This policy has been prepared in accordance with the requirements of the Privacy Amendment (Private Sector) Act 2000.
PURPOSE OF THIS POLICY
The purpose of this policy is to clearly express an up-to-date policy about our company’s management of personal information.
This policy is intended to enhance the transparency of our company’s operations, notify you of your rights and our obligations, and provide information regarding:
- the kinds of personal information which we will collect and hold;
- how we will collect, hold, use and disclose personal information;
- the purpose for which we collect, hold, use and disclose personal information;
- how you may access personal information that is held by us and seek correction of such information;
- how you may complain about a breach of the Australian Privacy Principles (APP) or registered APP code (if any) that binds us and how we will deal with such complaint;
- whether we are likely to disclose personal information to overseas recipients;
- if we are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located and if practical specify the countries in the policy.
We acknowledge that we must take reasonable steps when handling personal information. Whilst we cannot warrant that this policy will be followed in every instance, we will endeavour to follow this policy on each occasion.
The optometrist will take all reasonable steps to ensure that the information they hold about the patient is protected from misuse, loss and unauthorised access or disclosure. The only people who have access to patient records are the optometrists involved in the care of the patient, and practice staff, who need access for purposes such as optical dispensing and billing. No unauthorised persons are permitted to access the records.
It is the policy of GULF & RANGES OPTOMETRISTS that unauthorised release of personal information about patients is grounds for dismissal.
Our policy is available on our website however should you require a hardcopy please contact us and we will provide you with a copy.
THE KINDS OF PERSONAL INFORMATION WHICH WE WILL COLLECT AND HOLD
It is our usual practice to collect personal information directly from the subject individual or their authorised representative(s).
Personal information means information about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Some examples of personal information we might collect are:
- Contact details such as phone number and email address
GULF & RANGES OPTOMETRIST will only use an identifier that has been assigned by a Commonwealth Agency for the purpose for which it has been assigned.
Such identifiers will not be used for the practice’s own internal purposes. The patient’s Medicare number will only be used for the purpose of claiming Medicare benefits.
In circumstances where we are required to do so, or are authorised by law, a court, or tribunal to ask for your identification, we will request your personal information.
If it is likely that it will be impractical for us to interact with you without some form of identification, we will request identification details from you at the beginning of each transaction.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
HOW COOKIES WORK
A user of any website may have their data collected by that website and stored on the user’s internet browser. This data includes browsing activity and information the user may have previously entered. For example, which buttons a user has clicked and which pages they have viewed.
There are different types of cookies. These are:
- authentication cookies;
- session cookies; and
- persistent cookies.
HOW WE WILL COLLECT AND HOLD YOUR PERSONAL INFORMATION
We only collect and hold personal information by lawful and fair means.
Information collected by GULF & RANGES OPTOMETRISTS about a patient is intended to only be used for the purpose of providing the best possible standard of eye care to that patient. This information may include information specifically about their visual status, as well as information about their general health and the health of their relatives, where this is relevant to their visual status. Information will generally be collected directly from the patient, although in some cases it will be necessary to obtain information from others, for example the patient’s parents, where the patient is not able to provide the information themselves.
The optometrist will answer any queries the patient may have about the information being collected or the reasons that it is being collected.
In some circumstances, we may collect and hold personal information that has been collected from a third party or publicly available source. This will likely occur in instances where:
- you have consented for this collection (which would usually be via our privacy statement and/or appointment booking form); or
- you would reasonably expect us to collect your personal information in this way and it is necessary for us to collect this information for a specific purpose (such as investigation of a complaint).
We will take steps to hold personal information in a manner which is secure and protected from unauthorised access. Your information may be held in either a physical form or in electronic form on our IT system. We will take steps to protect the information against modification, disclosure or misuse by including such things as physical restrictions and password protection for accessing IT systems. We will also endeavour to ensure that our service providers have protection for IT systems and other necessary restrictions.
We will endeavour to ensure our staff are trained about security of the personal information we hold and we will restrict any access where necessary.
We will endeavour to destroy and de-identify personal information once it is no longer required.
In the event we hold personal information that is unsolicited and we were not permitted to collect it, the personal information will be destroyed as soon as practicable.
If we collect personal information about you from someone else, we will advise you as soon as practicable that this information has been collected and the circumstances which surround the collection.
THE PURPOSE FOR WHICH WE COLLECT AND HOLD PERSONAL INFORMATION
We will endeavour to only collect and hold personal information which is relevant to the operation of our company. Our purpose for collecting or holding personal information about you is so that it may be used directly for our activities.
We may use your personal information for the activities of our company to:
- book an appointment
- internal management purposes
- business development purposes and direct marketing
We may also collect personal information (including sensitive information) for both the primary purposes specified and purposes other than the primary purposes, including the purpose of direct marketing.
THE PURPOSE FOR USE OF AND DISCLOSURE OF PERSONAL INFORMATION
We will endeavour to only use and disclose personal information for the primary purposes noted above in relation to the functions or activities of our company.
Information provided by a patient will be used for the benefit of that patient, in particular to provide them with the highest possible standard of eye care.
In some cases, this may require providing information about the patient to another health care practitioner, for example, when a patient is referred to a
specialist for treatment. When this occurs, the patient will be informed that the information is being provided.
Some information, such as the patient’s identity and the type of consultation provided, may be released in order Medicare benefits to be claimed. Commonwealth legislation also allows records to be inspected by representatives of the Health Insurance Commission in order to investigate where
Medicare benefits have been paid inappropriately.
Unless one or more of the below scenarios has occurred, we will take necessary steps to prevent personal information from being given to government agencies or other organisations.
- You have provided your consent.
- You would reasonably expect that your information would be disclosed.
- We have informed you that that your personal information will be provided to a third party.
- We are required by law to provide your personal information to a government agency or other organisation.
- The disclosure of the information will prevent a serious threat to somebody’s life or health.
- The disclosure of the information is reasonably necessary for the enforcement of criminal law.
We will endeavour to only disclose personal information for the purpose in which it was collected, unless disclosure is reasonably necessary to:
- Assist in locating a missing person;
- Lessen or prevent a serious threat to life, health or safety;
- Take appropriate action with suspected unlawful activity or serious misconduct;
- Facilitate or assist with diplomatic or consular functions or activities;
- Assist certain defence force activities outside Australia;
- Establish or exercise a defined legal or equitable claim; or
- Facilitate or assist confidential alternative dispute resolution activities.
We will take steps not to disclose personal information for direct marketing purposes unless consent has been provided. You will be provided with an opt out option with any direct marketing should you wish to be excluded. We will record this information on our opt out register.
We will endeavour not to use or disclose a government related identifier unless:
- The use or disclosure of the identifier is reasonably necessary for us to verify your identity for the purposes of our activities or functions; or
- The use or disclosure of the identifier is reasonably necessary for us to fulfil our obligations to an agency or a State or Territory authority; or
- The use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
- A permitted general situation (as that term is defined in the Act) exists in relation to the use or disclosure of the identifier; or
- We reasonably believe that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
HOW YOU MAY ACCESS YOUR PERSONAL INFORMATION
You are entitled to access your personal information held in our possession. We will endeavour to respond to your request for personal information within a reasonable time period, or as soon as practicable in a manner as requested by you. We will normally respond within 30 days.
You can make a request for access by sending an email or letter addressed to our Privacy Officer, details specified below.
The Privacy Officer
Gulf & Ranges Optometrist
PO Box 12, Port Augusta SA 5700
With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information. We will not charge you for making the request, however if reasonable we may charge you with the costs associated with your request.
You will only be granted access to your personal information where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful.
We are not required to, and will not give access to personal information that:
- We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings and the information would not be accessible in normal discovery procedures; or
- giving access would reveal the intentions of us in relation to negotiations and this disclosure would prejudice those negotiations; or
- denying access is required or authorised by or under an Australian law or a court/tribunal order; or
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, or may be engaged in;
- giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within us in connection with a commercially sensitive decision-making process.
If we refuse access to the information, written notice will be provided to you setting out the reasons for the refusal, and the mechanisms available to complain about the refusal.
Should we hold personal information and it is inaccurate, out of date, incomplete, irrelevant, misleading, or incorrect, you have the right to make us aware of this fact and request that it be corrected.
If you would like to make a request to correct your information please contact our Privacy Officer on the details above.
In assessing your request we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then take all reasonable steps to ensure that it is accurate, up to date, complete and not misleading. It is our normal policy to resolve any correction requests within 30 days. If we require further time we will notify you in writing and seek your consent.
Should we refuse to correct your personal information written notice will be provided to you setting out the reasons for the refusal and the mechanisms available to complain about the refusal.
We will endeavour to notify any relevant third parties of the correct personal information where necessary.
In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the APP’s please raise this with our Privacy Officer on the contact details above. We will provide you with a receipt of acknowledgment as soon as practicable and will then endeavour to respond to your complaint and attempt to resolve the issues within 30 days.
In dealing with your complaint we may need to consult another third party.
If we fail to deal with your complaint in a manner that you feel is appropriate you may choose to report your complaint to an external dispute resolution scheme (EDR Scheme).
If you are not satisfied with the process of making a complaint to our Privacy Officer you may make a complaint to the Information Commissioner. Details of which are below.
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992