The Health Lodge Privacy Policy
Current as of: 09/12/2024
1. Introduction
Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:
- The kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act.
- How we collect and hold personal information.
- The purposes for which we collect, hold, use, and disclose personal information.
- How you may access your personal information and seek the correction of that information.
- How you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint.
- Whether we are likely to disclose personal information to overseas recipients.
2. Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare.
Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
3. What personal information do we collect?
The information we will collect about you includes your:
- Names, date of birth, addresses, contact details
- Medical information including medical history, medications, allergies, adverse events, immunisations, race, sexuality, religion, social history, family history, and risk factors
- Medicare number (where available) for identification and claiming purposes
- Healthcare identifiers
- Health fund details
- Notes of your symptoms or diagnosis and the treatment given to you
- Your specialist reports and test results
- Your dental records
- Your genetic information
4. Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorized by law to only deal with identified individuals.
5. How do we collect your personal information?
Our practice may collect your personal information in several different ways:
- When you make your first appointment, our practice staff will collect your personal and demographic information via your registration.
- During the course of providing medical services, we may collect further personal information.
- Information can also be collected through electronic transfer of prescriptions (eTP), electronic transfer of pathology (ePath), My Health Record (e.g., via Shared Health Summary, Event Summary), and electronic referrals.
- We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment, or communicate with us using social media.
- In some circumstances, personal information may also be collected from other sources, such as:
- Your guardian or responsible person
- Other healthcare providers, such as specialists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services
- Your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary)
6. When, why and with whom do we share your personal information?
In general, we collect, hold, use, and disclose your personal information for the following purposes:
- To provide health services to you
- With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with the Australian Privacy Principles (APPs) and this policy
- With other healthcare providers
- When required or authorised by law (e.g., court subpoenas)
- When necessary to lessen or prevent a serious threat to a patient’s life, health, or safety or public health or safety
- To assist in locating a missing person
- To establish, exercise, or defend a legal claim
- For the purpose of a confidential dispute resolution process
- When there is a statutory requirement to share certain personal information (e.g., mandatory disease notification)
- To liaise with your health fund, government, and regulatory bodies such as Medicare and the Office of the Australian Information Commissioner (OAIC), as necessary
7. How do we store and protect your personal information?
Your personal information is stored electronically. Our practice implements security measures, including:
- Strong password protections
- Access to personal information restricted on a ‘need-to-know’ basis
- Paper files kept in locked cabinets
- All staff sign confidentiality agreements
- Document retention and destruction policies
8. How can you access and correct your personal information?
You have the right to request access to and correction of your personal information.
Requests should be submitted in writing via email to info@thehealthlodge.com.au. We will respond within 30 days.
9. How can you lodge a privacy-related complaint?
We take privacy complaints seriously. You may:
If you are not satisfied, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint
10. Privacy and our website
We may collect personal information via our website, for example, if you choose to join our mailing list. Your email address will be kept secure and not shared with third parties without your permission unless stated in Section 6.
11. Policy review statement
Policy reviews occur regularly. The latest review dates are:
- 07/2021 – Initial release
- 07/2022 – Review
- 12/2024 – Review by Lucy Dennett
- 12/2027 – Next scheduled review
12. Related Documents
Relevant privacy legislation includes:
