Privacy Policy

INTRODUCTION

This privacy policy is to provide information to patients on how your personal information (which includes your health information) is collected and used within this practice, and the circumstances in which we may share it with third parties.

 

Brunswick Medical Group is committed to best practice in relation to the management of information we collect.

It explains how you may access that information and how you may seek the correction of any information.

It also explains how you may make a complaint about a breach of privacy legislation. 

If we need to use your information for anything else, we will seek additional consent from you to do this.

All employees and contractors observe the obligations of confidentiality in the course of their employment/contract with us.  All employees sign a confidentiality agreement on commencement at the practice.

This privacy policy is reviewed regularly in accordance with any changes that may occur and an updated copy is always available to patients upon request at reception.

 

SECURITY OF INFORMATION COLLECTED:

Due to the sensitive nature of the information collected by Brunswick Medical Group to provide its services, extra precautions are taken to ensure the security of that information.  Information is stored electronically and all files are password protected and backup of records are done daily and stored offsite.

This practice has developed a policy to protect patient privacy in compliance with privacy legislation.

 

THIS POLICY EXPLAINS: 

1.how we collect, store, use and disclose your personal information 

2.how you may access your personal information 

3.how we protect the quality and security of your personal information 

4.how you may seek correction of any personal information we hold 

5.how we will respond if we suspect that there has been a breach of our electronic data security 

6.how you may make a complaint about our handling of your personal information 

 

In addition to our professional and ethical obligations, at a minimum, our Practice handles your personal information in accordance with federal and state privacy law. This includes complying with the federal Australian Privacy Principles (APPs) forming part of the Privacy Act 1998 (Cth) and the Victorian Health Privacy Principles (HPPs) forming part of the Health Records Act 2001 (Vic). the Notifiable Data Breaches Scheme 2018, and relevant Victorian Privacy Legislation. 

More information about the APPs and HPPs can be found on the Australian Information Commissioner’s website www.oaic.gov.au or in hard copy on request from our Practice reception

 

COLLECTION OF INFORMATION 

Our main purpose for collecting, using, holding and sharing your personal information is to manage your health and so that we may properly assess, diagnose, treat and be proactive in your health care needs. 

We also use it for directly related business activities, such as financial claims and payments, practice audits, practice quality improvements and accreditation.

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment.

HOW DO WE COLLECT YOUR PERSONAL INFORMATION

When you make your first appointment,  practice staff will collect your personal and demographic information via your registration. You provide consent for doctors, nurses and practice staff to access and use your personal information so they can provide you with the best possible healthcare.

When you telephone us, visit our website, send an SMS or an email.

Wherever practicable we will collect this information from you personally – either at the Practice, over the phone or via written correspondence. In some instances we may need to collect information about you from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from referring doctors, treating specialists, pathology, radiology, hospitals or other health care providers. In an emergency, we may collect information from your immediate family,  guardian, friends or carers.

The type of personal information we collect may include: 

1.personal details (name, address, date of birth, Medicare number or DVA number) 

2.your medical history 

3.notes made during the course of a medical consultation 

4.referral to other health services providers 

5.results and reports received from other health service providers 

6.credit card or direct debit information for billing purposes 

DEALING WITH US ANONYMOUSLY 

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. 

USE AND DISCLOSURE 

Your personal information will only be used or disclosed for purposes directly related to providing you with quality health care, or in ways you would reasonably expect us to use it in order to provide you with this service. 

This includes use or disclosure: 

  • to the professional team directly involved in you health care, including treating doctors, pathology services, radiology services and other specialists outside this medical practice. For example, this may occur through referral to other doctors when requesting medical tests or in the report or result returned to us following the referrals
  • to the Practice’s administrative staff for billing and other administrative tasks necessary to run our practice. Staff are trained in the handling of personal information in accordance with the Practice Privacy Policy; 
  • to your health insurance fund, Medicare or other organisations responsible for the financial aspects of your care
  • where required by law, for example, pursuant to a subpoena
  • to insurers or lawyers for the defence of a medical claim; and/or 
  • to assist with training and education of other health care professionals. 
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of confidential dispute resolution process 
  • Disclose DE-IDENTIFIED personal health information to a third party for research or quality improvement activities to improve individual, community health care and practice management.  De-Identifiable information cannot be traced back to the individual.
  • when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
  • During the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), MyHealth Record/PCEHR system (eg: via Shared Health Summary, Event Summary). 

If you do not wish for your information to be used for training of health professionals please inform the receptionist.

The practice does not intend to disclose your personal information to overseas recipients unless in a medical emergency situation.

QUALITY ASSURANCE IN THE PRACTICE:

The doctors occasionally take part in clinical audits. These audits assists in the care we give our patients. During these audits, our doctors record information in regards to the treatment of patients with a particular illness. None of this health information can identify the patient.

At times, we also use a third party to extract de identified information for our patient care and for business purposes.

Please be assured that all information collected, used and stored remains anonymous to comply with the Australian Privacy Principle Laws.

PLEASE INFORM THE PRACTICE MANAGER OR YOUR DOCTOR IF YOU HAVE ANY CONCERNS OR WOULD LIKE TO OPT OUT OF HAVING YOUR DE IDENTIFIED DATA USED.

INFORMATION QUALITY 

We aim to ensure the information we hold about you is accurate, complete, up to date and relevant. To this end our staff may ask you to confirm that your personal details are correct when you attend a consultation. Please let us know if any of the information we hold about you is incorrect or not up to date.

SECURITY AND STORAGE 

The Practice takes all reasonable steps to protect the security of the personal information we hold, by: 

1.securing our premises

2.using passwords on all electronic systems and databases and varying access levels to protect electronic information from unauthorised interference, access, modification or disclosure

3.storing hard copy records in secure filing cabinets or rooms that are accessible only to Practice staff. 

4. All staff members and contractors have signed a confidentiality agreement.

ACCESS TO YOUR PERSONAL INFORMATION

Under law you have a right to access personal information we hold about you. Please contact the Practice Manager for more information on how you can Access your Medical Records and the paperwork that is required to be completed by you.

You will be required to put this request in writing to the Practice Manager or email manager@bmgp.com.au  and she will respond within 30 days.  

We ask that you put your request in writing. A fee for the retrieval and copying of your medical record will apply, charged in accordance with the schedule of fees specified in the Health Records Regulations 2008 (Vic), plus GST. 

This fee is not redeemable through Medicare. 

AMENDMENT OF YOUR PERSONAL INFORMATION 

If you consider the information we hold about you is not correct, please contact the Practice Manager in writing manager@bmgp.com.au  or speak to the receptionist. You will be given the appropriate paperwork to fill out so that your personal information can be amended.  You have the right to have any incorrect information corrected.  Staff will ask you to verify your personal information held by our practice is correct and up to date. The  practice will take reasonable steps to correct your personal information where the information is not accurate or up-to-date and you may be asked to fill in a Patient Update Form.

IF YOU CHOOSE TO WITHHOLD YOUR PERSONAL INFORMATION? 

You are not obliged to give us your personal information. However, if you choose not to provide the Practice with the personal details requested, it may limit our ability to provide you with full service. We encourage you to discuss your concerns with reception staff prior to your first consultation or with your doctor. 

HOW WE WOULD DEAL WITH  A BREACH, UNAUTHORISED ACCESS OR DISCLOSURE OF YOUR INFORMATION? 

We take every care to ensure that our data security systems protect your electronic data.

If we have reason to suspect that there may have been unauthorised access to or unauthorised disclosure of your health information which we are unable to rectify we will comply with the requirements of the Privacy Act to notify you and the Office of the Australian Information Commissioner. 

USE OF EMAIL: 

Emailing of personal information is not a secure method of communication. 

Should you however request information to be emailed to you, we will explain the risks associated with transmitting personal information in this way. If you would still like to continue with emailing information we will be required to obtain your verbal and written consent. We will then password protect all documents, notify you of the password verbally and email it to a verified email address. This process is a secure method and has a low privacy and security risk as per the Royal Australian College of General Practitioners: Using Email in General Practice – Guiding Principles. 

We will not email your personal information without consent and password protection unless in the case of a medical emergency. 

We will accept personal information via email from other healthcare providers and organisations involved in the management of your health. 

USE OF SMS FOR APPOINTMENT AND HEALTH: 

Appointment and health reminders will be sent via SMS. If you do not want to receive SMS notification please let the reception staff know so that you can be removed from our reminder system.

WHAT ABOUT USE OF PERSONAL INFORMATION FOR DIRECT MARKETING? 

Australian privacy law limits the use of personal information for direct marketing of goods and services. We do not use your personal information for direct marketing.

WHAT YOU SHOULD  DO IF YOU HAVE A PRIVACY COMPLAINT? 

If you have a complaint regarding the way your personal information has been handled by the Practice, please put it in writing and address it to the practice manager: Antoinette Mignanelli via email: manager@bmgp.com.au. We will acknowledge receipt of your complaint within 14 days, and endeavour to provide a full response within 30 days of receipt. 

Should you be dissatisfied with our response, you may lodge your written complaint with the Health Complaints Commissioner at 570 Bourke Street, Melbourne, Telephone:1300 582 113 

You may also contact the OAIC. Generally the OAIC will require you to give them time to respond, before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002 

Please direct any queries, concerns, complaints or requests for access to medical records to:

Antoinette Mignanelli
Practice Manager
Brunswick Medical Group
4 Blyth Street, Brunswick,  Vic, 3056 Ph: 9387 1977 manager@bmgp.com.au 

 

This Privacy Policy is current from December 2020

 

Australian Privacy Principle’s (APP’s)

The Commonwealth Privacy Act was amended in 2012 and from March 2014 incorporates 13 Australian Privacy Principle’s (APP) that set out the rules for the handling of personal information in Australia. 

From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles and Information Privacy Principles and will apply to organisations, and Australian Government (and Norfolk Island Government) agencies.

The Act will replace the existing nine Information Privacy Principles (IPPs) that apply to the public sector; the nine National Privacy Principles (NPPs) that apply to the private sector; along with 13 Australian Privacy Principles (APPs) that will apply to the public and private sector alike.

Health practitioners fall within the definition of an ‘organisation’ that handles ‘personal information’ so the APPs apply to them.
Personal information means information or an opinion – whether true or not – about an individual whose identity is apparent or can be reasonably ascertained.

In Victoria, health practitioners are also subject to the Health Records Act 2001 (Vic), which requires organisations dealing with health information to comply with the 11 Health Privacy Principles (HPPs).

The new APPs will apply in addition to the Victorian HPPs. The APPs are more similar to the existing HPPs than the federal principles they are replacing. This is good news for Victorian doctors because it means minimal changes will be required regarding the way health practitioners handle their patients’ personal information.

This document, commonly called a privacy policy, outlines how we handle personal information collected (including health information) and how we protect the security of this information. It must be made available to anyone who asks for it and patients are made aware of this. 

We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:

  • Brochures at reception
  • Our patient information sheet 
  • New patient registration forms
  • Website

 

SUMMARY OF AUSTRALIAN PRIVACY PRINCIPLES (APPS) 

APP 1 OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION 

The practice must have an up to date and available privacy policy that covers specified information. The privacy policy must be made available to patients free of charge. 

APP 2 ANONYMITY AND PSEUDONYMITY 

Individuals must have the option of not identifying themselves, or using a pseudonym, unless impracticable or unlawful. 

APP 3 COLLECTION OF SOLICITED INFORMATION 

Sensitive information (including health information) must only be collected: 

  • with consent from the individual (or authorised guardian); and 
  • where reasonably necessary for the functions and activities of the practice (that is, the provision of health services). 

Information should only be collected from the patient unless it is impracticable to do so. 

Example: Information about a patient’s family member is collected while taking a history. This is acceptable if the information is reasonably necessary to treat the patient. 

APP 4 DEALING WITH UNSOLICITED INFORMATION 

Where an entity receives personal information it did not solicit, it must determine whether the information could have been collected under APP 3. If not, the information must be de-identified or destroyed. 

APP 5 NOTIFICATION OF COLLECTION OF PERSONAL INFORMATION 

Individuals must be made aware of the nature of the personal information the practice collects. This includes information on: 

  • accessing and amending medical records 
  • how to make a complaint 
  • whether information will be used for direct marketing or disclosed to overseas recipients. 

The practice’s privacy and patient consent documents should cover these points. 

APP 6 USE AND DISCLOSURE OF PERSONAL INFORMATION 

Information collected by the practice must only be used for a primary purpose or a secondary purpose directly related to the primary purpose, and only where the patient has provided consent to the use or disclosure. 

A ‘primary purpose’ is the reason the information was collected (for example, for the provision of health care) 

A ‘secondary purpose’ is a purpose ancillary but closely related to the primary purpose. For example, using patient details for billing purposes, or disclosing patient details to a specialist for referral. 

Disclosure may also be required by law, including where there is a: 

  • warrant from Police to access medical records 
  • subpoena to produce document or give evidence 
  • obligation of mandatory notification of child abuse or notifiable disease. 

Use or disclosure for a secondary purpose is also lawful in ‘permitted general situations’, without consent of the patient. These most relevant of these include: 

  • where necessary to lessen or prevent a serious threat to the life, health or safety of an individual or the public and it is unreasonable/impracticable to obtain the patient’s consent. The threat need not be ‘imminent’ but it must be ‘serious’. 
  • in instances of suspected or actual unlawful activity or serious misconduct that relates to the practice’s functions and use or disclosure is necessary to take appropriate action. 
  • to locate a missing person – if the practice has a reasonable belief that the use or disclosure of personal information is reasonably necessary to locate a missing person. Example: medical records indicate a 17 yr old male who has been reported missing was proposing to travel interstate to meet a girl he met on facebook. 
  • to defend or establish a legal or equitable claim. 
  • to lawyers or insurers in response to complaints or claims. 
  • for confidential mediation/ADR processes – practices have the right to use or disclose patient information during a confidential alternative dispute resolution process such as mediation. 

There are 3 ‘permitted health situations’ where a practice can use or disclose health or genetic information for a ‘secondary purpose’. These are: 

  • Research- if relevant to public health or safety and it is impracticable to obtain a patient’s consent. The research must be conducted in accordance with research guidelines and the practice must reasonably believe that the information will not be further disclosed by the recipient. 
  • Prevention of a serious threat to the life, safety or health of a genetic relative. Example: a female daughter may request access to her mother and grandmother’s medical records to determine the nature of their disease. 
  • Responsible person/Guardian – where a patient is either physically or mentally incapable of giving consent, a practice may disclose information to a responsible person or guardian where the disclosure is necessary to provide appropriate care or treatment to the patient or for ‘compassionate reasons’. The disclosure must not be contrary to the wishes of the patient and limited to the extent necessary for care or compassion. 

APP 7 DIRECT MARKETING 

The practice must not use personal information for direct marketing unless the individual has given specific consent for this to occur. 

Direct marketing involves the use of personal information to communicate with an individual to promote goods and services. 

Example: sending patients an SMS offering discounted services at the practice is direct marketing and not permitted. Direct marketing is permitted where an individual would have a reasonable expectation that this would occur and they can easily ‘opt out’. 

 

APP 8 CROSS BORDER DISCLOSURE OF PERSONAL INFORMATION 

If the practice is going to send personal information overseas, it must take reasonable steps to ensure the overseas recipient will not breach the APPs. There are exceptions where the overseas recipient has a similar enforceable law in place or the patient has consented after being expressly informed that information will be sent overseas. 

Example: having a contract with an overseas cloud service provider that requires compliance with APPs. 

APP 9 USE OF GOVERNMENT IDENTIFIERS 

The practice must not adopt, use of disclose a government related identifier unless: 

  • the adoption, use or disclosure is required or authorised by law 
  • it is reasonably necessary to verify the identify of the individual. 
  • It is reasonably necessary to fulfil the obligations to a Commonwealth agency or state or territory authority; 
  • The practice believes it is reasonably necessary to lessen or prevent a serious threat to the life, health or safety of an individual or the public; 
  • The practice reasonably believes use or disclosure is necessary to take action in relation to suspected unlawful activity or misconduct of a serious nature 
  • The practice reasonably believes use or disclosure is necessary for enforcement related activities of an enforcement body. 

A government related identifier includes a Medicare number, Centerlink reference number, driver’s licence or passport number. 

Example: the practice is not permitted to use Medicare numbers as the basis for patient identification. However, a practice can view and record Medicare numbers to verify the identification of a patient and for billing purposes. 

APP 10 QUALITY OF PERSONAL INFORMATION 

Practices must take reasonable steps to ensure the personal information it collects uses or discloses is accurate, up to date complete and relevant. 

APP 11 SECURITY OF PERSONAL INFORMATION 

Practices must take reasonable steps to protect the personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure. 

Example: Practices should issue staff with passwords to access patient databases that are changed on a regular basis, and store hard copy files in lockable filing cabinets or rooms, accessible only to authorised practice staff.

APP 12 ACCESS TO PERSONAL INFORMATION 

The practice must, on request, provide a patient with access to their personal information within a reasonable time, unless an exception applies (see APP 6 above). 

The practice is entitled to charge a ‘reasonable’ fee for access under the Privacy Act 1988 (Cth). The Victorian Health Records Act 2001 (Vic) sets specified fees for access to medical records. Further information on these fees can be obtained from AMA Victoria. 

Any refusal must be accompanied by written reasons and information on how the patient may lodge a complaint. 

 

APP 13 CORRECTION OF PERSONAL INFORMATION 

A practice must take reasonable steps to ensure the personal information it holds is up to date, accurate, complete, relevant and not misleading. There is a positive obligation on practices to correct information where it is wrong. 

The practice must acknowledge a request for an amendment to their medical records, within a reasonable time. No charge can be made for the practice making the requested changes. 

Example: Reception staff should confirm the contact details of the patient are up to date when they present for an appointment. 

 

HEALTH RECORDS ACT 2008 (VIC) OBLIGATIONS 

In addition to the obligations imposed by the APPs under the Privacy Act 1988 (Cth), the Health Records Act 2008 (Vic) imposes 11 Health Privacy Principles (HPPs) which apply specifically to the collection, use, disclosure and handling of health information in Victoria. 

The HPPs are substantially the same as the APPs and so it is not required to set them out separately. There are, however, two added obligations imposed by the HPPs that are not included in the APPs. These are: 

HPP 10 – a practice must provide a patient with information about their medical record if the practice is transferred, sold or closed. 

HPP 11 – a practice is required to transfer a patient’s health information to another health service provider upon request from the patient. 

Telehealth UPDATE: 01/02/2024

New medicare legislation outlines that Doctors at Brunswick Medical Group must obtain written consent to bulk bill telephone consultations. Please check your emails after your telephone consultation and respond accordingly.

TELEHEALTH CONSULTATIONS:

Phone calls will usually show no caller ID and may not be at the specific booked time. Normal consultation fees apply and are to be paid on the day by phone. Consultations are available if you've had a face to face consult in the last 12 months. Fee may apply to telephone consultation.

COVID VACCINATIONS: Updated 20/10/2024

If you are 18 yrs + you are eligible to have your Covid 19 vaccination. Please call the surgery to make an appointment.

COVID 19 Postive Patients:

If you have Covid 19 symptoms, please take a rapid antigen test. If you test positive to COVID 19 Brunswick Medical Group will only be able to offer telephone appointments. No in person appoints will be allowed for COVID 19 positive patients.

NEWS:

FLU VACCINATIONS: Updated 20/10/24

Flu vaccine are now available. Our Flu vaccination clinics run during the week by appointment only.

RESOURCES

Patient Forms and Patient Health Information

Back to top