Privacy Policy

Last reviewed: 2/10/2024

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g., staff training).

What personal information do we collect?

The information we will collect about you includes your:

  • Names, date of birth, addresses, contact details
  • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • Healthcare identifiers
  • Health fund details.
Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

(The Privacy Act) requires West Cessnock Medical Practice to provide patients with the option of not identifying themselves, or of using a pseudonym, when dealing with us (APP 2) unless it is impracticable for us to do so. If you wish to not identify yourself, please ask to speak with the Practice Manager for her to arrange this

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

  1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration forms.
  2. During the course of providing medical services, we may collect further personal information.

Information can also be collected through electronic Systems West Cessnock Medical Practice Currently uses My Health Record E.g. via Shared Health Summary

We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.

  1. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
  • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom do we share your personal information?

We sometimes share your personal information:

  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • with other healthcare providers
  • when it is required or authorised by law (e.g. court subpoenas)
  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of confidential dispute resolution process
  • when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
  • during the course of providing medical services, My Health Record, West Cessnock Medical Practice Participates in shared health Summary via PIP which is a government program.

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia. You can let our reception staff know if you do not want your information included.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms. At West Cessnock Medical Practice, your information is stored exclusively in your electronic record. We receive correspondence in various formats, including paper, fax, and email. Any documents transferred from other medical practices on USB or disc are scanned and securely stored in your electronic file. To protect your privacy and data security, original files are deleted once saved. Additionally, any hard copies are securely stored for 30 days before being shredded and destroyed.

At West Cessnock Medical Practice, we have a comprehensive Business Continuity and Information Security Plan in place, which outlines the measures we take to safely and securely manage all sensitive and personal information.

Our practice stores all personal information securely.

West Cessnock Medical Practice Securely Stores and protects personal information. We use an Electronic Based patient management System where all patient’s information & correspondence is kept via electronic format. If we do receive correspondence in Paper form or via a USB or Disc if transferred to us from another medical practice all this correspondence is scanned into your electronic file. It is then stored in a secure location and the hard copy is shredded/ destroyed after 30 days.

Each team Member of the West Cessnock Medical practice has their own individual logins to access the Patient management system, if an employee needs to leave their desk they will log out of the system.

All staff members & contractors that are contracted to West Cessnock Medical Practice are required to sign a confidentiality agreement before commencing their duties.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing if the request is due to changing practices we request you to fill out a request to Transfer medical records at your new practice for them to email or fax to us, If you are requesting medical records for your personal use we require you send us an email or letter with the information/records required and make sure it is dated and signed by yourself along with 3 points of Identification on the letter e.g. Name, DOB, Address  and our practice will respond within a reasonable time frame of 30 days. We will Supply a health summary free of charge if more than a health Summary is required, A fee of $50 will be required for the release of the additional Information.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to contact@westcessnockmedicalpractice.com.au. You will also need to provide 3 points of ID that we will have currently on file to be able to correctly identify you and perform this request.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. You can make Privacy related complaints via email to the practice manager via manager@westcessnockmedicalpractice.com.au. You must include your mailing address and contact number. Our Manager will be in contact with you within 15 Business days of your complaint, e.g. 30 days, and any other key provisions of your complaint handling process.

You may also contact the (OAIC) Which is the Office of the Australian Information Commissioner. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

Privacy and our website

If you book an appointment through our website it is redirected through Health Engine, which is a secure site for all your personal information- you can view their privacy policy at https://healthengine.com.au/privacy.

We keep an email & social media policy for all patient information collected via these sources. If you wish to view these policies, please speak with the Practice Manager

Policy review statement

This Policy will be reviewed yearly or with in conjunction of any obvious changes required. We will notify patients of the update to the privacy policy via our website & Posters in the practice waiting area.

Website Policy

information is collected when you browse anonymously. Anonymous browsing is when personally identifiable information is not required by an individual to gain access to our website. In addition, personally identifiable information such as name and contact details (email addresses) are only collected when you make an inquiry. All other information will be requested from you directly.

Information collected is kept for as long as it is needed to service your account and provide services and products requested by you. When your information is no longer needed for these purposes we will destroy or permanently render anonymous any information held about you.

Please be aware that if you directly disclose personally identifiable information or personally sensitive data through West Cessnock Medical Practice provided public message boards, this information may be collected and used by others.

West Cessnock Medical Practice encourages you to review the privacy statements of websites you choose to link to from our website. West Cessnock Medical Practice is not responsible for the privacy statements or other content on websites outside of its own websites.

USE AND DISCLOSURE OF INFORMATION

The primary purpose in collecting information from you is to enable us to fulfill our business commitments to you in providing our full range of services including management, education and training, consultancy, and to improve these services to you and other clients of West Cessnock Medical Practice. We may use the information you provide to help improve the services we deliver to you, measure consumer interest in West Cessnock Medical Practice services, inform you of other West Cessnock Medical Practice products and services, or comply with requirements under the law.

We will only collect and store information about you that is necessary. The information you provide may be used to offer, provide and improve our services to you and may also be disclosed to other parties such as organisations contracted to operate and maintain West Cessnock Medical Practice databases, provide IT support services and distribute West Cessnock Medical Practice information.

West Cessnock Medical Practice does not permit these parties to use information about you for any other purpose than to perform the services that West Cessnock Medical Practice has instructed them to provide. All suppliers, agents, and third-party companies must sign a confidentiality agreement with West Cessnock Medical Practice before West Cessnock Medical Practice discloses any personal information.

West Cessnock Medical Practice will not, without your consent, disclose personal information for any purpose (a secondary purpose) other than for the main purpose (Primary purpose) of fulfilling our business commitments to you, except where:

  1. it is required or authorised by law or for purposes of law enforcement and matters directly related to law enforcement or the prevention of unlawful activity;
  2. the Secondary Purpose is related to the primary purpose (or directly related when sensitive information is involved) and there is a reasonable expectation that we would use or disclose the information in the circumstances;
  3. West Cessnock Medical Practice reasonably believes it is necessary to prevent any serious and imminent threat to any person’s life, health or safety, or the public’s health or safety.
  4. West Cessnock Medical Practice will not otherwise disclose your personal information to any other party without your consent.
  5. various Commonwealth and state government departments and agencies, including the Department of Health, Department of Veterans’ Affairs, Medicare, and the Department of Human Services, in connection with our services

THIRD-PARTY RELATIONSHIPS

To provide you with a more informative online experience West Cessnock Medical Practice do use the online resources, from time to time, of suppliers, agents, and business partners. Such services comprise links to third-party sites that promote additional services and products. In any such relationship.

West Cessnock Medical Practice takes all reasonable steps to ensure that these parties have and enforce an adequate privacy policy. West Cessnock Medical Practice encourages you to review the privacy statements of websites you choose to link to from West Cessnock Medical Practice. West Cessnock Medical Practice is not responsible for the privacy statements or other content on websites outside of the West Cessnock Medical Practice websites.

STORAGE AND SECURITY OF PERSONAL INFORMATION

West Cessnock Medical Practice will use all reasonable endeavours to ensure that you only provide personal information in a secure environment and when the information is no longer needed it will be destroyed or permanently render anonymous.

The security of any information (including personal information) downloaded and stored on your PC/Server etc is the responsibility of you the individual. The individual is also responsible for the correct configuration of the hardware and software he/she uses to access a West Cessnock Medical Practice websites, along with the physical security and maintenance of that equipment.

West Cessnock Medical Practice imposes strict rules on its employees who have access either to the databases that may store site user information or to the servers that host our services and while we cannot guarantee that any unauthorised access, disclosure, loss, misuse, or alteration to your data will not occur, we will take all reasonable steps to prevent such unfortunate occurrences.

You accept the inherent security implications of dealing online over the Internet and will not hold West Cessnock Medical Practice or its agents or suppliers responsible for any breach of security.

TRANS-BORDER DATA FLOWS

Where, for the purpose of fulfilling our business commitments to you, we disclose personal information to persons involved in administering the services, our related entities or business partners (Permitted Persons), and such Permitted Persons are in a foreign country, West Cessnock Medical Practice will not, without your consent, transfer personal information to such Permitted Persons unless:

  • we reasonably believe that the Permitted Persons are subject to a law, binding scheme, or contract or we have taken reasonable steps to ensure that the Permitted Persons are subject to a contract that effectively upholds principles for the fair handling of personal information that is substantially similar to the National Principles for the Fair Handling of Personal Information embodied in the Privacy Amendment (Public Sector) Act 2000; or
  • the transfer is necessary for:
  • the performance of services requested by you; or
  • for the purpose of fulfilling our business commitments to you; or
  • to implement pre-contractual measures taken in response to a request by you; or
  • the transfer is necessary for the conclusion or performance of a contract concluded in your interest, between BDS and OTDS and a third party; or
  • all of the following apply:
  • the transfer is for your benefit; and
  • it is impracticable to obtain your consent to the transfer; and
  • if it were practicable you would be likely to consent to the transfer.

USE OF COOKIES

The West Cessnock Medical Practice websites use “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise West Cessnock Medical Practice pages, or register with West Cessnock Medical Practice sites or our services, a cookie helps West Cessnock Medical Practice to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as contact addresses, shipping addresses, and so on. When you return to the same West Cessnock Medical Practice websites, the information you previously provided can be retrieved, so you can easily use the West Cessnock Medical Practice features you have customised.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the West Cessnock Medical Practice services or websites you visit.

Communication Policy:

If you have a medical query please make an appointment with your doctor by phoning 49915550.

Please do not email us with medical information or asking medical questions.  We are bound by law to protect your privacy by not emailing regarding patients’ medical complaints.

This phone and email can be used for contacting our administrative staff
only, who will take your message and relay this to your requested GP. Your GP will either return your call or ask for you to be seen, then you will be contacted by our reception staff to make an appointment to follow
up with your requested GP.
 
 

Email Policy:

West Cessnock Medical Practice aims to always seek, and document patients’ consent in their files before sending personal information via email. While doing this we aim to avoid any privacy and patient safety breaches. Privacy legislation does not prescribe how health organisations should send health information to third parties. The law states that any method of communication can be used as long as you take reasonable steps to protect the privacy of the patient and the security of their health information.

Email encryption is ideal but not essential. This practice takes every effort to consider the content of private patient information and can send an email as a pdf with a password. The patient has a right to choose how they receive their password whether by a separate email, text message. Management of email procedure includes; Patient request of information by email documentation via patient file. Inform the patient of the risks of unencrypted email Ideally the practice should obtain permission to use email in writing. If this is not possible.

 
Social Media Policy :

West Cessnock Medical Practice Social Media Policy  8th  August 2021

Name of social media officer: Practice Manager or Administration Manager

Introduction: This policy provides guidance for members of the practice on using social media internally and externally. The policy helps identify and mitigate risks associated with social media use.

Definition: For the purposes of this policy, ‘social media’ is online social networks used to disseminate information through online interaction.

Purpose: Regardless of whether social media is used for business-related activity or for personal reasons, the following policy requirements apply to all GPs and practice staff of the practice. GPs and practice staff are legally responsible for their online activities, and if found to be in breach of this policy disciplinary action will be taken dependant on the severity of the breach of policy. Use of practice social media accounts

The practice will appoint a staff member as a social media officer responsible for managing and monitoring the practice’s social media accounts. All posts on the practice’s social media website must be approved by this staff member. The practice reserves the right to remove any content at its own discretion.

All posts on the practice Facebook site must be in accordance with this policy as well as being approved by the directors and or practice manager.

Staff conduct on social media: 

When using the practice’s social media, practice staff will not post any material that

  • is unlawful, threatening, defamatory, pornographic, inflammatory, menacing, or offensive
  • infringes or breaches another person’s rights (including intellectual property rights) or privacy, or misuses the practice’s or another person’s confidential information (eg do not submit confidential information relating to our patients, personal information of staff, or information concerning the practice’s business operations that have not been made public)
  • is materially damaging or could be materially damaging to the practice’s reputation or image, or another individual
  • is in breach of any of the practice’s policies or procedures
  • use social media to send unsolicited commercial electronic messages, or solicit other users to buy or sell products or services or donate money
  • impersonate another person or entity (e.g. by pretending to be someone else or another practice employee or other participant when you submit a contribution to social media) or by using another’s registration identifier without permission
  • tamper with, hinder the operation of, or make unauthorised changes to the social media sites
  • knowingly transmit any virus or other disabling feature to or via the practice’s social media account, or use in any email to a third party, or the social media site
  • attempt to do or permit another person to do any of these things
  • claim or imply that you are speaking on the practice’s behalf, unless you are authorised to do so
  • disclose any information that is confidential or proprietary to the practice, or to any third party that has disclosed information to the practice
  • be defamatory, harassing or in violation of any other applicable law
  • include confidential or copyrighted information (e.g. music, videos, text belonging to third parties)
  • violate any other applicable policy of the practice.­­
Monitoring social media sites:

The practice’s social media channels are part of our customer service and should be monitored and dealt with regularly. The practice will regularly update this Facebook monthly or in accordance with any necessary updates of practice happenings.

T­­­estimonials:

The practice complies with AHPRA national law and takes reasonable steps to remove testimonials that advertise their health services (which may include comments about the practitioners themselves). The practice is not responsible for removing (or trying to have removed) unsolicited testimonials published on a third-party website or in social media accounts over which they do not have control.

Personal social media use

Staffs are free to personally engage in social media outside of work hours, as long as their actions do not have the potential to bring the practice into disrepute. Employees may not represent personal views expressed as those of this practice.

It is preferred that no posts on personal accounts should display any relationship to West Cessnock Medical Practice or happenings in this practice.

Any social media posts by staff on their personal social media platforms must not reveal confidential information about the practice or a person who uses the practice (e.g., staff should not post information relating to patients or other staff, or information concerning the practice’s business operations

Staff should respect copyright, privacy, fair use, financial disclosure, and other applicable laws when publishing on social media platforms.

Breach of policy: All social media activities must be in line with this policy. Breach of this policy may incur disciplinary action.

Policy review statement: This policy will be reviewed regularly to ensure it is up to date with changes in social media or relevant legislation. Message will be sent out via best practice with any updates.

Following up results and reminders:

reminders are to be followed up by an appointment with your GP. If you are needed to be seen by your GP for results, you will be

contacted by phone or letter to book an appointment.
If your reminder is due, a letter will be sent.
 

ACCESSING AND CHANGING YOUR PERSONAL INFORMATION

West Cessnock Medical Practice attempt to ensure that all personal information collected and stored in its database system is correct and accurate. You may at any time request access to the information we have collected from you and obtain a more in-depth explanation about how the information is used by emailing us at contact@westcessnockmedicalpractice.com.au. We will endeavour to meet or advise of the outcome of a request within 30 business days of receipt.

For any privacy issues or concerns, you can contact us at: contact@westcessnockmedicalpractice.com.au

COMPLAINTS RESOLUTION

West Cessnock Medical Practice is committed to providing consumers with a fair and responsive system for handling and resolving complaints. You have a right to complain and to have your complaint handled efficiently. We believe that receiving a complaint provides us with an opportunity to improve the services we deliver to you and maintain your confidence in West Cessnock Medical Practice and our services.

If at any time you wish to lodge a complaint in respect of the handling, use or disclosure of your personal information by West Cessnock Medical Practice  you may notify us of your complaint via email to: contact@westcessnockmedicalpractice.com.au

We will endeavour to investigate and advise you of the outcome of a complaint within 30 days of receipt of such complaint.

We are constantly improving the West Cessnock Medical Practice websites and the tools you can use to manage the data that you provide to us. Please refer to this page from time to time to see any new policies about the use of these new features.

If the complaint remains unresolved, then an individual can contact:
NSW Health Care Complaints Commission
Locked Mail Bag 18, STAWBERRY HILLS NSW 2012
Phone: 1800 043 159

HCCC TTY Services for hearing impaired
(02) 9219 7555  or
contact the National Relay Services on 133 677
 
People who prefer a language other than English should contact the

Commission through the Telephone Interpreter Service(TIS) on 131 450

CHANGES TO OUR PRIVACY POLICY

From time to time it may be necessary for West Cessnock Medical Practice to review and revise its Privacy Policy. West Cessnock Medical Practice reserve the right to change its Privacy Policy at any time, and it may notify you about changes to this Privacy Policy by posting an updated version on the websites.

Further Information on Privacy 
Further information may be obtained on privacy issues in Australia by visiting the Australian Federal Privacy Commissioner’s web site at www.privacy.gov.au.

Scroll to Top