestyle factors and any other information which is necessary to assist us in providing you with appropriate care. We may collect the names of other health care providers involved in your care, and copies of relevant referrals, reports, results and samples. We may collect medical images, such as medical photography. We will also collect your Medicare number and private health insurance details. This information may be stored on our computer medical records system and/ or in hand written medical records.

Wherever practicable we will collect information from you personally. However we may also need to collect information from other sources such as general practitioners, treating specialists, radiologists, pathologists, hospitals, other health care providers, next of kin and MyHealth Record to assist in your medical care. We often require health information from other specialist medical practices within the Melanoma Institute Australia and affiliated health services.

We collect information in various ways such as over the telephone, fax, email, in writing, in person in our rooms in suite 8, or over the Internet if you transact with us online. We may request information from other medical services by email. This information may be collected by medical and administrative staff.

Medical photography
We utilise photographs to assist in your health care. These photographs form part of your legal medical record.

Dealing with unsolicited information
If we receive personal information that our practice did not solicit, we will determine whether it could have been collected in the usual way and if not then it will be destroyed in accordance with the Australian Privacy Principles.

Anonymity and pseudonymity
Wherever it is lawful and practicable you have the option to request that we deal with you under a pseudonym or anonymously. However it may be necessary for us to collect your personal or sensitive information for your health care treatment. It is important to be aware that if you provide incomplete or inaccurate information or withhold information we may not be able to provide you with healthcare services, or the treatment you require.

Disclosure of your information
We treat your personal information as strictly private and confidential. We will only use or disclose your information for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we would use it for your ongoing care and treatment. For example, the disclosure of histopathology results to your referring doctor or your medical history in requests for diagnostic testing. We disclose your personal information to healthcare professionals directly involved in your treatment, for example specialist medical practices within the Melanoma Institute Australia. We may discuss your case for quality assurance purposes at the Melanoma Institute Australia weekly multidisciplinary team meeting.

We may transmit information information by mail, fax, electronic delivery, email or upload to your myHealth account if you have one.

Where your medical records are required in the case of a medical emergency, we will provide these to the relevant medical professional without waiting for your consent, where we believe this is in your interests. Where your medical records are requested by another healthcare provider, we may provide these to the healthcare provider where we believe this is in your interests.

We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider, medical transcription service, medical photography software provider, accountant, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.

We will not use your information for another purpose unless you have given consent or if one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorized by Australian law or is necessary for law enforcement by an enforcement body. Your personal information may also be provided to third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action.

We may provide your personal information to third parties involved in your care, such as:
• your parents, children, relatives and close friends, guardians or a person exercising a power of attorney or enduring power of attorney. Please advise us if it is your wish no third party as stated is to have access to your personal information;
• government departments and agencies, such as Defence or Department of Veterans Affairs, or departments responsible for health, aged care and disability where we are required to do so;
• private health insurers and Medicare Australia;
• anyone authorised by you to receive your personal information

NSW cardiology may access some personal and health information from the Practice Management software via Middleware for audit purposes and financial reports.

Further consent will be obtained if your information is used for any purpose other than set out in this document.

Data Quality and Security of your information
We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.

We hold personal information in electronic records and systems. Personal information may be collected in paper-based documents and converted to electronic (with the original paper-based documents either archived or securely destroyed).

We take reasonable steps to protect your personal and sensitive information held by us from misuse, interference, unauthorized access, modification, loss or disclosure. This includes during collection, processing, transfer, storage and destruction of the information, whether your records be in hard copy or electronic form.

Personal information that we hold is protected by:
• Securing our premises
• Placing user identifiers, passwords and varying access levels on databases to limit access and protect electronic information from unauthorized interference, access, modification and disclosure and
• Locked premises for the storage of physical records

The Information and technology services, including medical record and practice management software, are provided to the practice and maintained by the Melanoma Institute Australia. These also include virus controls, firewalls, encryption, data hosting and back up. These services are provided by independent specialist IT contractors.

Destruction of records
We are required by law to retain medical records for certain periods of time, depending on your age at the time we provided medical services and if you were participating in a clinical trial.

When we no longer require your personal information we will take reasonable steps to destroy the information or ensure that the information is de-identified. Hard-copy medical records are disposed of by shredding, but only after electronic scanned copies of all such documents are saved.

Subject to applicable laws, NSW Cardiology may destroy records containing personal information when the record is no longer required.

Corrections
If you believe that the information we have about you is not accurate, complete or up-to-date, we ask that you contact us in writing (see contact details below).

Access to Your Medical Record
We encourage you to contact us if you have a query regarding your personal information. You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety, or if it would interfere with the privacy of others. We will always give you a written explanation of why access is denied and the options you have to respond to our decision.

Sending Data Overseas
NSW Cardiology may engage with overseas entities where your personal information will be transferred, stored and disclosed. We have taken reasonable steps to ensure these entities comply with the Australian Privacy Principles. These entities may include medical transcription services.

We may also send information abroad, for example to international experts, when deemed necessary in your treatment.

The Spam Act 2003
The Spam Act 2003 prohibits sending unsolicited emails, SMS and MMS messages for commercial purposes. Unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to.

It is our policy that all electronic communications will include an unsubscribe facility.
Dermatology will send appointment and referral reminders via SMS. If you do not wish to receive communication via SMS you may opt out by advising the practice.

Participation in research and clinical trials
NSW Cardiology may actively participates in medical research and clinical trials. Clinical trial activity undergoes approval by an Ethics Committee.

We will always request your permission to be involved in such research before we release any personal information to third party researchers. Your clinician will explain the purpose of the research or trial and ask that you sign a consent form before you can participate.

We may use your de-identified health information for research and audit purposes, in order to improve diagnosis and treatment of melanoma and related conditions.

Complaints and enquiries
NSW cardiology is committed to the protection of your privacy. If you have any questions about how we handle personal information, would like to complain about how we have handled your information or would like further information about our Privacy Policy, please submit a written query or complaint to our Practice Manager

Phone: 8038 1080
Email: reception@nswcardiology.com.au
Post: Practice Manager
2 Oxford St
Paddington 2021

Our Privacy Officer will address your complaint and liaise with you to resolve the issue within a reasonable time (usually two weeks). If you are unhappy with the outcome you may lodge a complaint with the Australian Information Commissioner to review. www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint for further information