Clarendon Medical Privacy Policy

Introduction

This privacy policy is to provide you, our patient, with clear information on how your personal information is collected and used within the practice. Occasionally we also need to share your personal information to involve others in your healthcare and this policy outlines when, how, and why we share your information.

Why and when your consent is necessary

When you register as a patient of this practice, you provide consent for the GPs and practice staff to access and use your personal information to facilitate the delivery of healthcare. Access to your personal information is restricted to practice team members who require it for your care. If we ever use your personal information for purposes other than healthcare provision, we will obtain additional consent from you.

It is important to us that as our patient, you understand why we collect and use your personal information.

Why do we collect, use, hold and share your personal information?

The practice collects, uses, stores, and shares your personal information primarily to manage your health safely and effectively. This includes providing healthcare services, managing medical records, and ensuring accurate billing and payments. Additionally, we may utilise your information for internal quality and safety improvement processes such as practice audits, accreditation purposes, and staff training to maintain high-quality service standards.

What personal information do we collect?

The information we will collect about you includes your:

names, date of birth, addresses, contact details

medical information including medical history, medications, allergies, adverse events, immunisations,
social history, family history and risk factors

Medicare number (where available) for identification and claiming purposes

healthcare identifiers

health fund details.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

  1. When you make your first appointment our practice staff will collect your personal
    and demographic information via your registration.
  2. During the course of providing medical services, we may collect further personal information,
    including:
  3. Electronic transfer of prescriptions (eTP),
    ­ – My Health Record
  4. MyMedicare Registration
    ­ – Shared Health and Event Summary
  5. Transfer of Data to National Health Registers, such as the Australian Immunisation Register,
    Cancer Screening Register
  6. We may also collect your personal information when you visit our website, send us an email or
    SMS, telephone us, make an online appointment or communicate with us using social media.
  7. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
    ­ – your guardian or responsible person
    ­ – other involved healthcare providers, such as specialists, allied health professionals,
    hospitals, community health services and pathology and diagnostic imaging services
    ­ – your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
  8. Various types of images may be collected and used, including:
    ­ – CCTV footage: Collected from our premises for security and safety purpose.
    ­ – Photos and medical images: These can be taken using personal devices for medical purposes,
    following the guidelines outlined below on using personal devices for medical images:

    General Guidelines:
    ­ – Clinical photos must only be taken when necessary for patient care and with informed patient consent.
    ­ – Clinicians must comply with relevant privacy laws and practice policies regarding photo
    collection, storage, and transmission.

    Consent:
    ­ – Verbal and/or written consent must be obtained before taking any clinical photo.
    ­ – Patients must be informed of how the photo will be used, stored, and shared.
    ­ – Consent should be documented in the patient’s medical record.

    Storage & Security:
    ­ – Clinical photos must be immediately transferred to the patient’s medical record.
    ­ – Photos must be deleted from personal devices once transferred.
    ­ Devices should have strong security settings (e.g., password protection, encryption).
    ­ Cloud storage and automated backups must be disabled for clinical images.

   Sharing and Transmission:
­    – Photos must only be shared with authorised healthcare professionals for patient care.
­    – Secure methods (e.g., encrypted messaging or dedicated clinical systems) should be used for
transmission.
­    – Clinical photos must never be shared on social media or personal messaging apps.
­    – Photos must only be shared with authorised healthcare professionals for patient care.

             Compliance:
             – ­ Secure methods (e.g., encrypted messaging or dedicated clinical systems) should be used for transmission.
­             –  Clinical photos must never be shared on social media or personal messaging apps.

When, why and with whom do we share your personal information?

We sometimes share your personal information:

with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy

with other healthcare providers

when it is required or authorised by law (eg court subpoenas)

when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

to assist in locating a missing person

to establish, exercise or defend an equitable claim

for the purpose of confidential dispute resolution process

when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)

during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).

With national health databases. (For example, the Australian Immunisation Register, National Cancer Screening Register)

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances)

Will your information be used for marketing purposes?

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. You can let our reception staff know if you do not want your information included.

How is your information used to improve services?

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

We may provide de-identified data to other organisations (SEMPHN via Polar GP) to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. You can let our reception staff know if you do not want your information included.

How are document automation technologies used?

Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare.

The practice uses document automation technologies to create documents such as referrals, which are sent to other healthcare providers. These documents contain only your relevant medical information.

These document automation technologies are used through our secure medical software program, Helix.

All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the practice team.

The practice complies with the Australian privacy legislation and APPs to protect your information.

All data, both electronic and paper are stored and managed in accordance with the Royal Australian College of General Practitioners Privacy and managing health information guidance.

How are Artificial Intelligence (AI) Scribes used?

Clarendon Medical does not currently subscribe to use of any AI scribe tools.

How do we store and protect your personal information?

Your personal information may be electronically stored at our practice in various forms including patient records, and medical, specialist and insurance correspondence.

Paper records and hard copies of radiography are not stored at this practice.

Our practice stores all personal information securely we take several measures to securely store and protect personal information, especially when it comes to Protected Health Information (PHI), including:

  1. Data Encryption: Data encryption is a crucial practice for protecting confidential health information as required by the Privacy Act of 1988 when transmitting PHI over open networks.
  2. Physical Safeguards: These include using encrypted storage devices, restricting physical access to authorized personnel only, preserving copies and conducting data backups, maintaining emergency protocols, and properly disposing outdated devices.
  3. Technical Safeguards: These encompass the technology and the policies and procedures for its use that protect electronic PHI (ePHI) and control access to itThis includes firewalls and secure transmission modes for communication.
  4. Administrative Safeguards: These are actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic PHI. This includes training and procedures for employees, whether or not they have direct access to PHI.
  5. Staff Education: Staff are educated about the importance of protecting PHI and the best practices to do so.
  6. Different Levels of Access: Develop different levels of access to PHI based on the role and necessity of the staff member.
  7. Never Share Passwords: Passwords should never be shared among staff members. Two factor identification is used when accessing PHI

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within 30 days. There is no cost for this service.  

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to reception@clarendonmedical.com.au or speak with our receptionists.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure.

You should put any complaint you have in writing and give as much detail as you can about the nature of your complaint or concern. The Director will manage the investigation of your complaint or concern and communicate with relevant parties. Clarendon Medical will respond to you in writing within a reasonable period, which generally means within 30 days of receiving your complaint.

If you are not satisfied, you can contact the Health Complaints Commissioner (HCC) www.hcc.vic.gov.au or 1300 582 113 or you may also contact the Office of the Australian Information Commissioner (OAIC). For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992. Generally, the HCC and the OAIC will require you to give them time to respond before they will investigate.

Privacy and our website

We do not collect or store any personal information via the Clarendon Medical website. We do not interact with our patients digitally.

Clarendon Medical Contact Details

For all privacy related inquiries and complaints for for access and information requests, please contact the Director on the following details:

Address:            446 Clarendon Street South Melbourne 3205

Telephone:        03 9960 2800

Email:                 reception@clarendonmedical.com.au

Policy review statement

Clarendon Medical will amend this policy from time to time to reflect changes to our practices and procedures, systems or obligations. Any amendments to this policy will be notified by posting an amended version on our website, and the changes will take effect at that time.

Linkedin