Our commitment to your privacy
- What kind of information we collect and hold about our patients, clients and suppliers and prospective patients
- How and why we collect it
- What we do with that information and who we share it with (and when)
- Your right to seek access to, and if required correction of, the records we hold about you
- Your right to make a privacy complaint, to us and others
Please note that any reference made to “we”, “our” or “us” refers to each member of the Healthia Group.
Your personal information will not be shared or disclosed to any party other than what is outlined in this Policy, nor will it be used for any other purpose than what it was originally intended.
What kind of information do we collect?
The Physioactive collects a range of personal information about their patient, clients and prospective clientele that may include the following:
- Name, date of birth, mailing and street address, email address, contact numbers
- Information about your family or relatives or key contact people
- Health fund details
- Any government identifiers such as Medicare number, DVA number. However, we do not use these for the purposes of identifying you in our practice
- Other health and information about you such as a record of your symptoms, your relevant medical history, the diagnosis made and the treatment decisions made. Other information could include:
- Specialist report
- Test results
- Your prescriptions
- Your healthcare identifier
- Other information for the purpose of providing care to you
- Occupation and employer
- Lifestyle and hobbies
- Bank and credit card details
- Details of products you have purchased both online and in-person from our clinics; and
- Any information that relates to you, that you provide to us directly through our website, email, written letters and phone conversations.
How do we collect and hold your personal information?
We will generally collect personal information about you through the following methods:
- Directly from you when you give us your details (e.g. by completing the New Patient Form, face-to-face, over the phone or an online form, by entering a competition or leaving your information on a message system)
- From a person responsible for you
- Purchase over-the-counter or online products
- Enquiry or complaint
- Incoming call list; and
- Third-party when we are permitted by law to do that e.g.
- Third-party government agencies (like the Department of Veteran Affairs and Medicare)
- Private health insurers
- Solicitors, lawyers and worker’s compensation companies; and
- Medical professionals (such as general practitioners, allied health professionals, specialists etc).
Why do we collect and use this information?
We collect personal information that is necessary to provide you with the best possible health care to communicate with you and others involved in your care in relation to those services and to maintain a high level of quality customer service. Examples include:
- Administrative purpose in running our clinics
- Billing purposes
- Accreditation and quality assurance activities to improve individual and community health care and practice management
- Direct marketing purposes, mail and email reminders
- For the purposes of research and statistical analysis (only de-identified information is used unless otherwise specified)
- To comply with any legislative or regulatory requirements
- Sending communication to you about our products and services
- Advise you if a clinic will be closing down, merging or relocating
- Contact you in the event we have received a special order
- Update your records and keep your contact details current
When and why might we share information about you with others?
Physioactive may use personal information for the following purposes;
- To comply with our legal obligations (e.g. mandatory reporting under the legislation, responding to a court order or subpoena)
- To consult with other health professionals involved in your healthcare, including health care providers outside the Physioactive.
- For use by a multidisciplinary treating team
- If you have a My Health Record, to upload and to download personal information about you from it
- To get test results from diagnostic and pathology services
- To claim on insurance
- To communicate with your health fund, with government and other regulatory bodies such as Medicare
- To help us manage our accounts and administrative services (e.g. billing or debt recover, arrangements with health funds, pursuing unpaid accounts etc).
- Provide patient and clients with products and services, advise of upcoming promotions, specials and sales
- Respond to enquiries and online orders
- To improve our products and services
- Develop and improve our website
- Direct marketing purposes, mail and email reminders
- Remind patients of upcoming appointments in the form of a phone call, SMS or email
- Advise clients and prospective clientele of meetings
- Inform a patient or client they have won a competition
- To transfer your records on the sale of a clinic at which you have been treated
- Respond to complaints and compliments you have made
- To lessen or prevent a serious threat to a patient’s life, health or safety or a serious threat to public health or safety
- To help in locating a missing person
- To establish, exercise or defend an equitable claim through the My Health Record
- To prepare the defence of anticipated or existing legal proceedings
- To discharge notification obligations to liability insurers
We also outsource some of our services. This may involve us sharing your personal information with third parties. For example, we outsource the conduct of our patient reminders to a third-party provider.
We do not sell, trade, or rent personal information to others. We may share generic aggregated demographic information, or de-identified health records, not linked to any personal information, with our business partners, trusted affiliates and advertisers for the purposes outlined above, or to use for research purposes.
Keeping your information safe
We take appropriate security measures to keep your personal information protected, managed confidentially and securely, and destroyed appropriately when no longer required. We will monitor and implement appropriate technical advances or management processes to safeguard personal information.
A confidentiality agreement is entered into by all employees, contractors and agents at the time of their employment or engagement with us protecting the privacy of individuals. Where we outsource our services, we take reasonable steps in these circumstances to ensure that third parties have obligations under their contracts with Healthia to comply with all laws relating to the privacy (including security) and confidentiality of your personal information.
We view unauthorised disclosure of your personal information as a serious breach of misconduct by our employees, contractors and agents. If the disclosure of personal information is breached disciplinary or legal action will be taken.
We endeavour to keep your information relevant, accurate, complete and up to date. When you arrive for an appointment the receptionist at your clinic may request confirmation that your details have not changed. If you require your personal information to be updated, please contact your clinic. If you think that the information we hold about you is not correct, let us know in writing. We will take reasonable steps to correct your personal information where the information is not accurate or up-to-date.
Patients and clients can request to have copies of their personal information, clinical notes, images and reports sent to them or a third party by contacting one of our centres to obtain a Release of Personal Information Consent Form. Your personal information will not be released unless a consent form has been signed, received and processed by the privacy. We will only disclose personal information in accordance with the Privacy Act. This means that personal information may be disclosed:
- For the purposes and uses for which we have advised that we are collecting it, and for related purposes that you would reasonably expect
- Where we have the consent by you to do so
- As required by law, or
- Under other circumstances where permitted under the Act.
We do not propose to disclose your personal information to recipients located overseas. If we want to transfer your personal information overseas, we will first seek your consent, unless we are required by law to do the transfer.
Your right to receive treatment from us anonymously (or by using a pseudonym)
Where is it lawful and practicable for us to do so, you can be treated anonymously or through the use of a pseudonym (a name other than yours).
If you have concerns about how we have handled your privacy, let us know in writing and your complaint will be investigated, and you will receive a written response to your complaint within 30 days. If you are not satisfied with the response, you may lodge a privacy complaint with the Office of the Australian Information Commissioner.
Phone: 1300 363 992
Post: GPO Box 5218 Sydney New South Wales 2001
If you have any questions or comments about any privacy-related issue, please contact:
T: (07) 3180 4900