Medics at Craigieburn Privacy Policy

(Current as of: March 2025)

⸻

Introduction

This privacy policy explains how Medics at Craigieburn collects, uses, and shares your personal information (including health information) and the circumstances under which it may be shared with third parties.

⸻

Why and When Your Consent is Necessary

When you register as a patient at our practice, you provide consent in your patient registration form for our GPs and practice staff to access and use your personal information to provide you with the best possible healthcare. Only staff who need to access your personal information will be allowed to do so. If we need to use your information for any other purpose, we will seek your additional consent.

⸻

Why Do We Collect, Use, Hold, and Share Your Personal Information?

Our practice collects your personal information to provide healthcare services to you. The primary purpose for collecting, using, holding, and sharing your information is to manage your health. We may also use it for directly related business activities, such as:

• Financial claims and payments

• Practice audits and accreditation

• Staff training and business operations

⸻

What Personal Information Do We Collect?

We collect the following information:

• Names, date of birth, addresses, and contact details

• Medical history, medications, allergies, adverse events, immunisations, social history, family history, and risk factors

• Medicare number (where available) for identification and claiming purposes

• Healthcare identifiers

• Health fund details

⸻

Dealing with Us Anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required by law to deal with identified individuals under the Privacy Act.

⸻

How Do We Collect Your Personal Information?

Our practice may collect your information in several ways:

1. At Registration: When you make your first appointment, we collect your personal and demographic details through a patient registration form.

2. During Medical Services: We may collect additional personal information during consultations or medical care, including through:

• Electronic Transfer of Prescriptions (eTP)

• My Health Record (Shared Health Summary, Event Summary)

3. Through Communications: We may collect your information through emails, phone calls, and online bookings via our website.

4. From Third Parties: We may collect your information from:

• Your guardian or responsible person

• Other healthcare providers (e.g., specialists, hospitals, allied health professionals)

• Health funds, Medicare, or the Department of Veterans’ Affairs (as necessary)

⸻

When, Why, and With Whom Do We Share Your Personal Information?

We may share your personal information:

• With third parties working with our practice for business purposes (e.g., accreditation agencies or IT providers)

• With other healthcare providers involved in your care

• When required or authorised by law (e.g., court subpoenas)

• To lessen or prevent a serious threat to life or health

• To assist in locating a missing person

• For legal claims or confidential dispute resolution

• When there is a statutory requirement for mandatory reporting of certain diseases

• During the course of providing medical services through My Health Record or eTP

Confidentiality:

• Only staff who need to access your personal information will be allowed to do so.

• We will not share your personal information with any third party without your consent (except as required by law).

• We will not share your information outside Australia unless permitted by law or with your consent.

Direct Marketing:

• We will not use your personal information for marketing without your express consent.

• If you consent, you can opt out of direct marketing at any time by notifying us in writing.

Research and Data Use:

• We may use de-identified patient data to improve health outcomes.

• De-identified data cannot be traced back to individual patients.

• You can request to exclude your data from this use by informing reception staff.

⸻

How Do We Store and Protect Your Personal Information?

We store personal information securely in:

• Paper records

• Electronic records

• Visual records (e.g., X-rays, CT scans, clinical photos)

Security Measures:

• Our IT cloud system and medical software are protected with multi-factor authentication.

• All staff and practitioners are required to sign confidentiality agreements.

⸻

How Can You Access and Correct Your Personal Information?

You have the right to request access to your medical records.

Access Requests:

• Requests must be made in writing by filling out a patient file transfer form.

• We will respond within 30 days.

• A transfer fee of $35 or more may apply, depending on the transfer method (electronic, CD, flash drive, or paper).

Correction of Information:

• We will take reasonable steps to correct any inaccurate or outdated information.

• You may also request updates by contacting reception or emailing admin@medicsatcraigieburn.com.

⸻

How Can You Lodge a Privacy Complaint?

We take privacy complaints seriously.

• Complaints should be made in writing to manager@medicsatcraigieburn.com.

• We will respond to your complaint within 30 days in line with our resolution procedures.

⸻

Privacy and Our Website

• We do not collect personal information through social media.

• Our website redirects to a secure registration and booking system (via Automed).

⸻

Policy Review Statement

This privacy policy is reviewed regularly to ensure compliance with changes in legislation or business practices. Updates will be reflected on our website and patient registration forms.