Introduction
Our Practice respects your rights to privacy and takes our privacy obligations seriously. We comply with the Australian Privacy Principles (APP), found under the Privacy Act 1988 (Cth) ‘Privacy Act’.
This privacy policy explains:
- how we manage your Personal Information (including your Health Information), including the collection, use, disclosure, quality and security of your Personal Information;
- the kinds of information we collect and how that information is held;
- the purposes or circumstances for which we collect, hold, use and disclose Personal Information;
- how you can access your Personal Information and how you can request to correct such information; and
- how we manage a breach of your privacy.
In this Privacy Policy, we use the terms:
“Personal Information” as defined in the Privacy Act. This means:
“information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not”;
- “Health Information” as defined in the Privacy Act. This is a subset of “Personal Information” and means information or an opinion about:
- the health or a disability (at any time) of an individual;
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided or to be provided to an individual.
Personal Information also includes “Sensitive Information” which is information such as your race, religion, political opinions, sexual preferences and/or “Health Information”. Information which is “Sensitive Information” attracts a higher privacy standard under the Privacy Act and is subject to additional mechanisms for your protection.
We, Us, Our, Our Practice, shall mean:
- Queensland Integrative Medicine
- Jomileka Pty/Ltd (as trustee for Lifestyle Planning Queensland Trust)
- Employed, contracted and independent medical and healthcare practitioners who practice from our rooms; and
- Employed reception/administrative staff.
Why and when your consent is necessary
When you first register as a patient, we obtain your written consent so that we can collect, use, hold and disclose your Personal Information in order to provide you with the best possible healthcare and to allow us to manage our practice. Only those of us who need to see your Personal Information in order to provide healthcare services to you will have access to it. If we intend to use your Personal Information for any other purpose, we will seek your consent first.
Why and when your consent is necessary
When you first register as a patient, we obtain your written consent so that we can collect, use, hold and disclose your Personal Information in order to provide you with the best possible healthcare and to allow us to manage our practice. Only those of us who need to see your Personal Information in order to provide healthcare services to you will have access to it. If we intend to use your Personal Information for any other purpose, we will seek your consent first.
Why do we collect, use, hold and share your personal information?
Our practice collects your Personal Information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your Personal Information is to manage your health. We also use it to appropriately manage and conduct our business activities, such as financial claims and payments, practice audits, and business processes (eg: staff training).
What personal information do we collect?
The information we will collect about you may include your:
- names, date of birth, addresses, contact details;
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, lifestyle, environmental and dietary history and risk factors;
- Medicare number (where applicable) for identification and claiming purposes;
- healthcare identifiers; and
- health fund details (where applicable).
Dealing with us anonymously
You have the right to interact with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required or authorised by law to deal with identified individuals. It is important to be aware that if you provide incomplete or inaccurate information or withhold information it may compromise the quality of care we are able to provide to you.
How do we collect your personal information?
We may collect your personal information in several different ways.
- When you first register as a patient we will collect your personal and demographic information as part of the registration process.
- During the course of providing medical services, we may collect further Personal Information. Our practice does not utilise the Federal Government’s My Health Record system. If we move towards using this platform and you have a My Health Record we will access your Personal Information that we require to provide you our services.
- In addition to direct verbal communication, we may also collect your Personal Information when you visit our website, send us an email or fax or SMS, send written material to us by post, or telephone us.
- In some circumstances Personal Information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your appointed guardian or responsible person, relatives or nominated friend/s;
- your other treating healthcare providers, such as Specialists, Allied Health professionals, hospitals, community health services and pathology and diagnostic imaging services; or
- your health fund, private health insurer, Medicare, or the Department of Veterans’ Affairs (where appropriate).
We will only collect information from third parties where:
- you have consented to such collection;
- such collection is necessary to enable us to provide you with appropriate healthcare services (such as emergency medical treatment or where your health is at risk); or
- such collection is reasonably necessary to enable us to appropriately manage and conduct our business; or it is legally permissible for us to do.
When, why and with whom do we share your personal information?
Our Practice uses your Personal Information for the primary purpose of providing you with healthcare services. We may also use your Personal Information to enable us to appropriately manage and conduct our business (a secondary purpose), which we have informed you of, and you have consented to. Secondary purposes may include training and medical education or research purposes, in which case your Personal Information will be de-identified unless otherwise legally required.
We may also disclose your personal information:
- with other healthcare providers such as Medical Specialists, Dentists, Allied Health Practitioners (eg: Nutritionists, Dietitians, and Psychologists) or your local General Practitioner, who are involved in your care;
- to your parents, children, relatives, nominated friends, guardians, or a person exercising a power of attorney or enduring power of attorney, or to anyone you authorise to access your Personal Information. Please advise us if it is your wish no third party as stated is to have access to your Personal Information;
- when it is necessary to lessen or prevent a serious threat to a patient’s or your life, health or safety or public health or safety, or it is impractical to obtain your consent such as a medical emergency and it is in your best interest to do so;
- when it is required or authorised by law (eg: court subpoenas, coronial summons) or where it is necessary for the enforcement of criminal law or a law imposing a penalty or sanction or defend a legal action;
- to assist in locating a missing person or search warrants;
- to establish, exercise or defend an equitable claim or for the protection of public revenue;
- for the purpose of confidential dispute resolution process; or
- when there is a statutory requirement to share certain Personal Information (eg: some diseases require mandatory notification).
We will not share your personal information with anyone outside Australia or overseas entities (unless under an exceptional circumstance that is permitted by law) without your consent.
We do not engage in direct marketing of goods and services. If we do move towards this in future, you may opt out of direct marketing at any time by notifying us in writing.
How do we store and protect your personal information?
Our practice strives to maintain the reliability, accuracy, completeness and currency of your Personal Information. We store all Personal Information securely to protect your privacy. We operate using electronic medical records and do not retain hardcopies of your medical or Personal Information. All Personal Information is stored electronically in a secure, encrypted hosted service maintained by IT professionals. Once your data is entered onto our medical software, all paper copies are securely destroyed. Any hardcopy of your Personal Information retained temporarily (eg: pending insertion into our electronic medical software or collection by you) are stored securely or shredded.
All Personal Information stored in electronic form is protected from unauthorised access, misuse, interference, loss, modification or disclosure. Some of the steps we take to ensure your Personal Information is secure include:
- We maintain physical security over our rooms;
- We have internal processes, systems and training to protect your privacy;
- Our IT services, including handling and storage of and medical records, are hosted by an Australian-based IT business (also subject to Australian privacy legislation) with secure technologies to protect your personal records;
- Electronic records are hosted behind firewalls with business grade anti-virus and anti-malware software protection;
- All data is regularly backed up on the operating server on site and on a separate server other than the “operating” server. All data is kept within Australia;
- Our IT professionals have a data breach response plan in place and our IT systems are fully maintained by them to ensure all software updates and licenses are current and that the integrity our system’s security is maintained; and
- We review our risk management program regularly to protect privacy.
Subject to applicable laws, we may destroy records containing Personal Information when the record is no longer required to be retained. It is likely your medical records held by us contain Sensitive Information. We are required to abide by relevant legislation in the retention and disposal of your medical records.
How can you access and correct your personal information at our practice?
You have a right to request access to, and correction of, your Personal Information. If you make a request to access Personal Information that you are entitled to access, we will provide you suitable means of accessing it. We will not charge you for making the request, however a fee may be charged to cover our reasonable costs for complying with your request. Such costs may include obtaining your consent, our time spent facilitating your request and transmitting your Personal Information. Please allow up to 30 days for us to respond to your request.
There may be instances where we cannot grant you access to some of the information we hold. For example, we may need to decline access if granting access would interfere with the privacy of others. If that is the case, we will provide you with an explanation of those reasons.
Our practice will take reasonable steps to correct your Personal Information where the information is not accurate or up to date. From time to time, we will ask you to verify that your Personal Information held by us is correct and current. You may also request (in person or in writing) that we correct or update your information. Our Practice contact details are:
Telephone: (07) 3831 5111
Email: info@qldim.com.au
Postal address: Suites 7 & 8, 29 Florence Street, Teneriffe Qld 4005
Lodging and Handling of a privacy-related complaint
Should any breach of your privacy occur, and you become aware of it, please contact us on the details below. Likewise should any breach of privacy occur and we become aware of it, we will manage it with utmost care, confidentiality and as soon as it is possible. If you or any of our patients are affected, all affected parties will be notified.
We take complaints and concerns regarding privacy seriously. Please contact us should you have any privacy concerns you may have in writing. We will then attempt to action it within 30 days in accordance with our resolution procedure and complaint handling process.
You can contact our Practice:
Telephone: (07) 3831 5111
Email: info@qldim.com.au
Postal address: Suites 7 & 8, 29 Florence Street, Teneriffe Qld 4005
You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Privacy and our website
Our website and email are linked to the internet. No data transfer over the internet is one hundred percent secure. Any form of electronic communication such as via a website, email, facsimile, telephone, mobile (this also applies to written/posted and verbal communications) are not without risks. Accordingly, any information which you transmit to us or which we transmit to you or to/from third parties via any of these methods is at your own risk.
As part of our website, we may provide links to other websites, mobile applications or organisations, however, we are not responsible for the privacy practices employed by those websites, mobile applications or organisations. This Privacy Policy applies solely to information collected by us through our website or our Practice. We encourage you to request/review the privacy statements of other websites, mobile applications or organisations before proceeding to use them.
Merger or Acquisition
In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy.
Privacy and our website
This Privacy Policy may be changed at any time following any legislative change or upon a review of our information handling processes. We reserve the right to update or amend this statement at any time. We will notify you of any updates via our website. The amended Privacy Policy will be effective on and from its uploading.
Our Privacy Policy is available and can be obtained upon request.
If you have any queries, concerns or feedback regarding our Privacy Policy, please contact our Practice:
Telephone: (07) 3831 5111
Email: info@qldim.com.au
Postal address: Suites 7 & 8, 29 Florence Street, Teneriffe Qld 4005
For further information, please see Office of the Australian Information Commissioner (http://www.oaic.gov.au/).