Mundaring Medical Centre
The management of Mundaring Medical Centre collects patient information in order to provide High quality medical care and are committed to protecting the privacy of our patients within our practice. Information collected is kept strictly confidential and used only for the medical and health care of patients.
This policy is reviewed on an annual basis or more frequently if there are any changes in Australian privacy act.
This policy applies to all employees and patients of Mundaring Medical Centre. Our Practice is committed to maintaining privacy and confidentiality at all times and requires that any information regarding individual patients, including staff members who may be patients, will not be disclosed in any form (verbally, in writing, or electronic forms, inside or outside our practice) except for strictly authorised use within the patient care context or as required by law.
Our Practice Staff take reasonable steps to ensure our patients are informed and understand:
- Why and when their consent is necessary
- What information has been, and is being collected
- Why the information is being collected
- How the information will be used or disclosed
- How the information will be stored
- Process for making a complaint about a possible breach of privacy and confidentiality or how we have managed personal or sensitive information
- How we protect access to patients personal and sensitive information through designated levels of access and password protection
At their first visit, patients are asked to complete a “New Patient Privacy Document” which outlines some of our important principles about how we handle information. Mundaring Medical Centre is committed to protecting personal information and this information will not be used in any other way except as defined in this policy.
The Practice Staff must seek additional consent from a patient if information collected by us is required for any other purpose. Any request for further use of information is made in writing to the patient explaining the request and obtaining the patients written consent prior to the use or release of the information.
Consent to collect personal and sensitive information may be obtained from a patients’ guardian or responsible person where practicable and necessary, for example when a patient is unable to provide the information or is unable to do so.
In the rare case of a medical emergency we may have to COLLECT and/or USE information without a patients consent in order to provide urgent medical treatment.
Collection of Personal Information
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. The information we will collect about you includes your:
- Patient’s full name, date of birth, addresses, contact details
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Medicare number (where available) for identification and claiming purposes
- Next of kin and emergency contact details
- Sensitive information about a patient such as but not limited to; past medical history, immunisation history, medications, allergies, social history, family history, cultural background, names of health care providers involved in the patients care, copies of any relevant medical referrals and reports.
A patient’s personal information may be held at the practice in various forms
- As paper records
- As electronic records
- As visuals ie x-rays, CT scans, videos & photos
- As audio recordings
The practice’s procedures for collecting personal information is set out below:
- Practice staff collect patient’s personal and demographic information via registration when patients present to the clinic for the first time. Patients are encouraged to pay attention to the consent section that they complete as a new patient.
- During the course of providing medical services the practice’s healthcare practitioners will consequently collect further personal information.
- Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary) or from other involved healthcare specialists.
The practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.
Personal information collected by Mundaring Medical Centre may be used or disclosed in the following instances:
- For medical defence purposes;
- As required by law in instances of mandatory reporting of communicable diseases;
- Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impracticable to obtain patient’s consent
- To assist in locating a missing person
- For the purpose the patient was advised during consult with the treating Doctor;
- As required during the normal operation of services provided. i.e. for referral to a medical specialist or other health service provider;
- For the purpose of a confidential dispute resolution process
- Some disclosure may occur to third parties engaged by or for the practice for the Practice for business purposes such as accreditation or for the provision of information technology. These third parties are required to comply with this policy.
The practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient.
The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.
The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent.
The practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed.
Mundaring Medical Centre will employ all reasonable endeavours to ensure that a patient’s personal information is not disclosed without their prior consent.
Parents/Guardians and Children (Mature Minors)
Our Practice recognises that children aged UNDER 18 years of age (mature minors) may have the same rights regarding privacy and confidentiality as would an adult patient. Our staff maintains those rights accordingly. To protect the rights of a child’s privacy, access to a child’s medical information may at times be restricted for parents and guardians. Release of information may be referred back to the treating Doctor where there professional judgement and the law will be applied.
Anonymity / Pseudonymity
Patients have the right to remain anonymous or to use a pseudonym to protect their privacy. We take reasonable steps to ensure we comply with the patients’ request. Patients are advised that anonymity may have a significant impact on our ability to provide timely and appropriate communication and health care.
Exceptions to disclosure without patient consent are where the information is:
Required by law
- Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patients consent.
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
Confidentiality and Secure Storage
We undertake the following procedures to preserve the privacy and confidentiality of our patient’s information.
- All staff, contractors and work experience students receive training on the obligations and expectations regarding privacy and confidentiality when they start work with us.
- Computer back is done by our IT team (Computing Australia) specialise in Medical Centre hardware and software
Destroying Of Information
Information that is no longer needed is destroyed by an accredited shredding company. We keep individual patient records for 7 years from the date of last entry for an adult and until the age of 25 for a child in accordance with current legislation.
- Whilst the individual is not required to give a reason for obtaining the information, a patient may be asked to clarify the scope of the request;
- In some instances the request to obtain information may be denied, in these instances the patient will be advised;
- The material over which a Doctor has copyright might be subject to conditions that prevent or restrict further copying or publication without the Doctors permission;
- The practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time the practice will ask patients to verify the personal information held by the practice is correct and up to date.
- Patients may also request the Practice corrects or updates their information and patients should must such requests in writing.
- Upon request by the patient, the information held by this clinic will be made available to another health provider.
Access to Information
The Practice acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing and the Practice will respond within a reasonable time. The patient may incur a cost for the transfer of medical record; the patient will be informed of this at the time of the request. The cost is to cover the time and resources required to retrieve and prepare records for transfer or access. Where access is denied or needs to be limited due to concerns about the patient’s health and wellbeing or that of another person, this will be discussed with the patient.
The Practice will take reasonable steps to correct personal information where it is satisfied to ensure it is accurate and up to date. This is undertaken by our receptionist who asks each patient on every visit their current phone number and address. Patients are encouraged to request the Practice corrects or updates their information when attending the Practice.
Mundaring Medical Centre takes complaints and concerns about the privacy of patient’s personal information seriously. Patients are encouraged to express any privacy concerns in writing either an email or on Complaint’s form. The Practice will then manage the complaint in line with our complaint resolution procedure outlined below:
- The patient submits a privacy complaint in writing to the Privacy Officer (Practice manager)
- The Privacy Officer will document the complaint in a complaint privacy register including a brief description
- The Privacy Officer will then write to the patient and inform them that we have received the complaint and outline that we will take up to 30 days to investigate and respond in writing.
The Privacy Officer will conduct an investigation and confirm:
- The breach or issue
- Key stakeholders involved
- Timeline of events
- If the Privacy Officer determines a violation has occurred, the Business manager will be Notified
- All documentation will be provided to the Business manager maintained for years
- If the investigation reveals there is an issue with a process, the process will be reviewed and
- The privacy officer will notify the patient submitting the complaint in writing of the results of the investigation.
- If the patient receives notification from the Privacy Officer and is not content with the resolution, the patient is to be advised that they do have the option to take the matter to the Office of the Australian Information Commissioner to review (please see details below).
Notifiable Data Breaches Scheme
From 22 February 2018, if a breach of personal information (data) occurs in our practice, we must notify the individuals involved and the Office of the Australian Information Commissioner (OAIC).
This is known as the Notifiable Data Breaches scheme. We must notify the individuals involved and the OAIC if:
- personal information is: lost; accessed by an unauthorised person or disclosed to an unauthorised person; and
- this is likely to result in serious harm to someone; and
- We can’t take steps to prevent the risk of serious harm.”
For requests for access, to correct personal information, enquires about this policy or to make a complaint please direct your correspondence to:
The Privacy Officer
Mundaring Medical Centre
5/5 Nichol Street
Mundaring WA 6073
Phone: 08 9295 1988
For further information about privacy issues in general practice and patient rights, we encourage our patients to contact:
Office of the Australian Information Commissioner:
Current as of: 15/12/2019