The purpose of this document is to outline how Newland Street Specialist Centre (NSSC) Pty Ltd, incorporating – The Sydney Clinic for Gastrointestinal Diseases (SCGIT) and The Sydney Clinic for Ocular Diseases and Disorders complies with its privacy obligations. Our organisation will make this information available to anyone who asks for it. As a healthcare facility, our principal concern is and always has been the health of patients who visit our facility. A high level of trust and confidentiality is required to ensure the confidence of the patients we serve.
Patients will be assured that their privacy will be protected when visiting our organisation; that the information collected and retained in our medical records is correct and up-to-date; and that they can access their information for review. The new legislation will serve to complement our existing culture of confidentiality and our already established professional practice obligations, we are working to ensure compliance with privacy regulations and to ensure best practice.
Your information is collected and held in accordance with the Australian Privacy Principles.
Collection, Use and Disclosure:
SCGIT & NSSC recognises that the information that we collect is often of a highly sensitive nature and as an organisation we have adopted the highest privacy compliance standards relevant to ensure personal information is protected. SCGIT & NSSC is an independent provider of consultation and hospital services to medical practitioners who provide services at our organisation.
SCGIT & NSSC staff and the medical practitioners may collect personal information (including health information) regarding patients for the purpose of providing medical services and treatment to patients. In emergency situations we may need to collect personal information from relatives or other sources where we are unable to obtain your prior consent.
Personal information collected will generally include:
- The Patient’s name, address, telephone number and Medicare number
- Date of birth
- Next of kin details
- General Practitioner and Referring Doctor
- Marital Status
- Financial details associated with services the centre has provided
- Current drugs or treatment used by the patient;
- Previous and current medical history, including where clinically relevant a family medical history
- The name of any health service provider or medical specialist to whom the patient is referred, copies of any letters of referrals and copies of any reports back.
Information may be provided to a *3rdparty when it is appropriate and to your benefit. * Third parties may include case review forums, insurance companies and government agencies.
Anonymity and Pseudonymity
The APP sets out a requirement that an organisation provide individuals with an option of dealing with it using a pseudonym. This will be managed on an individual case basis, after discussion with Management & treating Specialist. It is impractical and unsafe for the organisation to deal with an individual whom have not identified themselves.
SCGIT & NSSC may access information:
- Provided directly by the patient;
- Provided on the patient’s behalf with the patient’s consent;
- From a health service provider who refers the patient to medical practitioners providing services at NSSC & SGIT or
- From health service providers to whom patients are referred.
- For the purpose the patient was advised of at the time of collection of the information
- As required for delivery of the health service to the patient;
- As required for the ordinary operation of our services.
- Referral to another medical practitioner or health care provider;
- Account keeping and billing purposes;
- Quality assurance, practice accreditation and complaint handling;
- As required under compulsion of law; or
We will not use or disclose your personal information to any other person or organisation for any other purpose unless:
- You have consented.
- The use or disclosure is for a purpose directly related to providing you with healthcare and you would expect us to use or disclose your personal information in this way.
- We have told you that we will disclose your personal information to other organisations or persons: or
- We are permitted or required to do so under law.
If information is requested by any other third party (e.g. partners, relatives, solicitors, government departments, insurance companies, etc), it must be accompanied by an original written authorisation from you, the patient.
Access may be denied
- Where there is a serious and imminent threat to an individual’s life, health, or safety; or a serious threat to public health or public safety
- Where denying access is required or authorised by law.
- The Clinic must give a reason for denial of access or refusal to correct personal information.
If an individual is able to establish that their personal information is not accurate, complete and up to date, all reasonable steps must be taken by the Clinic to correct the information. If the Clinic and individual disagree about the accuracy, the Clinic must attach a statement to the information noting this if the individual requests it to e done.
SCGIT & NSSC keeps health information for a minimum of 7 years from the date of last entry in the patient record.
- Your medical record is a permanent legal document and we take its security very seriously. Records can only be removed from our premises on a court subpoena, statutory authority, search warrant, coronial summons or similar.
Medical practitioners who provide services at NSSC & SCGIT may refer patients to the following services;
- Specialist, medical practitioners and other health providers involved in the relevant patients care which may include surgeons, nurses, occupational therapists, pharmacists, physiotherapists and the ambulance service;
- Pathology services;
- Radiology services;
- Private Hospitals;
- Public hospitals;
- Day procedure centres;
NSSC & SCGIT also collects information about the medical practitioners who provide services at our organisation centres it operates. This information is collected directly from or with the agreement of the medical practitioner. This information includes the name, address, qualifications and experience of the medical practitioner.
Transborder / Foreign access /disclosure
Personal information will be transferred to someone in a foreign country if:
- The individual consents to the transfer
- The transfer is necessary for the performance of a contract and the benefit, between the individual and the Clinic.
- The overseas recipient will not breach the APPs in relation to the information.
Using Government identifiers
In certain circumstances we are required to collect government identifiers such as Medicare pension / Veteran Affairs numbers. We only use or disclose this information in accordance with the law.
NSSC & SCGIT requires its employees to observe obligations of confidentiality in the course of their employment. NSSC & SCGIT requires independent contractors to sign a confidentiality undertaking.
NOTIFIABLE DATA BREACHES
The Notifiable Data Breaches scheme requires notification to particular individuals and the Australian Information Commissioner about “eligible data breaches”. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the information relates.
A data breachoccurs when;
- There is unauthorised accessof personal information, when it is accessed by someone not permitted to have access. This includes an employee, an independent contractor or external third party.
- There is unauthorised disclosure, intentional or unintentional, which makes personal information accessible or visible to others, and releases that information from its effective control in a way that is not permitted by The Privacy Act.This includes unauthorised disclosure by an employee.
- There is loss (accidental or inadvertent) of personal information, in circumstances where it is likely to result in unauthorised access or disclosure e.g. an employee leaves personal information (including hard copy documents, unsecured computer equipment or portable storage devices containing personal information) on public transport.
An eligible data breachoccurs when the following three criteria are satisfied:
- There is unauthorised access to, disclosure of or loss of personal information
- This is likely to result in serious harm to one or more individuals
- The entity has not been able to prevent the likely risk of harm with remedial action.
If it is suspected that an eligible data breach has occurred, an assessment must be conducted to determine whether it is likely to result in serious harm, and as a result require notification to the individuals concerned and/or The Office of the Australian Information Commissioner. For details on assessing data breaches and processes for reporting refer to;
Breach of Privacy
The Privacy Officer at NSSC must be informed immediately when an individual raises a verbal or written complaints about breach of privacy.
Privacy Officers elected include Medical Practitioners, Practice Manager, Director of Nursing and Quality Manager
Refer to Complaints policy for details of reporting and management.
For more information, or if you feel we have not resolved the issue, please contact www.privacy.gov.au or
The Office of the Australian Information Commissioner
PO Box 5218, Sydney, NSW 2001
Privacy Act 1988
Privacy Amendment (Enhancing Privacy Protection) Act 2012
Privacy Amendment (Notifiable Data Breaches) Act 2017
State Health Records Information & Privacy Act 2002
Personal Information Details form
Patient Personal & Privacy Information form
Complaints Management Policy
3 (Moderate) this policy is required for effective governance