1. Purpose
Gordon Family Practice is committed to protecting the privacy and confidentiality of our patients’ personal information and health information. This Privacy Policy explains how we collect, use, disclose, store and manage personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant health records legislation.
2. What Is a Health Record?
A health record is any information or opinion about an individual’s physical or mental health, disability, health services provided, wishes regarding future healthcare, or other personal information collected in connection with providing healthcare services.
Health records may include:
- Medical histories
- Consultation notes
- Test and pathology results
- Diagnostic imaging reports
- Prescriptions
- Referral letters
- Correspondence from other healthcare providers
- Medicare and health fund information
- Administrative information relating to healthcare services
3. Collection of Personal Information
We collect information that is necessary to provide healthcare services and manage our
practice.
Information collected may include:
- Name, address, date of birth and contact details
- Medicare, DVA and health fund details
- Emergency contact details
- Medical history and clinical information
- Family medical history where relevant
- Lifestyle and social information relevant to care
- Employment information where relevant
- Billing and payment information
We collect information directly from patients whenever possible. Information may also
be collected from:
- Parents or guardians
- Referring practitioners
- Specialists
- Hospitals
- Pathology and imaging providers
- Government agencies
- Other healthcare providers involved in your care
4. Why We Collect Personal Information
We collect personal information to:
- Provide healthcare services
- Diagnose and treat medical conditions
- Communicate with patients
- Arrange referrals and investigations
- Manage appointments
- Process billing and Medicare claims
- Meet legal and regulatory obligations
- Conduct quality improvement activities
- Manage accreditation requirements
- Respond to complaints and enquiries
5. How We Use and Disclose Information
Your information may be used or disclosed:
- To healthcare providers involved in your care
- For referrals to specialists and allied health providers
- To pathology and diagnostic imaging providers
- To hospitals and health services
- To Medicare, DVA, private health insurers and government agencies where required
- For recalls, reminders and follow-up care
- Where required or authorised by law
- To lessen or prevent a serious threat to life, health or safety
- For practice accreditation and quality assurance activities where patient confidentiality is maintained
We will not disclose your information for purposes unrelated to your healthcare without
your consent unless permitted or required by law.
6. Overseas Disclosure
The practice generally does not disclose patient information overseas.
If information is required to be disclosed overseas, we will seek patient consent unless
an exception under the Privacy Act applies.
7. Data Security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
Security measures include:
- Secure electronic medical records
- Password-protected systems
- Access controls
- Secure disposal of records
- Staff confidentiality agreements
- Privacy and information security training
8. Access to Health Information
Patients may request access to their health information.
Requests should be made in writing to the Practice Manager.
Access may be provided unless an exception under the Privacy Act or other applicable legislation applies.
Reasonable administrative fees may apply for copying or transferring records.
9. Correction of Information
Patients may request correction of personal information if they believe it is inaccurate, incomplete, out of date, irrelevant or misleading.
Requests should be submitted to the Practice Manager.
10. Anonymity and Use of a Pseudonym
Where lawful and practicable, patients may communicate with the practice anonymously or by using a pseudonym.
However, in most circumstances, healthcare services require identification to ensure safe and effective treatment, accurate record keeping, Medicare claiming, and continuity of care.
The practice will advise patients if anonymity or use of a pseudonym is not practicable in a particular situation.
11. Website, Email and Electronic Communication
Our website may collect limited information such as IP addresses, browser types and
usage statistics.
Electronic communications, including email and SMS, may be used for:
- Appointment reminders
- Recall notices
- Health information relevant to your care
Patients should be aware that electronic communications may carry privacy and security risks.
12. Retention of Records
Health records are retained in accordance with applicable legal requirements.
Records are securely destroyed or de-identified when they are no longer required to be retained.
13. Privacy Complaints
If you have concerns about how your personal information has been handled, please contact:
Practice Manager
Muhammad Arshad
Email: reception@gray-fox-784227.hostingersite.com
We will acknowledge your complaint and investigate the matter. We aim to provide a response within 10 business days where practicable.
If you are not satisfied with our response, you may contact:
ACT Human Rights Commission – Health Services Commissioner
Level 4, 12 Moore Street
Canberra ACT 2601
Phone: (02) 6205 2222
Email: human.rights@act.gov.au
You may also contact:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au
14. Contact Us
For questions regarding this Privacy Policy or the handling of personal information, please contact:
Practice Manager
Muhammad Arshad
Email: reception@gray-fox-784227.hostingersite.com
15. Policy Review
This policy will be reviewed regularly and updated as required to ensure compliance with applicable legislation, RACGP Standards, and best practice privacy requirements.
