Health and Medical Services privacy policy

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within the University’s Health and Medical Services, and the circumstances in which we may share it with third parties.  This privacy policy does not cover the privacy practices of the University as a whole.  Please refer to the University’s Privacy Plan for more information about how the University handles personal information.

How do you provide consent?

When you register as a patient of our practice, you provide consent for our health practitioners and practice staff to collect, access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for a purpose other than as considered by this policy, we will seek additional consent from you to do this.

What personal information do we collect?

The information we will collect about you includes:

  • name, date of birth, ID numbers, next of kin, addresses, email address and telephone numbers
  • medical history, medications, allergies, adverse events, immunisations, social history, cultural background, family history, test results, clinical digital images, referral details and risk factors
  • Medicare number or Overseas Student Health Cover (OSHC) policy number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details.

What is a medical record?

Medical records refers to all documents including without limitation treatment notes, charts, forms, films, computer records, reports and results created or received by health practitioners or the Health and Medical Service in relation to a patient who has received medical services within the Health and Medical Service.

Why do we collect, use, hold and share your personal information?

Patient care

We collect, maintain, use and disclose personal information about you in order to assist us to provide you with appropriate care, treatment and services. Your personal information is used by us:

  • to provide you with medical care and services;
  • to provide you and/or a nominated third party with information that may assist you in managing and improving your health;
  • and as a medical history for you that allows us to provide you with better care as it assists with identifying changes to your health over time.

Operating our business

We use your personal information as necessary to manage our administration, including storage of data, and management of accounts and payment for the services provided to you. Specifically, we will use and, where necessary, disclose your personal information:

  • to obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
  • if the circumstances require, we may disclose your personal information to our insurers or those of our practitioners;
  • to manage and store your personal information in a secure fashion (via our on-premise software),
  • for data entry and data analytics purposes; and

We may use your personal information to communicate with you, including to:

  • respond to your online enquiries or process requests for appointments;
  • advertise to you particular products and services that may be of interest to you; and
  • send you appointment reminders (including by SMS or email) in relation to obtaining services from our practice. This enables us to contact you, for example, to make follow-up appointments to discuss test results, or to remind you that you, or a dependant, are due for an immunisation, cervical screening, annual health assessment or other type of consultation or test.

Teaching and research

We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our practices. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes. purposes.

Other disclosures

We may be required by law to disclose your personal information without your consent.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. Please note that all Medicare and OSHC claims need to be made using your correct details. Should you choose to visit the practice under a pseudonym, rebates may not apply.

Please note that all Medicare and OSHC claims need to be made using your correct details. Should you choose to visit the practice under a pseudonym, rebates may not apply.

How do we collect your personal information?

We collect personal information about you in several ways, including: from you directly; from someone who has responsibility for you (your parent, carer or guardian); information collected by an employee of our practice, such as a receptionist or nurse; from external health providers who provide information to our practice and that information is placed on your record; and information collected through websites in the form of online enquiries or requests for appointments made by you. When you attend our practice to obtain services from our practitioners or nurses, we create a unique digital medical record for you. Every time a medical service is provided for you, new information is added to your medical record.

Cookies

When you visit our website, a small data file called a “cookie” is stored on your computer or mobile device by our server. Cookies can only store information that is explicitly provided by the visitor in the first place, or information that the website already has about the user, such as their IP address. We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.

Who do we share your personal information with?

We sometimes share your personal information:

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Information Privacy Act
  • With other healthcare providers When we are required or authorised by law (e.g. court subpoenas)
  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety, a third party’s life, health or safety or public health or safety
  • To assist in locating a missing person
  • To establish, exercise or defend a legal claim
  • For the purpose of confidential dispute resolution process
  • When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
  • During the course of providing medical services, through Electronic Transfer of Prescriptions, My Health Record (eg via Shared Health Summary, Event Summary).

Only people that need to access your information will be able to do so. Other than while providing medical services or as otherwise described in this policy, our service will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms including: electronic records, paper-based records and as visual records (X-rays, CT Scans, videos and photos).

We take reasonable steps, and implement reasonable safeguards, to ensure the protection of the personal information that we hold. Our practice stores all personal information securely. The Health and Medical Service is operated on a secure network maintained by firewalls, within a secure Griffith University framework.

All staff require an individual username and password to access the University network, and a username and passwords are required to access any Health and Medical Services software. Passwords are changed regularly to restrict access to the network.

All paper records are secured in locked filing cabinets and drawers. The keys are securely stored and can only be accessed by staff.

As the Health and Medical Service is part of the University, we are bound by the applicable Queensland State Archives disposal and retention schedules, regarding how long we keep your records.

How can you access and correct your personal information at our practice?

You may request access to the personal information we hold about you.  You can also request that corrections be made to it.  We will respond to your request within ten working days.

To request access to your personal information please email the Clinical Nurse team at your practice:

To request corrections to be made to your personal information, please contact:

Head, Health and Medical Services

Building N12, Nathan Campus

GRIFFITH UNIVERSITY QLD 4222

Email: evan.hill@griffith.edu.au

Contact number: +61 07 3735 7265

There are some circumstances where we are not required to give you access to or correct your personal information, for example, if disclosure may cause a serious threat to your health or safety.  We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.

There is no fee for requesting access to your personal information or for us to make corrections.

Patients from the European Economic Union may have additional rights under the General Data Protection Regulation (GDPR), please see the University’s Privacy Plan for additional information.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to:

Head, Health and Medical Services

Building N12, Nathan Campus

GRIFFITH UNIVERSITY QLD 4222

Email: evan.hill@griffith.edu.au

Contact number: +61 07 3735 7265

Upon receipt of a complaint, we will consider the details and manage it in accordance with the University’s Privacy Plan.

Policy review statement

Our privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. All changes will be displayed on the Health and Medical Services website.

Current as of: November 2023.

Review date: November 2025.

Book an appointment with Health and Medical Services

Get in contact with us or book an appointment to see how we can help.

Stay connected

Get the latest updates from us on Facebook and Instagram.