GREENWAY MEDICAL HUB – PRIVACY POLICY


Your medical record contains information about your individual health and healthcare that is required for the delivery of effective care to you by your Healthcare Practitioner. It may include (without limitation) your medical history, your medication history, your vaccination history, your family history, progress notes, clinical findings, diagnostic test results and correspondence from specialists and allied health practitioners.


Our Clinics do not record, duplicate, transcribe or store any audio/visual recordings of your medical consults. In instances where your treating Healthcare Practitioner independently chooses to make such recordings, any informed consent you provide to your Healthcare Practitioner for recording and transcribing the recording will automatically extend to include consent for our Clinics to store that recording and/or transcription. Such storage will be conducted in accordance with this privacy policy, applicable privacy laws and medical record requirements.


INTRODUCTION

GREENWAY MEDICAL HUB and its subsidiaries manage medical centres on behalf of the Medical Practitioners and other health service providers who operate their practice from our centre. We provide the administrative and non-medical services that those Healthcare Practitioners need to provide you with medical or other health services.


GREENWAY MEDICAL HUB and its subsidiaries and related bodies are committed to protecting the privacy of personal information provided to Us and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and relevant State and Territory privacy legislation.


Where we refer to "personal information" or "health information" in this Policy, we are referring to any information that is personal information under the Privacy Act. Such information includes information about an individual's health, disability, a health service provided or to be provided, as well as information or opinion about an individual's illness, injury or disability. This Policy outlines how we collect, use, disclose and store your personal information and lets you know how you can access that information. Please read this Policy carefully and contact us using the details below if you have any questions.


CONSENT

By providing personal information, you consent to us collecting, using, storing and disclosing your personal information in accordance with this Policy or as required or permitted by law. If you continue using our services, then we will treat your use as your consent to us handling your personal information in accordance with this Policy.


COLLECTION

We only collect information that is necessary and relevant to enable Us to provide you with access to medical care, treatment, to provide educational services to the medical community and to manage Our practice.


We may also collect your information where you apply for a position with Us to assess your application or when you are employed or contract to us, to manage that relationship.


If you choose not to provide information as requested, we may not be able to service your needs.


This information may include your name, address, date of birth, gender, health information, family history and contact details and any other information to assist Us in providing you access to Services and for us to administer those Services.


This information may be stored by your treating Healthcare Practitioner and/or by Us at the medical centre where you are treated or electronically on Our central electronic database of medical records and/or in handwritten medical records.


Where you have applied for a position with Us, this can include the use of third-party sites or applications managed by third parties to support the recruitment and your personal information may be stored on those sites or in those applications. We may also store your personal information in our own systems including our Customer Relationship Management system with some of those systems being facilitated or managed by third party providers.


We may hold your personal information on Our central electronic database to allow each of Our Clinics to access your personal information and provide you with appropriate medical care.


We collect information in various ways, such as over the phone or in writing, in person (including patient registration forms), through Our website or over the internet or email if you transact with Us online. We may also collect information via mobile applications or third-party applications. This information may be collected by medical and non-medical staff.


Wherever practicable your treating Healthcare Practitioner and/or We will only collect information from you personally (or as relevant your guardian or legal representative). However, your treating Healthcare Practitioner or We may also need to collect personal information from other health providers, such as treating specialists, radiologists, pathologists, hospitals and other health care providers, to enable Us to provide you access to Services.


Our Clinics utilise Best Practice Premier Medical Software. The referral templates generated automate the listing of your health information including medical history, medication and allergies. This information is editable and any sensitive information can be removed from the summary at your treating Healthcare Practitioner's discretion. The same is also true when including relevant results as part of any referral generated by your treating Healthcare Practitioner. Your treating Healthcare Practitioner can choose to include only the relevant results within your referral. At the time that your Healthcare Practitioner records a medical condition into your past medical history, there is an option for your Healthcare Practitioner to mark it confidential. If your Healthcare Practitioner marks it confidential, the referral template will not include those marked conditions in the automated list that it generates in the document.


In emergency situations We may also need to collect information from your relatives or friends. We may be required by law to retain medical records for certain periods of time depending on your age at the time We provide services. We sometimes receive unsolicited personal information. In circumstances where we receive unsolicited personal information that relates to another Healthcare Practitioner, where identifiable, we will forward this information to that Healthcare Practitioner and/or the relevant Centre and use best endeavours to remove the unsolicited personal information from our system.


USE AND DISCLOSURE

We will treat your personal information as strictly private and confidential. We will use and disclose your personal information only for purposes directly related to your care and treatment, or in ways that you would reasonably expect that We may use it for your ongoing care and treatment or as otherwise required or permitted by law, including to provide medical services or to provide reminders to you.


If you have applied for a position with Us or have accepted a position, we will use that personal information to manage the recruitment process and if you have a position with Us, to manage the relationship. This may include disclosing your personal information to third parties such as your superannuation fund or to check relevant accreditations.


We may use online platforms and mobile apps such as HealthEngine and platforms which provide e-scripts to provide online health care to you. Your personal information may be shared with these platforms if you or We use those platforms to provide services to you. If We use these platforms, they are subject to their privacy policies. Some of these platforms may use service providers located overseas.


In addition to the above, we may disclose your personal information to the following:

  • (a) to provide services to you by our allied services,
  • (b) our professional advisers, dealers and agents;
  • (c) third parties and contractors who provide services to Us, including recruitment services, support services, IT services, data storage, webhosting and server providers, marketing and advertising organisations and payment processing service providers;
  • (d) payment system operators and debt-recovery functions;
  • (e) to third party specialists and medical service providers, including disclosure of your blood test results and other health information; and
  • (f) any other third parties authorised by you to receive information held by Us.


We may contact you as part of your ongoing care, for example, in relation to appointments and patient check-ups.


There are other circumstances where We may be permitted or required by law to use or disclose your personal information including for quality assurance, billing and management purposes. For example, we may disclose your personal information to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, or debt collection agents.


In rare emergency situations, we may need to override your 'My Health Record' access controls to obtain vital health information in accordance with the My Health Records Act (2012). We may collect, use or disclose information in your My Health Record without your consent only when:

  • It's necessary to lessen or prevent a serious threat to an individual's life, health or safety, and it is unreasonable or impracticable to obtain your consent (for example, if you're unconscious in an emergency).
  • It's necessary to lessen or prevent a serious threat to public health or safety (for example, if a dangerous infection has been detected and it's necessary to identify the source of the infection).


While We expect the need to use this emergency access function will be rare, we are committed to protecting your privacy and will only override access controls when necessary under the circumstances outlined above. Any emergency access will be temporary and in accordance with the timeframes specified in current legislation, after which all access will revert to your regular access control settings.


Subject to your prior consent, we may also use your personal information for marketing (including direct marketing), planning, quality control and research purposes, its contractors or service providers. We may use and disclose your sensitive information (such as health information) to our third-party marketing providers for marketing purposes with your prior explicit consent.


We may use your contact information to provide you with communication about upcoming events or professional development opportunities.


We may disclose de-identified data, including demographic data, to the relevant Primary Health Network.


We may use and disclose de-identified, aggregated data for management, quality assurance, marketing and administrative purposes. We may also from time to time provide de-identified aggregated statistical data to third parties for research purposes.


We may have CCTV installed in the common areas at Our centres, such as the reception area. CCTV systems are only installed in areas of operation. CCTV cameras are never hidden. The recording of CCTV footage may be continuous or limited. We may collect, use and disclose your personal information in the CCTV footage for security purposes.


REMAINING ANONYMOUS IN ACCESSING SERVICES

If you are accessing healthcare services through Us, staying completely anonymous may not be practical because we are required to maintain accurate records of the care and services you receive access to. While we may be able to accommodate the use of a pseudonym, be aware that choosing not to disclose your real identity could affect the quality of services and information you receive. If you would like to use a pseudonym that is confidentially linked to your real identity, please let us know so we can discuss how best to assist you in the management of your care and treatment at our practice.


For other interactions, you are welcome to contact us anonymously or use a pseudonym. However, doing so may limit Our ability to effectively address your feedback or inquiries. We will inform you if collecting additional personal information is necessary to assist you further.


TEACHING AND RESEARCH

We may use de-identified information, sourced from your personal details, for enhancing internal educational activities and to oversee, refine, and improve the Services offered at Our practice. Your personal data might also be used to supply third-party entities, including academic institutions and governmental bodies, with a collective, de-identified health dataset pertaining to patient records. These third-party entities could leverage the de-identified datasets for their operational needs. If you desire to retract your permission for your personal details to be incorporated into a de-identified database, kindly reach out to us using the provided contact information, providing us with your full name, date of birth, and address. Opting out will not impede your ability to access the Services. In instances where research-focused third parties solicit identifiable information from Us, we will only provide such identified data if:

  • The primary objective is for medical research purposes;
  • We are satisfied privacy and confidentiality requirements (including any requirements under the Privacy Act 1988 (Cth)) have been satisfied; and
  • The research has been approved by a Human Research Ethics Committee, or you have expressly given your approval for the information to be accessed, used or disclosed for such research purposes.


DATA QUALITY AND SECURITY

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose, where We collect that information from you directly, we rely on you to supply accurate information. Our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let Us know if any of the information We hold about you is incorrect or out of date.


We understand that the security of your personal information is important and we take all reasonable steps to protect it from unauthorised access. This includes:

  • Securing Our premises; and
  • Using IT security measures such as passwords, access controls and steps to protect electronic information from unauthorised interference, access, modification and disclosure; and
  • Requiring that Our service providers and contractors have in place appropriate privacy protection arrangements.


Our staff and service providers have been informed of the importance We place on protecting your privacy and their role and obligations in helping Us to do so.


Although We will endeavour to protect your personal information, we are unable to guarantee that any information you transmit to Us over the internet is 100% secure. Any information you transmit to Us over the internet is conducted at your own risk.


CORRECTIONS

If you believe that the personal information We have about you is not accurate, complete or up to date, you are entitled to seek the correction of your personal information by contacting Us in writing (see details below).


ACCESS

Subject to any legal restrictions, you are entitled to request access to your personal information We hold about you. We request that you send your request in writing to Us and We will respond to it within a reasonable time.


We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you must respond to Our decision.


USE OF ARTIFICIAL INTELLIGENCE (AI)

Your Healthcare Practitioners may choose to use artificial intelligence (AI) to assist with consultations and practice efficiencies including to record, transcribe and produce notes of the consultation. Your Healthcare Practitioners are required to use AI responsibly, comply with their professional and ethical obligations, and ensure that any AI tool used complies with privacy legislation and handles your personal health information appropriately.


The use of AI during or in connection with your consultation must only be undertaken with your prior consent. If you elect to provide consent, you do so at your own risk and any consent you provide is between you and your Healthcare Practitioner only. We do not accept any responsibility or liability relating to the use of AI in or in connection with patient consultations.


If you have any concerns or questions relating to the use of AI in your consultation, you should have a discussion with your Healthcare Practitioner prior to the consultation.


COMPLAINTS

If you have a complaint about the privacy of your personal information (including any breach of the Australian Privacy Principles or an applicable registered APP code), or you would like further information on Our privacy policy, or you need to correct your personal information, We request that you contact Us in writing at the following address:


Greenway Medical Hub

Address: Suite 101, Level 1/1183 – 1187 The Horsley Dr, Wetherill Park NSW 2164

Ph: 02 9756 1567 | Email: Greenwaymedicalhub@gmail.com


Upon receipt of a complaint, we will consider the details and attempt to resolve it in accordance with Our complaints handling procedures. If you are dissatisfied with Our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner (see https://www.oaic.gov.au/privacy/privacy-complaints) or the Privacy Commissioner in your State or Territory.


OVERSEAS DISCLOSURE OF PERSONAL INFORMATION

We may disclose your personal information to one of Our overseas service providers who are in different jurisdictions including The Philippines and will require that service provider to retain that information as confidential information. We may also disclose your personal information to other service providers that store such information on overseas servers. Where possible, we will request that these service providers store this information in Australia.


GENERAL

We may amend or replace this privacy policy from time to time in which case a copy of the amended privacy policy will be published on our website.


If an individual does not provide their personal information to Us, we may not be able to provide access to services to them.