Healthcare Imaging Privacy information
We are the diagnostic imaging division of the Healius Group. We operate diagnostic imaging and nuclear medicine facilities in Australia. These include facilities inside hospitals, facilities co-located with Healius Group medical centres, or standalone imaging facilities located in cities and towns across the country.
Our facilities in:
We operate as a service provider to independent specialist medical practitioners (radiologists and nuclear medicine physicians) who conduct their practices at our facilities. We provide those specialists with all the services and support people (such as radiographers, sonographers and administrative staff) they need to provide you and your referring medical or health practitioner with diagnostic imaging and nuclear medicine services.
In operating our facilities, we collect, use and disclose personal information so that you can receive the best medical care. We know that your privacy is important, so we take the privacy of your personal information very seriously.
What personal information do we collect and hold?
Personal information is information or an opinion about an identified person, or someone who is reasonably identifiable, whether or not the information or opinion is true and whether the information or opinion is recorded in a material form or not.
The types of personal information we may collect and hold about you include:
|Identity||Billing and administration||Medical|
· Date of Birth
· Email address
· Telephone number
· Healthcare identifiers
· Insurance membership number
· Credit card number
· Copies of scans and details of procedures requested
· Radiologist reports
· Radiologist clinical notes
· Referring practitioner clinical notes
· Disease status
How do we collect and hold personal information?
We collect personal information about you in several ways, including from:
When we receive a request for diagnostic imaging or nuclear medicine services in relation to you, we create a unique digital medical record for you. Every time a diagnostic imaging or nuclear medicine service is provided for you at one of our practices, new information is added to your medical record.
We take reasonable steps to protect patient medical records from misuse, interference and loss and also from unauthorised access, modification and disclosure.
Why do we need your personal information and what do we do with it?
Patient care – We collect, maintain, use and disclose personal information about you in order to assist the medical practitioners at our facilities to provide you with appropriate care, treatment and services.
The information in your medical record is used by us and the medical practitioners:
Our Secure Portal
We operate a secure, password-protected, web-based portal for health practitioners and hospital staff to access the encrypted reports, images and other personal information we hold as part of your health records with us. Health professionals and hospitals must apply to us for access and permission to use this portal.
Before we grant access, they must agree to our terms and conditions to do so which include that access is only for medical reasons and solely for your benefit, and that they will keep the information private and confidential. Health practitioners and hospital staff also have their own obligations under privacy laws, professional obligations and duties of confidentiality when dealing with your patient records.
Your records with us will be available to health practitioners and hospital staff that have been granted access to our secure portal. Our systems enable us to track and audit access to the files we hold. If you do not wish your records to be available to a particular health practitioner, you can request this in writing and we will action your request within a reasonable time. However please note that such a request may adversely affect that practitioner’s ability to provide you with medical care.
- Operating our business and sending accounts
We use, and where necessary disclose, your personal information to manage our accounts and obtain payment for the services provided to you on behalf of the medical practitioner who provided the services. Specifically, we will use and, where necessary, disclose your personal information to obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs. This may also extend to disclosure of your personal information to a debt collector or a credit-checking agency. We also use, and where necessary disclose, your personal information for data entry and data analytics purposes.
If the circumstances require, we may disclose your personal information to our insurers or the insurers of medical practitioners at our facilities.
We may also use your personal information to:
- Teaching and research
We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our facilities. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.
Entities undertaking research (for example universities) periodically request data from the medical records we hold. We will only provide identified data in response to these requests when authorised to do so by the Privacy Act 1988 (Cth). University students in healthcare disciplines who are undertaking clinical placements at our facilities may have access to and use your personal information, subject to strict confidentiality obligations.
- Other disclosures
We may be required by law to disclose your personal information without your consent, for example a Court order.
What happens if we do not collect your personal information?
If you don’t provide us with all the personal information we request, the medical practitioners at our facilities may not be able to provide diagnostic imaging or nuclear medicine services to you. We only collect as much personal information from you as the medical practitioners need to provide you with services and to allow us to obtain payment on their behalf for those services. If you elect not to provide your personal information, you may not be able to receive medical services at our facilities.
We take reasonable steps, and implement reasonable safeguards, to ensure the protection of the personal information that we hold. All patient information is handled securely and in accordance with professional duties of confidentiality.
We subject to a range of rules relating to the periods for which health information and records must be retained. We will retain health information about you:
- for at least 7 years from the last occasion on which we provided a health service to you – if we collected the information when you were 18 years old or older; or
- at least until you turn 25 – if we collected the information when you were less than 18 years old.
Do we transfer personal information overseas?
We may disclose your personal information to wholly owned subsidiaries of our parent company, Healius Ltd, or to third parties, which are based in India, Malaysia and the Philippines. These companies provide billing, payment and other administrative services, data-entry and data analytics services to us. We take reasonable steps to ensure that these companies do not breach the requirements of the Privacy Act 1988 (Cth) and other State and Territory legislation that may be applicable.
Can you access your personal information we hold?
You may request access to the personal information we hold about you. You can also request that corrections be made to it. We will respond to your request within a reasonable time.
There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.
There is no fee for requesting access to your personal information or for us to make corrections. However, we will charge a fee for our costs involved in collating and providing you with access to any personal information. That fee is payable before access is given.
What to do if you would like to make a complaint about a breach of the Australian Privacy Principles
If you have any concerns about how we handle your personal information, or you wish to make a complaint on the basis that we have breached the APPs or other privacy regulations, please contact us using the details below.
We will respond to your complaint within a reasonable time after it is made. This time may vary depending on the circumstances, including the level of investigation required.
How to contact us
|Telephone||(02) 9432 9523|
Level 6, 203 Pacific Highway
ST LEONARDS NSW 2065
Attention: Privacy Officer