1. Overview
At myPhysioSA our mission statement is to provide a high level of client service and exceptional physiotherapy treatment management. We believe our patients privacy and confidentiality of their personal and health information is important and this policy is to ensure the safety and privacy of our clients and staff and the integrity and professionalism of our business.
2. Scope
This Privacy policy applies to all staff employed by myPhysioSA over all clinic locations.
3. Purpose
The purpose of this document is to outline how myPhysioSA complies with its confidentiality and privacy obligations. As an organisation, our principle concern is and always has been the health of patients who visit our practice. A high level of trust and confidentiality is required to ensure the confidence of the patients who use our service.
4. Policy & Procedure
myPhysioSA will:
4.1. Provide a copy of this policy upon request
4.2. Ensure staff comply with the APP (Australian Privacy Principles) and deal appropriately with inquiries or concerns
4.3. Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
4.4. Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.
4.5. Staff Responsibility myPhysioSA staff will take responsible steps to ensure patients understand:
- What information has been and is being collected
- Why the information is being collected, and whether this is due to a legal requirement
- How the information will be used or disclosed
- Why and when their consent is necessary
- The Practice’s procedures for access and correction of the information, and responding to complaints of information breaches, including by providing this policy.
6. Patient Consent
6.1. myPhysioSA will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information may be used for any other purpose.
7. Collection of Information
7.1. myPhysioSA will need to collect personal information as a provision of clinical services to a patient at the practice. Collected personal information will include patients’:
- Names, addresses and contact details
- Medicare number (where available) and private health insurance details, for identification and claiming purposes
- Healthcare identifiers
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
7.2. A patient’s personal information may be held at the Practice in various forms:
- As paper records
- As electronic records
- As visual – x-rays, CT scans, videos and photos
- As audio recordings
7.3. The Practice’s procedure for collecting personal information is set out below.
- Practice staff collect patients’ personal and demographic information via registration when patients presents to the Practice for the first time. Patients are encouraged to pay attention to the collection statement attached to/within the form and information about the management of collected information and patient privacy.
- During the course of providing health services, the Practice’s healthcare practitioners will consequently collect further personal information.
- Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.
7.4. The Practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.
8. Use and Disclosure of Information
- Personal information will only be used for the purpose of providing health services and for claims and payments, unless otherwise consented to.
- Some disclosure may occur to third parties engaged by or for the Practice for business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy. The Practice will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some presentations require mandatory notification).
- myPhysioSA will not disclose personal information to any third party other than in the course of providing health services, without full disclosure to the patient of the recipient, the reason for the information transfer and full consent from the patient. The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.
9. Exceptions to disclose without patient consent where the information is:
- Required by law
- Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of a confidential dispute resolution process.
10. The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice in a letter or email.
11. The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on, or destroyed.
12. Access, Corrections and Privacy Concerns
- The Practice acknowledges patients may request access to their medical records.
- Patients are encouraged to make this request in writing, and the Practice will respond within a reasonable time.
- The Practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, the Practice will ask patients to verify the personal information held by the Practice is correct and up to date.
- Patients may also request the Practice corrects or updates their information, and patients should make such requests in writing.
13. Privacy complaints
- The Practice takes complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing to the address below or by email to manager@myphysiosa.com.au.
- The Practice will then attempt to resolve it in accordance with its complaint resolution procedure. Practice Manager PO Box 231 MOUNT BARKER SA 5251
14. Evaluation of Privacy policy
This Policy will be reviewed when any of the related information is amended or replaced or other circumstances occur as determined from time to time by the Practice Manager and/ or Directors and will remain in force until this time.