Current as of 1 August 2021
PRIVACY AND PATIENTS
This Privacy and Disclaimer Policy is to provide information to you, our patients, on how your personal information (which includes your health information) is collected and used, and the circumstances in which we may share it with third parties.
Our patient health records contain an accurate and comprehensive record of all interactions with our patients. The patient health record is information held about a patient, whether in paper or electronic form.
Only relevant medical information is included in referral letters.
Why and when is your consent necessary?
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).
What personal information do we collect?
The information we will collect about you includes your:
names, date of birth, addresses, contact details
medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
Medicare number (where available) for identification and claiming purposes
health fund details.
Do we deal with patients anonymously?
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
Our practice may collect your personal information in several different ways.
When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
During the course of providing medical services, we may collect further personal information e.g. through electronic transfer of prescriptions (eTP), My Health Record Shared Health Summary or Event Summary.
We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
your guardian or responsible person
other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom do we share your personal information?
We sometimes share your personal information for primary or secondary purposes:
with third parties who work with our practice for business purposes, such as accreditation agencies, Primary Health Networks, NSW Health Ministry of Health or information technology providers – – these third parties are required to comply with the Australian Privacy Principles and this policy
with other healthcare providers
when it is required or authorised by law (e.g., court subpoenas)
when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
to assist in locating a missing person
to establish, exercise or defend an equitable claim
for the purpose of confidential dispute resolution process
when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).
Only people who need to access your information will be able to do so. Other than providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
Do you share de-identified data?
Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data. We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia.
De-identified data is health data about you that is not connected in any way with your name, contact details or other information that could identify you. That means that you cannot be identified using this data.
We share de-identified patient data with the Commonwealth Government’s Primary Health Networks and the NSW Health Intelligence Unit “Lumos” Initiative to assist the Government to plan for the health needs of our communities and to evaluate the effectiveness of programs and strategies. From time to time, we will share de-identified information with universities or research centres for the purpose of conducting research into public health issues.
The sharing of de-identified data is one way in which RARMS supports its communities by enabling appropriate research into population health and to ensure our communities receive appropriate resourcing and services.
If you do not wish your de-idenfitied data to be shared you can contact:
Manager Corporate Services
Telephone: (02) 4062 8900
and request that your details are marked not to be shared.
How do we store and protect your personal information?
Your personal information may be stored electronically as documents, electronic records, audio recordings or visual records on a secure cloud server located on the internet or in our practice. Doctors may also retain written notes that are transferred to our electronic record systems as soon as possible and the written record is then destroyed. Our practice stores various forms of personal health information such as: paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings.
Some of our practices use a hybrid patient health record system whereby a note of each consultation/interaction is made in each system, and that record includes where the clinical notes are recorded.
How do we secure your personal information?
We require a unique password to enable access by staff and approved contractors to our computer systems. Two factor authentication (2FA) is required for certain staff.
Physical records are stored in secure cabinets.
Directors, staff and contractors must acknowledge in writing agreement to the RARMS Code of Conduct which includes a requirement that personal information is kept confidential.
How do we deal with request for access to personal information?
You have the right to request access to, and correction of, your personal information.
We require you to put this request in writing addressed to the Manager, Corporate Services at the following:
Manager Corporate Services
Telephone: (02) 4062 8900
Do we charge you for making a request for personal information?
You will not be charged for making a request.
Do we charge you for processing your request for personal information?
You will be charged for the cost of processing the request. We will calculate the charge for access to your personal information based on the amount of work needed to process your request. This may include:
search, retrieval, supervised inspection, decision-making and information correction - $50 per hour
cost of postage or delivery – at cost
photocopying - 15 cents a page
transcript - $10 per page
When you receive the notice stating the charge, you have 30 days to respond in writing. Your response will be one of the following:
you agree to pay the estimated charge
you dispute the way they calculated the estimated charge and want a reduction in the charge
you will change your request to reduce the work needed to process it
you withdraw your request
If you change your request we will let you know, in writing, of the new estimate of charges. If you don’t respond within 30 days, your request is taken to have been withdrawn.
Will we correct personal information that is not accurate or is out of date?
We will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current.
How do we deal with privacy concerns?
We take complaints and concerns regarding privacy seriously. If you have any concerns about your privacy you may write to:
Manager Corporate Services
Telephone: (02) 4062 8900
We will aim to respond to your written concern within 30 days.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate.
For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
PRIVACY AND WEB SITE USERS
What personal information do we collect about you?
The type of personal information that we collect from you will depend on how you use our website. You can be certain that the information we receive about you will be treated as strictly confidential.
Why do we collect your personal information?
We may collect information about you when you use our websites to:
fulfil your request
understand the number of hits the website receives
keep track of the domains from which this site is accessed
determine what our users are interested in
ensure as far as practical, that our websites and applications are compatible with the browsers and operating systems used by most of our users.
Conduct patient satisfaction surveys
Support strategic development
If you believe that any information that we hold about you is inaccurate or out of date, please contact us.
recognising you when you sign in to use our offerings. This allows us to provide you with recommendations, display personalised content, and provide other customised features and services.
keeping track of your specified preferences.
conducting research and diagnostics to improve our offerings.
preventing fraudulent activity.
reporting. This allows us to measure and analyse the performance of our offerings.
Some cookies persist between sessions on our web site and services.
What types of information do we collect using cookies?
Examples of the information we automatically collect through cookies include:
Network and connection information, such as the Internet protocol (IP) address used to connect your computer or other device to the Internet and information about your Internet service provider
Computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system, or time zone setting
The location of your device or computer
Authentication and security credential information
Content interaction information, such as content downloads, streams, and playback details, including duration and number of simultaneous streams and downloads
The full Uniform Resource Locators (URL) clickstream to, through, and from our site (including date and time) and RARMS Health content you viewed or searched for including page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs)
Can you change the type of information we collect yourself?
You can change your cookie preferences at any time by clicking cookie preferences in the footer of the RARMS web site. You can also manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to remove cookies from your device, prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. Check the support site for your browser to understand privacy settings available to you.
Do we allow third party cookies?
We embed certain features from third parties on our sites such as the Heart Foundation Heart Health Check, HealthDirect Symptom Checker and Medication Checker etc to assist with your health care. Third parties may set cookies if you engage with those features.
Under what circumstances will we disclose information about you?
It is our policy not to sell or pass on any personal information that you may have provided to us unless we have your express consent to do so. An exception to this is where we may be required by law to disclose certain information.
We will preserve the contents of any email or secure message that you send us if we believe that we have a legal requirement to do so.
What are the rules about links to or from this web site?
The existence of external links on our websites does not constitute endorsement, sponsorship, approval of, or affiliation with, another person unless the party providing the relevant link is authorised in writing to do so.
If you access this site via an external link, you do so at your own risk. While information and third-party information contained on this site has been presented with all due care, we do not warrant or represent that the information or the third party information, will remain unchanged after the date of publication and is free from errors or omissions. It is your responsibility to make own investigations, decisions and enquiries about the information retrieved from other internet sites.
What happens when I make an appointment online using HotDoc?
RARMS Health has an agreement with an external provider Hotdoc for the management of patient bookings. The patient application does not have direct contact to RARMS Health and only connects to Hotdoc's secure cloud servers. All communication between the Hotdoc cloud server and RARMS Health is encrypted using 128bit SSL encryption. Hotdoc only handles data relating to the patient appointment and no other sensitive patient records are used or stored on the Hotdoc system. http://www.hotdoc.com.au provides the Terms of Service for the Hotdoc application.
Electronic information (e.g. specialist letters and pathology) are transmitted over the public network in an encrypted format using secure messaging software.
Incoming mail is opened in the reception phone room. Items for collection or postage are left in a secure area not in view of the public. Outgoing mail is personally delivered to Australia Post.
Facsimile, printers and other electronic communication devices in the practice are located in areas that are only accessible to the practice team.
All faxes containing confidential information are sent to fax numbers after ensuring the recipient is the designated receiver.
Fax transmission reports are kept as evidence that the fax was sent.
The practice uses a fax disclaimer notice on outgoing faxes. It says:
YOU MUST READ THIS NOTICE
This facsimile is confidential and may contain private and legally privileged information. You should not read, copy, use or disclose it without authorisation. If received in error, please contact us at once at firstname.lastname@example.org and then delete the facsimile. Any personal information in this email must be handled in accordance with the Privacy Act 1988 (Cth).
Emails are sent via various nodes and are at risk of being intercepted.
Patient information may only be sent via email if it is securely encrypted according to industry and best practice standards, unless the patient has formally consented to their health information being sent by unsecure email. The practice uses an email disclaimer notice for emails. It says:
YOU MUST READ THIS NOTICE
This email message and any attachments are confidential and may contain legally privileged information. You should not read, copy, use or disclose it without authorisation. If received in error, please contact us at once by return email and then delete all emails and attachments. You should check this email for viruses or defects. Our liability is limited to resupplying any affected message and attachments. Any personal information in this email must be handled in accordance with the Privacy Act 1988 (Cth).
The practice’s clinical software and the Hotdoc system provides us the ability to contact patients via SMS.
SMS is used to send links to electronic patient history forms, remind patients of appointments, unexpected appointment changes (e.g. doctor sick), test results, patient feedback and survey forms, recalls for follow ups, updates on flu vaccinations and other health issues, to provide health information and other information about the practice.
Patients may opt-out of receiving SMS notifications.
Changes to this statement