Your Health Information and Personal Information is required to be protected by us pursuant to the New South Wales Health Records and Information Privacy Act 2002 and the Commonwealth Privacy Act.
The Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 and the Health Privacy Principles in the New South Wales Health Records and Information Privacy Act 2002:
- regulate the handling of personal and health information;
- give access rights to people in respect of their health information and personal information that has been collected by, and is held about them, by organisations;
- give people access to their personal information and health information for the purposes of correction; and
- provide a framework for resolving any disputes which may arise regarding the handling of your personal information or health information.
Collection – how we collect your personal information and health information
Lifestyle Physiotherapy will only collect health information necessary for the performance of its health services and with consent. Individuals who provide health information will be notified about what happens to their information and that they can gain access to it.
Use and disclosure – how we use and disclose your personal information & health information
Lifestyle Physiotherapy will only use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose which the person would reasonably expect. If there is any doubt about this expectation then Lifestyle Physiotherapy will gain consent from the person for the use of their health information.
We never sell your information to other organisations and we comply with the requirements of the Privacy law in our marketing communications to you.
Data quality
Lifestyle Physiotherapy will take all reasonable steps to ensure health information it holds is accurate, complete, up to date and relevant to the functions and services it provides.
Data security and retention
Lifestyle Physiotherapy will safeguard the health information it holds against interference, misuse, loss, unauthorized access and modification. We ensure that any providers of IT services to us (including overseas providers of IT services including Cloud services) are also privacy compliant.
Health information will be destroyed or deleted in accordance with Health Privacy Principle 4.
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for marketing purposes as you will have consented to that in writing with us.
Where Lifestyle Physiotherapy receive unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
In accordance with the Health Records Act, all Health information collected by Lifestyle Physiotherapy will not be deleted. Amendments or alterations to the health information will be recorded on a separate form and attached to the original file.
Access and correction
We will be entitled in some circumstances to refuse access and if we do so, we will consider whether a mutually agreed intermediary will allow sufficient access to meet your needs and ours.
Lifestyle Physiotherapy recognises that individuals have a right to seek access to health information about them, and that this right extends to correction of the information if it is inaccurate, incomplete, misleading or not up to date.
Although no fee will be charged for accessing your personal information or making a correction, Lifestyle Physiotherapy may charge a fee to retrieve and copy any material.
Identifiers
Lifestyle Physiotherapy will only assign a number or code number to identify a person if it is reasonably necessary to carry out the function or service efficiently.
Anonymity
You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicle for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Transferred data flows
Lifestyle Physiotherapy does not transfer any personal information overseas without the consent of the individual.
We do use an overseas provider of cloud-based services (Cliniko), however all data gained in Australia is stored in Australia by Cliniko. All data shared between Lifestyle Physiotherapy and Cliniko is transmitted and stored securely. Cliniko meets, or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA.
Lifestyle Physiotherapy website
Lifestyle Physiotherapy collects personal or sensitive information through websites, e-commerce systems, etc. Lifestyle Physiotherapy protects it’s website through the use of encryption technology.
When you use our website, having your cookies enabled will allow us to maintain the continuity of your browsing session and remember your details when you return. We may also use web beacons, Flash local stored objects and JavaScript. If you adjust your browser settings to block, reject or delete these functions, the webpage may not function in an optimal manner. We may also collect information about your IP address, although this may not identify you.
Transborder data flows
Lifestyle Physiotherapy will only transfer health information outside New South Wales if the receiving organisation is subject to laws substantially similar to the Health Privacy Principles, or confidentiality and disclosure agreements are in place between the individual and the external organisation (i.e. in the case of overseas patients).
Making information available to another health service provider
Lifestyle Physiotherapy will make information relating to an individual available to another health service provider if requested by the individual and it is appropriate.
Complaints
If you have any concerns, complaints or you think there has been a breach of privacy, please contact Lifestyle Physiotherapy who will first speak with you. If we then have not dealt satisfactorily with your concerns, we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
- email:enquiries@oaic.gov.au
- tel:1300 363 992
- website:https://www.oaic.gov.au/about-us/contact-us/
The New South Wales Office of the Health Services Commissioner website is https://www.hccc.nsw.gov.au/contact-us