- The information we collect and how we collect and store your personal information
- The purposes for which we collect, hold, use and disclose personal information
- How we protect the security of your personal information and respond to data breaches
- How you may access your personal information and how you may seek a correction of any personal information
- How you may make a complaint about our handling of your personal information
Collection of Information
This practice collects and holds personal information that is necessary and relevant to provide you with medical care and treatment. The type of information we may collect and hold includes:
- Personal details (name, address, date of birth, Medicare number, DVA number, email and contact details)
- Your medical history, including symptoms, diagnosis, previous and current treatment, medications, prescriptions, family history and photos
- referrals, results and reports received from other health service providers
- appointment and billing details, including credit card information
This information is stored on our computer medical records system.
If a photo is required of a lesion, rash or biopsy site, the image stored on the practice device will be de-identified. We will remove personal information such as name, address, DOB when transmitting an image. De-identified information is not considered to be ‘personal information’ under the Privacy Act.
Where practicable we will collect this information from you personally or from your authorised representative, either at the practice, over the phone or via written or electronic correspondence. This information may be collected by medical and non-medical staff employed by Drummoyne Dermatology.
In emergency situations we may also need to collect information from your immediate family, friends or carers.
In some instances we will need to collect information about you from other sources, such as your treating General Practitioner (GP), specialists, pathologists, radiologists, hospitals, nursing homes and other health care providers.
We may be required by law to retain medical records for certain periods of time.
Use and Disclosure
All staff, medical and non-medical will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your immediate and ongoing care and treatment.
This includes the use or disclosure:
- To the medical team directly involved in your health care, including treating doctors, allied health professionals, pathology services, radiology services and other specialists.
- To our administrative staff for billing and other administrative services.
- To liaise with government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs.
At your request we will disclose your biopsy results and treatment to your authorised representative. This request can be made in writing and/or given verbally as long as staff are satisfied that they have confirmed your identity over the phone.
The Privacy Act does not specify an age after which individuals can make their own privacy decisions. It is the practice of Drummoyne Dermatology that once a patient turns 18, their results are disclosed directly to them and not a parent/guardian unless there has been consent to disclose to an authorised representative.
It is the practice of Drummoyne Dermatology for patient’s under the age of 18, to disclose health information to a person responsible for the child, such as a parent or guardian. There is an allowance in the Privacy Act for patient’s between the ages of 15 and 18 to make their own privacy decisions where they have sufficient understanding and maturity. This is assessed on a case by case basis but may be enforced by Drummoyne Dermatology at a minor’s request if it deemed they have capacity for consent.
There are times where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, Family and Community Services (FACS), government and regulatory bodies, insurers, lawyers and debt collection agents.
We may also from time to time provide statistical data to third parties for research.
Security of Information and Accuracy
We will take reasonable steps to ensure that your personal information is accurate, complete and up to date. Our staff may ask you to confirm that your personal details are correct when booking appointments and/or at your consultation. We do request that our patient’s advise us if there has been any change to contact details.
We provide secure premises. Hard copies of patient records are in filing cabinets accessible only to Practice staff. Our computer medical records system is password protected. Our computer systems have firewall and virus protection, to protect against malicious mischief, loss of data and unauthorised access.
A data breach is unauthorised access to or unauthorised disclosure of personal information held by the practice. As per the Notifiable Data Breach Scheme covered by the Privacy Act 1988, we are required to notify the Office of the Australian Information Commissioner (OAIC) and individuals likely to be at risk of serious harm because of a data breach. An example of a data breach is where a computer Medical Record System is hacked or personal information is mistakenly given to the wrong person.
Access of Information
You have a right to seek access to and request correction of your personal information we hold on file. We ask that you put your request in writing. A fee for the retrieval and copying of your Medical Record may apply. We aim to respond to your request within a reasonable time frame.
If you require your Medical Record to be forwarded to another health care provider we also ask that this request is made in writing. A fee for retrieving, copying and posting your file may apply.
If you have a complaint about the privacy of your personal information, we request that you contact us in writing:
1/109 Victoria Rd
Drummoyne NSW 2047
Upon receipt of a complaint we are required to address the complaint within 30 days. If you are dissatisfied with the handling of a complaint or the outcome of a complaint, you may make an application to the Office of the Australian Information Commissioner. Their website has information on how to lodge a complaint https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint
Contact details of the Office of the Australian Information Commissioner (OAIC)
GPO Box 5218|
Sydney NSW 2001 If you have concerns about postal security, you could use registered mail.
|Fax||+61 2 9284 9666|