AIM/OUTCOME: The purpose of this Privacy Policy is to clearly communicate how Presmed Australia Facilities (PMA) handle patients’ health information. It will provide a complete understanding of the type of personal information that PMA hold and the way PMA handle that information. A condensed version of this policy is available here.
REFERS TO: All Administration Staff
All Clinical Staff
All Credentialed Medical Practitioners (CMP’s)
POLICY:
| We collect information that is necessary to provide patients with health care services. Often this includes collecting information about health history, family history, ethnic background or current lifestyle to assist the health care team in treating the patient’s condition.PMA are committed to ensuring the privacy and confidentiality of patients’ personal information. PMA must comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and Privacy Amendment Act 2012 (Cth) which govern how private sector health service providers like PMA handle patients’ personal information, including health information. |
APP1: OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
This Privacy Policy has been developed in accordance with a ‘layered policy’ format endorsed by the Office of the Federal Privacy Commissioner. This means that it offers the ability to obtain more or less detail about PMA information handling practices.
Basic information about PMA information handling practices is available in the ‘condensed‘ privacy policy, which is on display at all Presmed Facilities [see IM Document 1.4.1]. This is a summary of how PMA collect, uses and discloses personal information and how to contact us in order to access or correct any personal information which PMA hold.
This document contains detailed information about PMA information handling practices and is available on their websites.
APP 2: ANONYMITY AND PSEUDONYMITY
In order to provide health care to our patients, PMA needs to collect and use their personal information. If incomplete or inaccurate information is provided to us or health information is withheld from us, PMA may not be able to provide the services required. It is impracticable for PMA to deal with individuals who have not identified themselves or who have used a pseudonum.
APP3: COLLECTION OF PERSONAL INFORMATION
In order to provide patients with required health care services, PMA will need to collect and use patients’ personal information.
In this Privacy Policy, we use the terms:
and
Personal information also includes ‘sensitive information’ which is information such as race, religion, political opinions or sexual preferences, biometric information used for biometric verification or identification, and biometric templates, and health information. Information which is ‘sensitive information’ attracts a higher privacy standard under the Privacy Act 1988 (Cth) and is subject to additional mechanisms for protection.
PMA may store the personal information we collect in various forms, including through an electronic medical record system. Personal information may also be stored on some diagnostic equipment where patients have undergone a diagnostic procedure using such equipment in a Presmed facility. PMA will comply with the APPs, and this Privacy Policy, in respect of personal information in whatever form that information is stored by us.
APP 4: DEALING WITH UNSOLICITED PERSONAL INFORMATION
Should PMA receive personal information which was not solicited, it will destroy the information or ensure that the information is de-identified.
APP 5: NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
PMA will usually collect health information directly from the patient. Sometimes, we may need to collect information from a third party (such as a relative or another health service provider). We will only do this if the patient has consented for us to collect information in this way or where it is not reasonable or practical for us to collect this information directly from the patient, such as where their health may be at risk and we need personal information to provide emergency medical treatment. In these circumstances, we will ensure that the patient is notified as soon as possible that said information has been provided by a third party.
APP 6: USE OR DISCLOSURE OF PERSONAL INFORMATION
PMA only uses personal information for the purpose for which the information was provided to us unless one of the following applies:
Use among health professionals to provide your treatment
Modern health care practices mean that treatment will be provided by a team of health professionals working together.
Patients may be referred for diagnostic tests such as pathology or radiology and our staff may consult with senior medical experts when determining patients’ treatment. Our staff may also refer patients to other health service providers for further treatment during and following their admission
Further, if a patient requires a prosthetic as part of their treatment, we may disclose their personal information to the manufacturer or supplier of that prosthesis.
These health professionals will share health information as part of the process of providing treatment. We will only do this while maintaining confidentiality of all this information and protecting privacy in accordance with the law.
Patients’ health information will only be disclosed to those health care workers involved in their treatment.
Your local Doctor
PMA and/or your treating specialist will usually send a discharge summary to your referring medical practitioner or nominated general practitioner following an admission to one of our facilities. This is in accordance with long-standing health industry practice and is intended to inform your doctor of information that may be relevant to any ongoing care or treatment provided by them.
If you do not wish to provide a copy of your discharge summary to your nominated general practitioner you must let us know. Alternatively, if your general practitioner has changed or your general practitioner’s details have changed following a previous admission, you must let us know.
Other health service providers
If in the future a patient is treated by a medical practitioner or health care facility who needs to have access to the health record of their treatment in one of our facilities we will require an authorisation from the patient to provide a copy of their record to that medical practitioner or health care facility.
The only time we would provide information about patients’ health records to another medical practitioner or health facility outside PMA without their consent is in the event of an emergency where the patient’s life is at risk and they are not able to provide consent or as approved or authorised by law.
Relatives, guardian, close friends or legal representative
We may provide information about a patient’s condition to their parent, child, other relatives, close personal friends, guardians, or a person exercising power of attorney under an enduring power of attorney or who has been appointed enduring guardian, unless the patient tells us that they do not wish us to disclose their health information to any such person.
Other Presmed Australia entities
Presmed Australia may share health information amongst its facilities:
For example, this may occur where a patient has been transferred between any of PMA or to coordinate their care.
In order to provide the best possible environment, we may also use health information where necessary for:
Contractors
Where we outsource any of our services or hire contractors to perform professional services within our hospitals or health services we require them to also comply with the Privacy Act 1988 (Cth) (or other relevant privacy legislation) and our Privacy Policy.
With patients’ consent we can also use their information for other purposes such as including them on a marketing mail list, fundraising or research. However, unless we have been provided with express consent for this purpose, we will not use personal information in this way.
Pastoral Care
We may provide your information to chaplains accredited with our facilities in order that you may receive pastoral care during your admission. However, we will only provide your information for this purpose with your express consent.
Contracted services
PMA provides some health services to public patients and to groups such as Defence or Customs personnel under contracts with government. Where patients receive services from us under any such arrangements PMA will provide their personal and health information to those government agencies as required under those contracts.
Job applications
PMA collects personal information of job applicants for the primary purpose of assessing and (if successful) engaging applicants.
The purposes for which PMA uses personal information of job applicants include:
PMA may also store information provided by job applicants who were unsuccessful for the purposes of future recruitment.
Application for accreditation by health professionals
PMA collects personal information from health professionals seeking accreditation and submitting to the credentialing process under its Facility Rules. Personal information provided by health professionals in this context is collected, used, stored and disclosed by PMA for the purposes of fulfilling its obligations in connection with the Facility Rules
APP 7: DIRECT MARKETING
PMA may involve patients in patient feedback forms, hospital websites and forums, community engagement meetings, health awareness programmes and/or marketing for hospital services.
PMA will only use personal information for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. Such consent may be express or implied. The option to “opt out” of involvement in direct marketing is clearly and prominently displayed on the facility websites.
APP 8: CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION
PMA may enter into arrangements with third parties to store data we collect, and such data may include personal information, outside of Australia. PMA will take reasonable steps to ensure that the third parties do not breach the APP’s. The steps PMA will take may include ensuring the third party is bound by privacy protection obligations which are the same (or substantially the same) as those which bind PMA and requiring that the third party have information security measures approved by PMA.
APP 9: ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
PMA does not use government related identifiers for patients, but uses its own computer-generated unique patient identifiers (Medical Record Numbers) within its facilities. Government related identifiers will not be disclosed unless the use or disclosure is necessary for identification purposes, permitted by law or for the fulfilment of our obligations to an agency or State authority.
APP10: QUALITY OF PERSONAL INFORMATION
PMA will take reasonable steps to ensure that any personal information which we may collect, use or disclose is accurate, complete and up-to-date.
APP 11: SECURITY OF PERSONAL INFORMATION
PMA will take reasonable steps to protect all personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect privacy.
PMA will destroy or permanently de-identify any information which is in its possession or control and which is no longer needed for the purpose for which it was collected provided PMA is not required under an Australian law or court/tribunal or otherwise to retain the information.
APP 12 & APP13 ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
Patients have a right to access the health information that we hold in their health record. Patients can also request an amendment to their health record should they believe that it contains inaccurate information.
PMA will allow access or make the requested changes unless there is a reason under the Privacy Act 1988 (Cth) or other relevant law to refuse such access or refuse to make the requested changes.
If we do not agree to change the medical record/personal information in accordance with a patient’s request, we will permit the patient to make a statement of the requested changes and we will enclose this with their record.
Should any patient wish to obtain access to or request changes to their health record they can ask for our Privacy Officer (see details below) who can give more detailed information about PMA’s access and correction policy [see IM Policy 1.7 ‘Request for Access to Information.].
Please note that PMA may recover reasonable costs associated with supplying this information.
If you have a complaint about privacy issues
If: (a) you have questions or comments about this Privacy Policy;
(b) PMA does not agree to provide access to personal information; or
(c) you have a complaint about our information handling practices,
You can lodge a complaint with or contact the Privacy Officer on the details below or directly with the Federal Privacy Commissioner.
1. By letter: Privacy Officer, Presmed Australia, Northshore Corporate Centre, 810 Pacific Highway, GORDON NSW 2072
2. By email: rcronin@presmed.com.au
3. By telephone or fax:
Chatswood Private Hospital Ph: (02) 9413 4822 Fax: (02) 9413 3845
Epping Surgery Centre Ph: (02) 9868 6555 Fax: (02) 9868 6544
Central Coast Day Hospital Ph: (02) 4367 3880 Fax: (02) 4367 3881
Laser Vision Clinic Central Coast Ph: 1300 404 484 Fax: (02) 4367 0055
Madison Day Surgery Ph: (02) 8445 0633 Fax: (02) 8445 0646
Coffs Day Hospital Ph: (02) 6600 1000 Fax: (02) 6600 1001
This section of the Privacy Policy explains how we handle personal information which is collected from our websites: www.presmed.com.au, www.eesc.com.au, www.cphospital.com.au, www.ccdhospital.com.au, www.lvccc.com.au, www.optomonline.com.au, www.madisonds.com.au, www.coffsdayhospital.com.au
This Privacy Policy applies to use of our websites and the use of any of the facilities on our website.
When people use our website, we do not attempt to identify them as individual users and we will not collect personal information they specifically provide this to us.
Sometimes, we may collect personal information if someone chooses to provide this to us via an online form or by email, for example:
When people use our website, our Internet Service Provider (ISP) will record and log for statistical purposes the following information about the visit:
Our web-site management agent may use statistical data collected by our ISP to evaluate the effectiveness of our web-site.
We are, however, obliged to allow law enforcement agencies and other government agencies with relevant legal authority to inspect our ISP logs, if an investigation being conducted warrants such inspection.
A “cookie” is a device that allows our server to identify and interact more effectively with a website visitor’s computer. Cookies do not identify individual users, but they do identify the user’s ISP and browser type.
Presmed Australia’s websites use temporary cookies. This means that upon closing the browser, the temporary cookie assigned to the user will be destroyed and no personal information is maintained which will identify them at a later date.
Personal information such as their email address is not collected unless it is provided to us. We do not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. Users can configure their browsers to accept or reject all cookies and to notify them when a cookie is used.
We may create links to third party websites. We are not responsible for the content or privacy practices employed by websites that are linked from our website.
We will only use personal information collected via our website for the purposes for which this information has been given.
We will not use or disclose personal information to other organisations or any one else unless:
If we receive a user’s email address because they sent us an email message, the email will only be used or disclosed for the purpose for which it was provided and we will not add the email address to an emailing list or disclose this to anyone else unless consent for this purpose is provided.
If we collect personal information from our website, we will maintain and update this information as necessary or when we are advised that this personal information has changed.
Presmed Australia is committed to protecting the security of all personal information. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. We will take all reasonable steps to prevent information from loss, misuse or alteration.
If users choose to complete our online forms or lodge enquiries via our website, we will ensure that their contact details are stored on password protected databases.
Staff members associated with website maintenance have access to our website’s backend system. This is password protected. Our website service is also password protected.
If someone wishes to obtain information about how to access or correct their personal information collected via our website, they should refer to APP 12 & 13 – Access and Correction, in the above policy.
ATTACHMENT: Document 1.3.1 ‘Condensed Privacy Information’
REFERENCES:
| RATIFIED BY: | Quality Review Committee |
| DATE: | December 2016 |
| REVIEW DATE: | May 2019 |
| PREVIOUS REVIEW: | 2009, 2011, 2014, 2016 |
POLICY CHANGES
August 2017
· Added references to Coffs Day Hospital
July 2017
· Added references to Madison Day Surgery
December 2016
· Amended terminology to replace “you” with third person equivalents.
· Added reference to “Online preadmission form”.
May 2014
· Reformatted to suit current polices
· Updated name and position in Manual (from 1.10 Privacy Policy Statement)
· Updated CMP
· Updated References
· Updated content in line with the reference documents