At PC Physio we aim to ensure confidentiality and safety of all personal health information collected with regards to our clients and patients. PC Physio ensures all of their Physiotherapists abide by the Australian Physiotherapy Code of Conduct.
Scope of this Policy
This policy addresses the management of ‘personal health information’ in the clinical practice.
The following areas are covered within the practice policy:
Third Party Access
Information Safety and Personal Access
Privacy and Sensitive Information
Personal health information is defined as information which concerns a patient’s health, medical history or past or present health care; and which is in a form that enables or could enable the patient to be identified. ˆ
PC Physio may collect, use, store and transfer different kinds of personal data about you. This may include, but is not limited to: names, addresses, date of birth, email, occupation, transaction details etc. This may be acquired in various ways such as within consultations, questionnaires and/or surveys, correspondence, via telephone and facsimile, email, our website – www.pcphysio.com.au when making an enquiry or appointment request.
We may also collect personal information from third parties, such as:
Third party government agencies (like the Department of Veteran Affairs and Medicare)
Private health insurers
Solicitors, lawyers and worker’s compensation companies; and
Medical professionals (such as general practitioners, allied health professionals, specialists etc)
We collect Personal Information for the purpose of providing our services to you, and to enable the provision of information to you regarding your health and practice updates. To be on our mailing/marketing list you need to “opt – in” to receive ongoing communications from us and you can “opt out” at any time by emailing email@example.com. PC Physio may use your email address, mailing address and phone number to contact you regarding administrative notices, publications, and communications. If you do not wish to receive these communications, you have the ability to opt out by notifying us via phone or email.
When we collect Personal Information we will, where appropriate and possible, explain to you why we are collecting the information and how we plan to use it.
PC Physio adheres to the principles set out in data protection legislation when handling personal data. These principles require personal data to be:
• Processed lawfully, fairly and in a transparent manner
• Collected only for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
• Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed
• Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage
• Not transferred to another country without appropriate safeguards being in place
• Made available to data subjects and allow data subjects to exercise certain rights in relation to their personal data
Our practice policy is consistent with the national Principles outlined within the Federal Privacy Act 1988 as amended and with AVT, Victoria and proposed NSW health Privacy Legislation.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
While the policy focuses on the management of the patient’s medical record, it also relates to information recorded, for example, in billing and accounting records, pathology and radiology results, medical certificates and letters to and from hospitals and other doctors.
Access to accurate and up-to-date information about the patient by a new treating practitioner is integral to the practitioner providing high quality health care. If a patient transfers away from the practice to another practitioner, and the patient requests that the health record is transferred, the existing practitioner will provide a copy of the record. This may incur a reasonable administration charge.
Third Party Access
PC physio will under no circumstances sell, trade or rent any personal information that you supply to any third party.
Your personal information may be disclosed in a number of circumstances including the following:
Third parties where you consent to the or disclosure;
Where required or authorised by the law
We take appropriate security measures to keep your personal information protected, managed confidentially and securely and destroyed appropriately when no longer required. We will monitor and implement appropriate technical advances or management processes to safeguard personal information.
A confidentiality agreement is entered into by all employees, contractors and agents at the time of their employment or engagement with us protecting the privacy of individuals. Where we outsource our services, we take reasonable steps in these circumstances to ensure that third parties have obligations under their contracts with PC Physio to comply with all laws relating to the privacy (including security) and confidentiality of your personal information.
We view unauthorised disclosure of your personal information as a serious breach of misconduct by our employees, contractors and agents. If the disclosure of personal information is breached disciplinary or legal action will be taken.
We endeavour to keep your information relevant, accurate, complete and up to date. When you arrive for an appointment the receptionist at your clinic may request confirmation that your details have not changed. If you require your personal information to be updated, please contact your clinic.
Patients and clients can request to have copies of their personal information, clinical notes, images and reports sent to them or a third party by contacting our practice to obtain a Release of Personal Information Consent Form. Your personal information will not be released unless a consent form has been signed, received and processed. We will only disclose personal information in accordance with the Privacy Act. This means that personal information may be disclosed:
For the purposes and uses for which we have advised that we are collecting it, and for related purposes that you would reasonably expect
Where we have the consent by you to do so
As required by law, or
Under other circumstances where permitted under the Act.
We do not disclose or store your personal information to recipients located overseas.
Complaints, Feedback and NDIS
If you wish to make a complaint about how we have handled your personal information, you can communicate your concerns in writing on the contact details provided on the website, or via email to firstname.lastname@example.org. PC physio has a formal complaints policy which can be attained upon request through the aforementioned channels.
If you are not satisfied with the response you may lodge a privacy complaint with the Office of the Australian Information Commissioner, or if relevant as an NDIS client by visiting the commission website www.ndiscommission.gov.au, calling 1800 800 110, or visit one of their offices.