Definition of a Patient Health Record 

A Patient Health Record (PHR) is a comprehensive document or digital record that maintains an individual’s health history and medical information. It includes various information, such as medical diagnoses, treatments, medications, allergies, immunisations, lab results, and often the patient’s notes or other pertinent details. The PHR is designed to be accessed by the patient, ensuring they have a full view of their health history.

ABOUT THIS POLICY 

Paradise City Medical values your privacy and respects your entitlement to manage your personal data. 

As an entity, our privacy practices align with the Australian Privacy Principles as outlined in the Privacy Act 1988 (Cth) (the “Act”), delineating how we may collect, store, and share personal information. This Privacy Policy applies to our website, mobile applications, products, and services.

Definitions:

In this policy, “Personal Information” is defined as any data that may identify you or through which your identity may be reasonably deduced. The information you provide us with might comprise, among other things, your name, residential address, email address, and phone number.

“Sensitive Information” refers to any data concerning an individual’s ethnic or racial background, political views, association with a political organization, philosophical beliefs, religious beliefs or affiliations, membership in a professional or trade association or a trade union, criminal record, sexual preferences or activities, or health information.

In this policy, a “Health Record” implies any data we hold about your health. This may encompass your medical records, clinical history, diagnoses, medications, treatments, test outcomes, genetic information, medical procedures, consultation notes, consents, referrals and clinical correspondence, immunization records, medical imaging, and any other information provided or gathered by us about your health.

COLLECTION DONE

Our goal in collecting personal information is to deliver the best possible service experience on our website and for our routine internal business operations. While providing some personal details is discretionary, not supplying specific kinds of personal information may limit your ability to fully utilize our website’s features.

In order to deliver our services, we may need to gather Personal Information, including your contact details like your name, email address, and phone number, as well as your business or company name. We may also collect your payment and billing information, such as credit card details, which we use to bill you for the Services and process your payments. Additionally, we may keep track of our conversations with you and any other information that is applicable to our operations.

We might also collect Sensitive Information about you, including medical reports, referrals, medication, your health history, and other essential health data. We only collect this information with your consent and when it is reasonably required to deliver our services effectively to you.

We automatically collect certain information via our Site and Services, which is typically not personally identifiable. This can include the referring website, your IP address, browser type, and other details related to the device you use to access our Site. We may integrate this information with the Personal Information we’ve gathered about you.

Use & Disclosure 

The personal information we collect is primarily used and disclosed for the purpose for which it was gathered. This typically involves maintaining your account and contact details, offering our products and services, and processing payments. Your personal information might be shared with third-party contractors who play a crucial role in delivering our services.

We may use personal information for another purpose where it would be reasonably expected by you or if permitted by the Privacy Act, including to effectuate or enforce a transaction, procuring advice from legal and accounting firms, auditors and other consultants. We may also disclose your personal information in circumstances where we are compelled by Australian legislation or a court of law to do so. We will not disclose, sell, share, or trade your Personal Information with any third parties without your consent.

If we sell our business, transfers, mergers, restructuring, changes in control, or similar transactions, customer information—which includes personal information—generally forms part of the transaction assets. In such scenarios, your personal information may be subjected to transfer. In the unlikely situation of insolvency, personal information could be transferred to a trustee or debtor in possession and subsequently to a potential buyer.

We may share health information with other medical service providers like your general or specialist medical practitioners. This information is only shared with your consent or under the circumstances necessary to provide health services. These circumstances can include referrals to other health service providers, billing processes, liaison with government offices about Medicare entitlements and payments, situations where it is crucial to prevent or reduce a serious threat to a patient’s life, health, or safety, or any other reasons as permitted by law.

Our practice might utilize de-identified health information to review and enhance our healthcare services, as well as for research and quality improvement processes intended to boost patient care and health outcomes. This de-identified health information could be shared with the local Primary Health Network to foster and improve healthcare within our community. De-identified data is data from which all identifiable information has been removed. We employ top-of-the-line data extraction tools like Primary Sense and Pen CS Clinical Audit Tool software to ensure no personally identifiable information is used in clinical and quality improvement processes. If you prefer your de-identified data not to be shared for these purposes, or if you would like more information about how we de-identify your data, please contact us using the details below.

Communicating Anonymously with the Practice

Patients can communicate with the medical centre anonymously by:

  • Using a pseudonym: A patient might use a pseudonym rather than providing their real name when seeking advice or information.
However, it’s essential to note that while anonymous communication can provide initial advice or information, any proper medical consultation or treatment requires identification to ensure patient safety and appropriate care.

Access & Accuracy 

You can access the correct information we hold about you anytime by contacting us via email at reception@paradisecitymedical.com.au. Please get in touch with us if there are changes to your Personal Information.

We will respond to your request for Personal Information within a reasonable timeframe. Please note that we reserve the right to impose an administration fee to cover the costs associated with responding to your request, such as when Personal Information is stored in our archives.

In instances where it’s mandated by law or where the information may pertain to current or expected legal proceedings, we might deny your request to access your information. In such cases, we will respond to your request in writing, outlining the reasons for our denial.

Storage & Security 

We will make considerable efforts to safeguard your personal data against improper use, loss, unauthorised entry, and alteration or disclosure. By utilising practical physical, technical, and administrative strategies, we aim to protect the personal information under our care. This includes password protection, encryption, and SSL to secure our website as needed.

While we strive to safeguard the personal information we collect and use through appropriate measures, it’s important to note that no data security approach can always provide absolute protection. Consequently, we cannot assure the security of any information sent to us over the Internet; such transmissions are undertaken at your own risk.

We will maintain health records in alignment with our legal responsibilities. If there is no longer a need for your personal or health information in our possession, we will undertake appropriate measures to either irreversibly anonymise or dispose of it securely.

Your personal information could be housed digitally via third-party data centres, potentially located abroad, or in physical storage on our premises or at secure facilities provided by third parties.

Please be aware that you are responsible for preserving the confidentiality of any passwords or other account information related to our platform, apps, or services.

Data Breach Notification Scheme 

If we suspect a data breach, we will conduct an evaluation in line with the Notifiable Data Breach Scheme. We will inform you as promptly as reasonably possible if a qualifying data breach has occurred.

In instances where the breach pertains to the My Health Records Act, your personal information may be shared with the My Health Records System Operator in accordance with section 73A of that Act.

Disclosure of Health Information Overseas

Health information is confidential and is primarily stored and accessed within the country. However, there are circumstances where health information might be disclosed overseas:

  • Referrals to specialists or medical facilities located abroad.
  • Use cloud storage or software applications with servers based outside of Australia.
  • Research collaboration or seeking expert opinions from international specialists.

If health information is disclosed overseas, it would be under strict confidentiality agreements and comply with Australia’s privacy and the receiving country’s regulations. Patients should be informed and, in many cases, give consent before such disclosures.

Identifiers 

An identifier refers to a unique number allotted to an individual for identification purposes. This includes identifiers like Medicare Numbers and Tax File Numbers. We assure you that we will not adopt, use, or disclose any identifier assigned to you by a government agency as our own unless the Act expressly permits such an action.

Career Applications 

We ensure the safe and secure storage of all employment applications and resumes collected by us, and we strictly adhere to using them solely for their intended purposes.

Cookies, web beacons and analytics 

We aim to ensure a seamless and meaningful experience when you engage with our website. To achieve this, we, or our third-party service providers, may utilise cookies, web beacons (clear GIFs, web bugs), and similar technologies to monitor visitor activity on the site and gather site-related data. This data may be combined with the Personal Information we have obtained from our customers. Examples of the information we may collect include technical details such as your computer’s IP address and browser type, as well as information about your site visit, such as the products you viewed or searched for, your geographical location, the links you clicked on, and the pages you visited while navigating to or from our site. If we can identify you using this information, any utilisation or disclosure of such information will adhere to the guidelines outlined in this Privacy Policy.

Use of Document Automation Technologies

The practice uses document automation technologies (like software solutions) to ensure that only relevant medical information is included in referral letters. Here’s how:

  • Template Designs: Referral templates are designed to capture only the essential medical information.
  • Data Extraction: The software can automatically pull relevant data from the patient’s record and populate the referral letter, avoiding unnecessary details.
  • Review Feature: Before finalising the referral, practitioners can review and edit the content, ensuring accuracy and relevance.

Third-party websites 

Our website may include links to external third-party websites. It’s important to note that this Privacy Policy does not govern the access and usage of those linked websites. Instead, the privacy policies of those third-party websites govern any interaction and information practices. We cannot be held accountable for the information handling practices of such third-party websites.

Informed Consent for Real-time Audio/Visual Recording

 For obtaining informed consent for real-time audio/visual recording, duplication, and storage of a consultation, the practice follows these steps:

  • Clear Information: Patients are provided with clear, jargon-free information about what the recording involves, why it’s being done, how it will be used, and where it will be stored.
  • Consent Forms: A written consent form is provided, outlining the specifics of the recording, its purpose, and the rights of the patient regarding the recording.
  • Opportunity to Ask Questions: Before giving consent, patients can ask questions or express concerns.
  • No Pressure: Patients are informed that they can refuse to be recorded without it affecting the quality of their care.
  • Telehealth and Remote Consultations: For consultations conducted remotely, the same process is followed, either by sending digital consent forms in advance or securing verbal consent at the beginning of the session, which is then documented.

Remember, informed consent is a continuous process, and patients should be able to revoke their consent if they change their minds later.

Marketing emails 

We may send you promotional emails and provide information about products and services relevant to your interests. These communications will be sent exclusively via email. They will comply with applicable marketing laws, such as the Spam Act 2004 (Cth), by your consent when registering for our services. If, at any point, you wish to discontinue receiving these promotional emails, you can follow the opt-out instructions provided in any email of this nature.

Please be aware that we might take up to 10 business days to process opt-out requests. If you opt out of receiving emails or promotional materials from us, please note that we may still send you emails regarding your account, any services you have requested or received from us, or other customer service-related purposes. Rest assured that we do not disclose your personal information to other organisations for direct marketing.

If you receive any communications from us that you believe have been sent to you violating this Privacy Policy or any applicable law, we encourage you to contact us immediately using the provided contact details below. We take such concerns seriously and will address them promptly.

Consent to international transfer 

We may transfer your Personal Information to organisations located in other countries. These recipients may include our related entities, employees, external service providers such as administration providers, or information technology providers like cloud storage and data processors. We ensure that any transfer of information is conducted in accordance with the Australian Privacy Principles by reasonably believing that the recipient is legally or contractually obligated to uphold principles that are considerably like those outlined in the Australian Privacy Principles.

Changes to this policy 

We reserve the right to modify this Privacy Policy periodically. Any updated versions of the Privacy Policy will be posted on our website. We recommend checking the Privacy Policy periodically to stay informed about the current version, which becomes effective as of the listed effective date. By continuing to use our website and services, you acknowledge and accept the Privacy Policy in effect at the time of your use. If we make significant changes to this Privacy Policy that materially impact our practices regarding the Personal Information, we have previously collected from you, we will make reasonable efforts to provide you with advance notice of such changes. This may include highlighting the changes on our website or, where feasible, sending an email notification to our customers. This policy is current as of 

Complaints and Enquiries 

If you have any inquiries or complaints regarding privacy or believe that we may have wrongfully disclosed your Personal Information or violated our privacy policy at any time, please feel free to contact us using the details provided below.

Paradise City Medical Centre

2/3046 Surfers Paradise Blvd,

Surfers Paradise QLD 4217

Ph: (07) 5539 8200

Email: reception@paradisecitymedical.com.au

If our response does not meet your satisfaction, you can escalate your concern by contacting the Office of the Australian Information Commissioner. You can reach them by calling 1300 363 992 or writing to the Director of Complaints at the following address:

Director of Complaints

Office of the Australian Information Commissioner

GPO Box 5218 

Sydney NSW 1042

They will further assist you in addressing your privacy-related issue.