Current policy as of 26 March 2021
Introduction
Southern Nuclear Imaging is a Medical Imaging practice with a passion for providing the highest quality healthcare to the Australian community. We are dedicated to ensuring that our patients are comfortable in entrusting their health information with our practices and our staff. This policy provides information to patients as to how their personal information (which includes their health information and sensitive information) is collected and used within our practices, our administrative office and in which circumstances we may disclose it to third parties.
We will handle your personal information in a responsible manner in accordance with:
• The Privacy Act 1988;
• The 13 Australian Privacy Principles (APP) from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which amended the Privacy Act 1988 and replaced the National Privacy Principles and Information Privacy Principles;
• Legal and ethical confidentiality obligations;
• Other relevant State and/or territory laws (which may or may not be health specific).
To ensure our patients’ privacy is maintained, we are dedicated to implementing this policy, training our staff to apply it and continual review of our processes and systems to handle personal information. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this. We will update this policy to reflect any changes.
Anonymity and Pseudonymity
Under the legal requirements afore mentioned, an individual has the right to request to remain anonymous or use a pseudonym. This, however, is impractical and Southern Nuclear Imaging cannot deal with patients requesting to be anonymous or using pseudonyms as this may:
• Impact on diagnosis
• Cause a risk to patient safety and would conflict with the Australian Commission on Safety and Quality in Health Care guidelines for Quality and Safety
• Cause a mismatch of patient records
• Create communication breakdown between patient and the treating physician
• Result in an examination not being claimed under Medicare or relevant insurance fund
Patients may remain anonymous when they are either calling or visiting the practice to make an enquiry about a service provided by Southern Nuclear imaging. Patient details will be requested at the time of booking an appointment and at the time of examination.
The APP
The APP provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing, and correcting personal information. The APP consist of 13 principle-based laws and apply equally to paper-based and digital environments. The APP complement the long-standing general practice obligation to manage personal information in a regulated, open and transparent manner.
Types of personal information
Personal information means information or an opinion, including information or an opinion forming part of a database, “whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”.
Health information includes personal information collected to provide, or in providing, a health service (which is also sensitive information).
Sensitive information means information or an opinion about a person’s racial or ethnic origin, political opinions, membership of a political, professional or trade association or trade union, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, or criminal record, as well as health information about the person.
Practice procedure
We will:
• provide a copy of this policy upon request;
• ensure staff comply with the APP and deal appropriately with inquiries or concerns;
• take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints;
• collect personal information for the primary purpose of managing a patients’ healthcare and for financial claims and payments.
Staff responsibility
The Practices’ and key administrative staff who are entrusted with confidential information, all having signed confidentiality agreements, will take reasonable steps to ensure patients understand:
• what information has been and is being collected;
• why the information is being collected, and whether this is due to a legal requirement; • how the information will be used or disclosed;
• why and when their consent is necessary;
• the Practices’ procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.
Patient consent
We will only interpret and apply a patient’s consent for the primary purpose for which it was provided. We must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of information, storage, and security
We need to collect personal information as a provision of imaging services to a patient within the Practices. Collected personal information will include patients’:
• names, addresses, date of birth, gender, and contact details;
• Medicare number (where available) (for identification and claiming purposes);
• healthcare identifiers, including Workers Compensation and third party insurance;
• medical information including medical history, medications, allergies, adverse events, family history and risk factors;
• payment information such as credit card and direct debit details;
• information from patient enquiries;
• communication between the Practice and the patient.
A patient’s personal information may be held securely at the relevant Practice and/or in the Administration Office in various forms:
• as paper records, in hard copy format in secured environment;
• as electronic records in protected password-secured information systems;
• as visual – x-rays, CT scans and other relevant previous imaging;
• as audio recordings.
Our procedure for collecting personal information is set out below:
Information may be collected in various ways, such as over the phone, in writing, in person in our Practices, in our Administration Office, over the internet if you communicate with us online as well as information which are entered into our Practices’ website.
We hold all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.
Referrers and their Staff
Information we collect about our referring physicians, their staff and the practices include:
• Name, address, telephone numbers, fax / email address and other contact details
• Details of IT systems
• Medicare provider numbers and billing information
• Area of specialisation
• Employment history
• Service delivery preferences, referral patterns and fees paid by referred patients
• Information gathered by marketing liaisons during site visits
• Expressed wishes about the future provision of health services
• Details of feedback, complaints, incidents and suggestions
Southern Nuclear Imaging Technology Staff
Information we collect about our staff may include:
• Name, address, email address and other contact details
• Letters of application/expression of interest and associated
correspondence
• Curriculum Vitae / resume
• Referee comments
• Performance records
• Superannuation membership details
• Bank details, tax file number and other employment records
• Language skills for assistance with patient communication
Employment Applicants
Information we may collect and store about employment applicants may include:
• Name, address, email address and other contact details
• Letters of application / expression of interest and associated correspondence
• Curriculum Vitae / resume
• Referee comments
This information is stored for unsuccessful applicants as a future reference to other available positions that may arise
Use and disclosure of information
Personal information will only be used for the purpose of providing medical imaging services and for claims and payments, unless otherwise consented to. Some disclosure may occur to 5 third parties engaged by us for business purposes, such as accreditation, for the provision of information technology and medical studies. These third parties are required to comply with the APP and our policy. We will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).
We will not disclose personal information to any third party other than in the course of providing medical imaging services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. We will not transfer your personal information to an overseas recipient (unless under exceptional circumstances permitted by law) unless we have your consent.
If you do not wish for your report to go back to your referring Medical Practitioner, please advise our staff prior to the examination and we will in accordance with the legislative requirements, take all reasonable steps to comply.
Exceptions to disclosure without patient consent are where the information is:
• required by law;
• necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent;
• to assist in locating a missing person;
• to establish, exercise or defend an equitable claim;
• for the purpose of a confidential dispute resolution process;
• during the course of providing medical services, through eTP, My Health Record (eg: via Shared Health Summary, Event Summary).
We will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the relevant Practice or our Administration Office in a letter or email.
We evaluate all unsolicited information we receive to decide if it should be kept, acted on or destroyed.
Storage and Security of Information
Southern Nuclear Imaging has procedures in place that ensure your personal information is stored securely and protected from misuse, loss and unauthorised access. Some of the steps taken to ensure this include:
• A secure electronic database of both your personal information (RIS – Radiology Information System) and images (PACS – Picture Archiving and Communication System) of any procedures performed by our practices.
• Dedicated back up / archive system of the RIS and PACS systems
• Database only accessible by persons requiring access to the database for the purpose of their employment eg: Medical Receptionist
• Hard copy storage in secure onsite and offsite storage facilities
• Hard Copy destruction using dedicated Third Party Secure Destruction Company.
• Staff Training regarding use of patient personal information and Privacy policy
• Regular review of policies and procedures.
Online Access to your Images and Reports
Southern Nuclear Imaging staff may provide your report to your referring physician via a secure electronic system. The system is encrypted and requires certificates at the referrers end to allow them to de-encrypt the report and download it into their patient management system.
We also provide online access to your images, via a secure website that requires secure login by users. Your referring physician may request access to your images via this method.
A third party specialist may also request access to these images for purposes relating to your medical treatment so we will acknowledge your consent through the Collection and Privacy Statement signed at the time of your examination.
You can also choose to have your images sent to you via electronic method, which would mean no hard copy images will be printed. These images are yours and may be used as you wish for your own personal use. You may also choose who gains access, by providing them with an email, QR code, webportal view and an access key to the images online. Images are accessed via a secure online cloud.
Your permission to use, send and disclose your records via these secure online / electronic methods will be sought by the Collection and Privacy Statement. Information will only be sent to your referring physician or third party treating specialist in relation to your healthcare. At any time, should you wish to withdraw this permission, or request us to seek permission each time, you may contact the practice or Administration Office to revoke the permission.
Access, corrections, and privacy concerns
The best way for you to obtain your medical imaging results is via your My Health Diary App in consultation with your referring practitioner. They will have your complete medical history and be best placed to diagnose you based on the clinical information they have in conjunction with the imaging information provided by us within our radiology report. The radiology report on its own may not provide a full diagnosis and may need to be interpreted and explained to you by your doctor.
If you wish to access hard copies of your medical imaging results, you are encouraged to make this request in writing to the relevant practice, and that practice will respond in a timely manner. There may be a fee for the administrative and printing costs of providing you with hard copies of your medical imaging results.
If you wish to access your historical medical imaging records, you are encouraged to make this request in writing, and the Practices and/or the Administration Office will respond within a reasonable time, usually 15 days. There may be a fee for the administrative costs of retrieving and providing you with copies of your historical medical imaging records.
We take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, the Practices and/or staff from the Administration Office will ask patients to verify the personal information held by us is correct and up to date. Patients may also request us to correct or update their information, and patients should make such requests in writing.
Complaints
We take complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing. We will then attempt to resolve it in accordance with our complaint resolution procedure. We will investigate the complaint and endeavour to respond as quickly as possible. If you feel your complaint has not been dealt with correctly or you are unsatisfied with the response, you may lodge a complaint to the Office of the Australian Information Commissioner (OAIC).
Southern Nuclear Imaging Privacy Officer
Margaret Monaghan
Phone: 1300 13 60 15
Email: margaretm@snig.com.au
Office of the Australian Information Commissioner (OAIC)
GPO Box 2999
Canberra ACT 2601
Ph: 1300 363 992
Email: enquiries@oaic.gov.au
Web: www.oaic.gov.au
Policy Review
This privacy policy will be reviewed regularly to ensure that it is in accordance with any changes that may occur. When amendment/s occur, we will notify you by posting an updated version of the policy at the Practices and on our websites.