Current as of: 12/10/2022

Our privacy policy is revised on a regular basis in line with the Office of the Australian Information Commissioner (OAIC) legislation.

Introduction

SPSIC is committed to ensuring your personal information is professionally managed in accordance with all Australian Privacy Principles (APPs). This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our practice staff to access and use your personal information so they can provide you with the best possible heathcare. Only staff that need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

What personal information collect and why

SPSIC collects your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits, and business process (e.g. staff training).

The personal information we collect about you includes your:

· Names, date of birth, address, contact details

· Information about your health condition, medical history, medications, allergies, adverse events, social and family history, risk factors, and treatment you may have already received

· Medicare, DVA, NDIS, WorkCover or CTP numbers (where available) for identification and claiming purposes

· Private health fund details

Only practice staff that need to see your personal information will have access to it. All practice staff have signed a Confidentiality Agreement.

How we collect your personal information

Our practice will collect your information in several different ways.

· Directly and in person, over the phone, by email, SMS, through our website or by completing our online forms. We may also collect your personal information when you communicate with us using social media.

· When you make your first appointment, our practice staff will collect your personal and demographic information via your registration.

· During the course of providing medical services, we may collect further personal information

· If it is not possible to collect it from you directly, we may also collect this information from:

· Your guardian or responsible person

· Other involved healthcare providers such as specialists, doctors, allied health professionals, hospitals, community health services and pathology and diagnostic services

· Your private health fund, Medicare, CTP, WorkCover, NDIS or DVA (as necessary)

Who we share your personal information with and when

We sometimes share your personal information:

· with other healthcare providers

· when it is a statutory requirement to lawfully share certain personal information, such as mandatory notification of certain diseases

· Court subpoenas required or authorised by law 

· with third parties who work with our practice for business purpose (such as accreditation agencies or IT providers – these third parties are required to comply with APPs and this policy)

· when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety of public health or safety, or it is impractical to obtain the patient’s consent

· to assist in locating a missing person

· to establish, exercise or defend an equitable claim

· for the purpose of confidential dispute resolution process

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

SPSIC will not use your personal information for marketing any of our goods of services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

SPSIC use the Cliniko Allied Health Practice Management Software, which means that your information may be processed in the US, UK, EU, and Australia, but are stored in solely within Australia. Outside of this, we will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

How we store and protect your personal information

Your personal information may be store at our practice as paper records, electronic records, visual records (MRIs, CT scans, X-rays, ultrasounds, videos and photos) and audio recordings.

Our practice stores all personal information securely, and has strict protocols and policies to ensure your personal information is protected from misuse, loss, interference or unauthorised access:

- Regarding information in electronic format:

- Our primary method of storing information is in electronic format using the Cliniko Allied Health Practice Management Software. 

- This software is cloud-based, password-protected, and uses end-to-end encryption. For more information regarding the security of this software please refer to https://www.cliniko.com/security 

- Another method we store your information in electronic format is on our work devices, which are all password protected.

- Occasionally we may record electronic information (visual/audio) on external non-work devices, but only after obtaining explicit consent from you.

- Some limited personal information such as email and year of birth may be kept on our health care exercise app Physitrack. This software is cloud-based, password-protected, and uses end-to-end encryption. For more information regarding the security of this software please refer to https://www.physitrack.com.au/information-security

- Regarding hard copy records and information:

- We encourage clients to take hard copy records and information they bring in home with them as we discourage our staff to keep hard copy records and information.

- In the case of clients leaving documents behind, we will contact the client to pick the hard copies up within 14 days.  

- Our protocol involves making electronic copies before shredding the information or returning it to the client (in the case of scans, referrals, etc.).

- We do not store hard copy/information onsite for longer than 14 days after first receiving them, unless explicitly told to hold onto the hard copies by the client.  

- As we moved to electronic records in 2018, we still have hard copy documents which are stored in locked cages offsite.

All staff and contractors must sign confidentiality agreements prior to commencing work with and for our practice. 

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges patients may request access to their medical records. If you wish to access or correct personal information we request that you put it in writing and contact the Practice Manager (Sarah Edwards : reception@seaforthphysio.com). Your request for access and/or correction will be processed within 30 days. 

 While we do not charge an application or processing fee, you may be charged administration, photocopying or other fees to reasonably cover our costs in fulfilling your request. 

Our practice will take reasonable steps to correct your personal information where the information is not accurate or current. From time to time, we will ask you to verify that your information held by our practice is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Manager (Sarah Edwards : reception@seaforthphysio.com). 

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to the Practice Manager (Sarah Edwards: reception@seaforthphysio.com). We will then attempt to investigate the issue and will notify you in writing of the outcome within 30 days form the receipt date of original written complaint.

If you are not satisfied with our response, you can contact us directly to discuss your further concerns, or lodge a complaint with OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.  

Privacy and our website

As aforementioned, we may collect your information through online mediums (website, emails, social media interactions). We collect and store this information solely for business related purposes, and do not actively use cookies or other software to gather information so that we may pass it on to other third parties. 

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required or authorized by law to only deal with identified individuals.

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. We will notify our patients of these changes via our website and our handout hard copy Privacy Policy available at our practice premises.