Patient Privacy

Miranda Day Surgery is committed to protecting the privacy of the personal information and sensitive information which it collects and holds.

Miranda Day Surgery must comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and other privacy laws (including the Health Records and Information Privacy Act 2002 (NSW)) which govern the way in which the organization hold, use and disclose personal information (including your sensitive information).

The purpose of this Privacy Policy is to explain:

  1. the kinds of information that Miranda Day Surgery may collect about you and how that information is held;
  2. how Miranda Day Surgery collects and holds personal information;
  3. the purposes for which Miranda Day Surgery collects, holds, uses and discloses personal information;
  4. how you can access the personal information Miranda Day Surgery holds about you and seek to correct such information; and
  5. the way in which you can complain about a breach of your privacy and how Miranda Day Surgery will handle that complaint.

DEFINITIONS

In this Privacy Policy the following terms have the following meanings

Health information is:

  • personal information or an opinion about:
    1. an individual’s physical or mental health or disability (at any time);
    2. an individual’s express wishes about the future provision of health services for themselves; or
    3. a health service provided, or to be provided, to an individual;
  • other personal information collected to provide, or in providing, a health service;
  • other personal information about an individual collected in connection with the donation or intended donation, by the individual of his or her body parts, organs or body substances.

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and
  2. (f)  whether the information or opinion is recorded in a material form or not;

Sensitive information means personal information or opinion about an individual’s:

  1. racial or ethnic origins;
  2. political opinions or political associations;
  3. philosophical beliefs or religious beliefs or affiliations;
  4. sexual preferences or practices; or
  5. criminal record; or
  6. health information about an individual; or
  7. genetic information about an individual that is not otherwise health information.

 

POLICY

Collection and use of personal information

Types of personal information collected by Miranda Day Surgery

  1. (a)  Patients/residents/clients/research participants

Miranda Day Surgery collects information from you which is necessary to provide you with health care services or to enable you to participate in research studies. This includes collecting personal information such as your name, address, your health history, family history, past and current treatments, lifestyle factors, and any other information which is necessary to assist the health care team in providing appropriate care, or our research team in conducting its research.

  1. (b)  Visiting Medical Officers (VMOs), students, contractors and volunteers

Miranda Day Surgery collects information from you which is necessary to properly manage and operate its business. This includes collecting personal information such as your name, address, professional experience, qualifications and past employers, and any other information which may be necessary to appropriately conduct its business.

  1. (c)  Job applicants

Miranda Day Surgery collects information from you which is necessary to assess and engage applicants. This includes collecting personal information such as your name, address, professional experience, qualifications, references and past employers, and any other information which is necessary to process your job application.

  1. (d)  Education and community engagement

Miranda Day Surgery may offer opportunities for health practitioners to participate in educational events or seminars for the purpose of continuing professional development or community engagement.  When you register for or attend an event, Miranda Day Surgery may collect your personal information for the purpose of providing the service and recording your attendance.

Miranda Day Surgery may disclose your personal information to third parties for the purpose of confirming your attendance at the event including the provision of attendance records or certification.  With your express consent, we may use your information for other purposes such as including you on a marketing mailing list, research, to promote Miranda Day Surgery goods and services and to improve and personalize our service offerings.

How we collect personal information

We will usually collect your personal information directly from you, however sometimes we may need to collect information about you from third parties, such as:

  1. relatives;
  2. another health service provider;
  3. past employers and referees.

We will only collect information from third parties where:

  • you have consented to such collection;
  • such collection is necessary to enable us to provide you with appropriate health care services;
  • such collection is reasonably necessary to enable us to appropriately manage and conduct our business (such as in assessing applications for accreditation from VMOs); or
  • it is legally permissible for us to do.

Miranda Day Surgery will only collect information which is necessary to provide you with health care services or appropriately manage and conduct our business.


How Miranda Day Surgery uses your personal information

Miranda Day Surgery only uses your personal information for the purpose for which it was collected by Miranda Day Surgery (primary purpose), unless:

  • there is another purpose (secondary purpose) and that secondary purpose is directly related to the primary purpose, and you would reasonably expect, or Miranda Day Surgery has informed you, that your information will be used for that secondary purpose;
  • you have given your consent for your personal information to be used for a secondary purpose; or
  • Miranda Day Surgery is required or authorised by law to use your personal information for a secondary purpose (including for research and quality improvements within Miranda Day Surgery).

For example, Miranda Day Surgery may use your personal information to:

  • provide health care services to you;
  • provide any ongoing health related services to you;
  • appropriately manage our business, such as assessing insurance requirements, conducting audits, and undertaking accreditation processes;
  • assist it in running our hospital business, including quality assurance programs, invoicing, billing and account management, including storage of provider details on Miranda Day Surgery’s billing software, improving its services, implementing appropriate security measures, conducting research and training personnel; and
  • effectively communicate with third parties, including Medicare Australia, private health insurers, Workers’ Compensation insurers and Department of Veterans’ Affairs.

Complete and accurate details

Where possible and practicable, you will have the option to deal with Miranda Day Surgery on an anonymous basis or by using a pseudonym. However, where we are providing health services to you we must be able to identify you using your full name and date of birth as risks to patient safety occur when there is a mismatch between a given patient and components of their care, whether these components are diagnostic, therapeutic or supportive. This is a requirement of the National Safety and Quality Health Service Standards, which Miranda Day Surgery must comply with.

If the personal information you provide us is incomplete or inaccurate, or you withhold personal information, we may not be able to provide the services or support to you are seeking, or deal with you effectively. This may occur where you have dealt with us on an anonymous basis or by using a pseudonym.


CCTV

Miranda Day Surgery uses camera surveillance systems (commonly referred to as CCTV) for the purposes of maintaining safety and security of its patients, personnel, visitors and other attendees. Those CCTV systems may also collect and store personal information and Miranda Day Surgery will comply with all privacy legislation in respect of any such information.

 

EXPECTED OUTCOME

Miranda Day Surgery will manage patient information in accordance with, and comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and other privacy laws (including the Health Records and Information Privacy Act 2002 (NSW)) which govern the way in which the hospital holds, uses and disclose personal information (including your sensitive information).

 

PROCEDURE

Disclosing your personal information

Miranda Day Surgery will confine its disclosure of your personal information to the primary purpose for which that information has been collected, or for a related secondary purpose. This includes when disclosure is necessary to provide services to you, assist us in running our Day Surgery, or for security reasons.

We may provide your personal information to:

  • third parties involved in your care, such as:
  • pathologists and radiologists who have been asked to undertake diagnostic testing;
  • senior medical experts and specialists who have been asked to assist in diagnosis or treatment;
  • other health professionals involved in an individual’s further treatment (such as physiotherapists and occupational therapists);
  • general practitioners (for example, by providing discharge summaries);
  • government agencies, such as Department of Defence or Department of Veterans Affairs, where an individual is receiving services with Miranda Day Surgery under arrangements with those agencies;
  • government departments responsible for health, aged care and disability where Miranda Day Surgery has a legal or contractual obligation to do so;
  • relatives, close friends, guardians (unless Miranda Day Surgery have been told otherwise);
  • third parties contracted to provide services to Miranda Day Surgery, such as entities contracted to assist in accreditation or survey processes;
  • chaplains associated with Miranda Day Surgery so that an individual may receive pastoral care during admission;
  • private health insurance providers, Workers’ Compensation insurers and Medicare Australia;
  • your employer and workers compensation insurers where you have consented to us corresponding with them such as in relation to a workers compensation claim;
  • the motor accidents authority as required by law or where you have consented;
  • anyone authorised by you to receive your personal information (your consent may be express or implied);
  • Miranda Day Surgery is required by law to disclose your personal information to which may include the police, NSW Ombudsman, and Privacy Commissioner.

Disclosure to External Service Providers

Where permissible under the privacy laws we may disclose personal information to third parties who provide services to you or to Miranda Day Surgery and who may use, process and store that information overseas. For example, where your private health insurer is located overseas we may need to provide your personal information to the private health insurer in the country in which it is located.


Data storage, quality and security

Data quality: Miranda Day Surgery will take reasonable steps to ensure that your personal information which is collected, used or disclosed is accurate, complete and up to date.

Storage: All your personal information held by Miranda Day Surgery is stored securely in either hardcopy or electronic form, and may be stored at an offsite storage location contracted to Miranda Day Surgery.

Data security: Miranda Day Surgery strives to ensure the security, integrity and privacy of personal information, and will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Miranda Day Surgery reviews and updates (where necessary) its security measures in light of current technologies.

Online transfer of information: While Miranda Day Surgery does all it can to protect the privacy of your personal information, no data transfer over the internet is 100% secure. When you share your personal information with Miranda Day Surgery via an online process, it is at your own risk.


Accessing and amending your personal information

You have a right to access your personal information which Miranda Day Surgery holds about you. If you make a request to access your personal information, we will ask you to verify your identity and specify the information you require.

You can also request an amendment to any of your personal information if you consider that it contains inaccurate information.

 

You can contact Miranda Day Surgery about any privacy issues as follows:

Practice Manager
Miranda Day Surgery
Suite 25, 20-24 Gibbs St
Miranda, NSW 2228

Ph:  02 9525 8669
Fax: 02 9525 3086

While Miranda Day Surgery aims to meet all requests to access and amendments to personal information, there may be some instances where Miranda Day Surgery is unable to do this where it may adversely affect your health and safety or the safety of others.

Subject to applicable laws, Miranda Day Surgery may destroy records containing personal information when the record is no longer required.

 

Complaints

If:

  1. Miranda Day Surgery does not agree to provide you with access to your personal information; or
  2. You have a complaint about information handling practices,

You can lodge a complaint with or contact our Privacy Officer on the details above or directly with the Office of the Australian Information Commissioner.  Full contact details can be found on the website www.oaic.gov.au.

 

REFERENCES

Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)

Health Records and Information Privacy Act 2002 (NSW)

Office of the Australian Information Commissioner www.oaic.gov.au