This policy details how Dial-A-Doctor Group Pty Ltd, collects and uses your data. Management of your patient health information is regulated by the Commonwealth Privacy Act 1988. We understand that your health information is of a sensitive nature and we take your privacy very seriously. We have strict procedures in place to ensure that the collection, storage and use of your data is handled securely.
WHY AND WHEN YOUR CONSENT IS NECESSARY
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it.
WHAT INFORMATION DO WE COLLECT AND WHY?
We aim for full disclosure and believe it is important that you know what information we collect from you and why. Below is a list of information we will collect from you.
- Your name, address, telephone number and email address;
- Your date of birth;
- Your Medicare, DVA, Health Care Card number or private health fund details;
- Next of Kin and emergency contact (name and number);
- Ethnic background;
- Profession, occupation or job title;
- History of the medical issue;
- Past medical history;
- Social history (e.g. conditions that run in the family);
- Allergy information;
- Any referral information and report results.
Collection of this information is necessary due to the following purposes:
- All information discussed during your consultation, as well as details of any observations or examinations, must be recorded on your patient file. We are required to keep an accurate record by law, but more importantly, this record allows for the provision of better ongoing care for you in the future;
- For administrative and billing purposes;
- Ensure our records and contact details for you are up to date;
- For planning, product/service development, marketing, including direct marketing and quality control.
AFTER YOUR APPOINTMENT
After your appointment, your clinical notes will be stored in My Health Record (unless you have opted out of this service) and on your patient profile in our Patient Management System.
HOW DO WE COLLECT YOUR DATA?
We will always collect your personal information from you directly unless it is impractical to do so. We collect your data from the following methods:
- You completing or updating our patient information forms;
- You disclosing information during a consultation or at point of booking;
- Use of our website or social media platforms.
We may also collect personal data from third parties including:
- Information provided on your behalf with your consent;
- Referral information from a health care provider;
- Third-party bodies including law enforcement agencies or other government bodies.
HOW IS YOUR DATA STORED?
All data we collect from you is stored within our Practice Management System, Best Practice. This data is stored as a collection under your name and this is known as your “patient health record”. This is not to be confused with “My Health Record” which is a separate storage of health data hosted and controlled by the Australian Government.
Our Practice Management System stores your data on computers within a secure data-centre within Australia. None of your data is kept outside of Australia. Only Dial A Doctor has access to your data and it is stored in an encrypted format.
To protect against loss of data (e.g. due to a fire) it is backed up in another secure location, also within Australia. Again, this data is always encrypted when backed up and when moving from one computer to another to ensure that no-one can read your information.
WHO HAS ACCESS TO YOUR DATA?
Only staff that work for Dial-A-Doctor can access our Practice Management System. We do not allow any 3rd party access to our Practice Management System under any circumstances.
We only provide referral letters if you must attend the Emergency Department after your consultation with us. In this situation, we will write your referral letter to give to you, or to give to a paramedic crew if an ambulance is required. The referral letter will contain information related to the current consultation. Information from previous consultations will only be included if it is relevant to the current medical situation. Providing a referral letter is important as it allows for a thorough handover for both the paramedics and the hospital doctors, which means important information is not missed and you do not get asked the same questions again.
We will also need to disclose certain personal information to relevant parties for other referrals i.e. pathology, radiology, specialists. Personal information will only be sent for referral purposes and with your consent.
HOW DO YOU ACCESS YOUR OWN DATA?
You have a right to access your personal health information as set out in the Freedom of Information Act 1992 (WA). There are different reasons why you might choose to do this. You may simply wish to learn about what we have on file about you or you may wish for us to transfer the information we hold on file to another health practitioner, for example, if you are changing GPs.
If you have a data request, please contact our Receptionist for further information. They will explain the process to you and provide you with the relevant paperwork. Please note that there may be a charge for this.
There may be instances where we cannot grant you access to the personal information we hold; however, we will only do so in accordance with our rights and obligations under the Act.
If you believe that personal information, we hold about you is incorrect, incomplete or inaccurate, then you may contact us to amend it.
THIRD-PARTY REQUESTS FOR YOUR DATA
We do not provide your data to anybody without asking for your permission first, whether this be in Australia or overseas. The only exception to this is where we are required to by Australian law. Your data is only stored in Australia and is therefore not subject to overseas jurisdictions, therefore your data will never be disclosed overseas unless you specifically request it to be. Third parties requesting your data must do so formally by submitting a written request using our ‘Request for Personal Health Information’ form.
Requests for the transfer of medical records must be made using our ‘Request for Medical Records Transfer’ form.
Please speak to our receptionist if you would like to make these requests.
USE OF DATA FOR QUALITY ASSURANCE AND RESEARCH
Dial-A-Doctor does not carry out research.
For Quality Assurance, patient health information may be reviewed by official agencies, without prior consent from patients. For example, an official accreditation agency must review our patient records to check that we continue to meet the highest standards of provision of care. The Office of the Federal Privacy Commissioner allows for this quality improvement activity to take place without patient consent. If you have any questions about these processes, please contact our receptionist.
HOW DO WE PROTECT DATA FROM MISUSE, LOSS AND UNAUTHORISED ACCESS?
Multiple security features exist to protect your data. We have security procedures and policies to maximise the restriction of access and to prevent unauthorised people from seeing your information.
All your data is encrypted when it travels between computers and when it is stored. This added security means that the data is unreadable without the appropriate authorisation. In addition, all data is backed up in two additional secure locations, both within Australia, in case of an emergency (e.g. fire causing data loss on one of the data stores).
DIRECT MARKETING MATERIALS
We may send you direct marketing communications and information about our products and services that we consider may be of interest or importance to you.
These communications may be sent via SMS, email, mail and fax, in accordance with the Spam Act 2003.
If you do not wish to receive these communications from us, you can unsubscribe and opt out at any time by contacting our reception and we will remove you from our mailing list.
If you indicate a marketing stream preference, we will endeavour to only communicate through these means.
HOW LONG DO WE KEEP YOUR DATA FOR?
There are requirements by law for us to keep you records for defined minimum periods of time in different circumstances. For example, medical records that have been sought for legal purposes must be retained for 7 years.
If you have not used our service for a long period of time, we may choose to archive your data.
If you wish for us to remove your records from our Practice Management System, then please contact our Receptionist.
DEALING WITH US ANONYMOUSLY
You have the right to deal with us anonymously or under a pseudonym, unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
QUESTIONS, FEEDBACK AND COMPLAINTS
FAO The Receptionist
Dial A Doctor Medical Centre Pty Ltd
36 Hargreaves Street, Belmont, WA 6104
We make every effort to respond within the following timeframes:
For written communication, we will respond by the next business day after receipt.
For email communication we will respond within 48 hours.
For telephone communication, immediate response or within 24 hours of voicemail received.
You may also contact OAIC, HaDSCO and OHO, generally, they will require you to give them time to respond before they will investigate. For further information visit or call:
www.oaic.gov.au or call the OAIC on 1300 363 992
www.hadsco.wa.gov.au/home or call HaDSCO on 1800 813 583 for Western Australia