Privacy Policy

Policy

The Privacy Act 1988 and the Australian Privacy Principles require our practice to have a
document that clearly sets out its policies on handling personal information, including
health information.

This document, called a Privacy Policy, outlines how we handle personal information
collected (including health information) and how we protect this information.
Our practice has used the privacy policy template available from the RACGP and this has been adapted to reflect how our practice collects and uses personal information.

Our privacy policy is displayed in the waiting room and also on the practice information
sheet and practice website and is readily presented to anyone who asks.

Our collection of information statement informs patients about how their personal health
information will be used, including by other organisations to which the practice usually discloses patient information to, and any law that requires the particular information to be collected. Patient consent to the handling and sharing of personal patient health
information is sought and documented early in the process of clinical care, and patients are made aware of the collection statement when giving consent to share health information.

According to the Privacy Act 1988 and the Australian Privacy Principles, an organisation may
use or disclose personal health information for a purpose (the secondary purpose) which is
directly related to the primary purpose of collection without seeking consent, but only if the individual would have a reasonable expectation that the information could be used or
disclosed for that secondary purpose.

A directly related secondary purpose for the use and disclosure of personal health
information in our practice includes the many activities necessary for the provision of a health service, such as management, funding and monitoring, as well as complaint-handling,
planning, evaluation and accreditation activities.
It is essential to recognise the importance of ‘reasonable expectation’ as many individuals may be unaware of the range of activities for which their personal health information may
be used and disclosed, such as the accreditation processes. Our practice ensures we tell
2 patients how, and for what purpose, personal health information collected about them
could be used or disclosed. Patients are advised of this ‘secondary purpose’ in a number of ways, including:

· At the time of the consultation with a general practitioner

· Via the practice privacy statement in the practice information sheet

· Via the practice privacy statement on signage on the walls of the practice, and/or

· By reading, understanding and signing a new patient information form when first
registering at the practice, which incorporates the practice privacy statement.

It is important we maintain a patient’s right to ‘opt out’ of the secondary purpose through
refusal to consent. If an individual expresses negative views or opposition when made
aware of a proposed secondary use or disclosure of their personal health information, this would indicate that they have a reasonable expectation that their personal health
information will not be used or disclosed in that manner, and their non-consent is recorded
on file.

Prior to a patient signing consent to the release of their health information, patients are made aware they can request a full copy of our privacy policy.

Patient consent for the transfer of health information to other providers or agencies
involved in the patient’s healthcare (e.g. treating practitioners and specialists outside the practice) is obtained at the patient’s first visit to our practice through the New Patient Information Form. Once signed, this form is scanned into the patient’s health record and its
completion is noted.

Nerang Medical Centre Privacy Policy

PRACTICE PRIVACY POLICY
Version No: 0.2 | Author: PM| Next Review Date: 09/2026 | Privacy Policy

For enquiries concerning this policy you can contact our Practice Manager.

We inform our patients about our practice’s policies regarding the collection and
management of their personal health information via:

· A sign at reception
· Brochure(s) in the waiting area
· Our practice information sheet
· New patient information forms
· Verbal means if appropriate, and
· Our practice website.

Our practice privacy policy states:

Current as of: 15.9.2025
Introduction
This privacy policy is to provide information to you, our patient, on how your personal
information (which includes your health information) is collected and used within our
practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary By providing personal information, you consent to us collecting, using, storing and disclosing your personal information in accordance with this Policy or as required or permitted by law.

If you continue using our services, then we will treat your use as your consent to us handling your personal information in accordance with this Policy.

 
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access.

 
If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?

 
Our practice needs to collect your personal information to provide healthcare services to
you and manage your health safely and effectively. We also use it for directly related
business activities, such as financial claims and payments, practice audits and accreditation,
and business processes (eg staff training and internal quality improvement processes).

What personal information do we collect?

The information we will collect about you is your Health record and includes:

· names, date of birth, addresses, contact details

· medical information including medical history, medications, allergies, adverse events,
immunisations, social history, family history and risk factors

· Medicare number (where available) for identification and claiming purposes

· healthcare identifiers

· health fund details.

 
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is
impracticable for us to do so or unless we are required or authorised by law to only deal
with identified individuals. you can contact us from a private number and remain
anonymous.

 
How do we collect your personal information?
Our practice may collect your personal information in several different ways:

1. When you make your first appointment our practice staff will collect your personal and
demographic information via your registration.

2. During the course of providing medical services, we may collect further personal
information. Information may also be collected through real time recording (Telehealth
services and transcribing services), electronic transfer of prescriptions (eTP), My Health Record, electronic sharing of health information with other health professionals via Medical Objects and secure messaging services with Queensland Health facilities.
We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.

Various types of images may be collected and used, including:
• CCTV footage: Collected from our premises for security and safety purpose

• Photos and medical images: These can be taken using personal devices for medical
purposes, following the guidelines outlined in our guide on using personal devices
for medical images.

• Real-time audio/visual recording and duplication and storage of a consultation,
including those via telehealth and those conducted remotely never occurs without
the patient’s consent

3. In some circumstances personal information may also be collected from other sources.

Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
· your guardian or responsible person

· other involved healthcare providers, such as specialists, allied health professionals,
hospitals, community health services and pathology and diagnostic imaging services

5· your health fund, Medicare, or the Department of Veteran’s Affairs (as necessary).

Who do we share your personal information with?

We sometimes share your personal information:
· with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
· with other healthcare providers
· when it is required or authorised by law (eg court subpoenas)
· when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
· to assist in locating a missing person
· to establish, exercise or defend an equitable claim
· for the purpose of confidential dispute resolution process
· when there is a statutory requirement to share certain personal information (eg some
diseases require mandatory notification)
· during the course of providing medical services, through Electronic Transfer of
Prescriptions (eTP), MyHealth Record/PCEHR system (eg via Shared Health Summary, Event
Summary).

 
Only people that need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under
exceptional circumstances that are permitted by law) without your consent.
Will your information be used for marketing purposes?
Our practice will not use your personal information for marketing any of our goods or
services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.

How is your information used to improve services?

The practice may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities
with the practice team.

 
We may provide de-identified data to other organisations to improve population health outcomes.

 
The information is secure, patients cannot be identified, and the information is stored within Australia. You can let reception staff know if you do not want your information included.How do we store and protect your personal information?

 
Your personal information will be stored at our practice as electronic records
Our practice stores all personal information securely in protected information systems placing passwords, multifactor authenticator and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure. All staff use individual passwords with appropriate level of 6access to their position, there are signed confidentiality agreements for staff and contractors.

How are document automation technologies used?

Document automation is where systems use existing data to generate electronic documents
relating to medical conditions and healthcare.
The practice uses document automation technologies to create documents such as referrals,which are sent to other healthcare providers. These documents contain only your relevant
medical information.
These document automation technologies are used through secure medical software Best
Practice.

All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the practice team.
The practice complies with the Australian privacy legislation and APPs to protect your
information.
All data, both electronic and paper are stored and managed in accordance with the Royal
Australian College of General Practitioners Privacy and managing health information
guidance.

How are Artificial Intelligence (AI) Scribes used?

Whilst We do not endorse the use of AI in medical practice, Your Healthcare Practitioners
may choose to use artificial intelligence (AI) to assist with consultations and practice
efficiencies including to record, transcribe and produce notes of the consultation. Your
Healthcare Practitioners are required to use AI responsibly and comply with their
professional and ethical obligations.

 
The use of AI during or in connection with your consultation must only be undertaken with your prior consent. If you elect to provide consent, you do so at your own risk. We do not accept any responsibility or liability relating to the use of AI in or in connection with patient consultations.

 
If you have any concerns or questions relating to the use of AI in your consultation, you
should have a discussion with your Healthcare Practitioner prior to the consultation
. The AI scribe uses an audio recording of your consultation to generate a clinical note for
your health record. The practice AI scribe service:.
• does not share information outside of Australia
• destroys the audio file once the transcription is complete.
• removes sensitive, personal identifying information as part of the transcription
The practice will only use data from our digital scribe service to provide healthcare to you.

7 How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal information.
Our practice acknowledges patients may request access to their medical records. We
require you to put this request in writing and our practice will respond within a reasonable
time.
Our practice will takes reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time-to-time, we will ask you to verify your personal information held by our practice is correct and up-to-date. You may also request that we correct or update your information, and you should make such requests in writing.

How can you lodge a privacy related complaint, and how will the complaint be handled at
our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure If you do not feel that we have resolved your issue, you may also contact the OAIC.

Generally the OAIC will require you to give them time to respond, before they will
investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.
Policy review statement
This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. A Notification of any amendment to this policy will be available at
Reception.