Introduction:
At Valetta Street Medical Centre, we are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988, the Privacy Amendment Act 2012, the Australian Privacy Principles, the Notifiable Data Breaches Scheme 2018, and relevant Victorian privacy legislation.
This Privacy Policy explains how we collect, use and disclose your personal information (which includes health information), how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.
This Privacy Policy is current from the 1st of January 2025. From time to time, we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the Practice.
Consent for the collection of your personal information:
When you register as a patient of our practice, you are providing consent for the Health Care Practitioners and practice staff to access your personal information so they can provide you with the best possible healthcare. Only staff who needs to see your personal information will do so. If we need to use your information for anything else, we will seek additional consent from you to do this.
Valetta Street Medical Centre will only collect information that is necessary and relevant to provide you with optimal medical care and treatment, and to manage our Practice.
Both clinical and administrative staff will only collect and access your personal information that is relevant to their role in your healthcare.
All staff members and Independent Practitioners sign a comprehensive confidentiality agreement and internal privacy procedures agreement.
Administrative staff will access your health information only if required, for example:
- To answer a query, you may have for example: the date of a referral, a request for a prescription renewal, the duration of a consultation, or the comment your Practitioners have left for you regarding results of investigations (if you have elected not to return to receive them personally).
- To answer a query from an appropriate third party, for example, a relevant Specialist requesting investigation
- results or a hospital requesting a list of current
- To ensure optimal administration of your health information, for example, the scanning of relevant documents into your file.
By giving consent to collect and access your personal information to Valetta Street Medical Centre, you also agree that such information will be available to administration staff, managers, medical and allied health practitioners consulting from Valetta Street Medical Centre. This enables us to care for you as a comprehensive multi-disciplinary team.
The collection and holding of your personal information:
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes, for example staff training.
The information we will collect about you includes:
- Name, date of birth, address and contact details
- Medicare number (where available, for identification and claiming purposes)
- Healthcare identifiers
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Health fund details
- Ethnicity
- Emergency contact and next of kin
You do have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
We collect information in various ways including:
- The collection by practice staff of your personal and demographic information when you phone our clinic to arrange an appointment or when you book
- The collection by practice staff of more detailed personal and demographic information via registration when you present to the Practice for the first
- The collection by your healthcare practitioners when providing medical services of further personal information.
- Information may also be collected by your healthcare practitioners via your My Health Record, for example a Shared Health Summary or Event
- We may also collect your personal information when you send us an email or SMS or telephone us, make an appointment online or communicate with us using social
Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other healthcare providers. In emergency situations, we may also need to collect information from your relatives or friends.
Use and disclosure of personal information:
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment for example:
- With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with the Australian Privacy Principles and with this policy
- With other healthcare providers
- When it is required by or authorised by law court subpoenas
- When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or if it is impractical to obtain the patient’s consent
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of confidential dispute resolution process
- When there is a statutory requirement to share certain personal information for example some diseases require mandatory notification
- During the course of providing medical services through My Health Record Shared Health Summaries and Event Summaries
- De-identified data may be used for education and research purposes, or for the collection of health
Only people who need access to your information will do so. Other than in the course of providing health services or as otherwise described in this policy, our practice will not share personal health information with any third party without your consent.
We will not share your health information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
With your consent, Valetta Street Medical Centre will use your personal information to send you appointment reminders, clinical messages, and preventative health reminders. You can opt out of these services at any time by notifying our practice in writing.
Any unsolicited patient information we receive is evaluated by our administration team, and clinical team if necessary, and decide if it should be kept, acted on or destroyed.
How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms:
- Electronic records
- Paper records
- Visual records such as x-rays, CT scans,
Our practice stores securely and protects your personal information by:
- Securing our premises
- Using protected electronic information systems
- Adhering to strict password and access policies
- Having all staff, contractors and independent practitioners sign confidentiality, privacy and computer security agreements (which includes the adherence to a clear screen policy)
- Providing locked facilities for the storage of any physical records
- Securely destroying documents once they have been scanned into your electronic health record
- Ensuring our information technology contractors clear all personal information from servers, back up devices, computers, printers, scanners, faxes, and printers when upgrading
How can you correct your personal information at our practice?
We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose, our staff may ask you to confirm verbally that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
If you believe that the information we have about you is not accurate, complete or up to date we ask that you contact us in writing (see details below). We will advise you when the corrections have been made and will ensure such changes occur within seven (7) days of receiving your request.
How can you access your personal information?
You are entitled to request access to your medical records. In most cases we will ask you to complete a Request for Medical Records form. Upon receipt of this completed form your request will be actioned. In most cases, this means all health practitioners who have been involved in your care reviewing your request and authorising release of the information.
We will endeavor to complete this process within 30 days and will advise you if there is any delay and the reasons for this. There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example if disclosure may cause a serious threat to your health or safety or to the health or safety of others. We will always tell you why access is denied and the options you have to respond to our decision.
Use of Email:
Emailing of personal information is not a secure method of communication.
Should you however request information to be emailed to you, once we have explained the risks associated with transmitting personal information in this way and have obtained your verbal consent, we will password protect all documents. This process is a secure method and has a low privacy and security risk as per the Royal Australian College of General Practitioners: Using Email in General Practice – Guiding Principles.
We will not email your personal information without consent unless in the case of a medical emergency.
We will accept personal information via email from other healthcare providers and organisations involved in the management of your health.
Only appropriate matters should be raised should you wish to communicate with us via email. For example, appointment scheduling and modifications to referrals or certificates. Medical symptoms or proposed treatments should not be discussed via email.
Email communication must never be used in the case of a medical emergency.
Use of SMS for appointment and health:
Appointment & health reminders and brief clinical messages will be sent via SMS. The detail of the actual health reminder will only be revealed to the recipient upon entering required information. You can be removed from the SMS reminder and communication system upon request.
Our Business Continuity Plan:
Valetta Street Medical Centre has an extensive business continuing plan to enable the ongoing provision of healthcare in the event of any unforeseen events such as computer hardware failure. This business continuing plan includes the electronic back up and replication of your personal information. Back up data is stored offsite in a secure cloud. Replicated data is hosted securely in data centres located in Melbourne and can only be accessed by our information technology providers and authorised members of our practice team.
Overseas Transfer of Data:
We will not transfer your health information to an overseas recipient unless we have your consent to do so, or we are required to do so by law or in the case of a medical emergency.
A note about identifying you when you arrive at our practice:
Our practice abides by the 5th Edition of the Royal Australian College of General Practitioners Standards for General Practice. These standards are developed with the purpose of protecting patients from harm by improving quality and safety of health services. These standards state that we must correctly identify you at every attendance to ensure we have arranged an appointment for the correct person and are about to deliver health care to the correct person. The standards state we must ask you for three approved forms of identification for example name, address and date of birth. We understand that providing these details within the vicinity of other patients may be a privacy concern. We therefore ask that if you do have any concerns, you check in by providing us with photo identification when you arrive.
Privacy concerns:
Valetta Street Medical Centre takes complaints and concerns about privacy of patients’ personal information seriously. If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint, we then consider the details and attempt to resolve it in accordance with our complaint handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner:
Australian Information Commissioner,
1300363992,
Privacy Commissioner Victoria,
10-16 Queen Street Melbourne VICTORIA 3000
1300 666 444
Contact:
Please direct any queries, concerns, complaints or requests for access to medical records to:
Anil Sharma
Business & Practice Manager
Valetta Street Medical Centre
35 Valetta Street Clyde 3978 VIC
Mobile 411122211
Email: [email protected]