Privacy Policy
Arkaba Medical Centre complies with the Australian Privacy Principles, and information regarding our Privacy Policy is outlined below.
Collection
It is necessary for us to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes.
Sensitive Information
Health information is ‘sensitive information’ for the purposes of privacy legislation. This means that generally patients’ consent will be sought to collect health information that is necessary to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient health care.
Use and Disclosure
A patient’s personal health information is used or disclosed for purposes directly related to their health care and in ways that are consistent with a patient’s expectations. In the interests of the highest quality and continuity of health care this may include sharing information with other health care providers who comprise a patient’s medical team from time to time. In addition there are circumstances when information has to be disclosed without patient consent, such as:
* Emergency situations.
* By law, doctors are required to disclose information for public interest reasons, e.g. mandatory reporting of some communicable diseases.
* It may be necessary to disclose information about a patient to fulfill a medical indemnity insurance obligation.
* Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.
In general a patient’s health information will not be used for any other purposes without their consent. There are some necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing, billing and so forth.
Data Quality
All patient information held by this practice relevant to the functions of providing health care will be maintained in a form that is accurate, complete and up to date.
Data Security
The storage, use and, where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for medical practices to keep information after a patient’s last attendance for as long as is required by law or is prudent having regard to administrative requirements.
Openness
This practice has made this and other material available to patients to inform them of our policies on management of personal information. On request this practice will let patients know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold, use and disclose that information.
Access and Correction
Patients may request access to their personal health information held by this practice. Where necessary, patients will be given the opportunity to amend any personal information held that is incorrect.
There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained.
A charge may be payable where the practice incurs costs in providing access.
This practice acknowledges the right of children to privacy of their health information. Based on the professional judgement of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents or guardians.
Upon request a patient’s health information held by this practice will be made available to another health service provider.
Identifiers
These are the numbers, letters or symbols that are used to identify patients with or without the use of a name (e.g. Medicare numbers). We will limit the use of identifiers assigned to patients by Commonwealth Government agencies to those uses necessary to fulfill our obligations to those agencies.
This Website
We are permitted by Wix to use the graphics and symbols. We are not permitted to use the graphics for purposes beyond this website.
You are not permitted to use or download any images of staff and doctors present on this website.
Email Policy
Our practice considers our obligations under the Privacy Act before we use or disclose any health information. The Privacy Act does not prescribe how a healthcare organisation should communicate health information. Any method of communication may be used as long as the organisation takes reasonable steps to protect the information transmitted and the privacy of the patient. A failure to take reasonable steps to protect health information may constitute a breach of the Australian Privacy Principles and may result in action taken against the organisation by the Australian Privacy Commissioner. What amounts to reasonable steps will depend on the nature of the information and the potential harm that could be caused by unauthorized access to it. The RACGP has developed a matrix is to assist practices in determining the level of security required in order to use email in general practice for communication.
Our practice reserves the right to check an individual’s email account as a precaution to fraud, viruses, workplace harassment or breaches of confidence by members of the practice team. Inappropriate use of the email facility will be fully investigated and may be grounds for dismissal. Our practice does not email documents to patients except in rare circumstances.
Email configuration
Communication of clinical information to and from healthcare providers are completed from within the practice’s clinical software, wherever possible, using a secure clinical messaging system such as Health link. The use of a practice’s clinical software means that a record of communication is automatically retained in the patient’s medical record. This is not possible when communicating via email.
As such we have the current protective measures in place:
1. Computer security measures
2. Using 3 identifiers to identify patients
3. Notifying patients that the information is not encrypted and that there is a security risk in sending emails to them containing their personal medical information. They can choose to collect a hard copy from our office if they prefer
4. A notice on our emails if the email is sent to the wrong address
5. Notification to OAIC of any significant data breach
Protection against spam: Use a spam filtering program.
Encryption of patient information: Use server to server encryption such as SSL or TLS.
Staff email use education
General protection
If any information held in our email accounts that is specific to a patient’s health information will be downloaded as per practice policy. It will be imported into relevant patient file to ensure contents are backed up with the rest of our data.
We do not provide confidential information to an email address (especially by return email) no matter how credible the sender’s email seems (e.g. apparent emails from your bank).
Use a spam filtering program.
Encryption of patient information
All email communications should be treated as confidential.
When sending patient information or other confidential data by email, it is best practice to use encryption.
Be aware that encrypted files are not automatically checked for viruses. They have to be saved, decrypted and then scanned for viruses before being opened.
Protection against the theft of information
There are significant risks if providing confidential information by email: only do so via the internet when the site displays a security lock on the task bar and with an https in the web address.
Do not inform people of your email password.
Be aware of phishing scams requesting logon or personal information (these may be via email or telephone).
Email disclaimer
The practice uses an email disclaimer notice on outgoing emails that are affiliated with the practice stating:
PRIVACY & CONFIDENTIALITY NOTICE
The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. Email correspondence
Email correspondence sent to our email address is retained as required by the Public Records Act 2002 and other relevant legislation. Email messages may also be monitored by our information technology staff for system trouble-shooting and maintenance purpose. Patient email address details will not be added to a mailing list or disclosed to a third party unless required by law.