Paediatrics Ballarat Privacy Policy
(Created 25/06/2021, edited 30/8/24)
1 Purpose
1.1 The purpose of the Paediatrics Ballarat Privacy Policy (hereinafter referred to as “the Privacy Policy”) is to explain to you how Paediatrics Ballarat Pty Ltd (hereinafter referred to as “Paediatrics Ballarat”) uses, collects and manages all personal information, including but not limited to health information from patients and the circumstances in which Paediatrics Ballarat may share such information with third parties.
1.2 The Privacy Act was significantly amended in 2014 by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and with effect from 22 February 2018, further amendments require Paediatrics Ballarat to report eligible data breaches that are likely to cause serious harm.
1.3 Paediatrics Ballarat supports independent medical practitioners to provide a range of medical services to their patients, and as such are required to comply and abide with The Australian Privacy Principles (hereinafter referred to as “APP”) which has been enacted in accordance with the Privacy Act 1988 (hereinafter referred to as the “Privacy Act”).
1.4 The APP regulates how Paediatrics Ballarat may collect, use, disclose, divulge and store your personal and health information which we retain with regards to patients.
1.5 For the avoidance of doubt, Paediatrics Ballarat is not a health service provider, but supports independent medical practitioners to provide health services to their patients. As such, all parties must comply with the Privacy Act 1988 and The Australian Privacy Principles.
2. Important Defined Terms
2.1 In this Privacy Policy, Paediatrics Ballarat adopts the definitions in Section 6 of the Privacy Act, as amended from time to time, of the terms which we set out below; Personal Information means all information and opinion including but not limited to personal and health information about an identified individual, or an individual who is reasonably identifiable:
• whether the information or opinion is true or not; and
• whether the information and opinion is recorded in a material form or not: Health Information means all information and opinion about:
• the health and disability (at any time) of an individual; or
• an individuals expressed wishes about the future provisions of health services to him or her; or
• a health service provided or to be provided to an individual that is also personal information; or
• other personal information collected to provide, or in providing, a health service. Sensitive Information would include information or an opinion about an individual’s:
• racial or ethnic origin; or
• political opinions; or
• membership of a political association; or
• religious beliefs or affiliations; or
• philosophical beliefs; or
• membership of a professional or trade association; or
• membership of a trade union; or
• sexual orientation or practices; or
• criminal record that shall be deemed also as personal information; or
• health information about an individual; or
• genetic information about an individual that is not otherwise health information; or
• biometric information that is to be used for the purposes of automated biometric verification or
biometric identification; or
• biometric templates.
2.2 Reference in this Privacy Policy to personal and health information is a collective reference to
Personal Information and Health Information as herein defined in clause 2 above.
3. Patient Anonymity and Pseudonymity
3.1 Where it is lawful and practicable to do so by virtue of any rules, regulations or laws, patients may deal with Paediatrics Ballarat anonymously or by using a pseudonym. An example of this, would be when you make a general inquiry about the services Paediatrics Ballarat practitioners provide or they offer to their patients without providing us with your personal or health information.
4. Why we collect, use, hold and share information and opinion about you
4.1 Paediatrics Ballarat only collects and holds personal and health information about patients that is deemed reasonably fit and necessary for us to:
• support treating medical practitioners to provide patients with health care services and, in particular, to best attend to and treat the presenting health concerns and conditions; or
• contact patients to provide advice or information in relation to the why in which the service will be provided; or
• administer and manage those services including charging, billing and collecting debts; and
• as required by Australian legislation.
5. Types of information we collect and store about you
5.1 We may collect personal and health information from third parties including, but not limited to:
• patient’s parent, guardian, legal advisor or other authorised representative; or
• other health service providers that patient has attended; or
• other health professionals that have treated the patient; or
• a patient’s family member; or
• other persons or organisations that possess personal and health information reasonably required by Paediatrics Ballarat to assist us in supporting our practitioner’s in providing health services to their patients.
5.2 The type of information that we collect about patients from themselves or third parties include,
but is not limited, to the following;
• names;
• date of birth;
• gender;
• residential address;
• emails;
• telephone numbers;
• health fund details;
•Medicare details;
• medical referrer details (for example, referring Obstetrician, General Practitioners, Dentists
and Medical Practitioners); and
• any other personal and health information that is reasonably deemed fit and necessary for
the provision of paediatric health services to you.
5.3 Paediatrics Ballarat will not collect Sensitive Information about a patient unless;
• prior consent to the collection of that type of information and that information is reasonably
necessary for the provision of paediatric health services; and/or
• if we are required or authorised to do so pursuant to any Australian law, rules or
regulations.
6. How we hold your information
6.1 Paediatrics Ballarat stores your personal and health information in hard copy and electronic form
including but not limited in its practice database software known as MEDIFLEX and no matter in which
form your personal and health information is stored, the terms of this Privacy Policy will be applicable
to that information.
7. How do we use your information
7.1 Paediatrics Ballarat only uses your personal and health information for the purposes you have
given that information to us unless disclosure of your personal and health information is required for
the purposes of:
• continuity of care with other health service providers involved in the patient’s treatment
or diagnostic services; or
• providing a patient with further information about treatment options; or
• conveying information to a responsible person including a parent, guardian or spouse
when a patient is incapable or cannot communicate, unless the patient has requested
otherwise;
• conveying information to close family members in accordance with the recognised
customs of medical practice; or
• management, funding, service monitoring, planning, evaluation and compliant handlings;
or
• legislative and regulatory compliance; or
• quality assurance or clinical audit activities; or
• accreditation activities; or
• health insurance funding; or
• billing and debt recovery; or
• addressing liability indemnity arrangements including reporting to our insurers and legal
representatives;
• preparing the defence for anticipated or existing legal proceedings; or
• research or the compilation or analysis of statistics relevant to public health and safety;
and
• activities directly related to the provision of health services to an individual where the individual would reasonably expect disclosure.
7.2 Independent Contractors - Paediatrics Ballarat may outsource our services or hire contractors to
perform professional services within the business and if we do so we require all contractors to comply
with the Privacy Act and our Privacy Policy.
8. Access to and correction of your information
8.1 All patient files that include personal and health information are the property of the relevant independent medical practitioner who has provided the health service.
8.2 You have the right to have access to the personal and health information that we hold in your health record subject to certain legal exceptions, as set out in the APP 12 in relation to Access to Personal Information being;
Paediatrics Ballarat reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or
to public health or public safety; or giving access would have an unreasonable impact on the privacy of other individuals; or the
request for access is considered or deemed frivolous or vexatious; or
the information relates to existing or anticipated legal proceedings between the independent medical practitioner and the individual, and would not be accessible by the process of discovery in those proceedings: or giving access would reveal the intentions of the independent medical practitioner in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
giving access would be unlawful; or denying access is required or authorised by or under an Australian law or a Court or Tribunal Order; or
Paediatrics Ballarat has reasons to suspect that unlawful activity, or misconduct of a serious nature, that relates to Paediatrics Ballarat or any independent medical practitioner’s functions or activities has been, is being or may be engaged in and giving access would be
likely to prejudice the taking of appropriate action in relation to the matter; or
giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
giving access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision-making process.
8.3 Paediatrics Ballarat may after consultation with your medical practitioner, on your written and signed request, disclose your personal and health information to your legal representative or other authorised representative.
8.4 You can also request an amendment to your personal and health information if you believe that information is inaccurate, out of date, incomplete or misleading.
8.5 Paediatrics Ballarat will allow access or request the medical practitioner make the requested changes unless there is a reason under the Privacy Act or other relevant law to refuse such access or refuse to make the requested changes.
8.6 If Paediatrics Ballarat, after consultation with the treating medical practitioner, does not agree to change your personal and health information in accordance with your request, we will permit you to make a written statement of the requested changes and file a copy of that statement on your medical record.
8.7 Should you wish to obtain access to or request changes to your health record you can ask our Privacy Officer (details as stated herein below in clause 13), who can give you more detailed information about Paediatrics Ballarat’ access and correction procedure.
8.8 Paediatrics Ballarat may charge you a reasonable fee associated with supplying a copy of your
personal and health information to you.
9. Data Quality
9.1 Paediatrics Ballarat will take reasonable steps to ensure that your personal and health information that we collect are accurate, up to date and complete.
9.2 Paediatrics Ballarat will take reasonable steps to ensure that your personal and health information that we use or disclose, having regard to the purpose of that use or disclosure, is accurate, up to date, complete and relevant.
10. Data Security
10.1 Paediatrics Ballarat will take reasonable steps to protect your personal and health information from misuse, interference, loss, unauthorised access, modification or disclosure.
10.2 If Paediatrics Ballarat holds personal and health information about you and we no longer need that information for any purpose for which that information may be used or disclosed, that information is not contained in a Commonwealth record and we are not required by or under an
Australian law, or a Court or Tribunal Order, to retain that information, we will take such steps as are reasonable in the circumstances to destroy that personal and health information or to ensure that information is de-identified.
11. Identifiers
11.1 Paediatrics Ballarat assigns its own identifiers, being a unique number within our practice database system MEDIFLEX to identify patients and/or a patient’s parent/guardian and, where appropriate, Paediatrics Ballarat collects government identifiers such as Medicare, Health
care/Pension Card numbers, Private Health fund membership number etc.
12 Complaints
12.1 Paediatrics Ballarat takes complaints and concerns regarding privacy seriously.
12.2 In the event:
• ou have questions or comments about this Public Policy; or
• Paediatrics Ballarat does not agree to provide you with access to your personal and
health information; or
• you have a complaint about our information handling procedures, you can lodge a
complaint with or contact our Privacy Officer by using the contact details as stated herein
below in Clause 13.
12.3 You also have the legal right to lodge a complaint in writing to the Office of the Australian
Information Commissioner (OAIC) by visiting www.oaic.gov.au and using the online Complaint Form or
in writing and posted to: Office of the Australian Information Commissioner GPO Box 5288 Sydney
NSW 2001 For further information kindly visit www.oaic.gov.au or call the OAIC on 1300 363 992.
13. Contact us
13.1 Privacy Officer – Practice Manager
13.2 By Letter: 1328 Sturt Street Ballarat VIC 3350
13.3 By Email: reception@paediatricsballarat.com.au
13.4 By Telephone: (03) 5327 1444
14. Privacy Policy Version
14.1 This Privacy Policy was last updated on 30/08/2024 and may change from time to time in
accordance with changes to the Privacy laws.
14.2 This Policy will be reviewed regularly to ensure that it is in accordance with any changes that may
occur by virtue of any amendment to the Privacy laws.
14.3 The updated Policy can be found in the Paediatrics Ballarat website, or you could contact
Paediatrics Ballarat to ensure that you have the latest version of this Privacy Policy.
15. Data breaches
15.1 Data breach occurs when there is an unauthorised access or disclosure, or loss of personal information held in our practice. This could be an email sent to the wrong person, a loss of laptop containing patients’ personal and health information, or our database being hacked. The practice has an IT consulting company that oversees the security of our database.
15.2 Effective from 22 February 2018, Paediatrics Ballarat is required to investigate a data breach or suspected/alleged data breach and decide if it is likely to result in serious harm to one or more individuals. Paediatrics Ballarat may be able to remedy the negative impact of the breach by retrieving an email sent incorrectly or by having good security in place depending on the type of data breach. In the absence of a remedy, Paediatrics Ballarat has the legal obligation to notify the affected patient/(s)
and the OAIC accordingly.
15.3 The patient and/or third-party representatives and their independent medical practitioner shall
defend and indemnify Paediatrics Ballarat against any third-party claim, suit, or proceeding arising out
of or related to a data breach caused by the act or omission of any party or their agents,
subcontractors, or employees.