Privacy Policy and Procedure

5.05

Purpose

This privacy policy has been developed to ensure Corporate Health Management (CHM) meets its state and federal legislative requirements and remains compliant with the requirements of the Australian Privacy Principles (APPs) and is governed by the Health Records Act (Victoria) 2001 and the Privacy and Data Protection Act 2014. It applies to Corporate Health Management (CHM) and its subsidiary, The Wellness Practice (TWP) and others. References to CHM within this policy encompass all entities.

This privacy policy is to provide information to patients, on how their personal information (which includes health information) is collected and used within CHM and the circumstances in which we may share it with third parties.

Why and when consent is necessary

When a patient of CHM registers either via an online system or completing a new patient form/pre-assessment questionnaire you provide consent for our practitioners and business support staff to access and use your personal information, so they can provide you with the best possible healthcare. Only CHM staff and subcontractors who need to access to personal information will have access to it. If we need to use a patient’s information for anything else, we will seek additional consent from the patient to do this.

Why do we collect, use, hold and share your personal information?

CHM need to collect your personal information to provide you with appropriate healthcare services. Our main purpose for collecting, using, holding, and sharing personal information is to manage the health of our clients and customers and ensure we provide the best possible services to you. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, business processes (e.g. staff training), and to contact you for promotional and marketing purposes.

For customers receiving a vaccination it is a mandatory requirement for all vaccinations administered to be recorded to the Australian Immunisation Registry (AIR). This change in regulation came into effect on 1 March 2021. Details such as a patient's Medicare card number will be requested as this is one of the requirements used by AIR to identify and ensure data is matched to the right person. A person’s sex with Medicare is also mandated by AIR where currently only Male/Female are the input fields accepted by AIR. This is not related to, nor a reflection on gender identity. 

What personal information do we collect?

The information CHM may collect about patients, when providing Health services includes:

  • Names, date of birth, addresses, contact details

  • Medical information including medical history, symptoms, medications, allergies, adverse events, immunisations, social history, family history and risk factors

Dealing with us anonymously

As per The Privacy Act patients, customers, and clients have the right to deal with CHM anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How do we collect personal information?

CHM will collect your personal information:

  1. When a patient makes their first appointment, they will be provided access to CHM’s required patient history forms to complete.

  2. While providing Medical Services, CHM may collect further personal information via means inclusive of; Electronic Transfer of Prescriptions (eTP) and/or CHM’s IT infrastructure.

  3. CHM may also collect a patient’s personal information should they; visit our website, send us an email, SMS, telephone us, engage in Live Chat make an online appointment or communicate with us using social media.

  4. In some circumstances, personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from the patient directly. This may include information from:

  • Patient’s Guardian or responsible person

  • Other involved healthcare providers, such as specialists, external allied health professionals, disability support services, hospitals, community health services and pathology and diagnostic imaging services

  • Patient’s health fund or Medicare

  • CHM approved sub-contractors

For vaccinations:

  • CHM will only use your personal details for the purposes of getting vaccination information to meet legislative, government policy, mandate, or employer policy requirements. We can only see this information when we complete our validations, we cannot see any other medical history or information when using your Medicare details.

  • CHM will not share any personal information with employers outside of specified vaccination history for purpose (based on the consent of the employee).

  • Data is stored securely by CHM (as per the state and federal legislative requirements and remains compliant with the requirements of the Australian Privacy Principles (APPs) and is governed by the Health Records Act (Victoria) 2001 and the Privacy and Data Protection Act 2014 and will not be used for any other purpose.

Who do we share personal information with?

CHM sometimes share patient’s personal information:

  • With third parties (CHM approved sub-contractors) who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles (APPs) and this policy

  • With other, CHM approved healthcare providers

  • With other disability support providers or healthcare providers

  • When it is required or authorised by law (e.g. court subpoenas)

  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

  • To assist in locating a missing person

  • To establish, exercise or defend an equitable claim

  • For the purpose of confidential dispute resolution process

  • When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)

  • While providing Occupational Medicine Services, through Electronic Transfer of Prescriptions (eTP), CHM’s Patient Record Management System

Only people that need to access your information will be able to do so. Other than in the course of providing Healthcare Services or as otherwise described in this policy, CHM will not share personal information with any third party without patient consent.

CHM will not share patient’s personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

By providing CHM with your personal information, you are consenting to be contacted by CHM for marketing any of our goods or services directly to you. You may opt-out of direct marketing at any time by notifying the practice in writing or unsubscribing using the links in our direct email communications.

How do we store and protect information?

Personal information may be stored at our practice in various forms, these include:

  • Paper records

  • Electronic records

  • Visual records (X-rays, CT scans, videos and photos)

Our practice stores all personal information securely. To ensure the security of patient information, CHM maintains patient information in the following manners.

Paper and Visual Records: In a secured environment consisting of a CHM operated medical facility, within a locked filing cabinet(s).

Electronic Records: Electronic records are stored utilising CHM’s protected information system which delivers the following in relation to data storage and security:

  • Compliant with Australian healthcare storage protocol

  • HL7 compliant. HL7 refers to a set of international standards for transfer of clinical and administrative data between software applications

  • Ensures all medical records are stored on servers (including backups) within Australia.

  • Data transfer is encrypted by using 256-bit SSL connection

  • All databases use local encryption.

Visual Records: Visual records are stored via a combination of paper and electronic record storage methods.

How can you access and correct personal information?

You have the right to request access to, and correction of, your personal information at anytime.CHM require this request in writing addressed to “The Quality Manager” at enquiries@chm.com.au and CHM will respond within 5 business days.

CHM will take reasonable steps to correct personal information where the information is not accurate or up to date. From time-to-time, we will ask for verification or clarification of personal information held by us to ensure it is correct and up to date. You may also request that we correct or update your information.

How do you lodge a privacy related complaint, and how will the complaint be handled?

CHM take complaints and concerns regarding privacy seriously. Patients should express any privacy concerns they may have in writing. CHM will then attempt to resolve the complaint in accordance with our resolution procedure. All complaints made in writing will be responded to within seven (7) days.

Complaints to be addressed to: Corporate Health Management - CHM. URGENT Attn. The Quality Manager

Email: enquiries@chm.com.au

Postal Address: 521 Toorak Road, Toorak, 3142, Victoria

Contact Number: 03 8584 1900

CHM may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require people to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur.

Category Documentation & Records Management

Sub-category Clinical Records

Issue date 14 Oct 2015

Reference no. CHM05.05

Expiry date 23/02/2025

Last reviewed 23/02/2024