Privacy Policy
Privacy Policy
At Hoppers Crossing Sports & Spinal compliance with the Privacy Act 1988 (Commonwealth) is upheld in all personal information collected from you.
Health Information
As a patient, legal guardian or substitute decision-maker for a patient, in providing appropriate health care services certain information may be asked for:
- Notes from other health professionals you have seen
- Referral letters from other health professionals you have seen
- Reports or recommendations from schemes or insurer’s agents
- Your ‘My Health’ record
- Health scans, tests or assessments you have had
- Results of scans, tests or assessments Hoppers Crossing Sports & Spinal completes or recommends
- Your current medication information
- Letters or notes from lawyers, solicitors, agents or others representing you
- Verbal information about your wellbeing, or health, function, movement.
You can either give this information to us yourself, or when you give consent in writing for collection of specific health information, it may be able to be requested for you from other health professionals or health organisations. This will depend on the type of information and organisation holding it.
If you choose not to give health information when it is requested, the quality of the health service or advice given to you can be impacted and/or your personal health risks can increase.
Where and for how long is my health information stored and who can access it?
All health information collected in giving a health care service is stored in what is known as a clinical record.
The original record is kept by Hoppers Crossing Sports & Spinal until a person turns 25 years of age if the person was seen prior to age 18, or for no less than seven years for all people over 18 years. Once the retention period nears its end, the records are disposed of via permanent deletion of digital files, shredding and binning of any physical documents.
Health information is primarily stored digitally through Cliniko (a secure practice management software) and any physical copies of information that must be retained are kept securely in a locked filing cabinet within the business premises. This information will only be accessible to current practitioners of the clinic. You can request that your health information not be visible or accessible to certain practitioners on request.
In the event of a request about forwarding health information to another health professional, verbal and written consent from the patient will need to be given via phone call and email for this information to be passed on.
Osteopaths are bound by the Privacy Act 1988 (Commonwealth), Australian Health Practitioner Regulation (AHPRA) rules like the Code of Conduct for Regulated Health Professionals, Guidelines for Informed Consent that require your health information to be kept secure and only to released to you, unless required by jurisdictional laws, a written order, law enforcement orders, private health funds and/or other third-party schemes with authority.
Your health information may need to be provided to other health services, like Ambulance, if you have a health event that requires life-saving assistance on the premises. Only health information needed to render this life-saving assistance is given if required.
Can I withdraw consent for sharing my health info?
In general, you can withdraw consent for sharing your health information with another health professional by: providing both verbal and written consent over phone and email; including personal information to confirm your identity (full name, address & date of birth).
Can I request a copy of my clinic record?
A copy of a clinical record can be requested, but the original record cannot be given under Privacy Act 1988 Commonwealth requirements. There is generally a fee involved in preparing a copy of a record. It may change from time to time.
Please note your clinical record can be changed in certain occasions, for instance, when a diagnosis is suspected and later ruled out, or when other health professionals provide notes or records changing the initial content of a health record. When you report new or changed symptoms, these would also be included in your health record. All changes to a health record are included in a new section on the date information is received, unless there is need to return to an original clause and update it with current information noted with the date new information is received.
What happens if there is a breach of my health info?
The following steps may occur if an unauthorised third-party receives health or sensitive health information (known as a breach):
- You will be informed, especially if the information could lead to your reputational harm, and/or
- If you cannot be directly informed, a notification will be published about the breach as a general alert. Reasonable steps to share information about the breach will be made and/or
- An update of steps taken to further protect the information and prevent future breaches will be outlined.
Identifying Information
For consultation appointment booking, confirmation or cancellation checking, the information collected includes:
- First, last and any other names
- If applicable first, last and any other names of Legal Guardians or substitute decision maker/s if booking for children or others unable to self-consent.
- Physical or residential address
- Phone number
- Email address
- If applicable physical/residential address, phone number, email of Legal Guardians or substitute decision maker if booking for certain children (under age 18) or others unable to self-consent
- General Practitioner name and contact details (if working with Chronic Disease Management Plan patients requiring GP referral for booking or with patients of other compensable injury scheme requiring a referral)
- If applicable, insurer’s agent or case manager name and contact details if services are organised through a third party with authority for appointment booking and cancellation
Information showing Guardianship, or Legal substitute decision-making privilege on behalf of a patient may be requested if booking for a patient unable to self-consent.
This information, used for appointment management, is collected using a new patient form and an initial patient online survey.
Before an appointment and from time to time a clinician or reception may contact you or your legal guardian to check information currency. This is to prevent fraud and unlawful use of your personal identifying information.
Who can access this information and where is it stored?
The contact information is primarily stored digitally through Cliniko (a secure practice management software) and any physical copies of information that must be retained are kept securely in a locked filing cabinet within the business premises or are otherwise shredded. Contact information will only be accessible to employees (practitioners and clinic reception).
No one other than the entities, roles/delegations specified and you, legal Guardian or substitute decision maker can generally access your personal contact or identifying information.
Your personal identifying and contact information cannot be shared unless practitioners/employees are required by jurisdictional laws, a written order, law enforcement orders, private health funds and/or other third-party schemes with authority. You will be informed if these requests are made whenever permitted under law.
What happens if there is a breach of my identifying info?
The following steps may occur if an unauthorised third-party receives your personal identifying information (known as a breach):
- You will be informed, particularly if the information could lead to your financial or other harm, and/or
- If you cannot be directly informed, a notification will be published about the breach as a general alert. Reasonable steps to share information about the breach will be made and/or
- An update of steps taken to further protect the identifying information and prevent future breaches will be outlined.
Privacy Accountability & Feedback
If you want to know more about clinic privacy and privacy obligations or if you would like to give feedback about how our privacy process can be improved, contact:
Hoppers Crossing Sports & Spinal at:
[email protected]
(03) 7038 0863
If you are dissatisfied, contact the Office of the Australian Information Commissioner at 1300 363 992 or access further information via www.oaic.gov.au