QANC
Queensland ADHD & Neurosciences Clinic
Privacy Policy

Download Privacy Policy

 Privacy Policy Current as at 14 November 2017

1. Overview and purpose

We respect your rights to privacy and takes our privacy obligations seriously. We comply with the Australian Privacy Principles, found under the Privacy Act 1988 (Cth) ‘Privacy Act’. 

When you first register as a patient, our new patient form requests your consent so that we can collect, use, hold and share your personal information in order to provide you with the best possible healthcare and to allow us to manage our practice. If we intend to use your personal information for any other purpose, we will seek your consent first.

This privacy policy explains:

  • How we manage your personal information (including your health information), including the collection, use, disclosure, quality and security of your personal information;
  • The kinds of information we collect and how that information is held;
  • The purposes for which we collect, hold, use and disclose personal information;
  • How you can access your personal information and how you can request to correct such information; and
  • How you can complain about a breach of your privacy and how we will handle your complaint.

If you have any queries, concerns or feedback regarding our Privacy Policy, please do not hesitate to contact us at:

The Privacy Officer/The Practice Manager
Ph: 07 5539 6903
Email: ofni.1539877998cnaq@1539877998nimda1539877998
Post: PO Box 3082 Robina Town Centre QLD 4220

In this Privacy Policy, we use the terms:

“Personal information” as defined in the Privacy Act. This means:
“information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • Whether the information or opinion is true or not; and
  • Whether the information or opinion is recorded in a material form or not”;

“Health information” as defined in the Privacy Act. This is a subset of “personal information” and means information or an opinion about:

  • The health or a disability (at any time) of an individual;
  • An individual’s expressed wishes about the future provision of health services to him or her; or
  • A health service provided or to be provided to an individual.

Personal information also includes “sensitive information” which is information such as your race, religion, political opinions, sexual preferences and/or “health information”. Information which is “sensitive information” attracts a higher privacy standard under the Privacy Act and is subject to additional mechanisms for your protection.

We, Us, Our, shall mean:

  1. QLD ADHD & Neurosciences Clinic
  2. Contracted and independent medical, allied and healthcare practitioners who practice from our rooms.

The QLD ADHD & Neurosciences Clinic provide management, administrative and facilities to independent medical, allied health and healthcare practitioners who run their own independent business from our practice. These practitioners have agreed to fall under and abide by our Privacy Policy while working from our facilities.

2. Collection of personal information

We collect information which is necessary to provide you with healthcare services and to appropriately manage and conduct our business. This includes collecting personal information and such as your name and contact details, medical history, family history, past and current treatments, lifestyle factors and any other information which is necessary to assist us in providing you appropriate care. We will also collect your Medicare number and health fund details (where applicable).

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. It is important to be aware that if you provide incomplete or inaccurate information or withhold information we may not be able to provide you with healthcare services.

We will usually collect your personal information directly from you, including from patient consent forms, medical records and consultations with you, or from another health service provider. Sometimes we need to collect information about you from third parties, such as relatives and friends, private health insurers, Medicare Australia, Qld Health and other government departments, law enforcement, legal and emergency healthcare services, hospitals and legal, law enforcement and emergency services.

We will only collect information from third parties where:

  • You have consented to such collection;
  • Such collection is necessary to enable us to provide you with appropriate healthcare services (such as emergency medical treatment or where your health is at risk);
  • Such collection is reasonably necessary to enable us to appropriately manage and conduct our business;
  • It is legally permissible for us to do; or
  • When there are issues of safety and/or danger to self or others, as per our duty of care requirements.

3. How we use your personal information

We only use your personal information to provide you with healthcare services or to enable us to appropriately manage and conduct our business, unless:

  • There is a secondary purpose which directly relates to the primary purpose, and you would reasonably expect, or we have informed you, that your information will be used for that secondary purpose, or you have given your consent for your personal information to be used for a secondary purpose;
  • The disclosure of your information is necessary for the enforcement of criminal law or a law imposing a penalty or sanction, or for the protection of public revenue;
  • The disclosure of your information will prevent or lessen a serious and imminent threat to somebody’s life or health, or pose risk to self or others; or,
  • We are required or authorised by law to disclose your information for another purpose.

For example, we use your personal information:

  • To provide healthcare services to you;
  • To appropriately manage our practice, such as conducting audits and undertaking accreditation processes, manage billings and training staff;
  • Effectively communicate with third parties, including private health insurers, Medicare Australia, Qld Health and other government departments, law enforcement, legal and emergency healthcare services, hospitals; and
  • For research or academic purposes – where we may use your de-identified information. If we wish to use your personal information we will seek your consent.

4. Disclosing your personal information

We may disclose your personal information to our employees, contractors and service providers in order for us to provide healthcare services to you and to allow us to manage our business. We will also disclose your personal information to healthcare professionals directly involved in your treatment. Where your medical records or personal information are required to be disclosed in the case of a medical emergency, we will provide these to the relevant medical professional or organisation without waiting for your consent, where we believe this is in your interests.

Your personal information may also be provided to third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action.

We may provide your personal information to third parties involved in your care, such as:

  • Guardians or a person exercising a power of attorney or enduring power of attorney;
  • Non-government organisations & government departments and agencies, such as Defence or Department of Veterans Affairs, or departments responsible for health, aged care and disability where we are required to do so;
  • Private health insurers and Medicare Australia;
  • Anyone authorised by you to receive your personal information.

An administrative fee may apply when these third parties requires copies of your medical record.

We undertake and participate in research studies. We will always request your written permission to be involved in such research before we release any personal information to third party researchers.

5. Overseas recipients

We engage an overseas transcription service. However we de-identify your name and contact details from the digital recording before it is transmitted overseas. This means your personal information is not disclosed.

6. Data storage, quality and security

We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security.

We are a paperless electronic medical record practice. All hard-copy records which come to us are entered into our system and the hard-copy document is destroyed. We use a private document destruction company who is also required to comply with the Privacy Act.

All personal information stored in electronic form is protected from unauthorised access, misuse, interference, loss, modification or disclosure. Some of the steps we take to ensure your personal information is secure include:

  • We maintain physical security over our premises ;
  • Our IT security system uses sophisticated multi-layer security, incorporating both end-point and gateway security which integrates anti-virus, anti-spam, intrusion detection protection and advanced firewall network security to protect patient data;
  • Our IT security solution is designed to meet the requirements of HIPAA compliance with data security of patient medical records and employee information;
  • Our organisation uses individual employee accounts with strong password policies which are enforced with regular changes on all computers and wireless access points to ensure accountability and auditing of access to patient data;
  • Access to IT systems remotely is restricted via VPN access for monitored secure access for authorised staff only;
  • All business data and storage systems are backed up with encrypted storage and backup policies to ensure data is protected against security breaches which could change, damage or delete data;
  • We have designed our facility and consulting rooms with your privacy specifically in mind;
  • Our staff are trained on privacy and we have detailed internal processes and systems to protect your privacy.

Our website and email are linked to the internet. No data transfer over the internet is 100% secure.

Accordingly, any information which you transmit to us online or via email is transmitted at your own risk.

7. Destroying your personal information

Subject to applicable laws, we may destroy personal information when we no longer require it. It is likely your medical records held by us contain sensitive information. We are required to abide by relevant legislation in the retention and disposal of your medical records.

We are a paperless electronic medical record practice. All hard-copy records which come to us are entered into our system and the hard-copy document is destroyed. We use a private document destruction company who is also required to comply with the Privacy Act.

8. Accessing and amending your personal information

You may request an amendment to your non-clinical personal information if you consider that it contains inaccurate, incorrect or incomplete information.

You have a right to request access to any information we hold about you including your clinical record. If you make a request to access personal information that you are entitled to access, we will provide you suitable means of accessing it. This may incur an administrative cost prior to release to cover our reasonable costs for complying with the request for access.

We are a mental health practice. It is likely there will be instances where we cannot grant you access to some or all of your medical record, including where this will have an adverse impact on your mental health or interfere with the privacy of others. Your treating practitioner will review your request for access. If access is declined, we will provide you with a written explanation of those reasons on your request.

You can contact us about any privacy issues as follows:

The Privacy Officer/The Practice Manager
Ph: 07 5539 6903
Email: ofni.1539877998cnaq@1539877998nimda1539877998
Post: PO Box 3082 Robina Town Centre QLD 4220

9. Complaints

If you have a complaint about how we have dealt with your personal information or believe we have breached your privacy, please contact us on the details below so that we may investigate it. We will deal with your complaint fairly and confidentially. On receipt of your complaint we will contact you

as soon as we have investigated your complaint to confirm what action will occur. We will then communicate the outcome to you in writing and invite a response to our conclusion about the complaint. If we receive a response from you, we will also assess it and advise if we have changed our view. Please contact us at one of the options below:

The Privacy Officer/The Practice Manager
Ph: 07 5539 6903
Email: ofni.1539877998cnaq@1539877998nimda1539877998
Post: PO Box 3082 Robina Town Centre QLD 4220

If you are unsatisfied with our response, you may make refer the complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au) or The Office of the Health Ombudsman (www.hqcc.qld.gov.au)

10. Review and change to Privacy Policy

We may alter this Privacy Policy following any legislative change or upon a review of our information handling processes.

The current version of our updated Privacy Policy is available from:

Relevant information when using our website:

Use of cookies

A ‘cookie’ is a small data file placed on your machine or device which lets us identify and interact more effectively with your computer. Cookies are used by many websites, including those operated by us. Cookies can facilitate a users ongoing access to and use of a website. Cookies allow us to customise our website to the needs of our users. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. However, cookies may be necessary to provide you with some features of our website.

Links to other sites

Our website may provide links to third party websites. These linked sites are not be under our control and we are not responsible for the content or privacy practices employed by those websites. Before disclosing your personal information on any other website, we recommend that you carefully read the terms and conditions of use and privacy statement of the relevant website.

Collection of non-identifiable information

We may also collect some information that is not personal information because it does not identify you. For example, we may collect anonymous answers to surveys or aggregated information about how our website is used.

Communications

We may contact you directly or send you communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, phone and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will use that method of communication. In addition, at any time you may opt-out of receiving communications from us by contacting us (see the details below) or by using opt-out facilities provided in the communication and we will the ensure that your name is removed from our mailing list.

We will not provide your personal information to other organisations for the purposes of such communications.