PRIVACY POLICY

Purpose

The purpose of our Privacy Policy is to ensure that our patients feel comfortable sharing personal and sensitive information with our health practitioners. 

Our Policy will explain to the patient how we collect and use this information within the practice and also if and when we have a need to share this information with people outside of our practice, for example if you need a referral to a specialist. In this Policy we, us or our means The Waiting Room (TWR) Co. ABN: 97 219 442 096.

At The Waiting Room (TWR) Co. we:

  1. Create and link high quality information about various aspects of health; and

  2. Facilitate confidential consultations between our customers and:

  3. Are Registered Australian health practitioners, including medical practitioners, nurses and other Australian registered health providers, such as pharmacists.

Background and Rationale

As a Health Practice we have guidelines which we must follow, The Australian Privacy Principles, referred to as APPs throughout the remainder of this document.

These principles are put in place to ensure patient privacy is protected at all times throughout the various stages of our practitioners consultations, when referring you for further tests and/or consultations with specialists and submitting an invoice to Medicare for payment (bulk billing).

The guidelines apply not only to consultations but are equally important in relation to paper documents that are digitally sent to specialists, blood collection agencies and when sending a prescription to a pharmacy.

The policy will be used as a guide for all practice staff to ensure we meet these legal obligations.

Practice Procedure

The Practice will:

  • Have a copy of this policy readily available to hand out upon request from a patient

  • Provide training to all staff in the requirements of the policy to enable staff to deal appropriately and efficiently with any enquiries and concerns raised.

Staff Responsibility

The Practice's staff will take reasonable steps to ensure patients understand:

  • What information is required and what it is used for

  • Why information is required for legal purposes

  • How the information will be used or disclosed

  • Why and when their consent is necessary

  • Why it is important for us to check personal information and details regularly

  • Who has access to information stored at the practice

Patient Consent

When consent is requested, the patient will be made aware of the reason and assured that the information will only be used for the purpose the consent was requested for.

Collection and Storage of Information 

The Practice will need to collect personal information for example:

  • Name, address, date of birth and contact details

  • Medicare number, where available, for identification and claiming payment from Medicare

  • Health Care Card or Pension Card details

  • Copy of photo ID (i.e., Driver’s license/student card)

  • DVA card details

  • Healthcare identifiers

  • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

  • Any credit card information will be managed by Stripe, and be subject to their privacy policy, which can be found here

A patient's personal information may be held at the Practice in various forms:

  • Paper records

  • Electronic records, My Health Record (MHR)

  • Visual — x-rays, CT scans and photos

  • Online quiz results

We may also collect your personal information:

  1. From our Partners who assist us in providing goods and services to you, including where a Practitioner holds an online consultation with you, where you undergo a test through a Provider or where a Partner communicates with you regarding the provision of a good or service;

  2. From publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners;

  3. From government sources, such as Medicare, the My Health Record system, the electronic transfer of prescriptions service or any other government authority or database relevant to the provision of a service to you (Government Sources); and

  4. From any other people or entities involved in assisting us with providing our services to you.

If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding your information, how we will use and disclose it, and that you may contact us to gain access to and correct or update the information.

Our client management software is Best Practice and therefore any information entered and collected within this system, the Best Practice privacy policy applies. Please familiarise yourself with it here: https://bpsoftware.net/privacy-policy/

The Practice's procedure for collecting/updating personal information is set out below.

  • Practice staff will ask the patient for their name, address, date of birth and contact telephone numbers when they attend their first appointment. If calling by phone to make a future appointment, these details will be confirmed.  This is to ensure that the correct patient record is being added to the appointment sheet (there are often more than one patient with the same name). 

  • During consultations with the practitioners they will collect further information in relation, for example, to any medication you are taking and your previous medical history. 

  • Personal information may also be collected from the patient's carer, guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists

  • Updating your personal information e.g., address, phone numbers etc. is as easy as advising your practitioner during an appointment, or alternatively it can be supplied in writing via email, info@twrmentalhealthservices.com

The Practice stores all personal information securely in electronic format. The Practice takes steps to ensure all stored information is retained in a secure environment that is only accessible to doctors, practitioners and staff of the practice. The use of a personal log on and password and timed screen savers are just some of the measures we have in place. The practice has strict backup procedures in place that ensure the security of patient data at all times.

Use and Disclosure of Information

Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to by the patient. Sometimes it is necessary to share this information with third parties, for example if a patient asks us to electronically send prescriptions to a pharmacy on their behalf. These third parties are required to comply with this policy and the Australian Privacy Principles. The practitioner will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).

The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. De-identified data may be used for quality improvement and may be shared for population statistics and aggregate analysis. The Practice will not disclose personal information to anyone outside Australia without need (i.e., in case of overseas medical emergencies) and without patient consent.

Exceptions to disclose without patient consent are where the information is:

  • Required by law

  • Necessary to lessen or prevent a serious threat to a patient's life, health or safety or public health or safety, or it is impractical to obtain the patient's consent

  • To assist in locating a missing person

  • To establish, exercise or defend an equitable claim

  • For the purpose of a confidential dispute resolution process.

The practice collects patient mobile phone details and may communicate with a patient using text messages (SMS). This communication will be in the form of reminders for appointments or recalls in the interest of the patients’ health. A practitioner will explain this to the patient when collecting mobile numbers.

The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.

The Practice participates in the electronic transfer of prescriptions via a secure messaging system and in the transfer of patient information via the MHR (My Health Record). The MHR transfers may be either uploaded or downloaded and are directed by the patient advising what information can or cannot be transferred. Both of these services benefit the patient by allowing the practice to directly send prescriptions to their participating pharmacy and to send/receive patient information from other parties (i.e., the transfer of patient medication list to the Accident and Emergency department within a hospital). The Practice has procedures in place to ensure any patient data sent electronically via these methods is encrypted and unable to be accessed by anyone other than the intended recipient.

A patient has a right to seek access or correction of their personal information contained in an MHR (My Health Record).

Access, Corrections, and Privacy Concerns

Access to Personal Information

The Practice acknowledges that patients have a right to:

  • Seek access or correction of their personal information in their MHR (My Health Record)

  • Request access to their medical records. Patients are encouraged to make this request in writing, and the Practice will respond within a reasonable time – usually no more than 30 days.

  • Any requests in writing should be sent by email to: info@twrhealth.com.au

Corrections to Personal Information

If you feel that information within your file may need updating please speak with your practitioner.  The Practice will take the necessary steps to correct personal information where it is satisfied that they are not accurate or up to date.

Complaints

The Practice takes complaints and concerns about the privacy of patients' personal information very seriously.

Patients have a ‘right to complain’ and where possible patients and others are encouraged to raise any concerns directly with the practice team, who are trained to make sure that patients of the practice feel confident that any feedback or complaint made will be handled appropriately and within a timely manner.

Any actions required to minimise the circumstances from happening again are documented and signed off on completion.  Staff training will be provided if required.

Examples of complaints or concerns may include breaches of privacy.

If the matter cannot be resolved the patient may wish to contact the Health Complaints Commissioner on 02 9219 7444 or The Office of the Australian Information Commissioner on 1300 363 992

Links to other websites

Our site may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our site. We recommend you check our site regularly to ensure you are aware of our current Privacy Policy.