© Ortho & Arthritis Solutions. All Rights Reserved. | Terms & Conditions | Privacy Policy | Website Design by Pivotal Agency;
1. Overview
Ortho and Arthritis Solutions Pty Ltd (OAS) is a multi-disciplinary, non-surgical joint management clinic. We are committed to protecting the privacy and confidentiality of your personal and health information.
OAS respects your rights to privacy and takes our privacy obligations seriously. We comply with the Australian Privacy Principles (APP’s), found under the Australian Privacy Act 1988 (Privacy Act).
By contacting us, scheduling an appointment for, and/or having a consultation with one of our practitioners (whether the consult is completed by you or not), you consent to us collecting, holding, using and disclosing your Personal Information in accordance with this Privacy Policy.
In this Privacy Policy, we use the term Personal Information – as defined in the Privacy Act includes a broad range of information, or an opinion, that could identify an individual. Personal Information may also include Sensitive Information which attracts a higher privacy standard under the Privacy Act and is subject to additional mechanisms for your protection.
This Privacy Policy may be amended from time to time. You consent to any amendments to this Privacy Policy by continuing to use the services.
If you have any queries, concerns or feedback regarding our Privacy Policy, please do not hesitate to contact us:
Contact: The Privacy Officer
Ph: 07 2101 2650
Email: admin@orthoarthritis.com.au
Post: Suite 5A, Level 6, Pacific Private Clinics
123 Nerang Street, Southport, QLD, 4215
2. Collection of Personal Information
2.1 OAS collects Personal Information for the purposes of:
- providing you with high-quality clinical care, triage and multi-disciplinary health management, we must collect relevant personal and health information.
2.2 This Privacy Policy relates to all information supplied by you to our practitioners or administrative staff including:
- Contact Information: your name, position, role, company or organisation, telephone number, email, postal address and next of kin details;
- Communications: information provided in communications with our practitioners or clinical staff, including when you book (or enquire) about booking an appointment with our practitioners;
- Information from Public Sources: for example, from Social Media, Regulatory Bodies, Professional networks, directories and internet publications;
- Financial Information: We may obtain your bank account details (or third-party payer details) for example when taking payment for an appointment with one of our practitioners (whether that appointment has occurred or not and including a deposit, or late or cancellation fees);
- Medical Information: We may collect information about your health and medical record history for the purpose of your consultation and to process payment and rebates;
- Social Media: interactions with our social media presence including posts, likes, tweets;
- Technical Information: when you access our website and some our third-party service providers, we may engage in collection of data as follows:
- Logs: when you visit our website or use the Services, our server and analytics service may log details about your visit such as your IP address, the time and duration of visit, the link from you which you visited, and information about your browser and operating system; and
- Cookies: we will likely place a cookie on your device when you visit our website.
- Medicare Number, Health Fund and Membership Number: your Medicare number and Health Fund membership number (in certain circumstances where it is necessary for us to liaise with Services Australia or your Health Fund); and
- Individual Healthcare Identifier (IHI): your IHI number (in certain circumstances for the purposes of communicating and managing health information including through the My Health Record in accordance with the Healthcare Identifiers Act 2010 (Cth)).
- Sensitive Health Information or opinions recorded by one of our practitioners or clinic staff about individuals’ health, health services, or wishes regarding health care and information collected and stored to provide a health service of any kind, including:
- Identity Information: such as signature, location, date of birth, nationality, bank account details, family details, employment details, Medicare andhealth fund details;
- Contact Information: email address, telephone & fax number, residential, business and postal addresses.
Under the Privacy Act, you have the option of not identifying yourself or using a pseudonym unless identification is required or authorised by or under law or it would be impracticable to deal with individuals who have not identified themselves. If you do not wish to identify yourself and provide your Personal Information, then you do not have to do so, however it may affect our ability to treat you or see you for a consultation.
2.3 How we collect Personal Information
Personal Information may be received directly from you or third parties who assist with our legal obligations. This information may be exchanged:
- directly from you when you provide information by phone;
- from our own records of your transactions and interaction;
- from publicly available sources of information;
- in forms filled out either online or in hard copy;
- face to face or when you speak with us directly;
- via other Health providers such as Hospitals, Radiology Services, Pathology Services and Allied Health providers;
- via HICAPS, Medicare, DVA, WorkCover and third-party insurers;
- via email;
- via online surveys; and
- in voice or image recordings.
If you send us an email containing Personal Information, we will use all reasonable endeavours to ensure the confidentiality of that information. Our IT provider may monitor emails sent to us for maintenance, service provision, and fault detection purposes. The Practitioner may also monitor emails to ensure compliance with its legal obligations.
Email is not a secure method of communication. If you are concerned about sending your Personal Information by email, you should consider contacting us in person, by alternative written means or by telephone.
The information you provide to our clinic, will not be made available to other Practitioners or interested parties either:
(a) without firstly obtaining your written consent (unless required or permitted by law); or
(b) in accordance with this Practitioner Privacy Policy.
2.4 Collecting Personal Information from third parties
When appropriate, OAS may collect and receive Personal Information from third parties in the following ways:
- you have consented to such collection; or
- to enable the client to provide a service and conduct their business; or
- such collection is reasonably necessary to enable us to appropriately manage and conduct our business; or
- it is legally permissible for us to do.
3. How we use your Personal Information
We use your personal and health information primarily to deliver seamless, integrated, and safe clinical care. Specifically, your data is used to/for:
- Triage your condition across our multi-disciplinary team to create a personalised health care plan.
- Communicate with you, which can include sending appointment reminders and other relevant information related to your treatment with one of our practitioners.
- Process payments, Medicare rebates, DVA claims and private health insurance claims.
- Communicate clinical updates securely with your referring GP or treating specialist to ensure continuity of care.
- Quality assurance and improvement to our processes, for example risk management.
- Comply with the law, including circumstances where disclosure is required without your consent for example where a serious threat to life, health or safety exists. We may obtain further information from you to comply with the law if required.
4. Disclosing your Personal Information
4.1 WHY YOUR PERSONAL INFORMATION IS USED AND DISCLOSED
OAS may disclose your Personal Information to our administrative staff, third parties/other service providers in order to provide healthcare services to you.
4.2 WHO YOUR PERSONAL INFORMATION IS SHARED WITH
Your Personal Information may be disclosed to healthcare professionals directly involved in your treatment. Where your medical records are required in the case of a medical emergency, we will provide these to the relevant medical professional without waiting for your consent, where we believe this is in your interests.
Your Personal Information may also be provided to other third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action.
There are instances where OAS will disclose your Personal Information including where it is permitted or required by law, or as follows;
- OAS Administrative Staff: to allow OAS to manage its files, records, and bookings, process payments and otherwise conduct its business;
- LAW ENFORCEMENT BODIES AND OUR REGULATORS: or authorities in accordance with law or good practice for example by order of a court or otherwise required by law;
- HEALTHCARE PROFESSIONALS: including hospitals, your treating GP or other specialists for example in connection with your referrals and health treatment plan;
- GOVERNMENT RELATED THIRD PARTIES: including Services Australia in connection with the services including for payment and claim processing;
- FAMILY OR REPRESENTATIVE: any person, family member, representatives or other organisations that you have consented or where we are required, permitted, authorised or otherwise directed to by law;
- APPROPRIATE PARTIES IN THE EVENT OF EMERGENCIES: in particular to protect health and safety of you and others including where it is required to prevent serious risk to the health, safety or life of you or another; and
- YOU CONSENT: in instances where you consent for example to provide a report to another medical professional, lawyer, insurer or advisor, to discuss with another person connected with your treatment (including a spouse, parent or employer).
5. Overseas Recipients
OAS and our third parties are within Australia. We will not store or disclose any of your Personal Information to any overseas entities, third-parties or persons.
6. Data Storage, Quality and Security
OAS is committed to ensure the security and accuracy of your personal information.
OAS will keep your patient records including any notes taken during your private consultation in accordance with the Privacy Act (subject to legal obligations). Any reasonable request from you to be provided with your Personal Information cannot be withheld.
- Digital Records: Any digital administrative data or contact information collected via our internal systems is securely encrypted and stored on password-protected servers with strict access permissions.
- Clinical Records: Full clinical files are managed through encrypted, AHPRA-compliant clinic management software that meets rigorous Australian cybersecurity standards for medical records.
- Physical Records: Hand-completed paper questionnaires or information provided by you or collected by us is saved directly into encrypted practice management software, after which the physical sheets are given back to you or securely destroyed.
- OAS staff undertake annual training on privacy;
- We have detailed internal processes and systems to protect your Personal Information;
- Our IT security includes virus controls, firewalls, encryption, user identifiers and passwords to control access to computer systems where your Personal Information is electronically stored;
- We use an Australian hosted data centre to store and back-up our data. This is managed by professional IT consultants, and we have written agreements with them which includes requirements for backup, security and that they abide by the Australian Privacy Principles.
- Data collected can be stored for different periods of time depending on what it is and how it is used. Generally, your information is kept for as long as needed to provide medical services, comply with legal, accounting or regulatory requirements or to deal with claims.
- The practitioner and OAS have a legal requirement to store your information for at least seven years from the time you had last contact with practitioner, or if you are a minor, until you turn 25 years of age.
7. Destroying your Personal Information
OAS have secure destruction bins on site, for hardcopy files or documents. Records are destroyed securely to maintain your confidentiality and to protect the information against misuse or unauthorised access, disclosure or modification, and damage, loss or theft.
OAS will keep data (electronically) in line with the Australian Law and Regulations for our record keeping obligations.
8. Accessing and Amending your Personal Information
8.1 Accessing your personal Information
At OAS, you have the right to access your Personal Information, with any exceptions as allowed by law. All individuals have a right to request access to their Personal Information. Please contact us if you would like to access your Personal Information. We will generally provide you with access to your Personal Information within a reasonable period (but being no more than 30 days after your request). Depending on the amount of information requested, we may charge an administration fee to cover the cost of retrieving the information and supplying it to you.
Access to Personal Information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or the request for access is frivolous or vexatious. If we deny or restrict your access, you will be provided with a written explanation.
If you have any concerns about the way your Personal Information is stored, disclosed or otherwise managed, or believe that a breach of your privacy has occurred, please contact us in writing. We will respond to your concerns as soon as reasonably practicable (and no more than 30 days after your request).
If you are for whatever reason not satisfied with the response or resolution of your concerns or complaint, you can contact the Office of the Australian Information Commissioner on 1300 363 992 or by visiting www.oaic.gov.au.
8.2 Amending your personal Information
If you believe that any Personal Information that we hold is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us in writing.
To make such requests, kindly submit a written request to admin@orthoarthritis.com.au
It is your responsibility to advise of any changes to your Personal Information (for example change of residential address, email address or phone number). We will respond within a reasonable time (but being no more than 30 days after your request) and will endeavour to correct any Personal Information. You may request that you be provided with your Personal Information or it be deleted. Any written request by you cannot be unreasonably withheld. However, in some limited circumstances the requested corrections to Personal Information may be refused, in which case you will be provided with written reasons for this decision.
We are committed to maintaining the accuracy, relevance, and completeness of your personal data. If any information is found to be inaccurate, out-of-date, or incomplete, we will take reasonable steps to correct it. If access or correction is refused, we will provide written reasons in compliance with the APPs.
9. Third Party Websites
Our website, email updates and other communications may, from time to time, contain links to and from the websites of others. The Personal Information that you provide through these websites is not subject to this Privacy Policy and the treatment of your Personal Information by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
10. Definitions within this Policy
In this Privacy Policy, the following terms have the meaning given to them below unless the context requires otherwise:
- APPs: means the Australian Privacy Principles;
- Privacy Policy: means this privacy policy as amended from time to time made available in a physical or electronic copy upon request;
- Personal Information: has the meaning given to it in the Privacy Act, which includes information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not or in a material form or not;
- Privacy Act: means the Privacy Act 1988 as amended from time to time;
- Sensitive Information: has the meaning given to it in the Privacy Act, which includes information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal record;
- OAS/we/us/our: Ortho and Arthritis Solutions Pty Ltd – ABN: 93 686 925 646
- You/Your/The Patient: means the individual who we collect the Personal Information from and about.
11. Complaints
If you have a complaint relating to an alleged breach of the APPs, you should contact us using the details listed in this Privacy Policy.
When you notify us of a complaint about our handling of your Personal Information, we will deal with the complaint by responding to it in writing within a reasonable period (usually 10 business days from the day we receive your written notification).
We will endeavour to work with you to resolve the complaint entirely within 30 days, although that period may be longer if it is reasonable to take longer given the nature of your complaint.
If you are unsatisfied with our response, you may make refer the complaint to the Office of the Australian Information Commissioner (OAIC) https://www.oaic.gov.au/ or The Office of the Privacy Commissioner on 1300 363 992 or visit https://www.privacy.gov.au/complaints.
12. Changes to this Privacy Policy
Ortho and Arthritis Solutions Pty Ltd reserves the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use our service.
Ortho and Arthritis Solutions Pty Ltd welcomes your comments regarding this Privacy Policy. If you have any questions or complaints about this Privacy Policy, the way we hold or disclose Personal Information or would like to see the current version, please contact us by any of the following means;
Contact: The Privacy Officer
Ph: 07 2101 2650
Email: admin@orthoarthritis.com.au
Post: Suite 5A, Level 6, Pacific Private Clinics
123 Nerang Street, Southport, QLD, 4215
