Privacy Policy

Australian Privacy Principles (APP) Policy

Part A – Purpose and Context

1.0  The Health Service is committed to ensuring the privacy and confidentiality of all personal information affiliated with the Health Service’s business undertakings.

1.1  The Health Service follows the terms and conditions of privacy and confidentiality in accordance to the Australian Privacy Principles (APPs) as per schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), forming part of the Privacy Act 1988 (‘the Act’).

1.2  The purpose of this Privacy Policy is to clearly communicate how The Health Service collects and manages personal information.

1.3  The point of contact regarding any queries regarding this policy is [Name/Position/Number/Email].

Part B – Australian Privacy Principles

2.0  As a private sector health service provider and under permitted health situations, The Health Service is required to comply with the APPs as prescribed under the Act.

2.1  The APPs regulate how The Health Service may collect, use, disclose and store personal information and how individuals, including The Health Service’s patients may:

  • address breaches of the APPs by The Health Service;
  • access their own personal information; and,
  • correct their own personal information. 

2.2  In order to provide patients with adequate health care services, The Health Service will need to collect and use personal information. It is important to be aware that if the patient provides incomplete or inaccurate information or the patient withholds personal health information The Health Service may not be able to provide the patient with the services they are requesting. 

2.3  In this Privacy Policy, common terms and definitions include:

  • "personal information" as defined by the Privacy Act 1988 (Cth).  Meaning
    "information or an opinion including information or an opinion forming part of a database, whether true or not, and whether recorded in a material format or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion"; and,
  • "health information" as defined by the Privacy Act 1988 (Cth).  This is a particular subset of "personal information" and means:

(a)   Information or opinion about the health or disability (at any time i.e. past, present or future) of an individual that can be classified as personal information;

(b)   Information or opinion about an individual’s expressed wishes about the future provision of health services that can be classified as personal information;

(c)   Information or opinion about health service provided, or to be provided, to an individual, that can be classified as personal information;

(d)   Other personal information collected to provide, or in providing, a health service;

(e)   Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or

(f)    Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

2.3.1       Personal information also includes 'sensitive information' which is information including, but not limited to a patient’s:

  • race;
  • religion;
  • political opinions;
  • sexual preferences; and or,
  • health information. 

 2.3.2       Information deemed 'sensitive information' attracts a higher privacy standard under the Act and is subject to additional mechanisms for the patient’s protection.

 Part C – Types of personal information

3.0  The Health Service collects information from each individual patient that is necessary to provide the patient with adequate health care services.

3.1  This may include collecting information about a patient’s health history, family history, ethnic background or current lifestyle to assist the health care team in diagnosing and treating a patient’s condition. 

Part D – collection & Retention

4.0  This information will in most circumstances be collected directly from the patient through but not limited to the following mediums:

(g)   Health Care Service patient consent form;

(h)   medical treatment form; and or,

(i)    face to face consultation.

4.1  In other instances, The Health Service may need to collect personal information about a patient from a third party source. This may include:

  • relatives; or,
  • other health service providers. 

4.2  This will only be conducted if the patient has provided consent for The Health Service to collect his/her information from a third party source; or, where it is not reasonable or practical for The Health Service to collect this information directly from the patient. This may include where:

  • the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment. 

 4.3  The Health Service endeavours to store and retain a patient’s personal & health information in [hard copy on site, transferred electronically onto a domestic server etc].  

Part E – Purpose of collection, Use & Disclosure

5.0  The Health Service only uses a patient’s personal information for the purpose(s) they have provided the information for unless one of the following applies:

  • the patient has consented for The Health Service to use his/her information for an alternative or additional purpose;
  • the disclosure of the patient’s information by The Health Service is reasonably necessary for the enforcement of criminal law or a law imposing a penalty or sanction, or for the protection of public revenue;
  • the disclosure of the patient’s information by The Health Service will prevent or lessen a serious and imminent threat to somebody's life or health; or,
  • The Health Service is required or authorised by law to disclose the patient’s information for another purpose.

 i    Health Professionals to provide treatment

During the patient’s treatment at The Health Service he/she may be referred to alternative medical treatment/services (i.e. pathology or radiology) where The Health Service’s staff may consult with senior medical experts when determining a patient’s diagnosis or treatment. 

The Health Service’s staff may also refer the patient to other health service providers for further treatment during and following the patient’s admission.  These services include, but are not limited to:  

  • Physiotherapy; or,
  • Outpatient or community health services. [Please list relevant areas if applicable]

 These health professionals will be designated health service providers appointed to use the patient’s health information as part of the process of providing treatment. Please note that this process will be conducted whilst maintaining the confidentiality and privacy of the patient’s personal information.

 

  • ii    Alternative  Health services

At any point a patient wishes to be treated by an alternative medical practitioner or health care service that requires access to his/her personal/health information The Health Service requires written authorisation. This written authorisation is to state that the patient will be utilising alternative health services and that these health services have consented for a transfer of personal/health information.

iii     Other Third Parties

The Health Service may provide the patient’s personal information regarding a patient’s treatment or condition to additional third parties. These third parties may include:

  • parent(s);
  • child/ren;
  • other relatives;
  • close personal friends;
  • guardians; or,
  • a person exercising a patient’s power of attorney under an enduring power of attorney.

Where information is relevant or reasonable to be provided to third parties, written consent from the patient is required.  

Additionally, the patient may at any time wish to disclose that no third parties as stated are to access or be informed about his/her personal information or circumstances.

iv      Other Uses of Personal Information

In order to provide the best possible environment to treat patients, The Health Service may also use personal/health information where necessary for:

  • activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
  • invoicing, billing and account management;
  • to liaise with a patient’s health fund, Medicare or the Department of Veteran's Affairs, as necessary; and,
  • the purpose of complying with any applicable laws – i.e. in response to a subpoena or compulsory reporting to State or Federal authorities.

5.1  If at any point or for any of the aforementioned reasons The Health Service uses or discloses personal/ health information in accordance with the APPs, The Health Service will provide written notice for the patient’s consent for the use and/or disclosure.

Part F – Access and changes to personal information

6.0  If an individual patient reasonably requests access to their personal information for the purposes of changing the information he/she must engage with the relevant practice manager.

6.1  The point of contact for patient access to personal information is:

[Name]

[Relevant Position/Responsibility – Practice Manager]

[Phone]

[Email]

[Day on duty]

6.2  Once an individual patient requests access to his/her personal information The Health Service will respond within a reasonable period of time to provide the information.

6.3  All personal information will be updated in accordance to any changes to a patient’s personal circumstances brought to The Health Service’s attention. All changes to personal information will be subject to patient’s consent and acknowledgement.

6.4  If an individual requests access to his/her personal information The Health Service will charge $X. Please note that this fee is associated with administrative costs only.

Part G – Complaints handling

7.0  How an individual patient may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint.   

Part H – Personal Information and overseas recipients  

8.0  Use of Overseas Parties:

(a)   The Health Service does not engage with any overseas entities, with which personal or health information would be transferred, appointed or disclosed.

(b)   The Health Service does engage with overseas entities, with which personal or health information would be transferred, appointed or disclosed. These overseas entities include:

  1. [XYZ Practice, International Address]
  2. [XYZ Practice, International Address]
  3. [XYZ Practice, International Address]

The aforementioned entities engaged overseas are subject to the legislative requirements as stipulated by the APPs. 

 Part i – Disposal of personal/health information

9.0  If The Health Service receives any unsolicited personal information that is not deemed appropriate for the permitted health situation, The Health Service will reasonably de-identify and dispose of the information accordingly.

9.1  If The Health Service holds any personal or health information that is no longer deemed relevant or appropriate for the permitted health situation, The Health Service will reasonably de-identify and dispose of the information accordingly.

Part J – Access to policy

10.0     The Health Service provides free copies of this Privacy Policy for patients and staff to access, which can be/will be located/provided:

          [Website]

          [Manual]

          [Hard Copies provided upon request]

 Part K – Review of Policy

11.1     The Health Service in accordance with any legislative change will review the terms and conditions of this policy to ensure all content is both accurate and up to date. 

11.2     Notification of any additional review(s) or alteration(s) to this policy will be provided to patients and staff within X days/weeks/months notice. If change occurs patients and staff are required by the Health Service to review/sign/acknowledge in writing etc. this Privacy policy.

Part L – Patient Acknowledgement

 I Patient Name, acknowledge that I have read the aforementioned Privacy and Confidentiality Policy and understand the requirements of [The Health Service] and myself in how to manage my personal information whilst attending [The Health Service].

Australian Privacy Principles (APP) Policy

Part A – Purpose and Context

1.0  The Health Service is committed to ensuring the privacy and confidentiality of all personal information affiliated with the Health Service’s business undertakings.

1.1  The Health Service follows the terms and conditions of privacy and confidentiality in accordance to the Australian Privacy Principles (APPs) as per schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), forming part of the Privacy Act 1988 (‘the Act’).

1.2  The purpose of this Privacy Policy is to clearly communicate how The Health Service collects and manages personal information.

1.3  The point of contact regarding any queries regarding this policy is [Name/Position/Number/Email].

Part B – Australian Privacy Principles

2.0  As a private sector health service provider and under permitted health situations, The Health Service is required to comply with the APPs as prescribed under the Act.

2.1  The APPs regulate how The Health Service may collect, use, disclose and store personal information and how individuals, including The Health Service’s patients may:

  • address breaches of the APPs by The Health Service;
  • access their own personal information; and,
  • correct their own personal information. 

2.2  In order to provide patients with adequate health care services, The Health Service will need to collect and use personal information. It is important to be aware that if the patient provides incomplete or inaccurate information or the patient withholds personal health information The Health Service may not be able to provide the patient with the services they are requesting. 

2.3  In this Privacy Policy, common terms and definitions include:

  • "personal information" as defined by the Privacy Act 1988 (Cth).  Meaning
    "information or an opinion including information or an opinion forming part of a database, whether true or not, and whether recorded in a material format or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion"; and,
  • "health information" as defined by the Privacy Act 1988 (Cth).  This is a particular subset of "personal information" and means:

(a)   Information or opinion about the health or disability (at any time i.e. past, present or future) of an individual that can be classified as personal information;

(b)   Information or opinion about an individual’s expressed wishes about the future provision of health services that can be classified as personal information;

(c)   Information or opinion about health service provided, or to be provided, to an individual, that can be classified as personal information;

(d)   Other personal information collected to provide, or in providing, a health service;

(e)   Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or

(f)    Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

2.3.1       Personal information also includes 'sensitive information' which is information including, but not limited to a patient’s:

  • race;
  • religion;
  • political opinions;
  • sexual preferences; and or,
  • health information. 

 2.3.2       Information deemed 'sensitive information' attracts a higher privacy standard under the Act and is subject to additional mechanisms for the patient’s protection.

 Part C – Types of personal information

3.0  The Health Service collects information from each individual patient that is necessary to provide the patient with adequate health care services.

3.1  This may include collecting information about a patient’s health history, family history, ethnic background or current lifestyle to assist the health care team in diagnosing and treating a patient’s condition. 

Part D – collection & Retention

4.0  This information will in most circumstances be collected directly from the patient through but not limited to the following mediums:

(g)   Health Care Service patient consent form;

(h)   medical treatment form; and or,

(i)    face to face consultation.

4.1  In other instances, The Health Service may need to collect personal information about a patient from a third party source. This may include:

  • relatives; or,
  • other health service providers. 

4.2  This will only be conducted if the patient has provided consent for The Health Service to collect his/her information from a third party source; or, where it is not reasonable or practical for The Health Service to collect this information directly from the patient. This may include where:

  • the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment. 

 4.3  The Health Service endeavours to store and retain a patient’s personal & health information in [hard copy on site, transferred electronically onto a domestic server etc].  

Part E – Purpose of collection, Use & Disclosure

5.0  The Health Service only uses a patient’s personal information for the purpose(s) they have provided the information for unless one of the following applies:

  • the patient has consented for The Health Service to use his/her information for an alternative or additional purpose;
  • the disclosure of the patient’s information by The Health Service is reasonably necessary for the enforcement of criminal law or a law imposing a penalty or sanction, or for the protection of public revenue;
  • the disclosure of the patient’s information by The Health Service will prevent or lessen a serious and imminent threat to somebody's life or health; or,
  • The Health Service is required or authorised by law to disclose the patient’s information for another purpose.

 i    Health Professionals to provide treatment

During the patient’s treatment at The Health Service he/she may be referred to alternative medical treatment/services (i.e. pathology or radiology) where The Health Service’s staff may consult with senior medical experts when determining a patient’s diagnosis or treatment. 

The Health Service’s staff may also refer the patient to other health service providers for further treatment during and following the patient’s admission.  These services include, but are not limited to:  

  • Physiotherapy; or,
  • Outpatient or community health services. [Please list relevant areas if applicable]

 These health professionals will be designated health service providers appointed to use the patient’s health information as part of the process of providing treatment. Please note that this process will be conducted whilst maintaining the confidentiality and privacy of the patient’s personal information.

 

  • ii    Alternative  Health services

At any point a patient wishes to be treated by an alternative medical practitioner or health care service that requires access to his/her personal/health information The Health Service requires written authorisation. This written authorisation is to state that the patient will be utilising alternative health services and that these health services have consented for a transfer of personal/health information.

iii     Other Third Parties

The Health Service may provide the patient’s personal information regarding a patient’s treatment or condition to additional third parties. These third parties may include:

  • parent(s);
  • child/ren;
  • other relatives;
  • close personal friends;
  • guardians; or,
  • a person exercising a patient’s power of attorney under an enduring power of attorney.

Where information is relevant or reasonable to be provided to third parties, written consent from the patient is required.  

Additionally, the patient may at any time wish to disclose that no third parties as stated are to access or be informed about his/her personal information or circumstances.

iv      Other Uses of Personal Information

In order to provide the best possible environment to treat patients, The Health Service may also use personal/health information where necessary for:

  • activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
  • invoicing, billing and account management;
  • to liaise with a patient’s health fund, Medicare or the Department of Veteran's Affairs, as necessary; and,
  • the purpose of complying with any applicable laws – i.e. in response to a subpoena or compulsory reporting to State or Federal authorities.

5.1  If at any point or for any of the aforementioned reasons The Health Service uses or discloses personal/ health information in accordance with the APPs, The Health Service will provide written notice for the patient’s consent for the use and/or disclosure.

Part F – Access and changes to personal information

6.0  If an individual patient reasonably requests access to their personal information for the purposes of changing the information he/she must engage with the relevant practice manager.

6.1  The point of contact for patient access to personal information is:

[Name]

[Relevant Position/Responsibility – Practice Manager]

[Phone]

[Email]

[Day on duty]

6.2  Once an individual patient requests access to his/her personal information The Health Service will respond within a reasonable period of time to provide the information.

6.3  All personal information will be updated in accordance to any changes to a patient’s personal circumstances brought to The Health Service’s attention. All changes to personal information will be subject to patient’s consent and acknowledgement.

6.4  If an individual requests access to his/her personal information The Health Service will charge $X. Please note that this fee is associated with administrative costs only.

Part G – Complaints handling

7.0  How an individual patient may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint.   

Part H – Personal Information and overseas recipients  

8.0  Use of Overseas Parties:

(a)   The Health Service does not engage with any overseas entities, with which personal or health information would be transferred, appointed or disclosed.

(b)   The Health Service does engage with overseas entities, with which personal or health information would be transferred, appointed or disclosed. These overseas entities include:

  1. [XYZ Practice, International Address]
  2. [XYZ Practice, International Address]
  3. [XYZ Practice, International Address]

The aforementioned entities engaged overseas are subject to the legislative requirements as stipulated by the APPs. 

 Part i – Disposal of personal/health information

9.0  If The Health Service receives any unsolicited personal information that is not deemed appropriate for the permitted health situation, The Health Service will reasonably de-identify and dispose of the information accordingly.

9.1  If The Health Service holds any personal or health information that is no longer deemed relevant or appropriate for the permitted health situation, The Health Service will reasonably de-identify and dispose of the information accordingly.

Part J – Access to policy

10.0     The Health Service provides free copies of this Privacy Policy for patients and staff to access, which can be/will be located/provided:

          [Website]

          [Manual]

          [Hard Copies provided upon request]

 Part K – Review of Policy

11.1     The Health Service in accordance with any legislative change will review the terms and conditions of this policy to ensure all content is both accurate and up to date. 

11.2     Notification of any additional review(s) or alteration(s) to this policy will be provided to patients and staff within X days/weeks/months notice. If change occurs patients and staff are required by the Health Service to review/sign/acknowledge in writing etc. this Privacy policy.

Part L – Patient Acknowledgement

 I Patient Name, acknowledge that I have read the aforementioned Privacy and Confidentiality Policy and understand the requirements of [The Health Service] and myself in how to manage my personal information whilst attending [The Health Service].