Privacy Policy

About this policy

Patrick Street Clinic, ABN: 64542520028 (“us”, “we”, or “our”) recognises the importance of your privacy and respects your right to control how your personal information is collected and used.

We are an APP Entity as defined in the Privacy Act 1988 (Cth) (the “Act”). This privacy policy is aligned with the Australian Privacy Principles as set out in the Act and describes the way that we may collect, hold and disclose personal information.

This Privacy Policy applies to our website, www.patst.com.au (the “Site”) which is operated by us, and to the products and services provided by us.

In this policy “Personal Information” means any information that may identify you, or by which your identity might be reasonably determined. The information you provide us may include, amongst other things, your name, address, email address, and phone number.

Sensitive Information” means any information about an individual’s racial or ethnic origin, political opinions, memberships of a political organisation, religious belief or affiliation, philosophical belief, membership of a professional or trade association, membership of a trade union, sexual preference or practices, criminal record or health information.

Collection

To provide our services to you, we may collect Personal Information, such as your contact details, including your name, email address and contact phone number, your business or company name; your payment and billing information, which we use to bill you for the Services and to process your payments, including credit card details. We may also collect details of conversations we have had with you or any other information relevant to us.

We may also collect Sensitive Information about you, such as medical reports, referrals, medication, health history and other important health information where you consent, and such information is reasonably necessary to provide our services to you.

We automatically collect through our Site and Services, information that is often not personally identifiable, such as the website from which visitors came to our Site, IP address, browser type and other information relating to the device through which they access the Site. We may combine this information with the Personal Information we have collected about clients.

Use & Disclosure

Personal information collected by us will generally only be used and disclosed for the purpose it was collected. This includes maintaining your account and contact details, providing you with our products and services and processing payments. We may disclose your personal information to third parties or contractors who are integral to the provision of our services.

We may from time to time use personal information for another purpose where it would be reasonably expected by you or if permitted by the Privacy Act, including to effectuate or enforce a transaction, procuring advice from legal and accounting firms, auditors and other consultants. We may also disclose your personal information in circumstances where we are compelled by Australian legislation or a court of law to do so.

We may also use and share aggregate or non-personally identifying information about clients for training and education, market analysis, research, marketing or other purposes.

We will not disclose, sell, share or trade your Personal Information to any third parties unless we first receive your consent.

We may provide health Information to other medical service providers, such as your general practitioner or specialist medical practitioners. We will only supply this information with your consent, or in circumstances where it is required for the delivery of health services, such as referral to another health service provider, billing and liaising with government offices regarding Medicare entitlements and payments, where it is necessary to prevent or lessen a serious threat to a patient’s life, health or safety, or other reason as permitted by law.

Access & Accuracy

You can access and/or correct information we hold about you at any time by contacting us at patrickstclinic@patst.com.au. We encourage you to contact us to keep your Personal Information up to date.

We will respond to your request for Personal Information within a reasonable time. We reserve the right to charge an administration fee to cover the costs of responding to your request, for example, where Personal Information is held in storage.

If required by law or where the information may relate to existing or anticipated legal proceedings, we may deny your request for access to your information. We will respond to your request, setting out the reasons for our refusal in writing.

Storage & Security

We will take reasonable steps to protect your personal information from misuse, loss, unauthorised access and modification or disclosure. We use commercially reasonable physical, technical and administrative measures to protect Personal Information that we hold, including, where appropriate, password protection, encryption, and SSL to protect our Site.

Despite taking appropriate measure to protect personal information used and collected by us, please be aware that no data security measures can guarantee 100% security all of the time. We cannot guarantee the security of any information transmitted to us via the internet and such transmission is at your risk.

If we no longer require the use of your personal information, we will take reasonable steps to destroy or permanently de-identify it.

Personal information may be stored electronically through third party data centres, which may be located overseas, or in physical storage at our premises or third-party secure storage facilities.

You are solely responsible for the maintaining the secrecy of any passwords and other account information pertaining to our Platform, apps or services.

Data Breach Notification Scheme

If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach Scheme. If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable.

If the breach relates to the My Health Records Act, we may disclose your personal information to the My Health Records System Operator under s 73A of that Act.

Identifiers

An identifier is a unique number assigned to an individual to identify them. Identifiers include Medicare Numbers and Tax File numbers. We will not adopt as our own any identifier of you or use or disclose an identifier of you which has been assigned by a government agency, unless permitted under the Act.

Career Applications

Employment applications and resumes collected by us are safely and securely stored and only used for the purposes for which they were collected.

Cookies, web beacons and analytics

When you interact with our Site, we strive to make your experience easy and meaningful. We, or our third-party service providers, may use cookies, web beacons (clear GIFs, web bugs) and similar technologies to track site visitor activity and collect site data. We may combine this data with the Personal Information we have collected from Customers. Examples of information that we may collect include technical information such as your computer’s IP address and your browser type, and information about your visit such as the products you viewed or searched for, the country you are in, what you clicked on and what links you visited to get to or from our site. If we identify you with this information, any use or disclosure of that information will be in accordance with this Privacy Policy.

Third-party websites

At times, our Site may contain links to other, third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Marketing messages

We may send you direct marketing SMS and information about products and services that we consider may be of interest to you. These communications will only be sent via SMS and in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth) as you consented to upon registering for our Services. If, at any time, you would like to stop receiving these promotional emails, you may follow the opt-out instructions contained in any such SMS. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving SMS or promotions from us, we still may send you messages about your account, your account or any Services you have requested or received from us, or for other customer service purposes. We do not provide your personal information to other organisations for the purposes of direct marketing.

If you receive communications from us that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us using the details provided below.

Changes to this policy

We may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on our Site – you should check periodically to review our current Privacy Policy, which is effective as of the effective date listed above. Your continued use of any of our Site and Services constitutes your acceptance and understanding of the Privacy Policy as in effect at the time of your use. If we make any changes to this Privacy Policy that materially affect our practices with regard to the Personal Information we have previously collected from you, we will endeavour to provide you with notice in advance of such change by highlighting the change on the Site, or where practical, by emailing Customers. This policy current as of 8th August 2023.

Complaints and Enquiries

If you have any questions or complaints regarding privacy, or if at any time you believe we may have wrongfully disclosed your Personal Information or breached our privacy policy, please contact us on 03 64251611 or lodge your complaint in writing to:

The Practice Manager
Patrick Street Clinic
6 Patrick Street, Ulverstone, TAS 7315

or via email at patrickstclinic@patst.com.au

If you are not satisfied with our response you are entitled to contact:

Office of the Australian Information Commissioner

Director of Complaints

GPO Box 5218, Sydney NSW 1042

1300 363 992

Or

Health Complaints Commissioner Tasmania

https://www.healthcomplaints.tas.gov.au
GPO Box 960 Hobart 7001

1800 001 170

Patrick Street Clinic Email Policy

General Practices are increasingly receiving requests from patients, other clinicians and third parties for health information to be sent to them electronically because it is an easily accessible method of communicating.

In our commitment to maintaining your privacy and ensuring the confidentiality of your health information, we have implemented this Email Policy to govern the use of email communication with our medical practice.

Purpose of Email Communication:

Due to its sensitive nature, the Privacy Act 1988 (Privacy Act) provides extra protections around the handling of health information. http://www.oaic.gov.au/privacy/privacy-act/health-and-medical-research

The Privacy Act defines health information as:

1. information or an opinion about:

1. the health or a disability (at any time) of an individual; or

2. an individual’s expressed wishes about the future provision of health services to him or her; or

3. a health service provided, or to be provided, to an individual; that is also personal information; or

2. other personal information collected to provide, or in providing, a health service; or

3. other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or

4. genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

Rationale

As all health information is sensitive by nature, all communication of health information, including via electronic means, must adequately protect the patient’s privacy. Our practice takes reasonable steps to make our communication of health information adequately safe and secure. GPs, health providers and patients should be aware of the risks associated with using email in the healthcare environment.

Policy

Our practice considers our obligations under the Privacy Act before we use or disclose any health information. The Privacy Act does not prescribe how a healthcare organization should communicate health information. Any method of communication may be used as long as the organization takes reasonable steps to protect the information transmitted and the privacy of the patient. A failure to take reasonable steps to protect health information may constitute a breach of the Australian Privacy Principles and may result in action taken against the organization by the Australian Privacy Commissioner. What amounts to reasonable steps will depend on the nature of the information and the potential harm that could be caused by unauthorized access to it. The RACGP has developed a matrix is to assist practices in determining the level of security required in order to use email in general practice for communication.

Our practice reserves the right to check an individual’s email accounts as a precaution to fraud, viruses, workplace harassment or breaches of confidence by members of the practice team. Inappropriate use of the email facility will be fully investigated and may be grounds for dismissal.

Email configuration

Communication of clinical information to and from healthcare providers are completed from within the practice’s clinical software using a secure clinical messaging system such as Healthlink. The use of a practice’s clinical software means that a record of communication is automatically retained in the patient’s medical record.

Protection against spam: Use a spam filtering program.

Encryption of patient information: Use server to server encryption such as SSL or TLS.

Patrick Street Clinic staff email use education:

General protection

  • If any information held in our email accounts are relied on, you will download and follow download procedure as per practice policy. You will import into relevant patient file to ensure contents are backed up with the rest of our data.
  • Do not download or open any email attachments where the sender is not known to you.
  • Email use that breaches ethical behaviors and/or violates copyright is prohibited.
  • Do not send or forward unsolicited email messages, including the sending of ‘junk mail’ or other advertising material (email spam).
  • Do not use email for broadcast messages on personal, political or non-business matters.

Protection against spam

  • Do not reply to spam mail.
  • Never try to unsubscribe from spam sites.
  • Remain vigilant: do not provide confidential information to an email (especially by return email) no matter how credible the sender’s email seems (e.g. apparent emails from your bank).
  • Use a spam filtering program.

Encryption of patient information

  • qAll email communications should be treated as confidential.
  • When sending patient information or other confidential data by email, it is best practice to use encryption.
  • Be aware that encrypted files are not automatically checked for viruses. They have to be saved, decrypted and then scanned for viruses before being opened.
  • Protection against the theft of information
  • There are significant risks if providing confidential information by email: only do so via the internet when the site displays a security lock on the task bar and with an https in the web address.
  • Do not inform people of your email password.
  • Be aware of phishing scams requesting logon or personal information (these may be via email or telephone).

Email disclaimer

The practice uses an email disclaimer notice on outgoing emails that are affiliated with the practice stating:

“Confidentiality: This e-mail is from “sender” at Patrick Street Clinic. The contents are confidential and are intended only for the named recipient of this e-mail. If the reader of this e-mail is not the intended recipient you are hereby notified that any use, copying, disclosure or distribution of the information contained in the e-mail is strictly prohibited. If you have received this e-mail in error, please reply to me immediately at patrickstclinic@patst.com.au and delete the document from your mail system. Viruses: Any loss or damage caused by using this material is not the senders responsibility. Entire liability will be limited to resupplying the material. No warranty is made that this material is free from computer virus or other defect.”

Our Commitment

Our staff will make every effort to respond to non-urgent emails in a timely manner during regular office hours. We will ensure that all staff members adhere to the privacy and security measures when handling email correspondence.

By using email to communicate with our medical practice, you acknowledge and accept the inherent risks involved in email communication despite our efforts to maintain confidentiality and security.

If you have any concerns or questions regarding this Email Policy, please feel free to contact our practice.