This policy summarises how personal information will be handled by ScoliCare Clinics Pty Ltd (ScoliCare) in accordance with its legal obligations. ScoliCare is bound by the Federal Privacy Act (1988) and Australian Privacy Principles, Commonwealth Privacy Act – Privacy Amendment (Private Sector) Act 2000. ScoliCare also complies with the NSW Health Records and Information Privacy Act (2002), Government of South Australia’s information privacy principles, QLD Information Privacy Act (2009), VIC Health Records Act (2001) and the Australian and Health Privacy Principles (APPs). These Acts give individuals the right to know what information a private sector organisation holds about them, the right to access this information and to also make corrections if they consider data is incorrect. In addition, this legislation governs the way that ScoliCare collects, uses, discloses, retains, and otherwise handles the personal information it holds.
ScoliCare Privacy and Security of Personal Health Information policy contains information about:
- how personal information is collected, used and disclosed
- access to and correction of such information; and
- ScoliCare’s approach to privacy
Adherence to this policy is a condition of employment or engagement (including patients, contractors, and consultants) with ScoliCare.
3.1 Australian Privacy Principles
There are 13 Australian Privacy Principles, and they govern standards, rights and obligations around:
- The collection, use and the disclosure of personal information
- An organisations governance and accountability
- Integrity and correction of personal information
- The rights of individuals to access their personal information
The Australian Privacy Principles are principle-based law. This gives an organisation, such as ScoliCare, flexibility to tailor their personal health information handling practices to its business model and diverse needs of individuals.
A breach of an Australian Privacy Principle is an ‘interference with the privacy of individual’ and can lead to regulatory action and penalties. This is why ScoliCare strictly follows these principles. More information and a list of these principles can be found at: https://www.oaic.gov.au/privacy/australian-privacy-principles
4.1 Privacy Officer
ScoliCare has a designated Privacy Officer who implements and monitors adherence to all privacy legislation in this clinic.
The Privacy Officer acts as liaison for all privacy issues and patient requests for access to their personal health information.
4.2 Information Security
ScoliCare has a designated person, with primary responsibility for electronic systems, computer security and adherence to protocols as outlined in our Computer Information Security policy.
4.3 Personal Health Information
‘Personal health information’ is a particular subset of personal information and can include any information collected to provide a health service.
This information includes medical details, family information, name, address, employment and other demographic data, past medical and social history, current health issues and future medical care, Medicare number, accounts details and any health information such as a medical or personal opinion about a person’s health, disability or health status.
Wherever practicable ScoliCare will only collect information from you personally. However, ScoliCare may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, and other health care providers.
In emergency situations ScoliCare may also need to collect information from your relatives or friends.
Information is held in formal medical records, written or electronic and other mediums such as letters, faxes, or information conveyed verbally.
For each of our patients we have individual patient health records containing all clinical information held by our practice relating to that patient. ScoliCare ensures the protection of all information contained therein.
You are not obliged to provide any information requested but must be aware failure to do so might compromise the quality of the health care and treatment.
ScoliCare requires you to provide us with your personal details and a full medical history so that we may assess, diagnose and treat you accurately.
ScoliCare will use the information you provide in the following ways:
- To provide the most appropriate assessment, diagnosis and treatment plan.
- For the administrative purposes in running our clinics including invoicing and to comply with Health Fund and Medicare Australia billing requirements.
- To liaise with others involved in your health care, including treating Clinicians, GP’s, specialists and Allied Health Practitioners. This may occur through referrals for medical tests and in the reports or results returned to us following those referrals.
- To contact you or your family for the purposes of appointment reminders and treatment follow up.
- Your information will not be released to a third party without your consent.
- ScoliCare conducts research activities. However, if we wish to use your information and results in research activities, we will not do so without your consent.
4.4 Primary Purpose Of Collection Of Personal Information
ScoliCare and its employees will only use and disclose patient personal information for the primary purpose of collection, which is to provide our services to you, which also includes patient-related services such as communication for upcoming appointments and treatment follow ups and including the communication of progress and clinical recommendations to healthcare providers that have engaged our services on behalf of you.
4.5 Request For Access To Personal Health Information
ScoliCare patients have the right to access their personal health information (medical record) under legislation.
Most of the information collected and used by ScoliCare will be considered as “sensitive information” and subject to more stringent protection under the Act.
ScoliCare complies with both laws and the Australian and Health Privacy Principles (APPs & HPPs) adopted therein. See summary headings of Principles in section 3. Both Acts give individuals the right to know what information a private sector organisation holds about them, the right to access this information and to also make corrections if they consider data is incorrect.
You can request access to your Personal Health Information by contacting:
The Privacy Officer
PO Box 600 Kogarah NSW 1485
4.6 Request For Third Party Access
Requests for access to health information may be received from various 3rd Parties including:
- Subpoena/court order/coroner/search warrant
- External Clinician, GP’s & Health Care Institutions
- Police /Solicitors
- Health Insurance companies/Workers Compensation/Social Welfare agencies
- Government Agencies such as NDIS
- Research /Quality Assurance Programs
- Overseas parties
- Accounts/Debt Collection
No patient information will be released to a third party unless the request is made in writing and provides evidence of authority signed by you as the patient or the patient’s legal guardian to release the requested information, unless required under legal obligation by subpoena. ScoliCare retains a record of all requests for access to health information.
Significant court orders relating to custody and guardianship should be advised to ScoliCare to maintain privacy of each parent or guardian.
A patient may authorise another person to be given access if they have the legal right and a signed authority.
In 2008 the Australian Law Reform Commission recognised that disclosure of information to ‘a person responsible for an individual’ can occur within current privacy law. If a situation arises where a carer is seeking access to a patient’s health information, ScoliCare will seek legal clarification in each case prior to release of information.
Where ScoliCare seeks to participate in human research activities and/or continuous quality improvement (CQI) activities, patient anonymity will be protected. ScoliCare will also seek and retain a copy of patient consent to any specific data collection for research purposes.
Research requests must have approval from a Human Research Ethics Committee (HREC) constituted under the NH&MRC guidelines. A copy of this approval will be retained by ScoliCare.
ScoliCare will not release any information to the Media unless it has been authorised by the Director and written patient consent has been obtained.
4.9 Request to Send Overseas
Information may be sent overseas, where patient consent is provided and the overseas country receiving the information has privacy laws similar to the Australian Privacy Principles. However, ScoliCare is under no obligation to supply any patient information upon receipt of an international subpoena.
4.10 Financial Accounts
Financial accounts do not contain any clinical information.
Outstanding account queries or disputes will be directed to the Clinics Manager to be reviewed prior to forwarding to third parties such as insurance companies or debt collection agencies.
5. Information on Privacy Legislation
Further Information on privacy legislation is available from:
Office of the Australian Information Commissioner
1300 363 992
Information and Privacy Commission
New South Wales – 1800 472 679
Office of the Health Services Commissioner
Victoria – 1300 582 113
Office of the Information Commissioner
Queensland – 07 3234 7373
Health and Community Services Complaints Commissioner (HCSCC)
South Australia – 08 8226 8666