Last update: 26 October, 2020
Gabba Dermatology Pty Ltd ACN 600 689 307 (we, us, our) value your privacy and want to ensure your personal and health information is handled in accordance with your expectations and all legal requirements.
We have developed this policy to demonstrate our commitment to best practice in relation to the management of personal information. The purpose of this policy is to inform you how personal information is collected and used within our practice and organisation, and the circumstances in which we may share it with third parties.
What and who does this policy apply to?
This policy relates to the collection, use and disclosure of personal information. Personal information generally refers to information or an opinion about an identified individual.
How do we use and collect your information?
When do we get your consent?
When a patient first attends our practice you are asked to fill out forms, which give us basic information about you and provide consent for our doctors, medical staff, employees and consultants to handle your personal information. We also collect personal information about patients during consultations, from referring doctors and other third parties. We will always try and obtain information from patients directly but this may not always be practical (e.g. when a patient does not have the relevant information).
Why do we need your information?
We need to collect personal information in order to provide the best quality healthcare. Without all the relevant information, we may not be able to provide the same standard of care.
If you are a patient, our main purpose for collecting, using, holding and sharing your information is to manage your healthcare. In order to manage your healthcare we may have to collect and disclose your information with treating doctors, medical staff (e.g. Registrars and locums) referrers, hospitals, service providers (e.g. those that provide pathology or testing services) and administrative staff at our practice.
We also use it for related business activities, such as complying with our legal obligations (which may include Medicare requirements and notification of communicable diseases), financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).
Can you deal with us anonymously?
Australian law generally allows individuals to deal with third parties anonymously or under a pseudonym, unless it is impracticable or the law otherwise allows the third party to only deal with identified individuals.
It would be impractical for us to deal with patients on an anonymous basis or under a pseudonym, as it would prevent us from communicating with other medical professionals involved in their care and would increase the risk that we cannot contact them in the case of an emergency. Also, because we are required to interact with Medicare, keep accurate records, provide medical reports, and ensure reliable payment we will not be able to deal with you on an anonymous basis. If requested, we will verbally address you by a pseudonym, however our records will need to use the name under which you are known to Medicare.
What kinds of information do we collect?
The information we may collect and maintain from patients includes, but is not limited to:
your name, date of birth, addresses, contact details;
medical information, including medical history, past and present medications prescribed to you, allergies, adverse events, immunisations, social history, family history and risk factors;
Medicare number (where available) for identification and claiming purposes;
healthcare identifiers and health fund details;
referrals to and from other health service providers; and
treatment, screens, medical service outcomes, results and reports.
The information we may collect and maintain from donors includes but is not limited to:
your name, date of birth, addresses, contact details;
payment method information (such as credit card information); and
information in relation to your queries, complaints or other communications.
The documents and records in relation to the above remain our property at all times. However, you have a right to access our records as set out in the policy or as the Privacy Act 1988 otherwise allows.
How do we collect personal information?
We will generally collect personal information from you directly when you provide us with your details, from any person responsible for you (e.g. if you are a child or under someone else’s care) or from third parties where permitted by law (e.g. other health care providers, your health fund or medical service providers).
As outlined above, when patients first attend our practice we collect personal information from them. We may also collect personal information when you visit our website, send us an email or SMS, telephone us or make an appointment or donation online. We may also collect further information during the provision of medical services, for example, where your doctor takes notes during a consultation.
How do we hold personal information?
Your personal information may be stored at our practice in various forms, including paper records, electronic records, visual records and other recordings. For example, if you come in for an appointment, the doctor may record notes of the appointment in a Dictaphone, in hand written notes, make notes on your electronic file or take a photo of particular condition for follow up purposes.
All records (both physical and electronic) are kept secure to protect against unauthorised access. We have processes in place to ensure compliance with these requirements and to protect your information. We do this by ensuring that all of our staff are obliged to treat your information on a confidential basis and are trained in our privacy requirements.
Can we use your information for research purposes?
We occasionally undertake and/or participate in clinical trials and other research projects. We will not disclose any of your personal information, de-identified information, or de-identified photographs without your consent, unless required by law.
Our staff may contact you about potential clinical trials or research projects that may be relevant to you, unless you have requested otherwise. Please let us know if you do not want to be contacted for these purposes.
When will we disclose personal information?
In general, we may collect, hold, use and disclose your personal information for the following purposes:
to provide health services to you and to communicate with you about your health services and other matters;
to comply with our legal obligations, which may include mandatory notifications to government bodies, reporting to Medicare and other departments; and
to help us manage our accounts and administrative services.
We may disclose your personal information to the following:
others involved in your health care, including your referring General Practitioner or other referring service provider, pathology clinics, and specialists outside this medical practice. This may occur through referral to other doctors, or in the reports or results returned to us following the referrals;
other doctors and medical staff that work for our business, including locums and Registrars on the dermatology or other training programs;
our associated entities, including any businesses we engage to assist in running our practice;
entities that your doctor works for outside of our practice;
any new medical practice where your treating doctor transfers or moves to in the future; and
external contractors (e.g. IT Contractors), but only where those contractors are accessing our records generally to help us with any issues we are having.
Your personal information may be accessible by or disclosed to Veracity Clinical Research Pty Ltd ACN 163 889 361 (Veracity Clinical Research), as we occupy the same premises as Veracity Clinical Search and share our medical records software, so its staff may also have access to your personal information. Further, some doctors who work for us also work for Veracity Clinical Research. We have ensured that Veracity Clinical Research’s staff are bound by obligations of confidentiality in respect of your personal information and have instructed staff of Veracity Clinical Research to only access your information on a ‘need to know’ basis.
We would not ordinarily disclose information relating to donors to third parties unless required by law or where third parties are jointly involved in fundraising activities conducted by us and you have consented to such disclosure.
Despite the above, there may be occasions where the law will require us to release your personal information irrespective of whether you consent to the disclosure of the information is given. Examples of such occasions include where:
there is a serious threat to an individual’s life, health and safety or suspicion of unlawful activity;
there is a specific requirement by law, for example, when served with a subpoena or other court order;
you are physically or legally incapable of giving consent and the disclosure to a person responsible for you is necessary to provide appropriate health care or treatment or for compassionate reasons and this is not contrary to any prior wish or wish that the responsible person is aware.
Aside from contacting you regarding clinical trials that may be relevant to you, our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing. We will never sell your personal information to anyone else.
Are we likely to disclose personal information to overseas recipients?
We do not intend to disclose your personal information to overseas recipients.
However, circumstances where your personal information may be disclosed overseas include the following:
where we use secure cloud storage services that may have servers located overseas;
in connection with the processing of web traffic information disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries;
when you communicate with us through a social network service (e.g. Facebook), the social network provider and its partners may collect and hold your personal information overseas;
where an overseas medical practice or individual is assist us in providing health and medical services (e.g. where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider);
where you authorise and direct us to disclose personal information to an overseas recipient; or
where we are required to disclose personal information to overseas recipients in accordance with the law.
We will endeavour in all circumstances to obtain your consent prior to disclosure of your personal information to an overseas recipient in any circumstances not outlined above. If you no longer consent to your information being disclosed overseas, please contact us.
Access and Correction of Personal Information
How can you access your personal information?
Subject to the Privacy Act 1988, you can request access and correction of personal information which we hold about you.
If you want to request access to your personal information, please contact reception or the Practice Manager (using the details provided below) and we will provide you with the relevant form to complete. We will use our best endeavours to respond to your request within 30 days.
We may not be able to provide you with all the personal information you have requested because we need to consider if there may be a risk of physical or mental harm to you or any other person that may result from disclosure of your information. Accordingly, we may give you access to the records after we have removed any information we are entitled to withhold that may adversely affect the safety or privacy of other individuals.
You will not be charged for making a request, but we may charge you for the costs of complying with the request. Depending on what is involved, we are entitled to charge you fees to cover time spent by administrative staff to provide access at the employee’s hourly rate of pay, time necessarily spent by a medical practitioner to provide access at the practitioner’s ordinary sessional rate and for photocopying and other disbursements at cost. If a fee will be charged for providing access, you will be advised of the approximate cost before you have to pay the fee.
How can you correct your personal information?
We will take reasonable steps to ensure your personal information is accurate and kept up to date. From time to time we will ask you to verify that your personal information held by our practice is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Manager (using the details set out below).
If we refuse a request to correct information, we will:
provide you with notice in writing setting out the reasons for the refusal and setting out the mechanisms available to you to complain about the refusal; and
note your request on the file.
We will not charge you for the costs of making a request for correction or for the costs of correcting the personal information. We will use our best endeavours to respond to your request within 30 days.
There are a number of ways in which we collect information through our websites. We handle personal information obtained through our websites in the same manner we deal with personal information obtained via other means.
Our website may, at times, utilise “cookies” which allow us to monitor our web traffic. In case you were not already aware, cookies are small data files containing information transferred from websites onto computers or other devices for record-keeping purposes and to enhance website functionality. Cookies usually do not identify you personally, unless you provide the website with your name (e.g. in an enquiry or order form). However, cookies may contain information in relation to how you access and interact with the website (e.g. they may identify your internet service provider and your IP address). Most browsers allow you to choose whether to accept cookies or not. Please set your browser settings to reject all cookies before accessing our website if you would prefer to avoid sharing cookies.
We may use analytics tools to collect data about your integration with our website and those analytics tools may be hosted by third parties. Any data collected this way will be used primarily for the purpose of improving your experience when using our websites. The type of information that analytics tools may collect includes your device’s IP address, device screen size, device type (including operating system and browser information), the country in which you accessed the website, search terms and pages visited and times when website pages were accessed.
Our website may, at times, contain links to other third party websites. Any access to and use of such websites is not governed by this policy, but is governed by the privacy policies of those third party websites. We are not responsible for the information practices of third party websites or those who operate them.
How can you contact us about privacy matters?
If you have any queries about this policy, your rights about access and correction of personal information, or any privacy concerns, please contact us using the details set out below:
Telephone: (07) 3039 1300
Address: Suite 18, Level 1, 250 Ipswich Rd, Woolloongabba QLD 4102
Please address your correspondence to the attention of the Practice Manager and mark it “Private and Confidential: Privacy”.
How can you make a privacy related complaint?
We take complaints and concerns regarding privacy seriously. We ask that you advise us of any privacy concerns you may have in writing. Please direct any questions or complaints to the Practice Manager using the postal address or email address listed above. We will then attempt to resolve it in accordance with our resolution procedure.
Any complaint will be thoroughly investigated by us and you will be notified of the making of any decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.
If we are unable to resolve your complaint you may also contact the Office of the Australian Information Commissioner (OAIC). The OAIC will generally require you to give us time to respond before they will investigate. For further information visit or call the OAIC on 1300 336 002.
Updates to this Policy
This policy will be reviewed from time to time to take into account new laws and technology, changes to our operations and other necessary developments. When this policy is updated we will publish the updated policy on our website and place a notice at reception advising patients of the updated policy for 3 months after the change.