II. Why and when your consent is necessary
When you register as a client of our practice, you provide consent for the Australian registered business ‘Melinda Brown’ to access and use your personal information, so we can provide you with the best possible healthcare. Only staff and authorised third parties who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
III. Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).
IV. What personal information do we collect?
The information we will collect about you includes your:
names, date of birth, addresses, phone, email, country of birth, religious affiliation
contact details of your nominated person to be notified in the event of an emergency
payment details collected via our clinical software program Halaxy and/or manual written forms (only to process cancellation fees or as advised per the ‘Therapeutic Agreement’ form)
medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors, previous psychological services, presenting concerns
Medicare number (where available) for identification and claiming purposes
health fund details (where available) for identification and claiming purposes
V. Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. Please see the OAIC for further information https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-2-app-2-anonymity-and-pseudonymity
VI. How do we collect your personal information?
Our practice may collect your personal information in several different ways.
We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media. Communicating with us via social media may put your own anonymity at risk (i.e., liking Facebook posts, commenting on Instagram).
In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
your guardian or responsible person
other involved healthcare providers, such as General Practitioners, specialists, hospitals, community health services and pathology and diagnostic imaging services
your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
VII. When, why and with whom do we share your personal information?
We sometimes share your personal information:
with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers
in professional supervision to discuss an appropriate counselling plan when necessary (i.e., to lessen or prevent any harm to a clients’ life or others’ life)
with other healthcare providers (i.e., attendance letter to a General Practitioner)
when it is required or authorised by law (i.e., court subpoenas, to assist in locating a missing person)
when it is necessary to lessen or prevent a serious threat to a client’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
to establish, exercise or defend an equitable claim
for the purpose of confidential dispute resolution process
when there is a statutory requirement to share certain personal information
Only people who need to access your information will be authorised to do so. Other than while providing health services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
Our practice standards have been set by Australian law, in accordance with the Spam Act 2003 and the Spam Regulations 2021. The Spam Act 2003 and the Spam Regulations 2021 outline the rules about sending commercial electronic messages. When you become our client, you acknowledge and consent to receiving commercial electronic messages for the purposes of appointment setting, appointment reminders, appointment changes, cancelled or missed appointments and any administrative-related messages in line with our therapeutic agreement. You may opt out of direct marketing at any time by notifying our practice in writing.
VIII. How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms and stores all personal information securely in accordance with the APPs.
All mobile electronic devices are password protected. Paper-based records are used and kept in accordance with the APPs. Paper case notes and paper intake forms will be primarily stored in a secure location of our business practice, where your file is under lock and key. Any case notes will have non-identifying information and will use a coding system for your privacy.
We strive to use privacy respecting open-source software that have complied with third party audits such as Bitwarden, Protonmail and Signal. Other third-party applications that we utilise are WordPress, Elementor, Skype, Zoom, Gmail, Facebook and Instagram; please see their privacy policies for further information.
Access to personal information is only given to staff, contractors (such as our IT service provider) and clinical software program employees who require it to complete their job in assisting us.
We use up-to-date virus protection software on our computers and regularly conduct software updates on our devices and website to help guard against cyber-attacks.
We store and dispose of personal information held within records in accordance with the Archives Act 1983 and relevant records authorities.
IX. How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal information. Only you or another person you have authorised, such as a legal guardian or authorised agent, can make the request. An organisation or agency must be satisfied the request came from you or a person you authorised. We require you to put this request in writing by emailing [email protected] and you will be asked for information that identifies you. Please include:
your name and contact details
the personal information you want to access
how you’d like access to the personal information (such as receiving a copy by email or post, or if you just want to look at the information)
if you authorise a person or organisation to access the personal information on your behalf
We will respond to your request for access to personal information within 30 days of receiving your request. We have the right to refuse access to your personal information if we have a valid reason to do so, in accordance with the Office of the Australian Information Commissioner (OAIC). A fee of $100 will be charged for the preparation of this information. The charge may include the cost of:
staff searching for, locating and retrieving the requested information, and deciding which personal information is relevant to the request
staff reproducing and sending the personal information
the postage or materials involved in giving access
using an intermediary, if necessary
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests by emailing [email protected]
X. How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing via the below email contact details. We will then attempt to resolve it in accordance with our resolution procedure.
Attn: Melinda Brown
We will respond to the complaint within 30 days of receiving the complaint in writing. You may also contact the OAIC. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
XI. Privacy and our website
a. How we protect your personal information
c. Links to other websites
d. Service Providers
We may employ third party companies and individuals to facilitate our website service, to provide a website service on our behalf, or to assist us in analysing how our website is used.
These third parties have access to your personal information shared via the website, only to perform these tasks on our behalf, and are obligated not to disclose or use it for any other purpose.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
e. Embedded Content
f. Post Comments
When visitors leave comments on the website, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection.
XII. Policy review statement