Privacy Policy

At Derwent Valley Medical Centre, we prioritise the confidentiality and security of our patients’ personal and health information. This Privacy Policy outlines our practices concerning the collection, use, disclosure, and protection of your information, in compliance with Australian privacy laws.

Why and when your consent is necessary:
When you register as a patient at our practice you provide consent for our GP’s and staff to access and use your personal information so we can provide comprehensive, compassionate, and quality healthcare. The information is collected directly from you or your authorised representative. Additionally, with your consent, we may obtain information from other healthcare providers to ensure comprehensive care.

Why do we collect, use, hold and share your personal information?
Your information is primarily used to provide you with tailored healthcare services, including diagnosis, treatment, and preventive health care. We also use your information for administrative purposes, such as appointment scheduling, billing, and managing your records. Anonymised data may be used for quality improvement and research to enhance our services and patient care outcomes.
We may share your information with other healthcare professionals involved in your care to ensure a coordinated approach to your health. At times we may need to disclose necessary information to third-party providers for services such as billing, IT support, and other administrative functions, under strict confidentiality agreements. We may be required to disclose information by law or in response to a legal process.

What personal information do we collect?
The information we collect includes:
• Names, date of birth, gender identity, ethnicity, addresses, contact details, next of kin
• Medical information including medical history, medications, allergies, adverse events, immunisations, social and family history and risk factors
• Medicare card number where available
• Healthcare identifiers
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required of authorised by law to only deal with identified individuals.

How do we collect your personal information?
At Derwent Valley Medical Centre, we collect your personal information through various channels:
• When you schedule and appointment
• While providing a medical service
• During communication via email, SMS, telephone, online bookings, prescription requests or social medial
In certain situation, personal information may be obtained from other sources if it’s impractical or unreasonable to gather it directly from you. This could involve:
• Your guardian or responsible person
• Other healthcare providers involved including specialists, allied health professionals, hospitals, community health services, pathology and diagnostic imaging services
• Medicare, or the Department of Veteran’s Affairs

Who do we share your personal information with?
We may share your personal information:
• With third parties who work with our practice for business purposes, such as accreditation agencies, information technology providers and debt collection services – these third parties are required to comply with APPs and this policy
• With other healthcare providers
• When it is required or authorised by law (e.g. court subpoenas)
• When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• To assist in locating a missing person
• To establish, exercise or defend an equitable claim
• For the purpose of confidential dispute resolution
• To assist improve quality of care provided to our patients
• For the purpose of medical research, in a de-identified way, unless the research serves an important public interest in which case it can occur without your consent under Australian Government guidelines.
• When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
• During the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), MyHealth Record/PCEHR system (e.g. via Shared Health Summary, Event Summary).
• The Australian Immunisation Record to record any immunisation encounters with our practice or to access your recorded immunisation history.
• Clinical information may be access to perform inhouse clinical audits to ensure patient care is being performed to the best of our ability.

Rest assured that at our practice, only individuals who require access to your information for the purpose of providing medical services or as outlined in this policy will be permitted to do so. Your personal information will not be shared with any third party without your consent, except in cases where it is necessary to provide medical services or as required by law.

Furthermore, your personal information will not be disclosed to anyone outside of Australia without your explicit consent, except in exceptional circumstances permitted by law. Your privacy and confidentiality are of utmost importance to us.

How do we store and protect your personal information?
Your personal information may be stored in various forms at our practice. While we primarily maintain electronic records, there may be instances where paper or visual records (such as X-rays, CT scans, videos, and photos) need to be stored.
We take the security of your personal information seriously. Our electronic records, including sensitive personal data, are securely stored in databases within Australia. These databases are safeguarded with appropriate firewall and anti-virus software.
Access to personal information is restricted through password protection, ensuring that only authorised individuals can access it. In cases where physical records need to be retained, they are stored in secure cabinets within our practice premises.
Additionally, we have confidentiality agreements in place to further protect your privacy rights and ensure the confidentiality of your information.

How can you access and correct your information at our practice?
You have the right to request access to and correction of your personal information.
If you wish to access your medical records, please submit a written request addressed to the Practice Manager. We will respond to your request within a reasonable timeframe, typically within 30 days. Please note that we may charge a reasonable fee to cover the costs associated with fulfilling your request.
We are committed to ensuring the accuracy and currency of your personal information. If you believe any of your information is inaccurate or out-of-date, please inform us. We will take reasonable steps to correct any inaccuracies promptly.
Periodically, we may ask you to verify that the personal information we hold is correct and up-to-date. You are also welcome to request corrections or updates to your information at any time.

E-Mail Policy

Emails should be used for non-urgent communication only, such as general inquiries about services, appointment scheduling requests, and non-sensitive administrative queries. Please be mindful not to include personal health information in your emails to protect your privacy. Our team endeavours to respond to all patient emails within 48 hours during regular business hours. For urgent matters or medical advice, we encourage you to contact our office directly by phone.

Furthermore, we uphold strict privacy and confidentiality standards in accordance with the Australian Privacy Principles (APPs) and the Health Records and Information Privacy Act 2002 (HRIP Act). All email communications are conducted over secure, encrypted platforms to ensure the protection of your personal information. Patients are advised to use their personal email addresses for correspondence with our clinic and to refrain from using work or shared email accounts to preserve their privacy. By adhering to this policy, we aim to enhance our communication with you while safeguarding your sensitive information.

How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?
If you have any privacy concerns, we encourage you to express them in writing to the Practice Manager. Alternatively, you can complete a complaint form and hand it directly to our Practice Manager.
Once we receive your complaint, we will make every effort to resolve it promptly and within 30 days, following our resolution procedure. Your privacy and satisfaction are important to us, and we are committed to addressing any issues you may have.

The National Privacy Commissioner is able to receive complaints concerning privacy issues. Complaints here will have a response within 28 days.
National Privacy Commissioner
Privacy hotline 1300 363 992.
GPO Box 5218
Sydney NSW 2001

Changes to Our Privacy Policy
We may update this policy to reflect changes in our practices or legal obligations. The latest version will be available on our website.

Social Media Policy
Our aim is to create a supportive and informative space for all our patients. We encourage positive interaction and welcome your questions and feedback. Please note, for your privacy and safety, we cannot discuss personal health issues or offer medical advice on social media. For such inquiries, please contact us directly through official channels. We ask all participants to respect each other and avoid posting anything offensive, confidential, or in violation of privacy laws. Our team reserves the right to remove any inappropriate content and to block users who violate these guidelines. Thank you for being a part of our online community and helping to maintain a respectful environment for everyone.