Privacy Policy

Aged Care GP
Phone: 03 9338 5657
Email: reception@agedcaregp.com
Post: 189 South Centre Road, Tullamarine 3043


1. Introduction

Aged Care GP is a medical practice. We run the administrative aspects of practice management for GPs who serve aged care patients. We handle personal information to manage our practice, meet patients’ healthcare needs, and to ensure smooth and appropriate flows of information between patients, doctors, aged care facilities, Medicare, DVA, My Health Records, and other healthcare providers. 

Aged Care GP is committed to best practice in relation to the management of the personal information we handle. We have developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’) and the Health Records Act 2001 (Vic).  

In this policy, ‘we’, ‘us’, and ‘our’ shall refer to:

  •  Aged Care GP ATF The Trustee for The Aged Care Doctor Unit Trust; and

  • employed and contracted healthcare practitioners who operate under the umbrella of the practice.

This policy explains:

  • the kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;

  • how we collect and hold personal information;

  • the purposes for which we collect, hold, use and disclose personal information;

  • how you may access your personal information and seek the correction of that information;

  • how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint; and

  • how we share information with overseas service providers who assist us with information technology and administrative tasks.

If you have any queries, concerns or feedback regarding our Privacy Policy, please do not hesitate to contact us using the details set out at the beginning of this document. 

There are further details about privacy at our website at the end of this policy.

2. What kinds of personal information do we collect?

The type of information we may collect and hold includes:

  • your name, address, date of birth, email and contact details;

  • Medicare number, DVA number, IHI number for My Health Records and other government identifiers; and

  • other health information about you, including:

    • notes of your symptoms or diagnosis and the treatment given to you;

    • notes of your preferences (or the preferences communicated by next of kin responsible for your care) regarding medical treatment;

    • your specialist reports and test results;

    • your appointment and billing details;

    • your prescriptions and other pharmaceutical purchases;

    • your genetic information;

    • your healthcare identifier; and

    • any other information about your race, sexuality or religion, when collected by a health service provider.

3. How do we collect and hold personal information?

General

We collect patients’ personal information in various ways:

  • from patient registration forms where you enter your details;

  • from aged care facilities arranging appointments with our practitioners;

  • from you directly when you provide details to doctors during appointments;

  • from doctors and administrative staff entering data into our databases including via:

    • medical practice administration software;

    • appointment management software;

  • from drug charts created and maintained by doctors and other care providers; and

  • from other organisations involved in the provision or administration of your healthcare, including: 

    • other members of your treating team;

    • diagnostic centres;

    • specialists;

    • hospitals;

    • the My Health Record system;

    • electronic prescription services;

    • Medicare;

    • your health insurer;

    • the Pharmaceutical Benefits Scheme; and

    • the Department of Veterans Affairs.

Transfer of patients from other practices

The practice came into being through a merger of two practices: Aged Care GP and the aged care division of Lifelong Healthcare. Establishing the practice involved the transfer of all databases – including medical records and appointment bookings - from those two practices.

Website

Our website may collect information about website visitors including: webpage views, IP address, referring web site addresses, location, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics.

We also use cookies to allow us to customise our website to the needs of our users. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. However, cookies may be necessary to provide you with some features of our website.

4. Why do we collect, hold, use and disclose personal information?

We collect, hold, use and disclose your personal information for the following purposes:

  • to provide health services to you;

  • to manage the administration of healthcare services including record management, appointment management, account management, billing, arrangements with health funds, pursuing unpaid accounts, and management of our ITC systems;

  • to ensure smooth and appropriate flows of information between patients, doctors, aged care facilities, Medicare, DVA, My Health Records, and other healthcare providers;

  • to communicate with you and those responsible for your care in relation to the health service being provided to you;

  • to comply with our legal obligations, and help healthcare practitioners comply with their legal obligations, including, but not limited to, mandatory notification of communicable diseases, or mandatory reporting under applicable child protection legislation; 

  • for consultations with other doctors and allied health professional involved in your healthcare; 

  • to obtain, analyse and discuss test results from diagnostic and pathology laboratories;

  •  for identification and insurance claiming;

  • if you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system;

  • to facilitate electronic prescriptions;

  • to monitor the use of our website and optimise it; and 

  • to liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.

We may provide your personal information, where appropriate, to designated family members involved in your care.

We use third party suppliers to assist with administration including:

  • contractors providing secretarial and administrative services; and

  • IT service providers.

Such suppliers, to the extent necessary to perform their services, may have access to your personal information.

Communications and Spam

We may contact you directly or send you communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, phone and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will use that method of communication. In addition, at any time you may opt-out of receiving communications from us by contacting us (see the details below) or by using opt-out facilities provided in the communication and we will ensure that your name is removed from our mailing list. 

We will not provide your personal information to other organisations for the purposes of such communications.

5. Overseas recipients

Some contractors providing secretarial and administrative services to us are located in the Philippines. These service providers have remote access to our patient records database via virtual machines only.

We also use a software developer based in India who may have access to personal information.

These service providers access your personal information to the extent necessary to perform their services.

We take great care to ensure these overseas recipients of your personal information comply with the Australian Privacy Principles and other privacy laws that apply to us, including through:

  • training;

  • contracts imposing strict privacy compliance obligations; and

  • implementing clear data breach response plans.

If you wish to contact these overseas recipients in relation to privacy matters, you may do so through us, using the contact details provided in this privacy policy.

6. How do we hold your personal information? 

We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. All personal information, whether stored as a hard copy or in electronic form, is protected from unauthorised access, misuse, interference, loss, modification or disclosure. Some of the steps we take to ensure the security of your personal information include: 

  • physical security over our paper records and premises, including the use of security alarms; 

  • staff training on privacy;

  • detailed internal processes and systems to protect your privacy; and

  • IT security measures including virus controls, firewalls, encryption, user identifiers and passwords to control access to computer systems, 2 factor authentication for emails, and administrative systems that allow rapid change of passwords on any devices that are lost or stolen where your information is stored.

Our website and email are linked to the internet. No data transfer over the internet is 100% secure. Accordingly, any information which you transmit to us online or via email is transmitted at your own risk. 

Subject to applicable laws, we may destroy records containing personal information when the record is no longer required. 

All patient records are stored electronically. Any incoming paper records containing patient information – such as paper drug charts - are scanned into the patient’s electronic file and the paper version is securely destroyed by shredding. 

7. How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information which we hold about you. 

You can contact us using the contact details set out at the beginning of this policy

If you make a request to access personal information that you are entitled to access, we will provide you with suitable means of accessing it. We will not charge you for making the request. In circumstances where you request that we provide a copy of your personal information to you, we may charge you a fee to cover our reasonable costs for complying with the request for access. 

There may be instances where we cannot grant you access to some of the information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others. If that is the case, we will provide you with a written explanation of those reasons. 

We will normally respond to your request within 30 days. 

8. Privacy related questions and complaints 

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles, or our handling of your personal information, please contact us using the contact details set out at the beginning of this privacy policy.

We will normally respond to complaints within 30 days. 

If you are dissatisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Fax: +61 2 9284 9666

Post: GPO Box 5218 
Sydney NSW 2001

Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

 

9. Updates to this Policy

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice's website.