Australian Privacy Principless (app) Policy
Part A – Purpose and Context
1.0 Banyo Clinic is committed to ensuring the privacy and confidentiality of all personal information affiliated with Banyo Clinic’s business undertakings.
1.1 Banyo Clinic follows the terms and conditions of privacy and confidentiality in accordance to the Australian Privacy Principles (APPs) as per schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), forming part of the Privacy Act 1988 (‘the Act’).
1.3 The point of contact regarding any queries regarding this policy is the Practice manager, at firstname.lastname@example.org.
Part B – Australian Privacy Principles
2.0 As a private sector health service provider and under permitted health situations, Banyo Clinic is required to comply with the APPs as prescribed under the Act.
2.1 The APPs regulate how Banyo Clinic may collect, use, disclose and store personal information and how individuals, including Banyo Clinic’s patients may:
- address breaches of the APPs by Banyo Clinic;
- access their own personal information; and,
- correct their own personal information.
2.2 In order to provide patients with adequate health care services, Banyo Clinic will need to collect and use personal information. It is important to be aware that if the patient provides incomplete or inaccurate information or the patient withholds personal health information Banyo Clinic may not be able to provide the patient with the services they are requesting.
- “personal information” as defined by the Privacy Act 1988 (Cth). Meaning
“information or an opinion including information or an opinion forming part of a database, whether true or not, and whether recorded in a material format or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”; and,
- “health information” as defined by the Privacy Act 1988 (Cth). This is a particular subset of “personal information” and means:
(a) Information or opinion about the health or disability (at any time i.e. past, present or future) of an individual that can be classified as personal information;
(b) Information or opinion about an individual’s expressed wishes about the future provision of health services that can be classified as personal information;
(c) Information or opinion about health service provided, or to be provided, to an individual, that can be classified as personal information;
(d) Other personal information collected to provide, or in providing, a health service;
(e) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(f) Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
2.3.1 Personal information also includes ‘sensitive information’ which is information including, but not limited to a patient’s:
- political opinions;
- sexual preferences; and or,
- health information.
2.3.2 Information deemed ‘sensitive information’ attracts a higher privacy standard under the Act and is subject to additional mechanisms for the patient’s protection.
Part C – Types of personal information
3.0 Banyo Clinic collects information from each individual patient that is necessary to provide the patient with adequate health care services.
3.1 This may include collecting information about a patient’s health history, family history, ethnic background or current lifestyle to assist the health care team in diagnosing and treating a patient’s condition.
Part D – collection & Retention
4.0 This information will in most circumstances be collected directly from the patient through but not limited to the following mediums:
(g) Health Care Service patient consent form;
(h) medical treatment form; and or,
(i) face to face consultation.
4.1 In other instances, Banyo Clinicmay need to collect personal information about a patient from a third party source. This may include:
- relatives; or,
- other health service providers.
4.2 This will only be conducted if the patient has provided consent for Banyo Clinicto collect his/her information from a third party source; or, where it is not reasonable or practical for Banyo Clinicto collect this information directly from the patient. This may include where:
- the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment.
4.3 Banyo Clinic endeavours to store and retain a patient’s personal & health information in [hard copy on site, transferred electronically onto a domestic server etc].
Part E – Purpose of collection, Use & Disclosure
5.0 Banyo Clinic only uses a patient’s personal information for the purpose(s) they have provided the information for unless one of the following applies:
- the patient has consented for Banyo Clinic to use his/her information for an alternative or additional purpose;
- the disclosure of the patient’s information by Banyo Clinic is reasonably necessary for the enforcement of criminal law or a law imposing a penalty or sanction, or for the protection of public revenue;
- the disclosure of the patient’s information by Banyo Clinic will prevent or lessen a serious and imminent threat to somebody’s life or health; or,
- Banyo Clinic is required or authorised by law to disclose the patient’s information for another purpose.
- Health Professionals to provide treatment
During the patient’s treatment at Banyo Cliniche/she may be referred to alternative medical treatment/services (i.e. pathology or radiology) where Banyo Clinic’s staff may consult with senior medical experts when determining a patient’s diagnosis or treatment.
Banyo Clinic’s staff may also refer the patient to other health service providers for further treatment during and following the patient’s admission. These services include, but are not limited to:
- Allied health services
- Specialist services
- Outpatient or community health services.
These health professionals will be designated health service providers appointed to use the patient’s health information as part of the process of providing treatment. Please note that this process will be conducted whilst maintaining the confidentiality and privacy of the patient’s personal information.
Alternative Health services
At any point a patient wishes to be treated by an alternative medical practitioner or health care service that requires access to his/her personal/health information Banyo Clinicrequires written authorisation. This written authorisation is to state that the patient will be utilising alternative health services and that these health services have consented for a transfer of personal/health information.
Other Third Parties
Banyo Clinicmay provide the patient’s personal information regarding a patient’s treatment or condition to additional third parties. These third parties may include:
- other relatives;
- close personal friends;
- guardians; or,
- a person exercising a patient’s power of attorney under an enduring power of attorney.
Where information is relevant or reasonable to be provided to third parties, written consent from the patient is required.
Additionally, the patient may at any time wish to disclose that no third parties as stated are to access or be informed about his/her personal information or circumstances.
Other Uses of Personal Information
In order to provide the best possible environment to treat patients, Banyo Clinicmay also use personal/health information where necessary for:
- activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
- invoicing, billing and account management;
- to liaise with a patient’s health fund, Medicare or the Department of Veteran’s Affairs, as necessary; and,
- the purpose of complying with any applicable laws – i.e. in response to a subpoena or compulsory reporting to State or Federal authorities.
5.1 If at any point or for any of the aforementioned reasons Banyo Clinic uses or discloses personal/ health information in accordance with the APPs, Banyo Clinic will provide written notice for the patient’s consent for the use and/or disclosure.
Part F – Access and changes to personal information
6.0 If an individual patient reasonably requests access to their personal information for the purposes of changing the information he/she must engage with the relevant practice manager.
6.1 The point of contact for patient access to personal information is:
[07 3267 5088]
[Monday to Friday]
6.2 Once an individual patient requests access to his/her personal information Banyo Clinic will respond within a reasonable period of time to provide the information.
6.3 All personal information will be updated in accordance to any changes to a patient’s personal circumstances brought to Banyo Clinic’s attention. All changes to personal information will be subject to patient’s consent and acknowledgement.
Part G – Complaints handling
7.0 How an individual patient may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint.
Part H – Personal Information and overseas recipients
8.0 Use of Overseas Parties:
(a) Banyo Clinic does not engage with any overseas entities, with which personal or health information would be transferred, appointed or disclosed.
Part I – Disposal of personal/health information
9.0 If Banyo Clinic receives any unsolicited personal information that is not deemed appropriate for the permitted health situation, Banyo Clinic will reasonably de-identify and dispose of the information accordingly.
9.1 If Banyo Clinic holds any personal or health information that is no longer deemed relevant or appropriate for the permitted health situation, Banyo Clinic will reasonably de-identify and dispose of the information accordingly.
Part J – Access to policy
[Hard Copies provided upon request]
Part K – Review of Policy
11.1 Banyo Clinic in accordance with any legislative change will review the terms and conditions of this policy to ensure all content is both accurate and up to date.
11.2 Notification of any additional review(s) or alteration(s) to this policy will be provided to patients and staff within 1 months notice.
PART L – HOW BANYO CLINIC HANDLES YOUR PERSONAL INFORMATION WHEN YOU VISIT OUR WEBSITE
When you use our website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your personal information if you choose to provide this to us via an online form or by email, for example, if you:
- submit a general enquiry via our contacts page;
- register to receive share market reports; or
- send a written complaint or enquiry to our Privacy Officer.
When you use our website, our Internet Service Provider (ISP) will record and log for statistical purposes the following information about your visit:
- your computer address;
- your top level name (for example, .com,.gov, .org, .au etc);
- the date and time of your visit;
- the pages and documents you access during your visit; and
- the browser you are using.
Our web-site management agent may use statistical data collected by our ISP to evaluate the effectiveness of our web-site.
We are, however, obliged to allow law enforcement agencies and other government agencies with relevant legal authority to inspect our ISP logs, if an investigation being conducted warrants such inspection.
A “cookie” is a device that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
This website uses temporary cookies. This means that upon closing your browser, the temporary cookie assigned to you will be destroyed and no personal information is maintained which will identify you at a later date.
Personal information such as your email address is not collected unless you provide it to us. We do not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. You can configure your browser to accept or reject all cookies and to notify you when a cookie is used. We suggest that you refer to your browser instructions or help screens to learn more about these functions. However, please note that if you configure your browser so as not to receive any cookies, a certain level of functionality of the Ramay website and other websites may be lost.
11.3 Links to third party websites
We may create links to third party websites. We are not responsible for the content or privacy practices employed by websites that are linked from our website.
11.4 Use and disclosure
We will only use personal information collected via our website for the purposes for which you have given us this information.
We will not use or disclose your personal information to other organisations or any one else unless:
- you have consented for us to use or disclose your personal information for this purpose;
- you would reasonably expect or we have told you that your information is usually used or disclosed to other organisations or persons in this way;
- the use or disclosure is required or authorised by law;
- the use or disclosure will prevent or lessen a serious or imminent threat to somebody’s life or health; or
- the disclosure is reasonably necessary for law enforcement functions or for the protection of public revenue.
If we receive your email address because you sent us an email message, the email will only be used or disclosed for the purpose for which you have provided and we will not add your email address to an emailing list or disclose this to anyone else unless you provide us with consent for this purpose.
11.5 Data quality
If we collect your personal information from our website, we will maintain and update your information as necessary or when you advise us that your personal information has changed.
11.6 Data Security
Banyo Clinic is committed to protecting the security of your personal information. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. We will take all reasonable steps to prevent your information from loss, misuse or alteration.
If you choose to complete our online forms or lodge enquiries via our website, we will ensure that your contact details are stored on password protected databases.
Staff members associated with website maintenance have access to our website’s backend system. This is password protected. Our website service is also password protected.
11.7 Access and correction
If you wish to obtain information about how to access or correct your personal information collected via our website, please contact Vikki Ward, Practice Manager on 07 3267 5088 or email@example.com.