Introduction
We are committed to protecting the privacy of patient information and committed to handling personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
This Privacy Policy explains how we collect, use, and disclose patient personal information, how a patient may access that information and how they may seek the correction of any information. It also explains how to make a complaint about a breach of privacy legislation.
This Privacy Policy is current (see date at footer) and is reviewed annually. From time to time, we may make changes to our policy, processes, and systems in relation to how we handle personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.
Collection
We collect information that is necessary and relevant to provide a patient with medical care and treatment and manage our medical practice. This information may include the name, address, date of birth, gender, health information, family history, and contact details. This information may be stored on our computer medical records system (Xestro) and/or in handwritten medical records. Credit card and debit card details are only requested and used at the time of the transaction, they are not stored.
Wherever practicable we will only collect information from the patient personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers, and the My-health record system.
We collect information in various ways, such as over the phone, or in writing, in person in our practice rooms, as well as using tools like an AI scribe to assist consultations, or over the internet through our website, for example the patient transacts online by making an enquiry. Information collected through our website enquiries goes to a third-party CRM system specific to our practice. This information may be collected by medical and non-medical staff.
In emergency situations we may also need to collect information from a patient’s relatives or friends. We may be required by law to retain medical records for certain periods of time depending on the patient’s age at the time we provide services.
Use and Disclosure
We will treat every patient’s personal and medical information as strictly private and confidential. We will only use or disclose it for purposes directly related to their care and treatment, or in ways that you would reasonably expect that we may use it for their ongoing care and treatment. For example, written correspondence to the patient’s referring medical practitioner or to other health service providers regarding the patient’s diagnosis, the disclosure of other investigative results for example blood tests or requests for x-rays.
There are circumstances where we may be permitted or required by law to disclose a patient’s personal information to third parties. For example, to Medicare and/or your health fund, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, the electronic transfer of prescriptions service or to the My-health record system. We may also from time to time provide statistical data to third parties for research purposes. We may disclose information about the patient to outside contractors to carry out activities on their behalf such as an IT service provider, solicitor, or debt collection agent. We impose security and confidentiality requirements on how they handle this personal information. Outside contractors are required not to use information about a patient for any purpose except for those activities we have asked them to perform.
We may use personal information to provide information about our services to the client, to provide information about procedures, products, services, and special offers; to obtain opinions or comments about products and services; to record statistical data for marketing analysis. We will not use sensitive health information for direct marketing without your express consent. Pure Visage may employ other companies or service providers to assist us in providing our services, including (but not limited to) market research, mail-house services, product development, analysis of client lists, consulting services and marketing. Individuals can opt out of receiving marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us directly (see details below). These third parties may have access to personal information required to perform their function. They are not permitted to use this information for any other purpose other than that stated on behalf of Pure Visage.
Data Quality and Security
Personal information that we hold is protected by securing our premises; placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification, and disclosure; 24/7 cyber security monitoring by DMS; shredding of paper copies of information, providing locked cabinets and rooms for the storage of physical records.
Our medical patient platform Xestro, is GCC ISO 27001 certified, providing data encrypted security within Australia, for all our healthcare data, and provides secure communication with our patients.
All Medical records are kept on Xestro separate, and are not stored in, or accessible to our CRM system.
When collecting personal information through our website enquiries, where lawful and practicable, individuals have the option of not identifying themselves when dealing with us. For example, general enquiries that do not require identifying health information may be submitted anonymously or using a pseudonym.
Corrections
We will take reasonable steps to ensure that the patient’s personal information is accurate, complete, up to date and relevant. For this purpose, our staff may ask the patient to confirm that their contact details are correct when they attend a consultation. We request that if a patient believes that the information we have about them, is not accurate, complete, or up to date, that the patient contacts us in writing (see details below).
Access
A patient is entitled to request access to their medical records. We request that this request is made in writing, and we will respond to it within a reasonable time. There may be a fee for the administrative costs of retrieving and providing the patient with copies of their medical records. We may deny access to a patient’s medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to their health or safety. We will always tell the patient why access is denied and the options they have, to respond to our decision.
Overseas Transfer of Data
We will not transfer a patient’s personal medical information to an overseas recipient unless we have the patients written consent, or we are required to do so by law. We will not adopt, use or disclose government-related identifiers (such as Medicare numbers) unless required or authorised by law, or when necessary to verify your identity for the purpose of providing healthcare service.
Our medical patient platform Xestro is not linked to our CRM system, it is separate and hosted in Australia.
Our CRM System is hosted by a U.S based service provider (GHL). While we take reasonable steps to ensure that any overseas recipient complies with Australian privacy laws, we advise that your person information submitted via our web enquires may be stored or processed overseas. We will not transfer personal information overseas without your consent unless required by law. Your personal information is solely for the purpose of Pure Visage.
Complaints
If a patient has a complaint about the privacy of their personal information (including complaints about our use of the My-health record system), we request that they contact us in writing. Upon receipt of a complaint, we will consider the details and attempt to resolve it in accordance with our complaints handling procedures. If a patient is dissatisfied with our handling of a complaint or the outcome, they may make an application to the Australian Information Commissioner or the Privacy Commissioner in their State or Territory.
Contact
Please direct any queries, complaints, requests to unsubscribe or requests for access to medical records to:
The Privacy Officer
Pure Visage – Dr Michael Kernohan
Gregory Hills Health and Business Centre
Suite 17, Level 2, 13 Digitaria Drive
Gledswood Hills NSW 2557
Email [email protected]
Phone 02 8310 4576
More information about the APPs and HPPs can be found on the Australian Information Commissioner’s website www.oaic.gov.au.
If you require this Privacy Policy in another format (e.g. large print or audio), please contact our Privacy Officer.
