Our business is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’).
Our policy is to inform you of:
- the kinds of information that we collect and hold, which, as a medical billing service, are likely to be ‘medical information’ for the purposes of the Privacy Act;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you may access your personal information and seek the correction of that information;
- how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
- whether we are likely to disclose personal information to overseas recipients.
2. What kinds of personal information do we collect?
The type of information we may collect and hold includes:
- your name, address, date of birth, email and contact details;
- Medicare number, DVA number and other government identifiers;
- other health information about you, including –
- – notes of the treatment given to you;
- – your billing details.
3. How do we collect and hold personal information?
We will generally collect personal information:
- From our clients as part of the billing instructions;
- from you directly when you provide your details to us. This might be via a face to face discussion, telephone conversation, registration form or online form;
- from a person responsible for you;
- from third parties where the Privacy Act or other law allows it. This may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, Medicare, or your health insurer.
4. Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
- to communicate with you in relation to the medical service being provided to you;
- to comply with our legal obligations;
- to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, and management of our systems;
- for identification and insurance claiming;
- to liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veterans Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
5. How can you access and correct your personal information?
You have a right to seek access to, and correction of, the personal information which we hold about you.
For details on how to access and correct your health record, please contact our office as noted under ‘Contact Details’. We will normally respond to your request within 30 days.
6. How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure.
- holding your information on a secure server at secure premises;
- our staff signing confidentiality agreements;
- document retention and destruction policies.
7. Privacy related questions and complaints
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing.
We will normally respond to your request within 30 days. If you are dissatisfied with our response, you may refer the matter to the OAIC: Phone: 1300 363 992. Email: firstname.lastname@example.org. Fax: +61 2 9284 9666. Post: GPO Box 5218 Sydney NSW 2001. Website: www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint.
8. Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our business, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.
For example, billing via Medicare or a health insurer is likely to be impracticable if we are unable to identify a patient.
We may not need to identify a patient seeking certain treatments who may be prepared to forgo notifying their insurer or seeking a Medicare benefit and pay for the service themselves.
9. Overseas disclosure
We may disclose your personal information to the following overseas recipients:
- any entity or individual who may have financial responsibility for the services provided, for example an overseas insurance company;
- anyone else to whom you authorise us to disclose it.
10. Updates to this policy
This policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be published on our website.
11. Privacy and websites
There are many aspects of our website that can be viewed without providing personal information. Any personal information that is collected from our website through contact forms, questionnaires, surveys or email will remain confidential. We do collect analytical data based on user behaviour.
12. Contact details for privacy-related issues