Clinical Physio St Ives (“Clinical Physio”, “we”, “us”, “our”) is a physiotherapy clinic providing expertise in the assessment, diagnosis and treatment of conditions of both the muscular and skeletal systems.
2. APPLICATION OF THE POLICY
Clinical Physio is subject to the Privacy Act 1988 (Cth) (Privacy Act) and handles the personal information (including health information) that it collects and holds in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. In addition to the federal Privacy Act, Clinical Physio must also comply with certain State and Territory legislation.
4. WHAT IS PERSONAL OR SENSITIVE INFORMATION?
Personal information is information or an opinion about an individual who is identified or capable of identification from the information, whether that information or opinion is true or not.
De-identified information is not personal information and involves the removal or alteration of other information that could potentially be used to re-identify an individual.
5. DEALING WITH US ANONYMOUSLY
Where it is lawful and practicable to do so, individuals may deal with us anonymously or by using a pseudonym (e.g. when inquiring about services generally). However, if individuals wish to make a booking with our service, the service will require the provision of personal identifying information.
6. OUR WEBSITE
Visitors to our website do not disclose information unless they provide such information through the booking form. When individuals visit our website anonymously, non-personal information may be collected including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalised content to individuals while they are at this site.
7. WHAT PERSONAL INFORMATION IS COLLECTED AND HELD?
The information collected may include an individual's:
name, address (postal and email) and telephone numbers;
gender, date of birth, marital status, occupation, religion, country of birth, indigenous status, next of kin;
medical history and other health information we are provided with or collect in the course of providing our services;
payment information such as credit card details, health fund and health insurance cover details, workers compensation or other insurance claim details, Medicare details, concession card details;
other information needed to provide services
8. WHY DO WE COLLECT, USE AND DISCLOSE PERSONAL INFORMATION?
If an individual is to receive or has received a service from Clinical Physio, we will collect, use or disclose their personal information to:
do what is necessary to provide the services where the individual would reasonably expect disclosure;
ensure continuity of care of individuals treated in our facilities and provide ongoing treatment options;
manage, fund, service-monitor, plan, evaluate and handle complaints;
comply with legal and regulatory requirements;
undertake accreditation, quality assurance or clinical audits;
undertake billing and debt recovery;
address liability indemnity arrangements including reporting to Clinical Physio;
prepare the defence for anticipated or existing legal proceedings;
contact individuals to respond to enquiries, to follow up, in an emergency, for authorisation in relation to any services;
communicate with individuals about our services or offers from our other integrated care providers;
assess job applications
verify an individual’s identity;
ensure the health and safety of our staff and individuals who use our services or attend our facilities; and
provide health insurance funding
We will disclose individual’s personal information to nominated authorised representatives only where written authority has been provided or where evidence is provided that they can act on an individual’s behalf as a Medical Treatment Decision Maker or Support Person Guardian appointed by NCAT. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent, or have legal authority to do so.
9. HOW DO WE COLLECT PERSONAL INFORMATION?
We will collect personal information from individuals directly where it is reasonably practical to do so. This often takes place in the ordinary course of delivery of a healthcare service such as when a person attends our facility for treatment, completes documents in order to receive that treatment, provides information over the telephone or applies for a job with us.
Other circumstances where we may collect information from third parties:
where the patient has a Medical Treatment Decision Maker or Support Person
from an individual’s health service provider including specialists
from a health professional who has treated the individual
from an individual’s health insurer or other insurer
from an individual’s family
other sources where necessary to provide our services
to assess job applicants (e.g. police checks)
10. TRANS-BORDER DATA FLOWS
Our website may be hosted by servers outside Australia and we may also use technical support services that are based off shore. This means that technically speaking, individuals’ personal information may travel electronically from Australia to another country and back to Australia. When sending information offshore, we ensure all providers we engage can and will observe the requirements of the Australian Privacy Principles.
11. STORING PERSONAL INFORMATION
We may store personal information in different ways, including in paper and electronic form. The security of personal and information is important to us and we take all reasonable steps to protect it from misuse or loss and from unauthorised access, modification or disclosure. We ensure compliance with the Notifiable Data Breaches Scheme established under the Privacy Act 1988 (Cth). Some of the ways we do this include:
requiring our staff and contractors to maintain confidentiality and observe privacy laws to ensure compliance with the APPs
implementing document storage security
imposing security measures for access to computer systems
only allowing access to personal information where the individual seeking access to their own information has satisfied identification requirements
Personal information is retained for the period of time determined by law and is disposed in a secure manner.
12. KEEPING PERSONAL INFORMATION ACCURATE AND UP TO DATE
We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information depends largely on the quality of the information provided to us. We therefore suggest that individuals:
let us know if there are any errors in personal information; and
keep us up to date with changes to personal information (e.g. their name and address)
Individuals may do this by mail, email or directly on the website (see our Contact page).
13. ACCESSING PERSONAL INFORMATION
Individuals have a right to access their personal information and can contact us to request access. We may charge a nominal fee for providing access to personal information. In the event that copies of records are requested and approved, we may elect to charge for our reasonable costs involved in providing access. We will endeavour to advise individuals in advance if a charge will be imposed, and the likely amount of the charge. Individuals will be invited to consider other forms of access to minimise cost.
We will disclose individual’s personal information to an individual’s authorised representatives only where written authority has been provided or where evidence has been provided that nominated individuals can act on an individual’s behalf. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent, or have legal authority to do so.
Individuals also have the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney, NSW 2001
15. CONTACTING US
Individuals may ask any questions about privacy and the way we manage personal and health information, complain about the handling of information or obtain a form requesting access to personal information by contacting firstname.lastname@example.org.
16. FURTHER INFORMATION
If individuals would like more information about privacy in general, please refer to the Office of the Australian Information Commissioner's website: Click here
The Company reserves the right to vary, replace or terminate this policy from time to time.