Privacy Policy

How we collect, use, and protect your personal and health information.

Last Updated: 1 January 2024

Entity: Evans Road Medical Centre Pty Ltd | ABN: 99 615 140 988 | ACN: 615 140 988

1. Introduction

Evans Road Medical Centre Pty Ltd ("we", "us", "our") is committed to protecting the privacy and confidentiality of your personal and health information. This Privacy Policy outlines how we collect, use, store, disclose, and manage your information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records Act 2001 (Vic).

As a healthcare provider, we recognise the sensitive nature of health information and take our obligations seriously to ensure your information is handled appropriately at all times.

2. What Information We Collect

We may collect the following types of personal and health information:

  • Personal identification information: name, date of birth, address, phone number, email address, Medicare number, DVA number, health fund details, and emergency contact details.
  • Health information: medical history, current symptoms, diagnoses, treatment plans, test results, pathology reports, imaging results, medication records, immunisation history, allergies, and referral letters.
  • Sensitive information: health information (as defined under the Privacy Act), racial or ethnic origin where clinically relevant, and any other sensitive information you choose to provide.
  • Financial information: billing details, Medicare and health fund claims information, and payment records.
  • Website data: IP address, browser type, pages visited, and cookies when you use our website.

3. How We Collect Information

We collect information through:

  • Direct interactions with you during consultations, appointments, and registrations.
  • Patient registration forms and health questionnaires.
  • Referrals from other healthcare providers, hospitals, and specialists.
  • Pathology laboratories and diagnostic imaging providers.
  • My Health Record (if you have one and have not opted out).
  • Medicare and the Department of Veterans' Affairs.
  • Our website contact forms and appointment booking system.
  • Telephone and email communications.

Where practicable, we collect information directly from you. We will only collect information from third parties where it is necessary for your care or where you have provided consent.

4. Why We Collect and Use Your Information

We collect and use your personal and health information for the following purposes:

  • Providing you with medical care, treatment, and health services.
  • Managing your ongoing healthcare, including referrals to specialists and allied health providers.
  • Processing Medicare claims, health fund claims, and billing.
  • Communicating with you about appointments, test results, and follow-up care.
  • Meeting our legal obligations under health and privacy legislation.
  • Contributing to clinical audits, quality improvement, and accreditation processes.
  • Complying with mandatory reporting requirements (e.g., notifiable diseases).
  • Participating in the My Health Record system where applicable.

5. Disclosure of Your Information

We may disclose your personal and health information to:

  • Other healthcare providers involved in your care (specialists, hospitals, allied health practitioners, pharmacists) with your consent or where necessary for your treatment.
  • Pathology laboratories and diagnostic imaging providers.
  • Medicare, the Department of Veterans' Affairs, and health funds for billing and claims purposes.
  • Your nominated emergency contacts where clinically appropriate.
  • Government agencies as required by law (e.g., notifiable disease reporting, mandatory reporting of child abuse).
  • Our practice software providers and IT support, who are bound by strict confidentiality agreements.
  • Accreditation bodies for quality assurance purposes (in de-identified form where possible).

We will not disclose your information to any other party without your consent unless required or authorised by law.

6. Health Records and My Health Record

We maintain health records in accordance with the Health Records Act 2001 (Vic) and applicable professional standards. Your health records are retained for a minimum of:

  • Adults: 7 years from the date of the last entry.
  • Children: Until the patient turns 25 years of age, or 7 years from the last entry, whichever is longer.

If you have a My Health Record, we may upload shared health summaries, prescriptions, and other documents to your record. You can manage your My Health Record settings, including restricting access, through the My Health Record website or by contacting us.

7. Storage and Security

We take reasonable steps to protect your personal and health information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • Secure electronic medical record systems with access controls, password protection, and audit trails.
  • Physical security measures for paper-based records, including locked storage and restricted access areas.
  • Staff training on privacy obligations and information security procedures.
  • Encryption of data transmitted electronically where appropriate.
  • Regular review of security practices and systems.
  • Confidentiality agreements with third-party service providers.

8. Your Rights

Under the Privacy Act and Health Records Act, you have the right to:

  • Access your health records: You may request access to your health information held by us. We will respond to your request within 30 days. A reasonable fee may apply for providing copies of records.
  • Request corrections: If you believe your personal or health information is inaccurate, incomplete, or out-of-date, you may request a correction.
  • Withdraw consent: You may withdraw your consent for certain uses or disclosures of your information at any time, noting that this may affect our ability to provide you with care.
  • Make a complaint: If you believe your privacy has been breached, you may lodge a complaint with us, the Office of the Australian Information Commissioner (OAIC), or the Health Complaints Commissioner (Victoria).

9. Telehealth and Electronic Communications

Where we provide telehealth consultations or communicate via electronic means (email, SMS), we take reasonable steps to ensure your information is transmitted securely. However, we cannot guarantee the security of information sent via email or SMS. For sensitive matters, we recommend contacting us by phone or attending in person.

10. Website and Cookies

Our website (evansroadmedicalcentrepty.site) may use cookies and similar technologies to improve your browsing experience and analyse website usage. Cookies do not identify you personally. You can adjust your browser settings to refuse cookies, though this may affect the functionality of our website.

11. Notifiable Data Breaches

In accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act, we will notify the OAIC and affected individuals if a data breach is likely to result in serious harm. We have procedures in place to detect, contain, and respond to data breaches promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be made available on our website and at our practice. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your information, or have a privacy concern or complaint, please contact us:

Evans Road Medical Centre Pty Ltd

Privacy Officer

Victoria (VIC), 3977

Email: ceo@evansroadmedicalcentrepty.site

Website: evansroadmedicalcentrepty.site

If you are not satisfied with our response, you may lodge a complaint with:

  • Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | Phone: 1300 363 992
  • Health Complaints Commissioner (Victoria): www.hcc.vic.gov.au | Phone: 1300 582 113