Privacy Policy

1. Overview

It is our privilege to offer comprehensive specialist health and surgical services in an environment that fosters honesty, trust, respect, commitment and above all, clinical excellence in patient care. It is our promise to our patients, to continue to shape our Practice actively in ways that meet the challenges of changing healthcare with determination, creativity and enthusiasm.

 

All medical practices must comply with the Australian Privacy Principles of the Privacy Act 1988. The following information is aimed at providing you with a more complete understanding of the information that this Practice may hold about you as a patient of Dr Benjamin Beer and the way we handle it.

 

The policy statement covers the following:

  • what types of information are collected;
  • why it is collected;
  • how the information is stored and used;
  • who has access to the information;
  • informed consent;
  • disclosure of information;
  • maintaining accuracy of information.


2. Collection of information

2.1.  What information is collected?

The following information is collected, where possible, directly from the patient:

name date of birth address
contact details next of kin emergency contacts
marital status referrals medications
ethnicity allergies & other sensitivities past & current medical history
social history medical procedures diagnostic tests & results
Medicare number health insurance details financial details related to billing
WorkCover details reports from other health providers

2.2 Where do we collect information from?

We collect most information directly from you. This can include:

  • via the phone;
  • through a medical history form emailed to you (to be filled out and brought to the consultation) or filled out prior to your appointment;
  • during the doctor-patient relationship.


Other people may also provide information about you:

  • your GP;
  • other health providers involved in your care e.g. allied health, other specialists;
  • your parent or guardian (if you are under the age of 18 years);
  • if you are involved in a third party or other insurance type claim, other organisations involved in your claim.


1.2. Why do we collect this information?

This information is collected so that we have enough information to provide optimal health care services to patients on an ongoing basis, including for the purposes of treatment as well as for the purposes of providing reports about any third party or insurance type claims to the organisations involved. If you provide incomplete or inaccurate information to us, or if information is withheld, we may not be able to provide you with the services you are seeking.


3. Data

3.1 How is the data stored?

All forms filled out by the patient are scanned and saved in our electronic database in the patient’s electronic file. Patient electronic files are all stored on domestic servers (i.e. within Australia only). All paperwork filled out is then shredded.


3.2 How is the data used?

The information you provide is used to maintain up to date patient electronic files. The following details are updated:

demographic data recall & reminder systems operation reports
emergency department visits after hours & home care telephone notes
accounts

3.3 Who has access?

Only authorised doctors and administration staff have access to data. All computers and programs with patient information are password-protected. All staff members have signed privacy agreement forms prior to commencing work at this Practice.

 

Patients referred to other health service providers (e.g. allied health/ other specialist services) will be aware that information relevant to their care (including medical history summary, pathology and radiology) in the referral letter is only provided if the patient gives consent. If the patient does not provide consent, they will not be referred to that provider.


Account details are only provided to obtain payment from Medicare and/or private health insurance organisations.

 

If the information is required for research purposes, each patient will be notified and provided with an ‘Informed Consent’ form to sign, in order to release their personal health information. If the patient refuses to provide consent, their personal health information will not be used.

 

Every patient has the right to access their own personal health information, under privacy legislation. To request release of this information, an ‘Access to Medical Records by Patient’ form needs to be completed (available at reception). Due to the administrative time and costs associated with providing access to your records, a fee for access may be charged.


4. Use and Disclosure of Information

4.1 Do we inform patients of the intended use of the information?

Yes; we will always inform patients of the intended use of their information. A ‘Privacy Form’ is attached to all new patient registration forms, which every patient must read and complete prior to receiving health care at our Practice. A copy of this form is available from reception.

                                                                                                               

4.2 Do we obtain a patient’s consent?

Every patient attending our Practice must read and complete a ‘Privacy form’ prior to receiving any health care at our Practice.


4.3 Disclosure of information

Your information is used or disclosed for purposes directly related to your health care and in ways that are consistent with your expectations. This may mean that your information is shared with other health care provides, including but not limited to your GP, hospitals, pathology firms, radiology firms, pharmacists, physiotherapists, other specialists, prosthesis supply companies, anaesthetists.

 

If you are involved in a third party or other insurance type claim, the Practice may also disclose your information to your insurance company, your Workers' Compensation’ body, lawyers involved in the claim, rehabilitation providers etc. Your information will not be provided to these organisations unless you have consented to its release.  

 

Under certain legislation, we must disclose patient information. Therefore, there are some instances where your information will be disclosed without your consent. These include:

  • Infectious Disease Act (Health Regulations);
  • Court orders, subpoenas, search warrants and Coroner’s Court cases.


In addition, we may disclose your information without your consent in emergency situations.


5. Accuracy of Information

The following procedures are in place to ensure that the data we collect is accurate, up to date and complete.

5.1. For new patients:

  • When entering demographic data electronically, information is cross-checked with the ‘Medical History’ form.
  • For new patient registrations, patients are required to present at reception with their Medicare and health insurance card (if applicable). Demographic details provided on the completed ‘Medical History’ form is cross-checked with these cards, to ensure that our Practice records have correct details.
  • Medicare numbers are verified online.
  • The surgeon cross-checks relevant health information with the patient during the initial consult.


5.2 For returning patients:

  • Patients are asked if any of their personal details or GP details have changed since their last appointment.
  • In the event that a patient requests the Practice to release results of any pathology or radiology to his/her next of kin, the next of kin details are confirmed with the patient; on contacting the next of kin, our staff always confirm that they are speaking to the person appointed by the patient prior to releasing any health information.
  • An updated referral letter from the patient’s general practitioner (GP) is required annually. This is to ensure that our Practice has up to date information on the patient’s current GP.
  • Patients returning to the Practice after 3 years are required to complete a new ‘Medical History’ form.


Consultation notes are saved in the patient’s file. These cannot be altered; however, amendments to the notes can be added later if a step has been omitted or for clarification purposes.


6. How do we protect data from misuse, loss and unauthorised access?

All computers at our Practice are password-protected and only authorised staff have access to this information. Backup information is stored on:

  • on-site on computer programs;
  • off-site on an external hard drive which is retained by the Practice Manager; and
  • off-site on a cloud, only accessible by authorised persons.


In addition to this, we have the following measures in place to protect information:

  • firewalls and antivirus software;
  • secure work environments;
  • encryption of data in transit;
  • storage of electronic information on domestic servers only;
  • management of access privileges.


7. How do we maintain and update our Privacy Policy?

At our Practice, we have an appointed Privacy Officer. The duties of the Privacy Officer include but are not limited to:

  • Investigation of any complaints lodged;
  • Co-ordinate, implement & monitor the Privacy Policy;
  • Promote Privacy Policy to all interested parties including patients, GPs and staff;
  • Act as liaison officer for all privacy issues and patient requests for record access;
  • Formulate and update the Privacy Policy;
  • Conduct privacy reviews (analyse what data collected, how, storage, disclosure, consent).


Share by: