Practice Privacy Policy 

 

Your privacy is respected 

This practice policy outlines how the practice uses and manages your health information. The  Notice to Patients is posted in our patient waiting area as a summary statement of the policy. 

The practice is bound by the Australian Privacy Principles contained in the Commonwealth Privacy  Act 1988 (Privacy Act) and the Health Records Act 2001 (Vic). 

The practice will review and update this Privacy Policy on a regular basis. 

Collection 

It is our usual practice to only collect health information directly from our patients or their authorised representatives.  

In addition, personal information such as your name, address, contact details, health insurance and  financial details are used for the purpose of addressing accounts to you, as well as for processing  payments, collecting unpaid invoices via an external collection agency, and writing to you about our  services and any issues affecting your health care.  

We will only collect your email address if you send us a message or provide us with your address  directly. Your email address will only be used for the purpose for which you have provided it, and it  will not be added to a mailing list or used for any other purpose without your consent. We may  however use your email address to contact you to obtain your consent for other purposes, but will  give you the option of having your address deleted from our records at that time. 

The practice may collect health information from a third party or a publicly available source, but  only if the patient consents to such collection or would reasonably expect us to collect their health  information from the third party, or if collection is necessary to provide the patient with  appropriate health care.  

Website statistics 

Our practice website, via our Internet Service Provider (ISP), (Verve Innovation Pty Ltd), makes a  record of your visit and logs the following information for statistical purposes:  

• Your server address  
• Your domain or top-level domain name (e.g. practice.com, .gov, .au)  
• The date and time of your visit to the site  
• The pages you accessed and documents downloaded  
• The previous site you visited, and 
• The type of browser you are using 

 

Our ISP provides this information to us on a monthly, aggregated basis. 

This non-identified information is used to monitor usage patterns on our site to improve navigation  and design features – helping you to get information more easily. 

No attempt will be made to identify users or their browsing activities except, in the unlikely event  of an investigation, where a law enforcement agency may exercise a warrant to inspect the Web  Hosting provider’s logs. 

No intentional data collection is undertaken via ‘secret’ means on our website. You may be able to access external websites (including online appointment bookings) from our website which are not  subject to our privacy policies and procedures. 

Cookies 

Our website only uses session cookies and only during a search query of the website. Our ISP has  assured us that no cookies are employed on the website except for those associated with the  search engine. The website statistics are generated from the web logs as outlined above. 

Upon closing your browser, the session cookie set by the website is destroyed, and no personal  information that might identify you should you visit our site at a later date is maintained. 

Cookies can either be persistent or session based. Persistent cookies are stored on your computer,  contain an expiry date, and may be used to track your browsing behaviour upon return to the  issuing website. Session cookies are short lived, are used only during a browsing session, and expire  when you quit your browser. 

Employer/employee responsibilities 

As an employer, the practice collects personal information related to employment and human  resource management.  

All staff employed in this practice are required to undergo training to understand their  responsibilities in maintaining your privacy and to sign a confidentiality agreement to protect your  personal information. 

Use and disclosure 

The practice only uses health information for the purposes of providing you with health care or for  purposes directly related to providing you with health care. In addition, personal information is  used to administer your invoicing for dental services, credit card payments, process health  insurance claims or to collect unpaid invoices via an external collection agency. We will not use  your health information for any other purpose unless one of the following applies: 

1. You have consented
2. The other purpose is directly related to providing you with health services and you would  reasonably expect that your information may be used for that purpose (for example, the  practice may disclose your health information to another health service provider for the  purpose of providing you with health care) 
3. The use of your health information is required or authorised by law. This may include for the  purposes of contact tracing, or any other purposes under directions from the state’s Chief  Health Officer during the COVID-19 pandemic. 

Data quality  

The practice takes steps to ensure that the health information we collect is accurate, up to date  and complete. These steps include maintaining and updating personal and health information  when you attend the practice, or you advise us that your personal information has changed.  

The practice keeps hard-copy and electronic records and takes reasonable steps to protect those  records against loss, unauthorised access, use, modification or disclosure, or other misuse. 

The practice ensures that hard-copy records are kept in locked files and there are security  processes in place regarding computer access. The practice has taken steps to ensure that  electronic data is backed-up.  

After a period of seven years (and if you attended the practice as a child, you have reached the age  of 25) we may destroy your records in accordance with applicable laws.  

Data security 

In the interests of your privacy, and given the inherent insecurity of information passed over the  internet, we do not currently support the transmission of personal health information to or from  our patients over the internet. If you send any personal health information to us via the internet,  we cannot guarantee its security.  

However, we have deployed the following security measures to support more secure  communication of sensitive information across the internet.  

• Encryption of data; 
• two-factor authentication; and 
• password protection. 

Access and correction  

If an individual requests access to health or personal information we hold about them, or requests  that we change that information, we will allow access or make the changes unless we consider that  there is a sound reason under the Privacy Act, or other relevant law to withhold the information, or  not make the changes. 

Requests for access or correction must be in writing and directed to the practice Privacy Officer. If  you have any questions, the Privacy Officer can be contacted during business hours at the practice. 

 The practice may charge for access to or copies of health records. 

Marketing 

The practice’s marketing functions support the growth and development of the practice and to  provide you with information about services offered at the practice.  

The practice may use your information for the purpose of direct marketing; however, we will not  on-sell your personal information.  

The practice understands that you may not wish to receive marketing materials from the practice.  If you would prefer not to receive such information, a request can easily be made to the Privacy  Officer or another staff member at the practice.  

Sending information overseas 

As part of maintaining your records, the practice may use off-site electronic data storage providers,  professional indemnity insurers, marketing agencies or other third-party service entities. These  providers may be located offshore.  

Where practicable, we will inform you about where your information is sent; however, at all times  the practice will take reasonable steps to ensure compliance with the Australian Privacy Principles in  relation to any off-shore transfer of your information.  

Non-disclosure of information 

Although we respect your right to privacy, if you choose not to provide us with information  relevant to your care, we may not be able to provide a service to you or the service we are asked to  provide may not be appropriate for your needs.  

Importantly, you could suffer some harm or other adverse outcome if you do not provide  information relevant to your care.  

Complaints 

We take your privacy seriously. If you suspect there has been or may have been a breach of your  privacy, you can complain directly to the practice Privacy Officer.  

In the event of a privacy breach, the practice will comply with applicable guides or guidelines issued  by the Office of the Australian Information Commissioner for the handling of privacy breaches.  

For more information about Privacy laws, or to raise concerns about any matter not satisfactorily  resolved with the practice you can contact the Office of the Australian Information Commissioner  (www.oaic.gov.au or ph: 1300 363 992). 

Privacy and general complaints about your care can also be directed to the Health Complaints  Commissioner, hcc.vic.gov.au or ph: 1300 582 113.

  Enquiries 

For further information about the practice’s management of privacy, please contact our Privacy  Officer or Practice Manager on (03) 9466 7843. 

This policy should be reviewed annually and any changes to policy and actions required to be  documented and signed.