Nature and scope of this practice policy
This policy primarily addresses the management of ‘personal information’ in the practice.
The policy covers the following areas:
1. Management of personal information
2. Anonymity and pseudonymity
3. Collection of solicited personal information
4. Dealing with unsolicited personal information
5. Notification of the collection of personal information
6. Use or disclosure of personal information
7. Direct marketing materials
8. Cross border disclosure of personal information
9. Use of government related identifiers
10. Quality of personal information
11. Security of personal information
12. Access to personal information
13. Surveillance cameras
APP 1- Management of Personal Information
The Australian government introduced new privacy principles on March 12th 2014. Travel Health Plus respects patients’ rights to privacy and has a legal obligation to abide by the provisions of the Privacy Act 1988 (Cth) (the Act). The rules that an organisation must follow under the Act are knows as the Australian Privacy Principles (APP). and cover areas including the collection, use, disclosure, quality and security of personal information.
APP 2 – Anonymity and pseudonymity
Under the APP individuals have the option of not identifying themselves or of using a pseudonym. Limited exceptions apply. Please discuss with your practitioner
APP 3 – Collection of solicited personal information
For the purpose of this policy no distinction has been made between the handling of personal information and sensitive information (as that defined in the Act); therefore all information will be referred to as ‘personal information’ throughout this document and shall be handled as ‘sensitive’ information.
We may collect the following types of personal information:
your name, address and telephone number
your age or date of birth
your Medicare number, Veterans Affairs number, Health Care Card number, health fund details or pension number
current medications or treatments used by you
information relevant to your medical care, including but not limited to your previous and current medical history and your family medical history (where clinically relevant)
your ethnic background
your profession, occupation or job title
the name of any health service provider or medical specialist to whom you are referred, copies of any letters of referrals and copies of any reports back
any additional information relating to you that you provide to us directly through our representatives, medical or allied professionals providing services at or from our clinic.
We offer patients the opportunity to provide written feedback. This can be done anonymously.
We collect personal information directly from you, and may do so in ways including:
by you completing one of our patient information forms
as disclosed by you during the course of a consultation at our clinic
APP 4- Dealing with unsolicited personal information
We may also collect personal information from third parties including:
from your employer or prospective employers
information provided on your behalf with your consent from a health care provider who refers you to medical practitioners or allied health professionals providing services at or from our clinic.
from health care providers to whom you are referred
If you withhold personal information described above, some or all of the following may happen:
we may not be able to provide the requested services to you, either to the same standards or at all
our advice and management may be inaccurate, incomplete, inappropriate or potentially dangerous.
For example without a full history we may declare someone fit to scuba dive, when it may be dangerous, or administer a live vaccine to an immunosuppressed individual.
APP 5- Notification of the collection of personal information
In such circumstances where we need to collect personal information from a third party (such as your GP or specialist), we will take all reasonable care to inform you in a timely manner.
APP 6- Use or disclosure of personal information
We collect personal information about you so that we can perform our business activities and functions and to provide the best possible quality of service to you.
We collect, hold, use and disclose your personal information for the following purposes:
to provide medical services and treatment to you and to enable you to be attended by medical practitioners or other allied health professions at our clinic
for administrative and billing purposes
to update our records and keep your contact details up to date
to process and respond to any complaint made by you
to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any government authority of any country
for the purpose of data research and analysis including conducting clinical trials and proactive screenings
for inclusion in a recall register to be advised for follow up visits and medical updates
for the purpose of reporting back to your employer or prospective employer, their authorized representatives and their insurer in the case of a work related consultation or service
to answer inquiries and provide information or advice about existing and new products or services and all matters relevant to the services we provide to you
to conduct business processing functions including providing personal information to our service providers such as pathology and radiology laboratories.
for the administrative, marketing planning, service development, quality control and research purposes of Travel Health Plus.
to meet obligations of notification to our medical defense organizations or insurers
We may disclose your personal information to:
our employees, medical professionals and allied health practitioners who provide medical services to you at our clinic, and service providers for the purpose of operation of our business, fulfilling requests by you and to otherwise provide products and services to you including, without limitation, web hosting, entry service administrators, electronic network administrators, debt collectors and professional advisers such as accountants, solicitors, business advisers and consultants
suppliers and other third parties with whom we have commercial relationships, for business, marketing and related purposes
your employer or prospective employer, their authorized representatives and their insurer in the case of a work related consultation or service and
any organization or person for any authorized purpose with your express consent.
APP 7- Direct marketing materials
Travel Health Plus does not engage in direct marketing.
APP 8- Cross border disclosure of personal information
In relation to medicals and consultations procured or requested by overseas clients, we may disclose your personal information to these clients in their countries of operation.
Our clinic uses a software program (Inca clinic, from the Republic of Ireland) which utilizes an American program (Salesforce). This is a cloud based medical system with encrypted data stored in Japan. The USA, Japan and Ireland/European Union all have privacy legislation that meets the standards of Australian Privacy Law. Indeed the Australian Government, IBM, Cisco and the Commonwealth Bank also use Salesforce. The Government of NSW, through ‘Service NSW’, uses Salesforce to process credit card payment for tolls, register birth certificates and issue drivers licences. In addition to Salesforce’s secure data storage system, information is also backed up weekly to a hard drive held by the clinic here in Fremantle.
The software provider is based in the Republic of Ireland and reserves the right to use anonymized data to analyze the use of the service, improve its efficiency and assess the vaccine market.
APP -9 Use of government related identifiers
Where necessary we may provide Medicare, Veterans Affairs and CentreLink provider identifiers to our service providers such as pathology and radiology laboratories. In many cases this will be done to eliminate a payment charge for the patient.
APP 10- Quality of Personal Information
Travel Health Plus takes all reasonable steps to ensure all personal information it collects is accurate, up to date and complete.
APP 11-Security of personal information
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorized access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed.
We cannot provide any assurances regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly any personal information or other information you transmit to us online is transmitted at your own risk.
In some instances (for example when a medical or summary of such is requested by your employer) we may send it via the internet. Your explicit consent is sought in such circumstances.
APP 12- Access to personal information
You may request access to any personal information we hold about you at any time by contacting us. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example by mailing or emailing it to you). We may charge you a fee to cover excessive administrative costs in providing the information to you and if so the fees will be advised at the time. We will not charge for simply making the request and will not charge for making any corrections to your personal information. Reissuing of vaccination booklets and requests for copies of vaccination records via any format may attract a small fee.
There may be instances where we cannot grant you access to the personal information we hold; however we will only do so in accordance with our rights and obligations under the Act. If the request for information interferes with the privacy of others or if it would result in a breach of confidentiality, it may be declined. We will provide our reasons in such cases.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may send us a written request to amend it, including the basis on which you are requesting the amendment. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it. There will be no charge for correcting information.
APP 13- Surveillance cameras
For the safety of staff and to reduce vandalism, the clinic uses continuous surveillance cameras on the outside of the building and in the main waiting room. Surveillance footage is stored on an external hard drive, secured by an access code. The hard drive is kept in a secure area, accessible only to clinic staff. Images are destroyed when no longer required. In the event that there is a request for footage from the WA Police Department, other people in the footage not involved in the incident will have their consent obtained or image blurred before the footage is released.
In this document the terms ‘we’, ‘our’, ‘us’ or ‘clinic’ means Travel Health Plus.