The Female Physio Launceston recognises the importance of your privacy and understands your concerns about the security of your personal information. We are committed to handling personal information about you, including sensitive personal information such as health information, in accordance with the requirements of the Privacy Act 1988 (Cth).
“Personal information” is defined in the Privacy Act 1988 (Cth) to mean any information or opinion about an identified individual (or an individual who is reasonably identifiable), whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
We are required under this Act to place greater emphasis on the security of any sensitive personal information (as defined under the Act) that we may collect, which includes your health information.
Where you live in, or have a relevant nexus to, the European Union, you must advise us that the General Data Protection Regulation (GDPR) framework applies to your personal data. Where you so advise us, we will take all reasonable steps to ensure that we handle your personal data in line with the GDPR framework.
Because we are an Australian business and do not provide services to non-Australian customers, our presumption (unless you inform us otherwise in writing) is that the GDPR does not apply to any personal information of yours that we may collect.
The kinds of personal information we collect and hold
We collect and hold a range of personal information in carrying out our business and functions as a physiotherapy services provider. The kinds of personal information that we collect and hold about you will depend upon the nature of our relationship with you.
Personal information we may collect about our clients
We typically collect and hold the following kinds of personal information (including sensitive personal information relating to an individual) about our clients:
- their name, address, date of birth, email and contact details;
- information about their family and relatives (including relevant health information);
- information about other health professionals involved in their care;
- any government identifiers such as Medicare number and DVA number. However, we do not use these for the purposes of identifying you in our practice;
- any private health insurance providers and their identifiers;
- health information about them such as a record of their symptoms, their relevant medical history, diagnoses made, treatment previously obtained and the treatment we may give them;
- their current and past prescriptions;
- doctor and specialist reports (and the reports of other health professionals);
- test results;
- their appointment date(s) and billing details; and
- other information about them that we collect for the purposes of providing physiotherapy services to them.
Personal information we may collect about our contractors, service providers, suppliers, work experience personnel or trainees, and job applicants
We typically collect and hold the following kinds of personal information about contractors, service providers, suppliers, work experience personnel or trainees, and job applicants:
- name and contact details (including home address, email address and phone number);
- details about their current employer;
- information contained in resumes;
- educational details, academic and other transcripts, employment history, skills and background checks;
- references from past employers and referees;
- information collected during the interview or assessment process;
- details of their business, including business address, phone number, email address and key contact;
- copies of current and past contracts and contract reference numbers;
- details of their performance under any contract;
- details of any amounts outstanding or overpayments made;
- details of their representatives, officers and agents; and
- personal information required to make payments, such as bank account details.
Where it is relevant, we may also collect sensitive personal information contained within the sources set out above, such as membership of a political, professional or trade association or trade union, criminal records and health information.
How we may collect your personal information
Our practice may collect your personal information in different ways.
The amount and type of information we collect from you when you use our website or contact us online will depend upon your use of the facilities and services available through our website or otherwise available online. However, the only personal information which we collect about you when you use our website or contact us online is what you tell us about yourself, such as when you complete an online registration form to book an appointment, submission form to subscribe to our publications, alerts and newsletters, when you accept an invitation to attend a seminar or function, or when you complete other online forms, including through our marketing campaigns.
You may book an appointment online and provide your own contact details and other relevant personal information (which may include sensitive personal information such as health information).
When you schedule your first appointment, whether by online booking, over the telephone, or in person at our practice, our practice staff will collect your personal and demographic information via your registration form. On this registration form, and also during the course of providing physiotherapy services, we may have to collect further personal information, which may include sensitive personal information such as health information.
Your personal information may be collected by us through electronic means such as our software program Nookal. We may collect your personal information when you send us an email or SMS, telephone us, make an online appointment or communicate with us using social media (including by subscribing to, liking or posting a comment on social media, or by following our relevant pages/sites).
We may automatically log information about you and your computer or mobile device when you access our Site. For example, when visiting our Site, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site. We or third party applications may collect or track data transference using cookies. You can usually remove or reject cookies via your browser settings.
We may collect your personal information during your appointment, both on the registration form you complete and in discussion with you.
We may also collect personal information that you provide to us in another way, such as by mail.
In some circumstances, your personal information may be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly and/or because you have consented to us collecting this personal information from another person or organisation. This may include information from:
- your guardian or responsible person;
- other healthcare providers, such as GPs, specialists, other allied health professionals, hospitals, community health services and pathology and diagnostic imaging services; and
- the My Health Record System (where we are permitted to do so); and
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
Why we collect and use personal information about you
Where you are a client, we primarily collect and use personal information about you to provide physiotherapy services to you and to communicate with you and others involved in your care.
We use your personal information (including sensitive personal information), to ensure the best care possible for you.
Personal information we collect, including sensitive personal information, may also be used to help run our physiotherapy practice, manage our accounts and administrative services (including record-keeping (including records we are required to keep by law), and for billing, lodging claims with Medicare, arrangements with private health funds, managing contracts, dealing with contractors, service providers, suppliers, work experience personnel or trainees, and job applicants, pursuing unpaid accounts, management of our IT systems, responding to enquiries from other health practitioners or government agencies, and to conduct accreditation, quality assurance and internal audits.
We why might we share information about you with others
We wish to give you the best possible care. To this end, with your consent, we may also discuss your health condition(s), diagnoses, past and current treatment, possible treatment options and other relevant matters with other practitioners within our overarching medical and health clinic.
We may disclose information about you to others outside of our practice as permitted or required under law. This will include situations where we disclose information about you in order:
- to comply with our legal obligations and/or with government directives;
- (with your consent) to consult with other health professionals involved in your healthcare;
- to get test results from diagnostic and pathology services;
- to discharge notification obligations to liability insurers and/or to claim on our insurance policies if required;
- to communicate with your private health fund, with government and other regulatory bodies such as Medicare and the Department of Veterans’ Affairs, and with My Health Records (where we have been given consent);
- to help us manage our accounts and administrative services;
- to lessen or prevent a serious threat to a patient’s life, health or safety or a serious threat to public health or safety;
- to help in locating a missing person;
- to establish, exercise or defend an equitable claim through the My Health Record or other process; and
- to prepare the defence of anticipated or existing legal proceedings.
Your right to seek access to, and correction of, the information we hold about you
You have the right to seek access to and correction of the personal information we hold about you.
We will normally respond to your request within 30 days. To make the request, you should contact us in writing and provide sufficient information that we can respond to your request.
If you think that the personal information we hold about you is not correct, please immediately let our Privacy Contact Officer know, at the address below. We will take reasonable steps to correct your personal information where the information is not accurate or up to date.
We may ask you from time to time to verify that the information we hold about you is correct and current. Please notify us if, and when, your contact details, Medicare card number and other relevant details change.
In some cases, in accordance with the Privacy Act 1988 (Cth), we may charge you a fee for access to personal information we hold about you or refuse to give you access to personal information we hold about you.
Providing us with personal information about another person
Before you provide us with personal information (including sensitive personal information) about an individual, you must ensure that you are authorised by the relevant individual to disclose that information to us. We are entitled to presume that any disclosure of personal information you may provide to us has been authorised by the person to whom that personal information belongs.
How we hold personal information
We hold personal information in electronic form in our Allied Health software program, and we take reasonable steps to protect personal information (including sensitive personal information) from misuse, interference, loss, and unauthorised access, modification or disclosure. We store electronic records within our own secure network and through third party data storage providers. Personal information within our network is password protected and access is appropriately limited.
Under our records managements system, access to files is appropriately limited. We may apply additional security measures limiting access to information about files, as necessary or desirable based on our clients’ needs.
Our third-party data storage providers are required to protect personal information in accordance with applicable laws and take appropriate technical and organisation measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage.
If you are a client or have otherwise expressed interest and provided us with your contact details, we may send emails to you with information about business developments (such as publications, alerts and newsletters) and marketing our services.
We may use an “email management system” to automate the management and dispatch of these emails. The system operates by inserting tracking codes in the emails that we send to you. The tracking code allows us to collect personal information about you, such as whether you received and opened an email, and whether you clicked through to any links to our website. The personal information that the email management system collects and holds about you is used by us to:
- ensure that you only receive correspondence that you have informed us that you wish to receive;
- insert your personal information into our communications with you (such as your first name);
- determine whether the information that we send to you is suitable for your interests, information needs, health needs and profile;
- ensure that the email address that you have provided us is still operational;
- determine whether emails that we send to you are received by you;
- update a request that you make to us to unsubscribe from a publication that we send to you; and
- review the effectiveness and relevance of our emails to you by collecting other statistical information.
You can also unsubscribe from our email notifications by clicking on the “Unsubscribe” button at the bottom of our email notifications and following the prompts or by emailing us by clicking the “Contact Us” button. If you do not wish for us to send you such emails, you can also let us know by contacting our Privacy Contact Officer at the details below.
Privacy Contact Officer
If you would like more information about the way we manage personal information (including any of your sensitive personal information), would like to request access to or correction of personal information that we hold about you, or wish to make a complaint, please contact our Privacy Contact Officer at The Female Physio Launceston, via our website.
If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Privacy Contact Officer at the details above.
We will respond to complaints within a reasonable period of time (usually 30 days).
If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing email@example.com.