Why do we collect, use, hold and share your personal information?
We collect, maintain, use and disclose personal information about you in order to assist us to provide you with appropriate care, treatment and services. Your personal information is used by us:
- to provide you with medical care and services;
- to provide you and/or a nominated third party with information that may assist you in managing and improving your health; and
- as a medical history for you that allows us to provide you with better care as it assists with identifying changes to your health over time.
Operating our business
We use your personal information as necessary to manage our administration, including storage of data, and management of accounts and payment for the services provided to you. Specifically, we will use and, where necessary, disclose your personal information:
- to obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
- if the circumstances require, we may disclose your personal information to our insurers or those of our GP’s;
- to manage and store your personal information in a secure fashion (via our on-premise software),
- for data entry and data analytics purposes; and
We may use your personal information to communicate with you, including to:
- respond to your online enquiries or process requests for appointments;
- advertise to you particular products and services that may be of interest to you; and
- send you appointment reminders (including by SMS or email) in relation to obtaining services from our practice. This enables us to contact you, for example, to make follow-up appointments to discuss test results, or to remind you that you, or a dependant, are due for an immunisation, pap smear, annual health assessment or other type of consultation or test.
Teaching and research
We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our practices. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.
We may be required by law to disclose your personal information without your consent.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Please note that all Medicare and OSHC claims need to be made using your correct details. Should you choose to visit the practice under a pseudonym, rebates may not apply.
How do we collect your personal information?
We collect personal information about you in several ways, including from:
- you directly;
- someone who has responsibility for you (your parent, carer or guardian);
- information collected by an employee of our practice, such as a receptionist or nurse;
- information from external health providers which is provided to our practice and placed on the record of the patient; and
- information collected through websites in the form of online enquiries or requests for appointments.
When you attend our practice to obtain services from our GP’s, we create a unique digital medical record for you. Every time a medical service is provided for you, new information is added to your medical record.
When you visit our website, a small data file called a “cookie” is stored on your computer or mobile device by our server. Cookies can only store information that is explicitly provided by the visitor in the first place, or information that the website already has about the user, such as their IP address.
Who do we share your personal information with?
We sometimes share your personal information:
- With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
- With other healthcare providers
When it is required or authorised by law (e.g. court subpoenas)
When it is necessary to lessen or prevent a serious threat to a client’s life, health or safety, a third parties life, health or safety or public health or safety
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of confidential dispute resolution process
- When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
Only people that need to access your information will be able to do so. Other than while providing medical services or as otherwise described in this policy, our service will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.
How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms including: electronic records, paper-based records and as visual records (X-rays, CT Scans, videos and photos).
We take reasonable steps, and implement reasonable safeguards, to ensure the protection of the personal information that we hold. Our practice stores all personal information securely. The Health and Medical Service network is operated on a secure network maintained by firewalls, within a secure Griffith University framework.
All staff require an individual username and password to access the University network, and a username and passwords are required to access any Health Service software. Passwords are changed regularly to restrict access to the network.
All paper records are secured in locked filing cabinets and drawers. The keys are securely stored and can only be accessed by staff.
As the Health and Medical Service is part of the University, we are bound by the applicable Queensland State Archives disposal and retention schedules, regarding how long we keep your records.
How can you access and correct your personal information at our practice?
You may request access to the personal information we hold about you. You can also request that corrections be made to it. We will respond to your request within a reasonable time.
There are some circumstances where we are not required to give you access to or correct your personal information, for example, if disclosure may cause a serious threat to your health or safety. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.
There is no fee for requesting access to your personal information or for us to make corrections. However, we will charge a fee for our costs involved in collating and providing you with access to any personal information. That fee is payable before access is given.
Clients from the European Economic Union have additional rights under the General Data Protection Regulation (GDPR), please see the University’s Privacy Plan for additional information.
How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to:
Director, Student Health, Counselling and Wellbeing
G33 Gold Coast campus
GRIFFITH UNIVERSITY QLD 4222
Contact number: +61 07 55527148
Upon receipt of a complaint we will consider the details and manage it in accordance with the University’s Privacy Plan.
Policy review statement
Current as of: August 2019.
Review date: August 2020.