Privacy Policy

Purpose

CHIR/GO is committed to ensuring the privacy and confidentiality of all personal and/or health information of our patients, staff, contractors and website visitors. We adhere to the National Privacy Principles (NPPs) and this policy is consistent with the Australian Privacy Principles within the Privacy Act 1988.

The purpose of this Privacy Policy is to outline CHIR/GO’s ongoing obligations in respect to how we manage personal and health related information and data.

Policy

This policy statement covers the following:

  • What type of information we collect

  • Why and how we collect information.

  • How we use information.

  • How we protect information.

  • Patients accessing their personal information.

  • How to manage complaints and breaches.

What type of information we collect

The type of information we collect to assist the healthcare team in diagnosing and treating patient conditions may include:

  • Personal information, e.g. name, address, date of birth, gender.

  • Health history, ethnic background or current lifestyle.

  • Occupation, employer’s details, interests, payment details, financial information.

  • Information about how and where patients were referred to us.

  • Health information including medical results, clinical and medical records.

  • Family medical history and their details.

  • Other medical service providers’ commentary, diagnosis and test results.

Why we collect personal information

We collect personal information when it is reasonably necessary to conduct the services we offer.

How we collect information

There are a few different ways CHIR/GO collects patient information. Most information is collected directly from the patient via:

  • Information from a patient registration form

  • Face to face in the clinic

  • Over the phone

  • From a direct referral from another provider

  • Through our website as a contact form

  • Over social networking websites or applications through direct messaging (ie. Facebook, Instagram, LinkedIn)

CHIR/GO may also collect personal information throughout our relationship with patients. For example, we may collect personal information:

  • When a patient pays their bill or makes an appointment

  • During a consultation

  • Completing a form or survey

CHIR/GO may collect patient data from our website viewers via the use of cookies and other digital identifiers. It’s important to know you can clear cookies or digital identifiers from your device and also disable future use of them by changing the security settings on your web browser, however, doing this might mean that parts of our website(s) or apps may not work as they should.

What we collect from others

Other people might provide CHIR/GO with personal information about our patients. This may include information obtained from:

  • An employer, parent or guardian if the patient is under 18.

  • Other companies that are able to disclose information to us, if it’s not practical to collect it from the patient, including personal information from trusted sources and professional service providers.

How we use information

CHIR/GO may use patient information within a wider group of professional service providers that may include:

  • Employees and Contractors if CHIR/GO.

  • Case Managers.

  • Medical Practitioners.

  • Allied Health Professionals.

  • Other third parties such as Medicare, DVA, private health insurers, and if necessary, Collection Agencies.

  • Other parties reasonably expected to be included in the treatment of any patient case.

When our service involves other parties, such as doctors or other allied health professionals, we will only provide them with the information they need to provide and manage their relationship with the patient.

Some of the parties CHIR/GO deals with may be located overseas. In this case, we only provide them with secure access to the personal information they need to perform their job.

Our practice maintains effective control of patient information at all times, by ensuring that parties located overseas are subject to strict controls that limit access and subsequent handling of patient information. This is done to the extent strictly necessary to perform the relevant function and protect patient information from unauthorised use and disclosure.

How we share patient information

CHIR/GO works with third parties to provide different types of support. There are times when CHIR/GO needs to share patient information to other health providers such as GPs and Specialists. These companies are subject to strict controls that protect patient information from unauthorised use or disclosure and limits their access to personal information to the extent necessary to do their job.

CHIR/GO is committed to safeguarding the information provided to us. We have in place suitable and reasonable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Legal obligations and other privacy exceptions

CHIR/GO gives access to personal information where we are permitted or obliged to do so by Australian law. For example, in some circumstances we will use or disclose personal information to react to unlawful activity, serious misconduct, or to reduce or prevent a serious threat to life, health or safety. CHIR/GO is obliged to cooperate with law enforcement bodies in some circumstances. We may disclose personal information, including information about phone calls and service use, when we receive an access request or warrant that is authorised under Australian law.

Others

CHIR/GO will only disclose personal information to others if the patient has given us permission, or if the disclosure relates to the main reason we collected the information and the patient would reasonably expect us to do so.

Marketing

We may use personal information from patients to send marketing and special offers which are targeted towards relevant interests, characteristics or location. This marketing could be distributed to patients via mail, phone, email, text, or online.

All marketing emails, texts and letters distributed by CHIR/GO will clearly identify how patients can opt out from receiving marketing promotions and advertising.

How we store and protect patient information

Patient information is stored within CHIR/GO’s database which is securely protected to ensure patient information remains confidential. Firewalls and access logging tools are put in place to protect against unauthorised access to patient data and our network. We protect patient information by ensuring:

  • Secure work environments and workflow systems that prevent unauthorised access and copying of your personal information.

  • Secure server and closed network environments.

  • Virus scanning tools.

  • Management of access privileges, to ensure that only authorised personnel can access personal information.

  • Staff are trained to access patient information only when it is necessary and will not share the information with people not directly involved in the patients care.

CHIR/GO will remain vigilant with efforts to protect patient personal information.

Patients accessing their personal information

A patient may request access to their personal information. The identity of the patient will always be confirmed prior to the provision of personal information. Under Australian Privacy Laws there are situations where we may not give access to the requested personal information. For example, information cannot be revealed if it would unreasonably affect someone else’s privacy or if it poses a serious threat to someone’s life, health or safety.

A request from a patient to access their personal information should be directed to their Provider, Receptionist or via email to helensu.chiro@gmail.com.

Generally, accessing personal information will incur no charge, unless the request is complex or resource intensive. If there is a charge, it will be reasonable and the patient will be informed of the fee beforehand.

Quality of personal information

CHIR/GO aims to keep personal patient information accurate, up-to-date and complete. If there is information which needs to be updated or changed, patients are encouraged to call 0426 176 142 or email helensu.chiro@gmail.com.

Complaints and breaches

If a patient or a staff member have a complaint about CHIR/GO’s dealings with patients’ personal information, including any breaches of any Australian Privacy Principles, or have any questions regarding this privacy statement, they are able to submit a complaint or query to helensu.chiro@gmail.com.