Privacy Policy

  1. Introduction

Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’).  Our policy is to inform you of:

  • the kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
  • how we collect and hold personal information;
  • the purposes for which we collect, hold, use and disclose personal information;
  • how you may access your personal information and seek the correction of that information;
  • how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint.
  1. What kinds of personal information do we collect?

The type of information we may collect and hold includes:

  • Your name, address, date of birth, email and contact details
  • Medicare number , DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
  • Other health information about you, including:
    • notes of your symptoms or diagnosis and the treatment given to you
    • your specialist reports and test results
    • your appointment and billing details
    • your prescriptions and other pharmaceutical purchases
    • your genetic information
    • your healthcare identifier
    • any other information about your race, sexuality or religion, when collected by a health service provider.
  1. How do we collect and hold personal information?

We will generally collect personal information:

  • from you directly when you provide your details to us. This might be via a face to face discussion, telephone conversation, registration form or online appointment form
  • from a person responsible for you
  • from third parties where the Privacy Act or other law allows it – this may include, but is not limited to:  other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme
  1. Why do we collect, hold, use and disclose personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

  • to provide health services to you
  • to communicate with you in relation to the health service being provided to you
  • to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
  • to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems
  • for consultations with other doctors and allied health professional involved in your healthcare;
  • to obtain, analyse and discuss test results from diagnostic and pathology laboratories
  •  for identification and insurance claiming
  •  If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
  • To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
  1. When will we disclose your personal information?

Information may be shared with our service providers including IT and finance/accounting. Such disclosures are limited to the information strictly necessary for them to discharge their responsibilities. All of our service providers are required to comply with the Privacy Laws.

If third parties such as insurers request your information, we will not provide your information without a current signed release from you permitting us to do so unless we are permitted or required to do so by law, for example, in answer to a notice from Medicare, a summons from the Police, subpoenas and notices to produce from courts and tribunals.

  1. How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information which we hold about you.

For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’.

We will normally respond to your request within 30 days.

There may be a reasonable fee for the administrative costs of retrieving and providing you with access to your health records.

We may decline access to your health records in certain limited circumstances. Should we do so, we will always tell you why access has been declined and the other options available to you.

  1. How do we hold your personal information?

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:

  • Holding your information in a secure locally hosted server with strong data security protections such as strong passwords and access restrictions on a ‘need to know’ basis
  • De-identifying information used for transcription services so that linkage to an identity is not possible without additional information that is stored separately
  • Paper files are kept in lockable cabinets in authorised-access-only facilities
  • Our staff sign confidentiality agreements
  • Our practice has a retention and destruction policy for documents containing personal information

We are required by law to retain medical records for at least seven years, and in some cases for a longer period.

Should your information be no longer required for your care and treatment, and we are no longer legally required to keep your records, the information will be destroyed in a manner that preserves the confidentiality of the information.

  1. Use of Artificial Intelligence (AI)

We use an AI scribe tool to assist doctors with generation of clinical notes, reports and outgoing correspondence.

The AI transcription data is encrypted and will be stored within Australia. The AI transcription of the consultation is temporarily stored by the service provider for up to 60 days, after which time it will be permanently destroyed.

Before using the AI scribe tool during a consultation, we will obtain consent from you at the start of your consultation. Written information about the use of the AI scribe tool is available upon request and you can choose to withdraw your consent at any time.

The AI scribe tool is compliant with the Privacy Laws.

We will only use data from the AI scribe tool to provide healthcare to you.

  1. Privacy related questions and complaints

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details).  We will normally respond to your request within 30 days.

If you are dissatisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Fax: +61 2 9284 9666

Post: GPO Box 5218 
Sydney NSW 2001

  1. Updates to this Policy

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice’s website.

  1. Contact details for privacy related issues

Contact: Practice Manager

Phone: 02 9715 5007

Email: privacy@sydneyspineinstitute.com.au

Fax: +61 02 9747 6630

Post: PO BOX 469, Burwood 1805 NSW 

To download our privacy policy, please click here

Share