Personal Information Management Policy
The DEC respects and upholds your rights to privacy protection under the National Privacy Principles contained in the Privacy Act 1988
The DEC respects and upholds your rights to privacy protection under the Australian Privacy Principles contained in the Privacy Amendment (Enhancing Privacy Protection) Act 2012. This policy describes how we manage any personal information we hold
What information does the DEC hold?
The DEC may hold the following information about you:
Name, residential, postal and email address, telephone numbers, date of birth, country of birth, language spoken at home, marital status, indigenous status, next of kin, referring doctor and general practitioner details, Medicare, pension/DVA, health insurance numbers, transaction details associated with the services we provided to you, any additional information provided to us by you, any information you have provided to us through patient surveys and comment cards.
We will only request information from you that we need to provide a service to you and will at all times seek your approval prior to using your information for any other purpose.
We use your personal information to:
- Provide medical treatment and care to you
- Assist with any calls you make to us
- For our internal administrative requirements
- Process private health insurance claims
- For benchmarking and clinical indicator reporting in a de-identified format
- Provide data to state regulatory bodies in compliance with reporting obligations
- Provide data in a de-identified form to the Private Hospital Data Bureau
- For quality improvement for accreditation purposes with ACHS – The Australian Council on Healthcare Standards
The vast majority of patient records and information are stored in electronic form. Comprehensive policies and procedures govern the security and access to electronic records. Only authorised personnel have access to electronic records and only for the purpose of carrying out their employment.
You may request access to the personal information we hold about you by writing to our Privacy Officer, Mrs Regina Ferreira. You do not have to provide a reason for requesting the information. Where we hold information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how you may access it (eg. postal, email, fax or collection).
If you believe any personal information held by us about you is incorrect, incomplete or inaccurate then you may request amendment of it. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
Any questions about this policy or any complaint regarding treatment of privacy at the DEC should also be in writing and addressed to:
Chief Executive Officer or Chairman of the Governing Body
Diagnostic Endoscopy Centre
601/438 Victoria Street
Darlinghurst NSW 2010
Please mark Personal and Confidential
We acknowledge our obligations to you under the Health Records and Privacy Act 2002 (HRIP Act commencing1 July 2004) and the Privacy Amendment (Enhancing Privacy Protection).
Personal information we collect from you will be used primarily to ensure that you receive optimal care, but may be used for other purposes such as to satisfy Federal and State Health Department reporting requirements or requirements set out by your health fund, or for the purpose of health accreditation.
The use of your personal information for the above purposes does not require your consent. If we want to use the information for other purposes we will ask for your consent. A copy of the Diagnostic Endoscopy Centre Personal Information Management Policy is available upon request.
The Diagnostic Endoscopy Centre is committed to protecting the privacy of the personal information and sensitive information which it collects and holds.
- Policy Statement
The Diagnostic Endoscopy Centre (DEC) is committed to protecting the privacy of the personal information and sensitive information which it collects and holds.The DEC must comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth), and other privacy laws which govern the way in which organisations (such as DEC) hold, use and disclose personal information (including your sensitive information).
(a) the kinds of information that the DEC may collect about you and how that information is held;
(b) how the DEC collects and holds personal information;
(c) the purposes for which the DEC collects, holds, uses and discloses personal information;
(d) how you can access the personal information the DEC holds about you and seek to correct such information; and
(e) the way in which you can complain about a breach of your privacy and how the DEC will handle that complaint.
Health information is:
(a) personal information or an opinion about:
(i) an individual’s physical or mental health or disability (at any time);
(ii) an individual’s express wishes about the future provision of health services for themselves; or
(iii) a health service provided, or to be provided, to an individual;
(b) other personal information collected to provide, or in providing, a health service;
(c) other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Sensitive information means:
(a) personal information or opinion about an individual’s:
(i) racial or ethnic origins;
(ii) political opinions or political associations;
(iii) philosophical beliefs or religious beliefs or affiliations;
(iv) sexual preferences or practices; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information.
- Collection and use of personal information
3.1 Types of personal information collected by the DEC
The DEC will only collect information which is necessary to facilitate the provision to you of health care services DEC or to appropriately manage, conduct and oversee the DEC’s business. This may include (as applicable):
(a) Patients/residents/clients/research participants
The DEC collects information from you to facilitate the provision of health care services to you or to enable you to participate in research studies. This includes collecting personal information such as your name, address, your health history, family history, past and current treatments lifestyle factors, and any other information which is necessary to assist the health care team in providing appropriate care, or our research team in conducting its research.
(b) VMOs, students, contractors and volunteers
The DEC collects information from you which is necessary to properly conduct, manage and oversee the DEC’s business. This includes collecting personal information such as your name, address, professional experience, qualifications and past employers, and any other information which may be necessary to appropriately conduct, manage and oversee the DEC’s business.
3.2 How we collect personal information
We will usually collect your personal information directly from you, however sometimes we may need to collect information about you from third parties, such as:
(a) another health service provider;
(b) related entities (being those listed in the annexure).
We will only collect information from third parties where:
(c) you have consented to such collection;
(d) such collection is necessary to enable us to facilitate the provision of appropriate health care services;
(e) such collection is reasonably necessary to enable us to appropriately manage, conduct and oversee the DEC’s business; or
(f) it is legally permissible for us to do.
3.3 How the DEC uses your personal information
The DEC only uses your personal information for the purpose for which it was collected by the DEC (primary purpose), unless:
(a) there is another purpose (secondary purpose) and that secondary purpose is directly related to the primary purpose, and you would reasonably expect, or the DEC has informed you, that your information will be used for that secondary purpose;
(b) you have given your consent for your personal information to be used for a secondary purpose; or
(c) The DEC is required or authorised by law to use your personal information for a secondary purpose (including for research and quality improvements within DEC).
For example, the DEC may use your personal information to:
(d) facilitate the provision of health care services to you;
(e) facilitate the provision of any ongoing health related services to you;
(f) appropriately manage, conduct and oversee the DEC’s business, such as assessing insurance requirements, conducting audits, and undertaking accreditation processes;
(g) assist the DEC to manage, conduct and oversee the DEC’s business, including quality assurance programs, billing, improving its services, implementing appropriate security measures, conducting research and training personnel;
(h) where required, effectively communicate with third parties, including Medicare Australia, private health insurers and Department of Veterans’ Affairs; and
(i) carry out fundraising activities (where you have consented).
3.4 Complete and accurate details
Where possible and practicable, you will have the option to deal with the DEC on an anonymous basis or by using a pseudonym. However, if the personal information you provide us is incomplete or inaccurate, or you withhold personal information, we may not be able to provide the assistance or support you are seeking, or deal with you effectively.
- Disclosing your personal information
The DEC will confine its disclosure of your personal information to the primary purpose for which that information has been collected, or for a related secondary purpose. This includes when disclosure is necessary to facilitate the provision of health care services to you, to help us manage, conduct and oversee the DEC’s business, or for security reasons.
We may provide your personal information to:
(a) medical and other healthcare professionals involved in your care;
(b) government agencies, such as Defence or Department of Veterans Affairs, where an individual is receiving services;
(c) government departments responsible for health, aged care and disability where the DEC is required to do so;
(d) third parties contracted to provide services to the DEC, such as entities contracted to assist in accreditation or survey processes;
(e) any of the related entities listed in the annexure;
(f) research institutions with which the DEC collaborates;
(g) private health insurance providers and Medicare Australia;
(h) anyone authorised by you to receive your personal information (your consent may be express or implied);
(j) anyone the DEC is required by law to disclose your personal information to.
4.2 Third party service providers
Where we engage third party service providers, we may disclose personal information to those service providers who may use, process and/or store that information overseas. For example we have contracted with an Australian company for the provision of an electronic document portal to host papers for DEC consultations. Consultation letters include personal information. The service provider’s computer servers are located in Canada.
- Data storage, quality and security
5.1 Data quality
The DEC will take reasonable steps to ensure that your personal information which is collected, used or disclosed is accurate, complete and up to date.
All your personal information held by the DEC is stored securely in electronic form.
5.3 Data security
The DEC strives to ensure the security, integrity and privacy of personal information, and will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. The DEC reviews and updates (where necessary) its security measures in light of current technologies.
5.4 Online transfer of information
While the DEC does all it can to protect the privacy of your personal information, no data transfer over the internet is 100% secure. When you share your personal information with the DEC via an online process, it is at your own risk.
There are ways you can help maintain the privacy of your personal information, including:
(a) always closing your browser when you have finished your user session;
(b) always ensuring others cannot access your personal information and emails if you use a public computer; and
(c) never disclosing your user name and password to third parties.
A cookie is a small file placed in your web browser that collects information about your web browsing behaviour.
Cookies do not access information stored on your computer or any personal information (e.g. name, address, email address or telephone number).
Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
This may, however, prevent you from taking full advantage of this website.
- Data storage, quality and security
The DEC may provide links to third party websites. These linked sites may not be under our control and the DEC is not responsible for the content or privacy practices employed by those websites. Before disclosing your personal information on any other website, we recommend that you carefully read the terms and conditions of use and privacy statement of the relevant website.
- Accessing and amending your personal information
You have a right to access your personal information which the DEC holds about you. If you make a request to access your personal information, we will ask you to verify your identity and specify the information you require. You can also request an amendment to any of your personal information if you consider that it contains inaccurate information. You can contact the DEC about any privacy issues as follows:
Attention: Privacy Officer Diagnostic Endoscopy Centre
601/438 Victoria Street
DARLINGHURST NSW 2010
Tel: (02) 8382 66622
Fax: (02) 8382 6602
While the DEC aims to meet all requests for access to personal information, in a small number of cases and where permitted to do so by law, the DEC may not give access or may do so only under conditions. Subject to applicable laws, the DEC may destroy records containing personal information when the record is no longer required by the DEC.
If you have a complaint about the DEC’s information handling practices or consider we have breached your privacy, you can lodge a complaint with:
(a) the DEC’s Chief Executive Officer, using the contact details listed in clause 8 above; or
(b) the Office of the Australian Information Commissioner. The DEC deals with all complaints in a fair and efficient manner.
This policy was adopted on 22nd June 2015.
- Australian Privacy Principles (APPs) 2014
- Privacy Amendment (Enhancing Privacy Protection) Ac 2012
- Privacy Act 1988 (Cth)
- Office of the Australian Information Commissioner
- St Vincent’s Health Australia Limited
- St Vincent’s & Mater Health Sydney Limited
- St Vincent’s Hospital Sydney Limited
- St Vincent’s Clinic
Work Health and Safety Policy
The Diagnostic Endoscopy Centre is committed to ensuring the health, safety and welfare of every employee, patient and visitor.
The Diagnostic Endoscopy Centre recognises its corporate responsibility and legal obligations under the Work Health & Safety Act and Work Health & Safety Regulations 2011, and Workers Compensation Legislation and is committed to ensuring the health, safety and welfare of every employee, patient and visitor.
The Diagnostic Endoscopy Centre has an internal Work Health and Safety Committee. All Committee members have successfully completed accredited training, after their election to the Committee, to ensure the Committee complies with its regulatory obligations.
The Diagnostic Endoscopy Centre is responsible for implementing the requirements of this policy in consultation with its employees.
The Diagnostic Endoscopy Centre acknowledges that health and safety is integral to all business activities and that every employee and manager has a responsibility to ensure compliance with established health and safety practices.
Health and safety remains a joint management and employee responsibility and it is only through consultation and collaboration that continual improvements will be achieved.