Privacy Policy

This privacy policy provides information to you on how your personal information (which includes your health information) is collected and used at Neerim Health (NH), and the circumstances in which that information may be shared with third parties.

1. NH contact for this policy

For enquiries concerning this policy, you can contact NH’s Privacy Officer.

2. Necessary Consent

When you register as a patient of NH (patient includes consumer or resident), you provide consent for clinical and administration staff to access and use your personal information to facilitate the delivery of healthcare. Access to your personal information is restricted to team members who require it for your care. If we ever use your personal information for purposes other than healthcare provision, we will obtain additional consent from you.

It is important to us that as our patient, you understand why we collect and use your personal information.

3. Collection, use, storage and sharing of your personal information

NH collects, uses, stores, and shares your personal information primarily to manage your health safely and effectively. This includes providing healthcare services, managing medical records, and ensuring accurate billing and payments. Additionally, we may utilise your information for quality and safety improvement processes such as audits, accreditation purposes, and staff training to maintain high-quality service standards.

Health information used for audit purposes assists us to identify trends and benchmark performance with the aim of improving the services we offer.  The data that may be collected includes deidentified information such as the date and nature of any surgery and medical conditions. No information that personally identifies you will be disclosed.

4. Personal information that is collected

The information we will collect about you includes your:

• name, date of birth, address and contact details.
• medical information including medical history, diagnostic information and images, medicines, allergies, and adverse reactions immunisations, social history, family history and risk factors.
• Medicare or DVA number (where available) for identification and claiming purposes.
• contact details for other healthcare providers involved in your care (e.g. GP, Optometrist, other specialists).
• healthcare identifier numbers.
• health fund details.

5. Dealing with us anonymously

You can deal with us anonymously or under a pseudonym, but it is impracticable for NH to do so should you wish for your hospital fees to be covered by health insurance or a third party, and in reviewing your medical history to ensure you can safely be admitted to NH.

6. How personal information is collected

NH may collect your personal information in several different ways:

• When you complete your patient Pre-Op Admission Health Questionnaire, we collect your personal, demographic, insurance and medical information via the Questionnaire.
• During the course of you receiving medical services.
• We may also collect your personal information when you visit our website, send us an email, telephone us, complete a Feedback Survey or Tell Us About It Form, or communicate with us using social media.

In some circumstances, personal information may also be collected from other sources, including:

• Your guardian or responsible person.
• Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services.
• Your health fund, Medicare or the Department of Veterans’ Affairs (if relevant).
• While providing medical services, further personal information may be collected via My Health Record.

We will always comply with privacy obligations when collecting personal information from third-party sources. This includes, but not limited to, ensuring transparency with patients, obtaining necessary consents, maintaining data accuracy, securing the information, and using it only for specified purposes.

CCTV footage is recorded at our premises (reception, external areas including car parks) for security and safety purpose only. The footage is overwritten approximately monthly.

7. With whom, when and why we may share your personal information

We sometimes share your personal information:

• with third parties for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles (APPs) and this policy.
• with other healthcare providers (e.g. treating specialist, GP, optometrist, anaesthetist, other specialists).
• when it is required or authorised by law (e.g. court subpoenas).
• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
• to assist in locating a missing person.
• to establish, exercise or defend an equitable claim.
• for the purpose of confidential dispute resolution process.
• when it is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification).
• following the provision of medical services, My Health Record (e.g. via Shared Health Summary, Discharge Summary).

Only people who need to access your personal information will be able to do so. Other than providing medical services or as otherwise described in this policy, NH will not share personal information with any third party without your consent.

We do not share your personal information with anyone outside Australia.

8. The use of your information for marketing purposes

NH will not use your personal information for marketing any goods or services directly to you without your expressed consent. If you do consent, you may opt out of direct marketing at any time by notifying NH in writing.

9. How your information is used to improve NH service

NH may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities with the NH team.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia.

10. Document automation technologies

Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare.

NH uses document automation technologies to create individual medical records for internal use only. These documents contain only your relevant medical information.

These document automation technologies are used through secure medical software ePAS.

All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the NH team.

The practice complies with the Australian privacy legislation and APPs to protect your information.

All data, both electronic and paper are stored and managed in accordance with our Health (Medical) Record Management Policy & Procedure.

11. How your personal information is stored and protected

Your personal information may be stored in various forms, such as paper records and electronic records.

NH stores all personal information securely. All electronic records are password protected, securely protected by electronic firewalls and monitored. Access is by authorised personnel only. Hard copy records, when not in use, are stored securely with restricted access.  All staff are bound by confidentiality and privacy.

CCTV footage can only be accessed by authorised personnel.  The footage is overwritten approximately monthly.  Footage is only retained as part of an incident investigation.

Whilst we take every appropriate measure to store and protect your personal information, in compliance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, we will notify you and the Australian Information Commissioner when there is a data breach that is likely to result in serious harm to you.

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.  Examples of a data breach include when:

• a device containing patient/consumer’s personal information is lost or stolen.
• a database containing personal information is hacked.
• personal information is mistakenly provided to the wrong person.

12. How you may access and correct your personal information at NH

You have the right to request access to your medical records.  We can provide you with a form to complete, sign and return to action your request. Fees for a copy of your medical record, as permitted under the Health Records Act 2001, may apply.  NH will respond to any requests to access your personal information within 45 days of payment of fees, if applicable.

If you are requesting access to the information of another patient, we may not grant access without that person’s consent.  This can include access to a family member’s health information.  We recognise that adolescents may request that information about their health care is kept confidential.  This will be managed on a case-by-case basis.

We will take reasonable steps to correct your personal information where the information is not accurate or up to date. Sometimes, we will ask you to verify your personal information held by NH is correct and current. You have the right to request we correct or update your information. To do this please contact NH’s Chief Health Information Manager via our website, by email or in writing.

13. How you may lodge a privacy-related complaint, and how the complaint will be handled at NH

We hope our approach to your privacy is transparent and easy to understand.  If you would like clarification of anything in our privacy policy; wish to express any privacy concerns; or make a complaint, please do so in writing by mail, email or via our website.

Attention: Privacy Officer
Neerim Health
29-39 Main Neerim Road
Neerim South VICTORIA 3831
info@neerimhealth.org.au
www.neerimhealth.org.au

NH aims to acknowledge all complaints within three business days and provide a clear and timely response within 30 business days.

If you do not feel we have resolved your issue you may also contact the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner will require you to give them time to respond before they investigate.  For further information visit www.oaic.gov.au or call the OAIC (Office of the Australian Information Commissioner) on 1300 363 992.

14. Maintenance of privacy on NH’s website

At NH, any personal information you share with us through website, email, and social media, is handled securely and confidentially. The NH website uses analytics and cookies.

15. Policy review statement

Our privacy policy is regularly reviewed to ensure compliance with current obligations.

If any changes are made they will be reflected on NH’s website.

Please check the policy periodically for updates. If you have any questions, feel free to contact us.