Generic Privacy Policy for Medical Centres

Chester Hill Family Medical Practice Privacy Policy

This privacy policy is to give you, our patient, information on how your personal and medical information is gathered, used, and shared with third parties, if needed.

When and why does a patient give consent?

You give consent for our doctors and staff to access and use your personal information when you sign up with our practice as a patient. This ensures that our doctors and staff can provide you with the best possible care. In circumstances where we need to use your information for anything else, we will ask for your additional consent first.

Why do we gather, use and share your information?

Our practice needs to gather your personal information to provide our services and manage your health. We also need it for business related activities like claims and payments, practice audits and accreditation, and business processes.

What information do we collect?

We only collect the necessary information to provide our services. The information we will gather includes:

  • Names, addresses, contact details, date of birth
  • Medical history, family history, medications, allergies, risks and adverse events, immunisations, social history
  • Medicare number if applicable for claiming purposes and identification
  • Health fund details if applicable
  • Healthcare identifiers

Can you deal with us anonymously?

Yes, every patient has the right to deal with us anonymously unless it is unpractical or unless we are authorised or required by law to only deal with identified individuals.

How do we gather your personal information?

We may gather your personal information in various ways. At your first appointment, our practice staff will gather your personal information when you register with our practice. We may gather and store additional personal information as we provide our medical services. We may also gather your personal information when you contact us via email, phone or text message, visit our website or book an online appointment.

Personal information may also be gathered from other sources in situations where it is not practical or reasonable to gather it directly from you. Other sources we may reach out to gather your personal information are:

  • Your guardian or person responsible for you
  • Involved healthcare providers such as allied healthcare professionals, specialists, hospitals, community health services and pathology/diagnostic imaging services
  • Medicare, your health fund or the Department of Veterans’ Affairs (if applicable)

Whom do we share your personal information with, when and why?

When necessary, we share your personal information:

  • With other healthcare providers
  • With third parties that work with our practice for business purposes. Examples of third parties include accreditation agencies or information technology providers
  • When it is authorised or required by law
  • When it is essential to minimise or prevent a serious threat to a patient’s safety, life or health, or public safety or health, or when it is not practical to get a patient’s consent
  • When it is necessary in the assistance of finding a missing person
  • When it is necessary in the establishment or defence of a just claim
  • In circumstances of a confidential dispute resolution process
  • When there is a rightful requirement to share certain information (e.g., some diseases such as covid-19 require mandatory notification)
  • Throughout the course of providing our medical services and eHealth services

Only people requiring access to your personal information have the ability to do so. Except throughout the course of providing our medical services or as otherwise outlined in this policy, our practice does not share your personal information with any third party, unless with a patient’s consent.

Our practice does not use your personal information for any marketing purposes without your consent. If you consent, you will be able to opt out of direct marketing communication at any point of time by giving our practice written notice.

Our practice may use your personal information for research purposes to improve the quality of our services, however only anonymously. In this case, we may provide the anonymous information to other organisations to help with the improvement of general population health outcomes. Patients cannot be identified and the information is stored securely. Please let our reception staff know if you do not wish to contribute your information to research purposes.

How is a patient’s personal information stored and protected?

Our practice stores patient personal information in multiple forms to ensure maximum security. A patient’s personal information may be stored as paper, electronic or visual records. All personal information is securely stored and protected with the use of passwords, secured cabinets and protected information systems.

How can a patient access their personal information?

You have the right to request access to your personal information at any time, and request for information to be updated if necessary. Our practice asks patients to put an access or correction request in writing, or inform our reception staff upon arrival at our practice. Occasionally, we ask our patients to verify their personal information is still up to date. If the information is outdated, a patient may ask our reception staff to correct their personal information.

How can you lodge a complaint?

Our practice takes complaints and feedback regarding patient privacy seriously. Patients can communicate any privacy concerns they may have in writing to us. Our practice will get back to a patient in a reasonable time and try to resolve the concern following our resolution procedure.

A patient may also reach out to OAIC on 1300 363 992 for further investigation into a privacy concern. More information can be found here:

Policy review statement

This privacy policy will be reviewed on a regular basis to make sure it is in accordance with any possible changes.