Privacy protection and confidentiality of health information is essential for quality health care and HealthMint is committed to protecting the privacy and confidentiality of the information we handle about you. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used on accordance with this privacy statement.
This policy explains:
- how we collect, store, use and disclose your personal information (including your health information);
- how you may access your personal information;
- the circumstances in which we may share your information with third parties;
- how we protect the quality and security of your personal information;
- how you may seek correction of any personal information we hold; and
- how you make a complaint about our handling of your personal information.
Why and when your consent is necessary
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).
The type of personal information we collect may include:
- personal details (name, address, date of birth, Medicare number);
- contact information (including email address);
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- your ethnic background or current lifestyle;
- healthcare identifiers
- notes made during the course of a medical consultation;
- referrals to other health services providers;
- results and reports received from other health service providers; and
- credit card or direct debit information for billing purposes.
- health fund details.
How do we collect your personal information?
Wherever practicable we will collect this information from you personally – either at the practice, over the phone, via written correspondence or via our website.
Our staff will always endeavour to be sensitive to your needs when obtaining your personal health information, however they are also committed to acting in your best interests by making a thorough assessment of your condition and medical history before recommending treatment.
Our practice may collect your personal information in several different ways.
- When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
- During the course of providing medical services, we may collect further personal information including via electronic transfer of prescriptions (eTP), My Health Record via Shared Health Summaries, Event Summaries.
- We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
- In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person
- other involved healthcare providers, such as specialists, referring doctors, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
In an emergency, we may collect information from your immediate family, friends or carers.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
When, why and with whom do we share your personal information?
We require this information in order to provide you with a quality health care service. Your information will only be used and disclosed for purposes related to this or in ways you would reasonably expect us to use it in order to provide you with a better service.
We sometimes share your personal information:
- to the professional team directly involved in your health care, including treating doctors, pathology services, radiology services and other specialists outside this medical practice. For example, this may occur through referral to other doctors when requesting medical tests or in the report or result returned to us following the referrals;
- with third parties who work with our practice for business purposes, such as accreditation agencies, book keeping agencies or information technology providers – these third parties are required to comply with APPs and this policy;
- with other healthcare providers;
- to another medical practitioner/allied health professional in the event of a life threatening medical emergency or where the information supplied will be in the best interest of your health and wellbeing;
- when it is required or authorised by law (eg court subpoenas);
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent;
- to assist in locating a missing person;
- to assist with training and education of other health care professionals;
- to establish, exercise or defend an equitable claim;
- to our health insurance fund, Medicare or other organisations responsible for the financial aspects of your care;
- for the purpose of confidential dispute resolution process;
- when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification);
- during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary);
- to improve our products and services; and/or
- to contact you regarding reminders, recalls, to collect feedback or inform you of new services or other information which we think you may find interesting.
If you communicate with us via our website, or social media, some information may be shared outside of Australia via Google and Facebook. We do not otherwise intend to share your personal information outside Australia.
We aim to ensure the information we hold about you is accurate, complete, up to date and relevant. To this end our staff may ask you to confirm that your personal details are correct when you attend a consultation. Please let us know if any of the information we hold about you is incorrect or not up to date.
How do we store and protect your personal information?
Your personal information is stored in an electronic record on a server kept within Australia, that is accessible only by authorised individuals with password access. Sometimes we will also have some paper records containing your personal information.
HealthMint takes all reasonable steps to protect the security of the personal information we hold, by:
- securing our premises;
- using passwords on all electronic systems and databases and varying access levels to protect electronic information from unauthorised interference, access, modification or disclosure;
- encrypting all information stored outside of the digital health record so that they cannot be read or accessed by third parties, or staff members without authority; and
- ensuring we have confidentiality agreements with all staff and contractors.
Access to your personal information
You have a right to access the health information that we hold in your health record. You can also request an amendment to your health record should you believe that it contains inaccurate or incomplete information.
In order to request that we send a record to a third party (for example to another clinic) we require you to put this request in writing, with a signature, in a form that specifies where and how to send your information to the third party.
A fee for the retrieval and copying of your medical record will apply, charged in accordance with the schedule of fees specified in the Health Records Regulations 2008 (Vic), plus GST. This fee is not redeemable through Medicare.
Should you wish to obtain access to your health record this request will also need to be put in writing with details of your request. We will respond within 30 days, and will charge a fee as specified above.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to firstname.lastname@example.org
What happens if you choose to withhold your personal information?
You are not obliged to give us your personal information. However, if you choose not to provide us with the personal details requested, it may limit our ability to provide you with full service. We encourage you to discuss your concerns with our reception staff prior to your first consultation or with your doctor.
What about use of personal information for direct marketing?
HealthMint records your email address when you make online bookings, and our staff may ask for your email address when booking over the phone. These will be added to a mailing list for the purpose of sending reminders, collecting patient feedback and sending you information regarding new services, staff and topical health information. Should you wish, you can unsubscribe from this mailing list at any time. We will not pass your email address onto third parties.
If you don’t wish for us to record your email address you may let us know and we will delete it from our records, however you will be unable to utilize our online booking system.
Our Policy for Protecting Your Online Privacy
This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors of the website and to compile statistical reports on website activity for HealthMint.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we, nor Google, will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
What should I do if I have a privacy complaint?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Please email us via email@example.com
We will acknowledge receipt of your complaint within 14 days, and endeavour to provide a full response within a reasonable time, usually 30 days.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Policy review statement