This policy was last updated 22 December 2014.
The Hobart Anaesthetic Group is committed to ensuring your
privacy is protected. We comply with the Australian Privacy
Principles (APPs) as contained in the Privacy Act 1988.
Who complies with this policy?
This policy applies to Lancet Pty Ltd (ACN 009 529 391) trading as The Hobart Anaesthetic Group, and each of the practitioners who is a member of the Group. Each practitioner operates as an individual medical services provider and Lancet Pty Ltd provides services (for example, administrative support) to those practitioners. A complete list of practitioners who are members of the group is available at http://thegroup.com.au/our-people/.
Throughout this policy we may refer to:
a practitioner – which means an individual medical service provider
the Company – which means Lancet Pty Ltd
the Group – which means collectively the Company and each practitioner
we or us – which means whichever entity collects or holds your personal information
We refer to an individual as you.
This policy explains how the Group complies with the APPs when collecting, using, disclosing, storing and destroying your personal information. It also explains how you can access or correct personal information we hold about you and what you can do if you think your privacy has been interfered with.
What personal information does this policy cover?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Personal information may include sensitive information about you such as health, genetic or biometric information; racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record.
When might this policy not apply?
In some cases we may act in a way other than as described in this policy, however we will only do that with your informed consent or if required by law.
How do you contact us?
The person responsible for privacy at the Company is our Privacy Officer. You can contact them in the following ways:
Post: The Business Manager, The Hobart Anaesthetic Group, 303 Macquarie St. Hobart 7000
Phone: (03) 6223 1610
Fax: (03) 6224 0034
Each practitioner is responsible for their own compliance with this policy. You can contact a practitioner directly, or you can make contact through the Company’s Privacy Officer using the details above.
What personal information do we collect?
We only collect personal information that is necessary for our functions or activities. We will ensure you are aware when we collect your personal information and the primary purpose of its collection. We will only collect sensitive information with your consent or where permitted by the Privacy Act.
We will normally require you to provide us with your consent before we seek health information about you from others. However, in some cases we may collect that information without your express prior consent, for example:
- in an emergency or in another situation where you cannot provide consent;
- when the Company receives information from a practitioner in the normal course of providing services to the practitioner;
- from another health service provider in the course of providing you with health services; or
- from Medicare Australia, your health insurer or your Personally Controlled Electronic Health Record in accordance with the relevant legislation.
There may be consequences if you do not provide us with all information sought from you. We will let you know what those consequences are when requesting the information. If you provide us with more information than we have requested we will destroy it unless it is necessary for our functions or activities.
The type of information we collect will depend on the reason we are collecting your information but may include contact details, employment and educational history (for prospective employees), financial details (for prospective contractors, customers or guarantors) and health information (for patients).
How do we collect personal information?
We collect personal information when you have contact with us, including at meetings, by completing forms, at consultations, in correspondence and by telephone conversations. We may collect information about you through our website or when you contact us by email.
We may collect information from others about you, including from other medical practitioners, health insurers or medical service providers. We may collect personal information about you from other members of the Group in the course of the Company providing services to practitioners.
On some occasions we may collect information about you from publicly available sources, where it is unreasonable or impractical to collect it from you directly, or where we have your consent.
How do we use your personal information?
We will use your personal information for the purpose for which we collected it. We may also use your personal information for related purposes which you would reasonably expect. We will take reasonable steps to ensure the information we use is accurate, up-to-date, complete and relevant, having regard to the reasons why it is being used.
Sensitive information will be used and disclosed only for the purpose for which it was collected, a directly related secondary purpose, with your consent or as required or allowed by law.
What about direct marketing?
We may use your personal information for the purpose of direct marketing to you where you would reasonably expect this. We may provide you with information about relevant products and services offered by us. If you do not wish to receive direct marketing materials from us you can opt-out by contacting us. Our contact details are included with all direct marketing materials.
How do we store personal information?
Personal information is stored electronically, on paper, or both. We take reasonable steps to protect the security of personal information including the physical security of our premises and use of access level permissions and passwords to restrict access to electronic records. Archived files are stored at our premises and offsite in a separate secure area at a document storage facility.
Please be aware that sending personal information by email or through our website may not be secure. If you are concerned about the security of email you should arrange alternative delivery of information, for example by registered post or encrypted email.
How can you access personal information we have about you?
You may at any time request access to your personal information and, subject to any exemptions in the APPs applying, we will give you access by providing you with copies of or allowing you to inspect the requested personal information.
We may charge you a reasonable fee to access that information, for example to recover the costs of photocopying or if we have to spend a significant amount of time to provide you with access. We may need to verify your identity before providing access to your personal information.
If we refuse you access to your personal information, we will provide you with an explanation for that refusal. We will try to provide you with access to your personal information within 14 days of receipt of your written request for access or 30 days where responding to the request is more complicated.
What if your personal information is not correct?
We will take reasonable steps to ensure your personal information held by us is up-to-date, complete and accurate. If your personal information changes or you believe our records are not up-to-date, complete and accurate please contact us. If we agree the information needs correcting, we will take reasonable steps to correct that information.
If we do not agree the information needs correcting, you can ask us to put a statement on your file explaining what you say needs to be corrected. We will do that in such a way as is apparent to our staff who use your personal information.
If we refuse to correct your personal information, we will provide you with a written explanation for that refusal. We will try to resolve all requests within 14 days of receipt of your written request or 30 days where the matter is more complicated. We will not charge a fee to correct that information.
When do we destroy personal information?
We securely destroy or de-identify personal information when it is no longer required. We usually destroy patient files seven years from the date they are last accessed. Some documents, for example original executed agreements, are kept at least seven years after they expire.
Who do we disclose personal information to?
You should be aware that the purpose for which your information was collected may change when information is shared within the Group. For example: a practitioner may collect some personal information in the course of (and for the purpose of) providing a health service. The Company may then collect some of that information from the practitioner (for example, some detail about the procedure performed) in order to render a bill. The purpose for which the Company has collected that information is therefore to render a bill, not to provide the health service. This means the Company will only use that information in connection with rendering the bill.
Your personal information may be disclosed to our service providers or professional advisors within Australia where necessary for our activities, for example to IT service providers, accountants, auditors, lawyers or insurers. We may also disclose your personal information to professional standards bodies, accreditation bodies or government departments if required to continue to provide our services.
On some occasions we will disclose health information to health practitioners who are not part of the Group in the course of providing you with ongoing health services. This may include information provided to a hospital, referrals to other doctors, consultations with specialists, referrals for medical testing and information given to other treating doctors. They will have their own privacy policies which will apply to that personal information they receive and hold.
We will take reasonable steps to ensure the personal information we disclose to others is accurate, up-to-date, complete and relevant, having regard to the reasons why it is being disclosed.
We will not normally disclose your information to anyone outside Australia. If we do disclose your personal information to overseas entities we will only do so if:
- we have taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles;
- you have provided your express prior consent;
- we reasonably believe that the overseas entity is subject to a law or binding scheme that has the effect of protecting your information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information, and that you can access mechanisms to enforce those protections; or
- the disclosure is otherwise authorised by the Privacy Act.
How do you complain about interferences with your privacy?
If you are concerned about an interference with your privacy, this policy or the APPs please submit a complaint in writing, marked to the attention of the Company’s Privacy Officer or the relevant practitioner. We will consider and respond to your complaint within 10 working days. We will seek to resolve the complaint with you. We prefer to address all matters in this manner prior to a complaint being taken further.
Is there anyone else you can complain to?
You can make a complaint about interferences with your privacy to the Office of the Australian Information Commissioner. Their contact details are:
Post: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Fax: 02 9284 9666