1 ABOUT THIS POLICY
1.1 At the South Coast Radiology Group, we are committed to protecting the privacy and confidentiality of personal information affiliated with our services and activities. The South Coast Radiology Group comprises South Coast Radiology, The Women’s Imaging Centre, Darling Downs Radiology, Mackay Radiology.
1.3 We are subject to a number of obligations to protect the privacy, security and confidentiality of personal information. Depending on the circumstances, these may include the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (the Privacy Act) and laws relating to the protection of health records.
1.4 The purpose of this policy is to clearly communicate how we collect and manage personal information.
1.5 The point of contact regarding any queries regarding this policy is the Privacy Officer by email to firstname.lastname@example.org or by writing to The Privacy Officer, South Coast Radiology Administration, Locked Bag 1000, Mermaid Beach, Queensland 4218.
1.6 We provide free copies of this policy for patients and staff to access, which can be located and/or provided as below:
2 TYPES OF PERSONAL INFORMATION
2.1 In order to provide patients with adequate health care services, we need to collect and use personal information. It is important to be aware that if we receive incomplete or inaccurate information we may not be able to provide our services as requested.
2.2 The types of personal information we collect includes but is not limited to current (and sometimes historical) information about:
• Date of birth
• Contact details including phone number, address and email address
• Emergency contacts and next of kin
• Payment-related information including credit card details, banking details, Medicare number, concession card numbers, Veterans Affairs details and pension numbers
• Communications and interactions with us
• Relevant feedback, complaints and claims.
Additionally, in relation to patients:
• Requesting practitioner details
• Results copy recipients
• Insurance details including private health fund details and Workcover claim details
• Healthcare identifiers
• Medical history and other health information including but not limited to; imaging history, test results, medical conditions, treatments, allergies, pacemaker use, claustrophobia, implants, medications and use of health services
• Where relevant, family history and lifestyle information, which may include information about your work, relationships, religion, beliefs, ethnic background, sexual preference/activity and genetic information
• Preferences in respect of health services.
Additionally, in relation to job applicants and staff:
• Qualifications, skills, experience and character
• Screening checks (including health, reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks).
• Performance, conduct, use of our IT and communications resources, payroll matters and training.
Additionally, in relation to other healthcare providers:
• Healthcare identifiers
• Referral trends
• IT system details.
3 COLLECTION & RETENTION OF PERSONAL INFORMATION
3.1 Personal information will in many circumstances be collected directly from you, for example via patient forms, over the phone or from face to face consultation.
3.2 In other instances, we may collect personal information about a patient from a third party source. This may include but is not limited to:
• relatives and personal representatives
• other health service providers such as general practitioners, specialists, hospitals, day clinics and other medical imaging practices, and
• the patient’s My Health Record, in accordance with the My Health Records Act.
We may also collect personal information from the parties to whom we disclose personal information as described below.
3.3 The circumstances in which we may collect personal information from a third party source include where the patient has provided consent, where it is not reasonable or practical to collect the information directly and where otherwise permitted by law. This may include where the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment.
3.4 We endeavour to store and retain a patient’s personal information securely either using our own facilities or with the assistance of our service providers. This includes:
• in paper based form and other hard copy documents located securely within the practice and at secure storage facilities; and
• in electronic records in a secure environment.
4 PURPOSES OF COLLECTION, USE & DISCLOSURE OF PERSONAL INFORMATION
4.1 Personal information is important to our ability to provide health care. For example, we may need to collect, use and disclose your personal information for the purpose of:
• making an assessment of your health status
• providing a diagnostic imaging report about your health
• working with and referrals involving other healthcare providers in connection with your medical care, including medical practitioners, nurses, allied health professionals, pathology services, physiotherapists and outpatient or community health services.
4.2 We may also collect, use and disclose personal information for other purposes including:
• sending out appointment reminders
• invoicing, billing, account management and debt recovery
• verifying your identity and personal information
• maintaining and updating our records
• other administration, management, quality control and improvement of our services and operations including accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
• medico-legal matters including medical indemnity insurance
• conducting research in accordance with privacy requirements (which may involve, for example, consent, de-identification or ethics committee approvals)
• recruiting and managing our staff, including considering job applicants for alternative and subsequent positions
• facilitating acquisitions and potential acquisitions of our business, and
• with your consent or where otherwise required or authorised by law.
4.3 In addition to healthcare providers as described above, we may provide your personal information to other third parties. These third parties may include:
• parent(s) – (if the patient is under the age of 18)
• a person exercising a patient’s power of attorney under an enduring power of attorney
• insurers including private health funds
• government agencies such as Medicare, WorkCover authorities, health departments and the Department of Veteran's Affairs, as appropriate
• community and government cancer and disease screening programs (e.g. breast screening services)
• the Australian Commission on Safety and Quality in Health Care and patient ombudsmen services
• other Integral Diagnostics Group companies
• our service providers including providers of archival, auditing, accounting, legal, banking, payment, debt collection, delivery, data processing, data analysis, document management, information broking, research, investigation, insurance, website and technology services.
Additionally, in relation to job applicants and staff:
• academic institutions
• screening check providers (including law enforcement agencies)
• professional and trade associations
• your current, previous and prospective employers
• providers of payroll, superannuation, staff benefits, surveillance and training services.
Some of the third parties described above may be located in other countries. We are required to comply with strict privacy requirements where we disclose personal information to recipients outside Australia.
4.4 We are subject to many laws in providing our services, and sometimes we may collect, use and disclose personal information as required or authorised by or under those laws. This may include the Privacy Act itself, as well as the Health Insurance Act, the Health Insurance (Diagnostic Imaging Accreditation) Instrument, the My Health Records Act, the Healthcare Identifiers Act and the National Health Act. In relation to staff, those laws may include the Fair Work Act, Superannuation Guarantee (Administration) Act, the Income Tax Assessment Act and other tax laws, Corporations Act, occupational health and safety acts and workers compensation acts. We may also need to respond to subpoenas and comply with mandatory reporting obligations to State or Federal authorities (e.g. where we suspect a patient is at risk of serious harm).
5 OUR WEBSITES
5.1 If you use our websites (including those identified in section 1.6 above) to read, browse or download information, our system may record information such as the date and time of your interaction, the pages accessed and any information downloaded. This information is used for statistical, reporting and website administration and maintenance purposes.
5.2 Like many other websites, our websites may use ‘cookies’ from time to time. A cookie is a piece of information that allows our system to identify and interact more effectively with your browser. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our websites may not have full functionality in that case.
5.4 Our websites may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.
5.5 Please be aware that there are inherent risks in transmitting information across the internet and we cannot guarantee the security of information sent to us online. If you are concerned about sending information of a sensitive nature to us online, you may prefer to contact us by telephone or mail.
6 ACCESS AND CHANGES TO PERSONAL INFORMATION
6.1 You can contact us (see 1.5 above for details) to request access or changes to your personal information that we hold. Please provide as much detail as you can about the particular information you seek, in order to help us locate it.
6.2 We will respond within a reasonable period of time, and may need to verify your identity.
6.3 We may charge reasonable expenses in supplying the requested information, subject to applicable legal requirements.
6.4 We will provide our reasons if we deny any request for access to or correction of personal information. Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information.
7 COMPLAINTS HANDLING
7.1 Should you wish to make a complaint about how we have treated your personal information or privacy generally, please contact us (see 1.5 above for details).
7.2 Your complaint will be investigated and a response will be sent to you as quickly as possible. We will endeavour to respond to you promptly, generally within 14 days. We may request additional details from you about your complaint, and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your complaint and any resolution.
7.3 If you are dissatisfied with the response provided, you can refer the matter to the Office of the Australian Information Commissioner via www.oaic.gov.au or 1300 363 992.
8 REVIEW OF POLICY
8.1 We may modify or amend this policy at any time and for any reason, including to address any legislative change. Any material changes to this policy will be posted prior to their implementation.
8.2 Updates to this policy will be published on our website (www.scr.com.au) for our patients and staff.
Last updated: 11 July 2018
Rad Corporate Pty Ltd ABN 67 169 352 890 trading as South Coast Radiology