1. Overview and purpose
Retinology Institute is committed to protecting the privacy of our patients within our practice. Information collected is kept strictly confidential and used only for the medical and health care of patients with respect to your rights.
We collect, hold, use and disclose personal information to carry out our functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).
To ensure patients who receive care from Retinology Institute are comfortable in entrusting their health information to the practice. This policy explains;
- how we manage your personal information (including your health information), including the collection, use, disclosure, quality and security of your personal information.
- the kinds of information we collect and how that information is held;
- the purposes for which we collect, hold, use and disclose personal information;
- how you can access your personal information and how you can request to correct such information; and
- how you can complain about a breach of your privacy and how we will handle your complaint.
2. Collection of personal information
Retinology Institute collects information which is necessary to provide you with healthcare services and to appropriately manage and conduct our business.
The practice’s procedures for collecting personal information is set out below:
- Practice staff collect patient’s personal and demographic information via registration when patients present to the clinic for the first time.
- During the course of providing medical services the practice’s healthcare practitioners will consequently collect further personal information.
- Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary) or from other involved healthcare specialists.
Retinology Institute will usually collect your personal information directly from you, including from patient consent forms, medical records and consultations with you, or from another health service provider. Sometimes we need to collect information about you from third parties, such as relatives and friends and private health insurers.
We will only collect information from third parties where:
- you have consented to such collection; or
- such collection is necessary to enable us to provide you with appropriate healthcare services (such as emergency medical treatment or where your health is at risk);
- such collection is reasonably necessary to enable us to appropriately manage and conduct our business; or
- it is legally permissible for us to do so.
3. How we use your personal information
Retinology Institute may use or disclose personal information:
- for the purpose advised to the patient at the time of collection of the information,
- as required for delivery of the health service to the patient,
- as required for the ordinary operation of our services (i.e. to refer the patient to a medical specialist or other health service provider),
- as required under compulsion of law, or
- where there is a serious and imminent threat to an individual’s life, health, or safety; or a serious threat to public health or public safety.
Retinology Institute may use or disclose personal information for quality assurance, training, billing and effectively communicating with third parties, including private health insurers, Medicare Australia and other government departments.
4. Disclosing your personal information
Retinology Institute may disclose your personal information to our employees, contractors and service providers in order for us to provide healthcare services to you and to allow us to manage our business. We will also disclose your personal information to healthcare professionals directly involved in your treatment. Where your medical records are required in the case of a medical emergency, we will provide these to the relevant medical professional without waiting for your consent, where we believe this is in your interests.
Your personal information may also be provided to third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action.
We may provide your personal information to third parties involved in your care, such as:
- your parents, children, relatives and close friends, guardians or a person exercising a power of attorney or enduring power of attorney. Please advise us if it is your wish no third party as stated is to have access to your personal information;
- government departments and agencies, such as Defense or Department of Veterans Affairs, or departments responsible for health, aged care and disability where we are required to do so;
- private health insurers and Medicare Australia;
- anyone authorised by you to receive your personal information
5. Website privacy
Retinology Institute’s website may contain links to other sites. Please be aware that Retinology Institute is not responsible for the privacy practices of any linked sites. We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit. All links to external sites are provided for your convenience. The information, products and advertisements contained in the linked sites are neither approved nor endorsed by Retinology Institute and as such, is not responsible for such information, products or advertisements.
Your privacy is important to us and we want you to feel comfortable visiting our website. Any personal information given to us by patients, including e-mail addresses, will be used only in the following ways:
- personal data given to us by you will be securely stored
- we will not provide your personal data to any third party without your permission,
- we do not automatically collect your personal e-mail address simply because you visit our site
- if we join with a third party to provide services and you sign up for those services, we will share your name and other contact information necessary for our partner to provide the services to you,
- if you view specific pages or download information from specific pages on our website, we will track and add the number of your visits to the aggregate number of visits by all users in order to better design our website,
- we may share aggregate demographic information with our affiliates. This is not linked to any personal information that can identify you or any other visitor to our web site.
By using Retinology Institute’s website, you consent to the collection and use of your personal information as detailed in this Privacy Policy. We will post any changes to this Privacy Policy on our website so that you are kept up to date with the type of information we collect and the ways in which we use it.
6. Overseas recipients
Retinology Institute does not engage with any overseas entities or persons where your personal information will be transferred, stored or disclosed. Should we wish to transfer your personal information overseas, we will ask for your consent before we do so.
7. Data storage, quality and security
We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We are an electronic medical records practice and do not retain any hardcopies of your medical or personal information. Everything is stored electronically in a secure, encrypted hosted service maintained by IT professionals. Once your data is entered onto our medical software, all paper copies are securely destroyed.
All personal information stored in electronic form is protected from unauthorised access, misuse, interference, loss, modification or disclosure. Some of the steps we take to ensure your personal information is secure include:
- Our staff are trained on privacy and we have detailed internal processes and systems to protect your privacy.
- We outsource our IT management and medical record hosting to an Australian based IT company. They are specialists in provision of these services to the medical industry in Australia. They incorporate secure technologies to protect your personal records.
- Electronic records are hosted in professional data centers within Australia and sit behind two firewalls with business grade antivirus and antimalware software protection. The IT professionals regularly have independent penetration tests performed.
- All data is backed up daily and again weekly on a separate server than the “operating” server. All data is kept in Australia.
- We have selected the IT professionals based on their expertise and focus on security. They have a data breach response plan in place and our IT systems are fully maintained by them to ensure all software updates and licenses are current, and that our system’s security integrity is maintained.
- We review our risk management program annually to protect privacy.
Our website and email is linked to the internet. No data transfer over the internet is 100% secure. Accordingly, any information which you transmit to us online or via email is transmitted at your own risk.
8. Destroying your personal information
Subject to applicable laws, Retinology Institute may destroy records containing personal information when the record is no longer required by Retinology Institute.
It is likely your medical records held by us contain sensitive information. We are required to abide by relevant legislation in the retention and disposal of your medical records.
Retinology Institute does not retain any hardcopies of your medical or personal information. Everything is stored electronically in a secure, encrypted hosted service maintained by our IT contractors. Once your data is entered onto our medical software, all paper copies are destroyed.
9. Accessing and amending your personal information
We encourage you to contact us if you have a query regarding your personal information. You may request an amendment to your personal information if you consider that it contains inaccurate, incorrect or incomplete information.
You have a right to request access to any information we hold about you. If you make a request to access personal information that you are entitled to access, we will provide you suitable means of accessing it. We will not charge you for making the request. In circumstances where you request we provide a copy of your personal information to you, we may charge you a fee to cover our reasonable costs for complying with the request for access.
There may be instances where we cannot grant you access to some of the information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others. If that is the case, we will provide you with a written explanation of those reasons.
10. Complaints
Retinology Institute understands the importance of confidentiality and discretion with the way we manage and maintain the personal information of our patients. The practice takes complaints and concerns about the privacy of patient’s personal information seriously. Patients should express any privacy concerns in writing. The practice will then attempt to resolve it in accordance with its complaint resolution process.
All employees of Retinology Institute are required to observe the obligations of confidentiality in the course of their employment and are required to sign Confidentiality Agreements.
In the instance where you are dissatisfied with the level of service provided within the clinic we encourage you to discuss any concerns relating to the privacy of your information with the Practice Manager or your Doctor.
On receipt of your complaint we will contact you within 30 business days to confirm what investigation action will occur. We will then communicate the outcome to you in writing and invite a response to our conclusion about the complaint. If we receive a response from you, we will also assess it and advise if we have changed our view.
If the complaint has not been resolved to your level of satisfaction all complaints should be directed to:
Office of the Australia Information Commissioner
Tel: 1300 363 992
Email: enquiries@oaic.gov.au
11. Review and change to Privacy Policy
Retinology Institute has the right to change the Privacy Policy at any time. If there are updates to our Privacy Policy, we will address the changes promptly and update the revision date of this document.
12. Obtaining further information
A current version Retinology Institute’s Privacy Policy can be requested:
- In person: Suite 11, 445-447 Burke Road, Glen Iris VIC 3146
- Phone: 1300 RETINA (or 03 8823 9000)
- Online: www.retinology.com.au
13. Contact Information
Should you have any queries, concerns or feedback regarding Retinology Institute’s Privacy Policy, please contact:
The Principal Doctor or Practice Manager
Retinology Institute
Suite 11, 445-447 Burke Road
Glen Iris, VIC, 3146
Alternatively, please send an email to manager@retinology.com.au or call 03 8823 9000.