Pentlowe Health Privacy Policy

Pentlowe health collect information about individual’s health, well-being, relevant social and financial circumstances to provide patient (you) with best medical care.  

We have developed a policy framework to protect the privacy of this information in compliance with current Australian Privacy Principles (APP).

This privacy policy provides information to you, on how your personal and health information is collected and used within our practice, and the circumstances in which we may share it with third parties. 

What do we collect?

The information we will collect about you includes your:

· names, date of birth, addresses, (physical and email) contact details of you and your next of kin/emergency contact details. 

· medical information including medical history, medications, allergies, adverse events, immunizations, social history, family history and risk factors.

· Medicare number

· Healthcare identifiers

· Health fund details.

You may elect to give all, minimum or selective information to us. You may even use an alias but please let us know if you do so. You can ask us not to record certain information in our files. Please be aware that, this may have an impact on your medical care, cost of care and how we communicate with your other healthcare providers. 

Who and how do we collect from?

When you register as a patient of our practice, you provide consent to our medical practitioners and our practice staff to asceses and use your personal and health information. We collect the information in the registration form, during the consultations and from relevant medical practitioners who referred you to us. 

We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate.

We may seek your permission to obtain further information from other medical practitioners, laboratories, radiology, and hospital providers who provides medical care to you. We seek your permission for this during the consultation and when booking for consultation and procedures. This is generally done verbally. On some occasions we may ask you to sign request forms to obtain medical information from other providers. 

If you do not want us to collect any information or from any professional or organization, please let us know so that we would not proceed with that. 

Why do we collect this information?

Pentlowe Health will need to collect your personal and health information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for related business activities such as Medicare claims and payments, and business processes (e.g. staff training). 

Pentlowe Health will not use your information for marketing purposes, directly or indirectly. We do not provide your information to third party for marketing.

We may use non-identifiable data for medical research, accreditation, and quality improvement projects.

Who collect and see the information?

We sometimes share your personal information:

· with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy

· with other healthcare providers

· when it is required or authorised by law (eg court subpoenas) 

· when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

· to assist in locating a missing person

· to establish, exercise or defend an equitable claim

· for the purpose of confidential dispute resolution process 

· when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)

Only people who need to access your information will be able to do so. Other than while providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

How do we store the information?

Pentlowe Health stores all personal information securely in various forms.

We do not maintain paper format files in the practice at present. The paper forms you have filled, and other hard copies of medical information sent to us (letters, investigations report etc.) are scanned into the electronic medical records and then will be shredded at the premises. 

The electronic faxes we received are deleted regularly after completion of fax-out and downloaded to our electronic medical records.

The files submitted through our online secure gateway are deleted after those files are downloaded to the electronic medical record. 

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

How we access and transmit information

We access your personal and health information through our practice computers and laptops. The computers are password protected for local access. The patient management system is password protected as well as our email system. 

We use Australian based electronic fax provider, who follows the Australian privacy principals. The access to this also password protected. 

We do not encourage patient sending information via emails without prior consent from the patient and us. 

We encourage patients to use our secure online portal to upload forms, medical information. We use an Australian based provider for this who follows the Australian privacy principals. The access to this is password protected. 

How do you access and correct information?

As a patient you have the right to request access to, and correction of, your personal and health information.

We can provide you with a copy of your medical records. If this is few pages of your investigations results, please ask us during consultation or over the phone. We can provide you these at the time or send you a copy in the post. Please note our practice administrative staff will not tell details of your results over the phone. 

If you need the copy of your medical file transferred, we require you to put this request in writing to Dr NJ Arachchi and our practice will respond within 2 weeks. Please note an administrative cost may apply for the time and resources spent on this. 

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information. Please make those request to Melinda Pomella ( practice manager) 03 8391 7020 admin@pentlowehelath.com.au 

Complains and further information

We take privacy regarding health and personal information seriously. We work extremely hard to secure the privacy of the personal health information of our patients. This is becoming increasingly difficult in the age of electronic data systems and highly sophisticated attempts at breaching data security. We regularly review security of our electronic data gathering, storage and access methods to maintain most secure, yet accessible systems. 

We will inform you of any data breaches should that occurs. We would appreciate if you can let us know if you suspect the privacy of your medical and personal information is breached.