RUN READY - MEDICAL PRIVACY POLICY
Current as of 25 March 2024. This policy is revised on a regular basis in line with the Office of the Australian Information Commissioner (OAIC) legislation.
Introduction
Run Ready (RR) is committed to ensuring your personal information is professionally managed in accordance with the Australian Privacy Principles (APPs). This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice and the circumstances in which we may share it with third parties.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff that need to see your personal information will have access to it. If we need to use your information for other purposes, we will seek additional consent from you to do this.
What personal information we collect and why
RR collects your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits, and business processes (e.g., staff training).
The personal information we collect about you includes your:
- Name, date of birth, address and contact details
- Information about your health condition, medical history, medications, allergies, adverse events, social and family history, risk factors, and treatment you may have already received
- Medicare, DVA, NDIS, WorkCover, or other health identification numbers (where available) for identification and claiming purposes
- Private health fund details
Only practice staff that need to see your personal information will have access to it. All practice staff have signed a Confidentiality Agreement.
How we collect your information
Our practice will collect your information in several different ways:
- Directly and in person, over the phone, by email, SMS, through our website or by completing our online forms. We may also collect your personal information when you communicate with us using social media.
- During the course of providing medical services, we may collect further personal information. This may include audio and video recordings of your consultation or condition that will be stored securely via our clinical record system
- If it is not possible to collect it from you directly, we may also collect this information from:
- Your guardian or responsible person
- Other healthcare providers involved in your care such as doctors, other allied health professionals, hospitals, community health services and pathology and diagnostic services
- Your private health fund, Medicare, WorkCover, NDIS, TAC or DVA (as necessary)
Who we share your personal information with and when
We sometimes share your personal information:
- With other healthcare providers
- When it is a statutory requirement to lawfully share certain personal information, such as mandatory notification of certain diseases
- Court subpoenas required or authorised by law
- With third parties who work with our practice for business purpose (such as accreditation agencies or IT providers – these third parties are required to comply with APPs and this policy)
- When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety of public health or safety, or it is impractical to obtain the patient’s consent
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of confidential dispute resolution process
Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
RR will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
RR uses the Cliniko Allied Health Practice Management Software, which means that your information may be processed in the US, UK, EU, and Australia, but is stored solely within Australia. Outside of this, we will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
How we store and protect your personal information
Your personal information may be stored at our practice as paper records, electronic records, visual records (MRIs, CT scans, X-rays, ultrasounds, videos, and photos) and audio recordings.
Our practice stores all personal information securely and has strict protocols and policies to ensure your personal information is protected from misuse, loss, interference, or unauthorized access:
- Regarding information in electronic format:
- Our primary method of storing information is in electronic format using the Cliniko Allied Health Practice Management Software.
- This software is cloud-based, password-protected, and uses end-to-end encryption. For more information regarding the security of this software, please refer to https://www.cliniko.com/security.
- Another method we store your information in electronic format is on our work devices, which are all password protected.
- Occasionally we may record electronic information (visual/audio) on external non-work devices, but only after obtaining explicit consent from you.
- Some limited personal information such as email and year of birth may be kept on our TeamBuildr app. This software is cloud-based, password-protected, and uses end-to-end encryption. For more information regarding the security of this software, please refer to https://www.teambuildr.com/privacy-policy.
- Regarding hard copy records and information:
- We encourage clients to take hard copy records and information they bring in home with them as we discourage our staff from keeping hard copy records and information.
- In the case of clients leaving documents behind, we will contact the client to pick the hard copies up within 14 days.
All staff and contractors must sign confidentiality agreements prior to commencing work with and for our practice.
Access to, and correction of, your personal information
You have the right to request access to, and correction of, your personal information.
Our practice acknowledges patients may request access to their medical records. If you wish to access or correct personal information, we request that you put it in writing and contact the Practice Manager Jo Bowden (info@runready.com.au). Requests for access and/or correction will be processed within 30 days.
While we do not charge an application or processing fee, you may be charged administration, photocopying, or other fees to reasonably cover our costs in fulfilling your request.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or current. From time to time, we will ask you to verify that your information held by our practice is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Manager Jo Bowden (info@runready.com.au).
How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to the Practice Manager Jo Bowden (info@runready.com.au). We will then attempt to investigate the issue and will notify you in writing of the outcome within 30 days from the receipt date of the original written complaint.
If you are not satisfied with our response, you can contact us directly to discuss your further concerns or lodge a complaint with OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Privacy and our website
As aforementioned, we may collect your information through online mediums (website, emails, social media interactions). We collect and store this information solely for business-related purposes, and do not actively use cookies or other software to gather information so that we may pass it on to other third parties.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required or authorized by law to only deal with identified individuals.
Policy review statement
This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. We will notify our patients of these changes via our website and our handout hard copy Privacy Policy available at our practice premises.