PRIVACY POLICIES
Please find the following policies and disclaimers below:
​
Website Privacy, Security and Disclaimer
Privacy Policy
Download our privacy policy: Privacy Policy
​
For further information about our Privacy Policy, contact Manager, Corporate Services by email info@thcfa.org.au or via phone on (02) 4924 8046.
​
Website cookies
Cookies are small amounts of information sent from a web server to your browser and stored on your computer's hard drive. They contain information about such things as the Internet sites you have visited. Cookies can be either 'persistent' or 'session' based. Persistent cookies are stored on your computer, contain an expiration date, and may be used to help this website recognise you if you return. Session cookies are short-lived, are used only during a browsing session, and expire when you quit your browser.
​
This website uses both persistent and session-based cookies. For example, when you first log on to the site a cookie is generated to track the session. Likewise, when you are asked to supply personal information for a particular purpose, a cookie is generated to show which records are visible to you and which are not. Nothing that could identify an individual is stored.
​
Copyright Notice
Copyright in the material which appears on the Rural and Remote Medical Services Ltd (The Foundation) website is subject to the operation of the Copyright Act 1968, vested in the Crown in the right of the State of NSW.
​
In keeping with The Foundation’s commitment to encouraging the availability, dissemination and exchange of information (and subject to the operation of the Act), the material which appears on the Foundation site can be reproduced for personal, in-house or non-commercial use, without formal written permission from The Foundation.
​
In the event that the information which appears on the Foundation site is to be reproduced, altered, stored or transmitted for a purpose other than personal, in-house or non-commercial use, an application for formal permission must be made in writing to The Foundation at the following address:
​
Manager – Corporate Services
Healthy Communities Foundation Australia Ltd
PO Box 563
WALLSEND NSW 2287
Tel: 02 4924 8046 | Fax: 02 4924 8010 | info@thcfa.org.au
​
Please note that copyright in the materials appearing at Internet sites linked to this website belongs to the author of those materials, or the author's licensee (subject to the operation of the Copyright Act 1968). The Foundation cannot and does not grant permission or authority in respect of the copyright in the materials appearing at third-party Internet sites, and recommends that the copyright statements at those sites are referred to before making use of the materials.
Website Disclaimer
-
Use of the information and data contained within this site is at your sole risk.
-
If you rely on the information on this site you are responsible for ensuring by independent verification its accuracy or completeness.
-
If you use automatic language translation services in connection with this site you do so at your own risk.
-
The information and data on this site is subject to change without notice. The Foundation may revise this Disclaimer at any time by updating this posting.
-
The Foundation, its affiliates, officers and employees:
-
make no representations, express or implied, as to the accuracy of the information and data contained on this site
-
make no representations, express or implied, as to the accuracy or usefulness of any translation of the information on this site or any linked site into another language
-
accept no liability for any use of the said information and data or reliance placed on it (including translated information and data)
-
make no representations, either expressed or implied, as to the suitability of the said information and data for any particular purpose
-
make no warranties that the said information and data is free of infection by computer viruses or other contamination
-
do not sponsor, endorse or necessarily approve of any material on sites linked from or to this site
-
do not make any warranties or representations regarding the quality, accuracy, merchantability or fitness for purpose of any material on sites linked from or to this site
-
do not make any warranties or representations that material on other web sites to which this site is linked does not infringe the intellectual property rights of any person anywhere in the world; and
-
do not authorise the infringement of any intellectual property rights contained in material in other sites by linking this Site to those other sites.
-
-
the Foundation does not have control of the content or policies of other sites which are linked to the The Foundation website. Those website owners are responsible for the content of those sites and the privacy of the information they collect and will have separate privacy and data collection practices. We are not liable for these independent policies.​
-
-
7. By using our website you consent to the collection and use of the information you provide to us.
Linking to this Site
You may link to this site, but permission is restricted to making a link without any alteration of the site's contents. Permission is not granted to reproduce, frame or reformat the files, pages, images, information and materials from this Site on any other site unless express written permission has been obtained from the Foundation. The Foundation reserves the right to prevent linking by giving notice.
Client Privacy Policy & Disclaimer
Current as of 1 August 2021
PRIVACY AND PATIENTS
Introduction
This Privacy and Disclaimer Policy is to provide information to you, our patients, on how your personal information (which includes your health information) is collected and used, and the circumstances in which we may share it with third parties.
Our patient health records contain an accurate and comprehensive record of all interactions with our patients. The patient health record is information held about a patient, whether in paper or electronic form.
​
Only relevant medical information is included in referral letters.
​
Why and when is your consent necessary?
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
​
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).
What personal information do we collect?
The information we will collect about you includes your:
-
names, date of birth, addresses, contact details
-
medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
-
Medicare number (where available) for identification and claiming purposes
-
healthcare identifiers
-
health fund details.
Do we deal with patients anonymously?
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
Our practice may collect your personal information in several different ways.
-
When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
-
During the course of providing medical services, we may collect further personal information e.g. through electronic transfer of prescriptions (eTP), My Health Record Shared Health Summary or Event Summary.
-
We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
-
In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
-
your guardian or responsible person
-
other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
-
your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom do we share your personal information?
We sometimes share your personal information for primary or secondary purposes:
-
with third parties who work with our practice for business purposes, such as accreditation agencies, Primary Health Networks, a State Health Department or information technology providers – – these third parties are required to comply with the Australian Privacy Principles and this policy
-
with other healthcare providers
-
when it is required or authorised by law (e.g., court subpoenas)
-
when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
-
to assist in locating a missing person
-
to establish, exercise or defend an equitable claim
-
for the purpose of confidential dispute resolution process
-
when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
-
during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).
Only people who need to access your information will be able to do so. Other than providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
Do you share de-identified data?
The Foundation may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data. We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia.
​
De-identified data is health data about you that is not connected in any way with your name, contact details or other information that could identify you. That means that you cannot be identified using this data.
We share de-identified patient data with the Commonwealth Government’s Primary Health Networks and the NSW Health Intelligence Unit “Lumos” Initiative to assist the Government to plan for the health needs of our communities and to evaluate the effectiveness of programs and strategies. From time to time, we will share de-identified information with universities or research centres for the purpose of conducting research into public health issues.
​
The sharing of de-identified data is one way in which the Foundation supports its communities by enabling appropriate research into population health and to ensure our communities receive appropriate resourcing and services.
​
If you do not wish your de-idenfitied data to be shared you can contact:
Manager Corporate Services
PO Box 563
WALLSEND NSW 2287
Email: info@thcfa.org.au
Telephone: (02) 4062 8900
​
and request that your details are marked not to be shared.
How do we store and protect your personal information?
Your personal information may be stored electronically as documents, electronic records, audio recordings or visual records on a secure cloud server located on the internet or in our practice. Doctors may also retain written notes that are transferred to our electronic record systems as soon as possible and the written record is then destroyed. Our practice stores various forms of personal health information such as: paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings.
Some of our practices use a hybrid patient health record system whereby a note of each consultation/interaction is made in each system, and that record includes where the clinical notes are recorded.
How do we secure your personal information?
We require a unique password to enable access by staff and approved contractors to our computer systems. Two factor authentication (2FA) is required for certain staff.
Physical records are stored in secure cabinets.
Directors, staff and contractors must acknowledge in writing agreement to the Foundation Code of Conduct which includes a requirement that personal information is kept confidential.
How do we deal with request for access to personal information?
You have the right to request access to, and correction of, your personal information.
We require you to put this request in writing addressed to the Manager, Corporate Services at the following:
Manager Corporate Services
PO Box 563
WALLSEND NSW 2287
Email: info@thcfa.org.au
Telephone: (02) 4062 8900
Do we charge you for making a request for personal information?
You will not be charged for making a request.
Do we charge you for processing your request for personal information?
You will be charged for the cost of processing the request. We will calculate the charge for access to your personal information based on the amount of work needed to process your request. This may include:
​
-
search, retrieval, supervised inspection, decision-making and information correction - $50 per hour
-
cost of postage or delivery – at cost
-
photocopying - 15 cents a page
-
transcript - $10 per page
When you receive the notice stating the charge, you have 30 days to respond in writing. Your response will be one of the following:
-
you agree to pay the estimated charge
-
you dispute the way they calculated the estimated charge and want a reduction in the charge
-
you will change your request to reduce the work needed to process it
-
you withdraw your request
If you change your request we will let you know, in writing, of the new estimate of charges. If you don’t respond within 30 days, your request is taken to have been withdrawn.
Will we correct personal information that is not accurate or is out of date?
We will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current.
How do we deal with privacy concerns?​
We take complaints and concerns regarding privacy seriously. If you have any concerns about your privacy you may write to:
Manager Corporate Services
PO Box 563
WALLSEND NSW 2287
Email: info@thcfa.org.au
Telephone: (02) 4062 8900
We will aim to respond to your written concern within 30 days.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate.
For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
​
PRIVACY AND WEB SITE USERS
What personal information do we collect about you?
The type of personal information that we collect from you will depend on how you use our website. You can be certain that the information we receive about you will be treated as strictly confidential.
​
Why do we collect your personal information?
We may collect information about you when you use our websites to:
-
fulfil your request
-
understand the number of hits the website receives
-
keep track of the domains from which this site is accessed
-
determine what our users are interested in
-
ensure as far as practical, that our websites and applications are compatible with the browsers and operating systems used by most of our users.
-
Conduct patient satisfaction surveys
-
Support strategic development
If you believe that any information that we hold about you is inaccurate or out of date, please contact us.
Do we use cookies?
To enable our systems to recognise your browser or device and to provide the Foundation services we use cookies. When you use our websites you will be asked whether you agree to us collecting information through the use of cookies.
​
We use cookies, pixels, and other similar technologies (collectively, “cookies”) to recognise your browser or device, learn more about your interests, provide you with essential features and services, and for additional purposes, including:
-
recognising you when you sign in to use our offerings. This allows us to provide you with recommendations, display personalised content, and provide other customised features and services.
-
keeping track of your specified preferences.
-
conducting research and diagnostics to improve our offerings.
-
preventing fraudulent activity.
-
improving security.
-
reporting. This allows us to measure and analyse the performance of our offerings.
​
Some cookies persist between sessions on our web site and services.
What types of information do we collect using cookies?
Examples of the information we automatically collect through cookies include:
-
Network and connection information, such as the Internet protocol (IP) address used to connect your computer or other device to the Internet and information about your Internet service provider
-
Computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system, or time zone setting
-
The location of your device or computer
-
Authentication and security credential information
-
Content interaction information, such as content downloads, streams, and playback details, including duration and number of simultaneous streams and downloads
-
The full Uniform Resource Locators (URL) clickstream to, through, and from our site (including date and time) and the Foundation Health content you viewed or searched for including page response times, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs)
​
Can you change the type of information we collect yourself?
You can change your cookie preferences at any time by clicking cookie preferences in the footer of the Foundation web site. You can also manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to remove cookies from your device, prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. Check the support site for your browser to understand privacy settings available to you.
Do we allow third party cookies?
We embed certain features from third parties on our sites such as the Heart Foundation Heart Health Check, HealthDirect Symptom Checker and Medication Checker etc to assist with your health care. Third parties may set cookies if you engage with those features.
Third parties including search engines, providers of measurement and analytics services, social media networks, and advertising companies may also use cookies in the process of directing you to the Foundation web site or practices and delivering content, including ads relevant to your interests, to measure the effectiveness of their ads, and to perform services.
Under what circumstances will we disclose information about you?
It is our policy not to sell or pass on any personal information that you may have provided to us unless we have your express consent to do so. An exception to this is where we may be required by law to disclose certain information.
We will preserve the contents of any email or secure message that you send us if we believe that we have a legal requirement to do so.
What are the rules about links to or from this website?
The existence of external links on our websites does not constitute endorsement, sponsorship, approval of, or affiliation with, another person unless the party providing the relevant link is authorised in writing to do so.
If you access this site via an external link, you do so at your own risk. While information and third-party information contained on this site has been presented with all due care, we do not warrant or represent that the information or the third party information, will remain unchanged after the date of publication and is free from errors or omissions. It is your responsibility to make own investigations, decisions and enquiries about the information retrieved from other internet sites.
What happens when I make an appointment online using HotDoc?
The Foundation has an agreement with an external provider Hotdoc for the management of patient bookings. The patient application does not have direct contact to the Foundation and only connects to Hotdoc's secure cloud servers. All communication between the Hotdoc cloud server and the Foundation is encrypted using 128bit SSL encryption. Hotdoc only handles data relating to the patient appointment and no other sensitive patient records are used or stored on the Hotdoc system. http://www.hotdoc.com.au provides the Terms of Service for the Hotdoc application.
Other correspondence
Correspondence
Electronic information (e.g. specialist letters and pathology) are transmitted over the public network in an encrypted format using secure messaging software.
Incoming mail is opened in the reception phone room. Items for collection or postage are left in a secure area not in view of the public. Outgoing mail is personally delivered to Australia Post.
Facsimile
Facsimile, printers and other electronic communication devices in the practice are located in areas that are only accessible to the practice team.
All faxes containing confidential information are sent to fax numbers after ensuring the recipient is the designated receiver.
Fax transmission reports are kept as evidence that the fax was sent.
The practice uses a fax disclaimer notice on outgoing faxes. It says:
YOU MUST READ THIS NOTICE
​
This facsimile is confidential and may contain private and legally privileged information. You should not read, copy, use or disclose it without authorisation. If received in error, please contact us at once at info@thcfa.org.au and then delete the facsimile. Any personal information in this email must be handled in accordance with the Privacy Act 1988 (Cth).
Emails
Emails are sent via various nodes and are at risk of being intercepted.
​
Patient information may only be sent via email if it is securely encrypted according to industry and best practice standards, unless the patient has formally consented to their health information being sent by unsecure email. The practice uses an email disclaimer notice for emails. It says:
​
YOU MUST READ THIS NOTICE
This email message and any attachments are confidential and may contain legally privileged information. You should not read, copy, use or disclose it without authorisation. If received in error, please contact us at once by return email and then delete all emails and attachments. You should check this email for viruses or defects. Our liability is limited to resupplying any affected message and attachments. Any personal information in this email must be handled in accordance with the Privacy Act 1988 (Cth).
SMS
The practice’s clinical software and the Hotdoc system provides us the ability to contact patients via SMS. SMS is used to send links to electronic patient history forms, remind patients of appointments, unexpected appointment changes (e.g. doctor sick), test results, patient feedback and survey forms, recalls for follow ups, updates on flu vaccinations and other health issues, to provide health information and other information about the practice. Patients may opt-out of receiving SMS notifications.
​
Changes to this statement
From time to time, we may make changes to the Client Privacy and Disclaimer Policy. This may be in relation to changes in the law, best practice or changes in our services. These changes will be reflected in this statement, so you should check here from time to time. Our website and practice waiting rooms display our privacy policy.
​
Survey Policy
As part of its work the Healthy Communities Foundation Australia Ltd actively seeks to engage with rural, remote and Indigenous Australians to understand their views, needs and expectations. One mechanism the Foundation uses to do that is surveys.
​
Survey answers are usually conducted electronically through one of the Foundation’s websites or social media pages. This document sets out how we will use, store and disclose the information you provide when you respond to a survey.
1 Use, Storage and Disclosure of Survey answers
1.1 Use of Survey Answers
Survey answers will be used to inform internal planning for health service delivery, reporting on performance, the design of new services, submissions to the Government and advocacy on behalf of rural, remote and Indigenous communities.
​
Surveys may also be used for reporting on rural and remote health, and for the promotion and utilisation of any report.
​
For example, if you have been asked to provide comments we may quote your answers in a report or promotional material. If we do this we will not use your name or address or any other information that could identify you unless we get your permission.
​
(a) Name and address
The Foundation normally does not ask for your name and email address in its surveys to protect your privacy and confidentiality. We know that rural, remote and Indigenous people are sometimes worried about having their say in case this may result in a negative reaction.
​
Generally we will only ask for general information such as your postcode, gender and Aboriginality to make sure that we are getting the views of a cross-section of rural, remote and Indigenous communities and can see if different rural groups have different views on issues in the survey.
​
If we do ask for your name and address it is so we can ensure that we do not have multiple responses from individuals, and in order to follow up with you about your responses. The only people who will have access to your name, email address, and other personally identifiable information are the survey coordinator, who’s name will be provided in the survey invitation, and any research team working directly with that person on the particular project.
​
(b) Verification
The Foundation reserves the right not to use information submitted by any individual where it appears in the Foundation view that the information is false, inaccurate or is otherwise involved in any way in manipulating, interfering or tampering with the information submitted to the Foundation.
​
(c) Publicity
By providing a survey answer you consent to the Foundation using your de-identified information (that is the responses you provide without any information identifying who you are) in any media for an unlimited period of time without remuneration for the purpose of furthering the aims of the survey (including any outcome) and/or promoting any products or services, distributed and/or supplied by the Foundation in connection with the survey.
​
1.2 Storage of Survey Answers
The Foundation usually stores your survey answers and personal information on its databases in Australia and will keep that information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and Australian Privacy Principles (APPs). For more information on this see the Foundation Privacy Policy.
​
(a) Offshore storage
The Foundation uses SurveyMonkey for the collection, aggregation and analysis of survey data. The information collected in these surveys is transmitted and stored securely in the United States and is accessed by the Foundation in accordance with this Survey Policy and SurveyMonkey’s terms of use. You can access SurveyMonkey’s terms of use here. We will always make it clear when we use SurveyMonkey.
​
You may decline to provide this information by not responding to these surveys. If you do provide a survey answer you consent to storage of your survey answer offshore (outside of Australia). This means that once you have chosen to participate in the survey the Foundation will not have an obligation to take reasonable steps to ensure that SurveyMonkey does not breach the Australian Privacy Principles in relation to personal information that is given to SurveyMonkey. You can access SurveyMonkey’s privacy policy here.
2 Privacy
The Foundation is committed to protecting your privacy. If the Foundation collects any personal identifiable information and/or sensitive information through its surveys you consent to the Foundation collecting, using and disclosing that information in accordance with this policy.
3 Copyright
Ownership of all survey answers received by the Foundation remains vested with the respective author(s) of the survey answer.
​
However, in participating in a survey for the Foundation, you grant a permanent, irrevocable, royalty-free licence to allow the Foundation to use, reproduce, publish, adapt, perform or communicate to the public any of your survey answers on the Foundation website, including converting any of your survey answers into a different format.
​
To the extent that your survey answers contain material that is owned by a third party, you warrant that you have obtained all necessary licences and consents required for the use of those materials (including for the Foundation to use, reproduce, publish, perform or communicate to the public), and have made arrangements for the payment of any royalties or other fees payable in respect of the use of such material.
​
4 Limitation of liability
The Foundation is not responsible or liable to any person for any loss, damage or injury (economic, consequential or otherwise) suffered or allegedly suffered as a result of the use of information provided to the Foundation in response to the survey or the inquiry more generally, except for any liability which cannot be excluded by law.
​
5 Participation in surveys by children and young people
The Foundation values the opinions of children and young rural, remote and Indigenous people and acknowledges their rights to express their views.
​
Due to legislative requirements in the United States of America, where SurveyMonkey is based, and concerns about the privacy of children, SurveyMonkey do not allow children to participate in surveys which they conduct on behalf of the Foundation. Therefore, children and young people under the age of 15 may not participate in surveys conducted by SurveyMonkey on behalf of the Foundation. the Foundation will notify potential participants when they are using SurveyMonkey.
​