Sunnybank Eye Doctors
Privacy Policy

1. Introduction

Our practice is committed to best practice in relation to the management of information we collect.  This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’).  This policy is to inform you of:

  • the kinds of information we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;

  • how we collect and hold personal information;

  • the purposes for which we collect, hold, use and disclose personal information;

  • how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a compliant;

  • whether we are likely to disclose information to overseas recipients. 

2. What kinds of personal information do we collect?

The type of information we may collect and hold includes:

  • Your name, address, date of birth, email and contact details

  • Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice;

  • Other health information about you, including

  • notes of your symptoms or diagnosis and the treatment given to you

  • your specialist reports and test results

  • your appointment and billing details

  • your prescriptions and other pharmaceutical purchases

  • your genetic information

  • your healthcare identifier

  • other information that may include information about your race, sexuality or religion. 

3. How do we collect and hold personal information?

We will generally collect personal information:

  • from you directly when you provide your details to us.  This might be via a face to face discussion, a telephone conversation, registration form or online form

  • from a person responsible for you

  • from third parties where the Privacy Act or other law allows it – this may include, but is not limited to: other members of your healthcare team, diagnostic providers, other medication practitioners, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme

4. Why do we collect, hold, use and disclose personal information?

In general we collect, hold, use and disclose your personal information for the following purposes:

  • to provide healthcare services to you

  • to communicate with you in relation to the health service being provided to you

  • to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation

  • to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems

  • to establish, exercise or defend an equitable claim

  • for the purpose of confidential dispute resolution process

  • for consultations with other doctors or health professionals involved in your healthcare

  • to obtain, analyse and discuss test results from diagnostic and pathology laboratories

  • for identification and insurance claiming

  • if you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system

  • Information may also be disclosed through an electronic transfer of prescriptions service

  • To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.

We may disclose your personal information to overseas recipients that may include, but are not limited to:

  • any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider);

  • overseas transcription services, although it is our practice preference and current practice to use Australian based services.

  • Anyone else to whom you authorise us to disclose it or unless there are exceptional circumstances that are permitted by law to share without your consent.  

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

5. How can you access and correct your personal information?

You have a right to seek access to, and correction of, the personal information which we hold about you.  Depending on the circumstances, where will incur costs in providing access we may charge a reasonable fee to cover the administrative costs to provide this to you.  If applicable, you will be advised of the fee upon receipt of your request and access will be provided following receipt of payment

You can request an amendment to any personal information in your record should you believe that it contains inaccurate information.  Such requests should be made in writing.  If we do not agree to change your personal information in accordance with your request you will be notified and we will permit you to make a statement of the requested changes and we will keep the request with your record.  

For details on how to access and correct your health record, please contact our practice as noted in the details on our letterhead above.  

We will normally respond to your request within 30 days and will advise you if this is not possible.  

6. How do we hold your personal information?

Our staff are trained and required to respect and protect your privacy.  We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure.  

Your personal information may be stored at our practice in various forms but principally as an electronic medical record as well as paper notes stored in lockable cabinets.

Our practice stores all personal information securely in electronic format in a protected information system.  

7. Digital interactions including our website

We may collect personal information from you when they use our website, interact with us through social media, or communicate with us by email. This information may include, but is not limited to, your name, contact details, and medical information. The personal information we collect is used to provide better care and improve our services.

We may use website analytics tools to track and analyse the use of our website. This helps us understand how our patients interact with our website and make improvements. Our website also uses cookies to store information and improve the user experience.

8.  Use of Artificial Intelligence (AI)

The doctors at our practice may use AI scribing services (such as Heidi, Lyrebird or iScribe) to assist them with taking clinical notes and/or generating documentation and the staff at the practice may access this to complete the administrative components of this. 

The only AI services used will comply with all relevant Australian privacy and security requirements.  

Your doctor will discuss the use of AI with you prior to your appointment commencing and obtain your consent.  You have the right not to provide consent and you may withdraw your consent at any time without affecting your ongoing clinical care.  

9. Privacy related questions and complaints

If you have any questions about privacy related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your compliant in writing (see our letterhead for contact details).  We will normally respond to your request within 30 days. 

If you are dissatisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Fax: 02 9284 9666

Post: GPO Box 5218 Sydney NSW 2001

Web: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

10. Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonyms, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.  

In medical practices it is largely impracticable to deal with patients anonymously or via a pseudonym.  The provision of appropriate health care services will likely be impacted, as will billing via Medicare or a health insurance.  Please discuss this with us if you feel it necessary.  

11. Updates to this policy

This policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments.  Updates will be publicised on the practice website.