What is a patient health record?
A patient health record is a collection of an individual’s health-related information. This includes a patient’s progress notes (hand-written or computer generated), appointment related information (i.e. Appointment history, appointment attendance and future appointment bookings etc.), accounts, consultant reports, hospital discharge summaries, pathology reports, medical imaging reports (i.e. X-rays, videos, photographs), medico-legal reports, allergies, family medical history, medication history and current list, immunizations etc.
Patient health records are combination of data, knowledge and system tools, which helps patients become active participants in their own care, therefore it is crucial in providing your healthcare professional with accurate health-related information.
Medical records may be used as evidence in criminal, civil or disciplinary legal proceedings or for coronial inquiries.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg. staff training).
What personal information do we collect?
The information we will collect about you includes your:
- Names, date of birth, addresses, contact details
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Medicare number (where available) for identification and claiming purposes
- Healthcare identifiers
- Health fund details.
Dealing with us anonymously
In compliance with The Privacy Act, you have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
Our practice may collect your personal information in several different ways.
- When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
- During the course of providing medical services, we may collect further personal information. Information can also be collected through eHealth services including but not limited to electronic transfer of prescriptions (eTP), My Health Record, Shared Health Summary, Event Summary etc.
- We may also collect your personal information when you make appointments or enquiry’s through our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
- In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom do we share your personal information?
We sometimes share your personal information:
- With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
- With other healthcare providers
- When it is required or authorised by law (eg court subpoenas)
- When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of confidential dispute resolution process
- When there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- During the course of providing medical services, eHealth services including but not limited to electronic transfer of prescriptions (eTP), My Health Record, Shared Health Summary, Event Summary etc.
Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
How do we use document automation technologies?
Electronic documents drafted by this practice such as referrals utilize document automation technologies to assist our systems and workflows. Document automation technologies our practice implements are established through our selected secure medical software built-in word processor, the built-in word processor allows our practice to set up automated simple and computed variables, these automated variables are set up to strictly disclose relevant medical information related to the medical treatments required in these documents.
our medical software is user-unique password protected, and each user is granted authorization accordingly to their role and responsibilities. We ensure your privacy is our utmost concern at all times.
How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms. Our practice stores all personal information securely. Your personal information is kept as electronical records in our Best Practice system in our secured practice computers. All practice computers are protected by passwords, the Best Practice software requires login access, all staff has restricted access to patient information required to fulfill their job description. Paper records of personal information are kept until end of day, then shredded and disposed to protect your personal information.
All staff and contractors are under the binding contract of confidentially agreements, the practice also has surveillance cameras and Shopping Centre security in place to ensure your personal information are effectively and appropriately stored and protected.
How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing via incoming facsimile/email/deliver in person, request from receptionist/ practice staff for outgoing requests and our practice will respond within 30 days and follow up as required. Detailed health summary and/or reports to complete incur extra fee, fees will be informed upon request and will not be charged until patient/ related third parties written consent and agreement for action.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests by requesting at reception and complete a personal details update form.
How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Our turnaround timeframe is usually 30 days and may subject to circumstances, if it is anticipated to take longer turnaround time, we will give notice in advance.
Should you have any complaint to lodge, please contact our practice via information from the contacts page.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Alternatively, you can contact the Health Quality & Complaints Commission GPO Box 3089, Brisbane Q 4001, Ph: (07) 3120 5999.
Privacy and our website
Our website does not collect any analytics or cookies data to ensure your privacy is secure. However, our website contains links to websites of other organisations, departments and agencies. We are not responsible for the content and privacy practices of other websites.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Email correspondence sent to our website/email address are retained as required by the Public Records Act 2002 and other relevant legislation. Email messages may also be monitored by our information technology staff for system trouble-shooting and maintenance purpose. Your email address details will not be added to a mailing list (unless you so request) or disclosed to a third party unless required by law.
Policy review statement