The primary purpose of collecting your personal information is to provide you with healthcare services. This includes managing your health, scheduling appointments, conducting medical consultations, and providing follow-up care. Additionally, we use your information for directly related business activities such as financial claims and payments, practice audits, accreditation, and staff training.

We collect a variety of personal information necessary for providing high-quality medical services. This includes your name, date of birth, address, contact details, medical history, medications, allergies, adverse events, immunisations, social history, family history, and risk factors. We also collect your Medicare number for identification and claiming purposes, as well as your healthcare identifiers and health fund details.

You can interact with us anonymously or using a pseudonym where practicable. However, providing services without knowing your identity in certain situations may be impractical. Accurate identification is essential for medical consultations, record-keeping, and ensuring the quality of care.

We collect personal information through various methods. When you make your first appointment, our practice staff will collect your personal and demographic information via your registration. While providing medical services, we may collect further personal information. We also collect information when you visit our website, email or SMS, telephone us, make an online appointment, or communicate using social media. Sometimes, personal data may be collected from other sources, such as your guardian or responsible person, other healthcare providers, health funds, Medicare, or the Department of Veterans Affairs.

We share your personal information with third parties only when necessary. This includes sharing with other healthcare providers involved in your care, third parties who work with our practice for business purposes (such as accreditation agencies or IT providers), and when required or authorised by law (e.g., court subpoenas). We may also share information to prevent a serious threat to a patient’s life, health, or safety, to assist in locating a missing person, or for confidential dispute resolution processes. We ensure that any third parties comply with privacy standards and that your information is protected.

Our practice does not use encrypted email services to send sensitive documents. Sending sensitive information via unencrypted email carries the risk of unauthorised access. If you feel that the data to be sent is sensitive, please discuss this with your doctor to find the best way to handle your documents securely. Please get in touch with our reception team directly if you have any concerns or require assistance with secure document transfer.

Our practice may use SMS messages to communicate with patients for appointment reminders, health alerts, and other important notifications. Here are the details regarding SMS communication:

Purpose
SMS messages provide timely appointment reminders, notify you of important health information, and communicate other relevant updates.

Consent Requirement
By providing us with your mobile phone number, you consent to receive SMS messages from our practice. You can opt out of receiving SMS messages anytime by contacting our reception team.

Security and Privacy
While SMS messages are a convenient way to communicate, they are not encrypted and may be accessed by unauthorised individuals if your mobile phone is not secure. We recommend keeping your mobile phone safe and notify us immediately if it is lost or stolen.

Patient Responsibility
You are responsible for ensuring that your mobile phone number is up-to-date and that you monitor it for communications from our practice. Notify us immediately if your mobile phone number changes.

Your personal information is stored in various forms, including electronic and visual records (such as X-rays, CT scans, videos, and photos). We strive to store all data electronically and minimise the use of physical storage. All electronic information is kept in highly protected, secured information systems on a server in a secure environment. Any physically stored information is kept in locked cabinets in safe locations within the practice. Regularly updated passwords protect access to electronic information, and confidentiality agreements are in place for all staff and contractors.

You have the right to request access to and correction of your personal information. Our practice acknowledges that patients may request access to their medical records. We require you to write this request and email, fax, or post it to us. Our practice will respond within 30 days. We will take reasonable steps to correct your personal information where it is not accurate or up to date. Occasionally, we will ask you to verify that the personal information you provide in our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to reception@collingwoodmedical.com.au.

This policy will be reviewed regularly to ensure it is by any changes that may occur. We will post an update on our website when a change is implemented.

We may use your personal information for direct marketing to inform you about our services and updates. You can opt out of receiving marketing communications anytime by contacting us. We respect your preferences and will ensure that your information is used appropriately.

If we disclose personal information to overseas recipients, we will take reasonable steps to ensure that the recipient complies with the Australian Privacy Principles (APPs). This includes ensuring that your information is protected and used only for the intended purposes.

We do not adopt, use, or disclose government-related identifiers unless required or authorised by law. This ensures that your personal information is used appropriately and complies with legal requirements.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Once the retention period has expired, or upon your request, we will securely delete or anonymise your data unless we must retain it to comply with legal obligations. You have the right to access and correct your data held by us. If you wish to exercise this right, please get in touch with us using the details below. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. We may use third-party services to process and store your data. These third parties must comply with our data protection standards and cannot use your data for any other purpose.

We use the AI tool Lyrebird to enhance our ability to provide comprehensive and timely medical notes. Lyrebird performs all transcription in real time on servers in Sydney, Australia. Audio is immediately converted to text and is not permanently stored. All saved documents are encrypted at rest using 256-bit encryption. User data is never used for training purposes, and patient-identifying information is automatically redacted from transcripts. Consent is obtained from patients before recording and transcribing consultations. Lyrebird employs robust security measures to ensure the privacy and protection of user data, including data encryption, real-time transcription, data sovereignty, controlled access, and obtaining patient consent before recording and transcribing consultations.

We use Best Practice management software to streamline our administrative and clinical operations. This software helps us manage patient records, appointments, billing, and other essential functions efficiently. Best Practice management software securely stores and processes your personal information. The software is designed to comply with Australian privacy laws and ensures that your data is always protected. Access to the Best Practice management software is restricted to authorised personnel only. We implement robust security measures to protect your data from unauthorised access, modification, or disclosure. Best Practice management software may integrate with other third-party services to enhance our service delivery. These third parties must comply with our data protection standards and cannot use your data for any other purpose.

We may share your personal information with third parties to facilitate our services, including healthcare providers, insurance companies, and IT service providers. Any third parties with whom we share your data must comply with our data protection standards and are not permitted to use your data for any other purpose. We will obtain your consent before sharing your personal information with third parties, except where required or authorised by law. If we share your personal information with overseas recipients, we will take reasonable steps to ensure that the recipient complies with the APPs.

Our practice may send patient documents via email for convenience and efficiency. However, it is essential to understand the risks and procedures associated with this method of communication.

Unencrypted email risks:

Security Risks
Our email service is not encrypted, which means that unauthorised third parties could access your personal information during transmission. Unencrypted emails can also be intercepted, read, or altered by individuals who are not intended recipients.

Privacy Concerns
Sending sensitive information through unencrypted email may compromise privacy. Personal health information, if accessed by unauthorised individuals, could be misused or disclosed without your consent.

Consent requirement:

Best Practices for Email Communication:

Minimising Sensitive Information
We will minimise the sensitive information in email communications when possible. For example, we may email you to let you know that a document is available for secure download rather than attaching the document directly.

Verification of Email Address
We will verify your email address to ensure that documents are sent to the correct recipient. This helps prevent accidental disclosure of your personal information to unintended recipients.

Patient Responsibility
As a patient, you are responsible for ensuring that your email account is secure and that you monitor it for communications from our practice. Notify us immediately if you suspect that your email account has been compromised.

Understanding these details will help you decide how you would like to receive your patient documents. If you have any questions or need further assistance, please do not hesitate to contact our reception team. We are here to help ensure your personal information is handled securely and according to your preferences.