Introduction
We are committed to protecting the privacy of patient information and to handling your personal and sensitive information in a responsible manner in accordance with the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
This Privacy Policy explains how we collect, use and disclose your personal and sensitive information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.
This Privacy Policy is current from 19/07/2023 and is reviewed annually. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal and sensitive information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the laboratory practice.
In this Privacy Policy, personal information and sensitive information have the meaning defined in the Australian Privacy Principles:
- Personal information is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
- Sensitive information is your health, genetic and biometric information and includes any of your personal information about race or ethnicity, political opinions/association, philosophical or religious beliefs/association, trade association or union membership, sexual orientation/practices or criminal record.
Collection
Audience
- Individuals/Patients
- Responsible person (Acting on behalf of the patient)
- Referring Doctor/Specialist/Clinician (& staff)
- Third party health service providers including hospitals, clinics & other pathology practices
- Insurers & institutions
- Government Agencies including Department of Veterans Affairs, Cancer registries, Medicare, Workcover, Prison, Police, Courts.
- Organisations e.g. Commercial and Medical Suppliers
Depending on the nature of your interaction with us, we may collect the following types of personal information:
Patients
- Name
- Address
- Contact number
- Date of birth
- Gender
- Medical history
- Medicare, Government Health Funds or Private Medical Fund information
Primary and third-party Healthcare Providers
- Practice/Business name
- Address
- Contact number
- Fax number
- Email address
- Provider number
- Practice Management Software
- Written consent authority
- Information you provide to us through our Customer Support Centre, customer surveys or visits by our representatives from time to time
- Other information that we may deem necessary for performing all tests requested by the care
provider or other
Commercial and Medical Vendors
- Representative name and position title
- Company name
- Email address
- Contact number
- Fax number
- Order history and pricing structures
- Accounting details and information
- Details of the products and services we have purchased, engaged or have enquired about, together with any additional information necessary to deliver those products and services
- Information that is provided to us by, or that we have collected on behalf of, customers that have outsourced a business process function to us
Individuals
- Information may be collected for individuals, such as candidates applying for a position or in the process of procurement e.g. resume, tax file number, banking details, super fund information, emergency contact details, or professional reference contact details.
We collect information that is necessary and relevant to provide you with medical care and treatment and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, credit card and direct debit details and contact details. This information may be stored on our computer medical records system and/or in handwritten medical records.
Wherever practicable we will only collect information about you via your primary healthcare provider who has your consent (implied or expressed). However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers, and the My Health Record system.
We collect information in various ways, such as over the phone, or in writing, or over the internet if you transact with us online. This information may be collected by medical and non-medical staff.
In emergency situations we may also need to collect information from your relatives or friends.
We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.
Cookies
If you contact us or leave a comment on our site, we will collect your name, email address, and website that you nominate in a session cookie, which will last one year. This information is kept for your convenience so subsequent comments/contact forms can be pre-filled with your data.
If you have an account and login regularly, your browser will nominate to save your data which can be used to automatically login on subsequent visits. Any data that is associated with the login shall be stored securely in our database. Cookies will only be used in this case for website enhancement purposes: i.e. measuring time to load, website analytics, and no personal data is stored as cookies.
Embedded content from other websites:
Any articles shown on this site and sourced from another website is subject to their cookie and personal data policies. We are not responsible for the tracking associated with embedded content.
Use and Disclosure
We will treat your personal and sensitive information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably
expect that it may be used for your ongoing care and treatment. For example, the disclosure of pathology test results to your specialist.
There are circumstances where we may be permitted or required by law to disclose your personal and sensitive information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, state cancer registries or to the My health record system.
When the laboratory is required by law or authorised by contractual arrangements to release confidential information, the patient concerned shall be notified of the information released, unless the notification is prohibited by law.
The laboratory shall keep confidential information about the patient from a source other than the patient (e.g. complainant, regulator) and the identity of the source of the information shall not be shared with the patient unless agreed by the source.
If a third-party organisation requests patient information, reports and/or samples for the participation in a research study, written consent by the patient will be obtained from the third-party organisation.
We may also from time to time provide de-identified statistical data to third parties for research purposes.
We may disclose information about you to outside contractors who carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal and sensitive information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
We enforce all employees, consultants and contractors to be bound by our internal policies on “Confidentiality”, “Conflict of Interest”, “Conflict of Commitment”, “Significant Financial Interest” and “Improper Influence”.
Data Quality and Security
We will take reasonable steps to ensure that your personal and sensitive information is accurate, complete, up to date and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal and sensitive information that we hold is protected by:
- Information sent electronically such as Medicare Billing or Pathology Report transmission is performed via a secure message delivery networks and communication protocols, which has been certified by Medicare Australia and the Australian Government Digital Health Agency e.g.
- securing our premises;
- placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
- providing locked cabinets and rooms for the storage of physical records.
Corrections
If you believe that the information, we have about you is not accurate, complete or up to date, we ask that you contact us in writing (see details below).
Access
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you must respond to our decision.
Complaints
If you have a complaint about the privacy of your personal and sensitive information (including complaints about our use of the My Health Record system), we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.
Overseas Transfer of Data
We will not transfer your personal and sensitive information to an overseas recipient unless we have your consent or we are required to do so by law.
Contact
Please direct any queries, complaints, requests for access to medical records to:
Privacy Officer
(07) 3123 8888
www.infinitypath.com.au/privacy
Publish Date: 17/07/2023 Version 3