Practice Privacy Policy

Bakers Family Medical Centre takes the privacy of your information seriously

Introduction

This privacy policy is to provide you, our patient, with information on how your personal information, which includes your health information, is collected and used within our Practice, and the circumstances in which we may share it with third parties. This is done using the National Privacy Principles (NPPS) framework contained in the Commonwealth Privacy Act 1988, (Subject to any exemptions that apply to us under that Act). This document is commonly called a privacy policy and it outlines how we handle personal information collected (including health information) and how we protect the security of this information.

National Privacy Principals

NPP1: Open and transparent management of personal information.
NPP2: Relates to Anonymity and Pseudonymity. Individuals have the option of not identifying themselves when entering transactions with an organization
NPP3: Relates to the collection of personal information
NPP4: Outlines how organizations are to deal with unsolicited personal information
NPP5: Requires an organization to be open about what personal information it holds
NPP6: Relates to use or disclosure of personal information that it holds
NNP7: Relates to direct marketing. This practice does NOT give any personal information to any organization for direct marketing purposes.
NPP8: Cross-border disclosure of personal information – Outlines the steps that must be taken to protect personal information before it is disclosed overseas.
NPP9: The adoption and use of government related identifiers e.g. Individual Health Identifiers
NPP10: Relates to the quality of personal information, it must be accurate, up to date and complete.
NPP11: Relates to the security and protection of personal information. Organizations must take steps to prevent unauthorised access, modification or disclosure
NPP12: Relates to access to personal information. This outlines individuals right of access to personal information held about them.
NPP13: Relates to the Correction of personal information.

Why and When Your Consent is necessary

When you register as a patient of our practice, you are providing consent for our GPs and Practice staff to access and use your personal information. This allows them to provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. Your information can be shared with other health providers, such as Specialists, Laboratories, Radiology, and Allied Health. Your personal medical information may be used for quality improvement or clinical audits. If we need to use your information for anything else, we will seek additional consent

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

Why do we collect, use, hold and share your personal information?

Our Practice will need to collect your personal information to provide healthcare services to you. This enables us to effectively manage your health. It also enables us to use it for directly related business activities, such as financial claims and payments, practice audits and accreditation and business processes.

What personal information do we collect?

The information we will collect about you includes:

Names, date of birth, addresses, contact details
Medical information including medical history, medications, immunizations, allergies, adverse reactions, social and family history
Medicare card number
Health care card
Private insurance details
Gender – as identified by the patient
Next of Kin
Aboriginal and Torres Strait Islander Status
Country of origin, and arrival details into Australia
Preferred language for communicating with your health professional

How do we collect your personal information?

Bakers Family Medical Centre may collect your personal information in several different ways.

When you make your first appointment our practice staff will collect your personal and demographic information on your registration form.
You may register as a new patient on our online booking system, HotDoc or on our website. This will ask you for your personal information.
During the course of providing medical services, we may collect further personal information.
Information can also be collected through the electronic transfer of prescriptions (eTP), My Health Record through a Shared Health Summary, Event Summary or Prescription Summary.
We may also collect your personal information when you visit our website, send us an email, telephone us, make an online appointment or contact communicate with us using social media.
In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

Your guardian or responsible person
Other Healthcare providers who are involved in your healthcare, such as Specialists, Hospitals, Allied Health Professionals, Pharmacists, Community Health Services, Pathology and Diagnostic Imaging Services, previous doctor
Your Health Fund, Medicare, Department of Veterans ‘Affairs or Workcover

When, why and with whom do we share or disclose your personal information?

We sometimes share your personal information:

with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
with other healthcare providers
when it is required or authorized by law (e.g. court subpoenas)
when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
to assist in locating a missing person
to establish, exercise or defend an equitable claim
for the purpose of confidential dispute resolution process
when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
during the course of providing medical services, through eTP, My Health Record (e.g. via Shared Health Summary, Event Summary).

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party, including your partner or parent, without your consent.

Requests from insurance companies will only be actioned with your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your prior consent.

Bakers Medical Centre does not use or disclose personal information for the purposes of direct marketing. We will contact you regarding health recalls, appointment reminders, preventative health measures or similar health related issues.

Direct Marketing

Bakers Family Medical Centre does not enter into giving your information to any organization for the purpose of marketing.

Cross Border Disclosure

For patients requesting medical information when they are overseas this can only be sent via an encrypted email to enable the secure and safe transmission of personal information.

The use of Government Related Identifiers

Bakers Family Medical Centre uses Government Related Identifiers such as IHI (Independent Health Identifiers), Medicare Cards, Pension or Health Care Cards. These assist in the smooth delivery of health care.

How do we store and protect your personal information?

Your personal information is stored at our practice in an electronic format, in a protected information system with unique usernames and passwords. All information is backed up offsite in an encrypted format. It is the responsibility of this Practice to ensure that your details are current and up to date.

All paper records are shredded on site rendering them unreadable.

How can you Access and Correct Your Personal Information at our Practice?

You have the right (excluding exceptions outlined in the Privacy Act) to request access to, and correction of, your personal information under the Privacy Amendment (Private Sector) Act 2000.

Our practice acknowledges patients may request access to their medical records. If you require access, we will ask you to verify your identity by three (3) different forms – and one must be a photo identification. Please phone the Practice Manager and make an appointment. If you require a full copy of your medical records, please complete our Request for Records Form. There will be a fee payable depending on the size of the medical file.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your

personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to Colleen Trewavas, Practice Manager by phoning 4633 5800, in person or via email at manager@bfmc.net.au

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns about your health and privacy seriously. You can express any privacy concerns you may have by phone, email or in writing. We will then endeavour to resolve any issue that you may have in accordance with our Practice Policy.

Please send complaints to:

Colleen Trewavas

Bakers Family Medical Centre

96 Taylor Street

Toowoomba 4350

Phone 07 46335800

Email manager@bfmc.net.au

We will respond to your complaint within 7days and aim for a resolution within 30 days.

You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

BAKERS

Where Passion for People and Healthcare Comes Together