Privacy and Security of Personal Health Information

Bathurst General Practice Group (and associated trading entities Busby Medical Practice, Brooke Moore Medical Practice, Bathurst Skin Cancer Clinic) is committed to protecting your privacy and we are bound by the Australian Privacy Principles in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

1.0 ABOUT THIS POLICY

This policy sets out how Bathurst General Practice Group handle (collect, use, store and disclose) personal information in accordance with the National Privacy Principles under the Australian Privacy Act 1988 (Privacy law) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

Bathurst General Practice Group operates a serviced office arrangement and provides services and facilitates to assist the independent practitioners to carry out their medical practice.

By contacting us, scheduling an appointment for, and/or having a consultation with, an independent practitioner (whether the consult is completed by you or not), you consent to us collecting, holding, using and disclosing your Personal Information in accordance with this Privacy Policy.

This Privacy Policy may be amended from time to time. You will be notified of important changes and provided with a prominent link to those changes for a reasonable length of time following the changes. You consent to any amendments to this Privacy Policy by continuing to use the services. Please ensure you regularly check our website for updates of this Privacy Policy.

2.0 COLLECTION OF YOUR PERSONAL INFORMATION

2.1 Purpose of collecting personal information

Bathurst General Practice Group collects personal information for the purpose of carrying out its functions as a general practice, employer, and other associated functions.

Your Personal Information may be collected, held, used or disclosed for a number of reasons including:

  • with your consent for example you share details for particular purposes including relating to scheduling an appointment with an independent practitioner;
  • to contact you (including on behalf of the independent practitioner), for example, sending your appointment reminders, to respond to your queries, or to tell you something important;
  • to comply with legal, regulatory and licencing requirements; and
  • where processing is necessary for our legitimate business interests or those of a third party, provided this does not override any interests or rights that you have as an individual.

Our legitimate interests include understanding and responding to feedback and enquiries, and providing the appropriate facilities and services to enable independent practitioners to provide relevant services to their patients.

2.2 Type of personal information collected

This Privacy Policy relates to all information supplied by you to us or to independent practitioners who engage us including:

  • Contact information: your name, position, role, company or organisation, telephone number email, postal address emergency contact details;
  • Communications: information provided in communications to us including when you book (or enquire about booking) an appointment with an independent practitioner;
  • Information from public sources: for example, from LinkedIn and similar professional networks, directories or internet publications;
  • Financial information: we may obtain your bank account details (or third party payer details) for example when taking payment for an appointment with an independent practitioner (whether that appointment has occurred or not and including a deposit, or late or cancellation fees);
  • Medical information: we may collect information about your health and medical history for the purpose of your consultation and to process payment and rebates, through Medicare;
  • Social media: interactions with our social media presence including posts, and associated likes, and other;
  • Technical information: when you access our website and technology services being IP address, time zone setting, browser plug-in types and versions, operating system you are using, device type, hardware model, MAC address, unique identifiers and mobile network information;
  • Online data: when you access our website, app and technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance, pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and other similar information and whether you click on particular links or open emails from us;
  • Medicare number: your Medicare number (in certain circumstances where it is necessary for us to liaise with Services Australia); and
  • Individual Healthcare Identifier (IHI): your IHI number (in certain circumstances for the purposes of communicating and managing health information including through the My Health Record in accordance with the Healthcare Identifiers Act 2010 (Cth)).

Under the Privacy Act, you have the option of not identifying yourself or using a pseudonym unless identification is required or authorised by or under law or it would be impracticable to deal with individuals who have not identified themselves. If you do not wish to identify yourself and provide your Personal Information, then you do not have to do so, however it may affect the Practitioner’s ability to treat you or see you for a consultation.

You always have the right to request us to remove your details from our database or reduce the volume of correspondence you receive from us.

2.3 How we collect information

There are a number of ways we may collect personal information. These may include (subject to the Australian Privacy Principles):

  • directly from you when you provide information by phone, in person, via our website;
  • from our own records of your transactions and interaction with Bathurst General Practice Group;
  • from publicly available sources of information;
  • in forms filled out either online or in hard copy;
  • face to face or when you speak with us directly;
  • via email;
  • via online surveys;
  • via social media messages or conversations and;
  • in voice or image recordings.

2.4 Collecting sensitive information

As part of administering services to you, we may collect health information and other sensitive information.

We will take all reasonable steps to ensure that all sensitive information we collect is in accordance with the APPs.
Sensitive Information is only used if:

  • it is not otherwise permitted under this Privacy Policy, but you have provided express and informed consent for the particular processing;
  • it is necessary to protect your vital interests or those of another person for example, in medical emergencies;
  • you have manifestly made the data public for example, where you have published it on social media;
  • it is necessary to deal with legal claims for example, involving court proceedings;
  • it is necessary for substantial public interest for example, to prevent or detect unlawful acts; or
  • it is permitted by applicable law.

2.5 Collecting information from third parties

At times, Bathurst General Practice Group may gather information about you from third parties. We are committed to transparency and will take reasonable steps, in line with Australian Privacy Law, to notify you of the collection of your information.

Personal Information may be received directly from you or third parties who assist us with our legal obligations. This information may be exchanged over the phone, by email, SMS, in person, via any online booking page accessible through our website or in any other form of written communication. Personal Information may also be obtained about you from a healthcare professional such as a treating GP or specialist practitioner.

If you send us an email containing Personal Information, we will use all reasonable endeavours to ensure the confidentiality of that information. Our internet host may monitor emails sent to us for maintenance, service provision, and fault detection purposes. We may also monitor emails to ensure compliance with our legal obligations. We may forward emails to third parties where the email contains feedback or complaints, or to assist us to respond to feedback and complaints and to otherwise assist with the management of our business. Email is not a secure method of communication. If you are concerned about sending your Personal Information to us by email, you should consider contacting us in person, by alternative written means or by telephone.

Personal Information is not collected about your online activities across third party websites or online services.
The information you provide to us will not be made available to other practitioners, our staff of or interested parties either: (a) without firstly obtaining your written consent (unless required or permitted by law); or (b) in accordance with this Privacy Policy.

2.6 Cookies / collecting information from websites

When visitors access Bathurst General Practice Group main and affiliated sites, we may employ embedded software and utilise cookies to enhance user experience. These cookies gather data on page views, user interactions, and site performance, allowing us to optimize content delivery and improve our services.

We use Google Analytics and pixel tracking for insights, respecting your privacy. Opt-out options for customized services are available through Ad Settings and Google Analytics Opt-out Browser Add-on.

Bathurst General Practice websites may contain links to other external websites. Bathurst General Practice Group is not responsible for the privacy practices or the content of websites that it may link to and, cookies or other tracking devices that are used on linked websites.

3.0 USE AND DISCLOSURE OF PERSONAL INFORMATION

3.1 General

Your privacy is our priority at Bathurst General Practice Group. We will not share your personal information unless necessary for our business operations. Your data will never be sold, spammed, or rented without your consent. Bathurst General Practice Group will only use/disclose the information provided for the purpose(s) for which it was collected.

We prioritise the security of your data and ensure third-party service providers adhere to privacy regulations.
At any time you can notify Bathurst General Practice Group to be removed from mailing and distribution lists (‘opt-out’) and your decision will be respected by Bathurst General Practice Group.

We use your Personal Information for the following purposes:

  • to enable the independent practitioner who uses our services and facilities to provide services to you;
  • to assist in making an assessment as to which independent practitioner might be the most appropriate for you;
  • to communicate with you including for example sending appointment reminders and confirmations, or sending you your invoice or bill or reminding you of recalls and reminders;
  • receiving or responding to feedback, enquiries or concerns you may have;
  • compliance with law, including circumstances where disclosure is required without your consent for example where a serious threat to life, health or safety exists. We may obtain further information from you to comply with the law if required;
  • to monitor our website and our other technology services, to ensure they are used appropriately and working as intended, including as tracking outages, unauthorised use, or troubleshooting issues that you report to us
  • protecting our information and technology platforms from hacks, or identifying and addressing malware and other security threats; and
  • for quality assurance and improvement of processes purposes for example risk management.

We may de-identify your Personal Information (which involves removing or altering personal identifiers so that the information is no longer identifiable to the particular individual) for the purpose of our research and development. We will implement reasonable risk-management and governance processes and use its best endeavours to ensure all de-identified data is safely and securely stored including storing that information on a separate database which can only be accessed by authorised persons of Bathurst General Practice Group. You can request in writing that your de-identified data is removed from the data extraction process, and not used in any further research and development.

3.2 Who your Personal Information is shared with

Bathurst General Practice Group may from time to time utilise data hosting facilities or enter into contractual arrangements with third party service providers at destinations outside Australia.

In the event that data is stored in another country, all reasonable steps will be taken to protect your information in line with locally applicable data protection requirements.

Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents and/or partners.

Prior to disclosing personal information to third-party service providers operating outside Australia, Bathurst General Practice Group takes reasonable steps (in those circumstances) to ensure that the overseas recipient will handle that information in a way that does not breach the Australian Privacy Principles (APPs).

There are instances where we will disclose your Personal Information including where it is permitted or required by law, or as follows:

  • To Practitioners: that have engaged us to assist the independent practitioner to provide you with services, manage its files, records, and bookings, process payments and otherwise conduct its business;
  • Shared service centres: that we or third parties operate including for IT services, marketing, risk management and office support services;
  • Financial institutions: for payment processing;
  • Law enforcement bodies and our regulators: or authorities in accordance with law or good practice for example by order of a court or otherwise required by law;
  • Healthcare professionals: including hospitals, your treating GP, diagnostic services and specialists for example in connection with your referrals and mental health treatment plan;
  • Family or representative: any person, family member, representatives or other organisations that you have consented or where we are required, permitted, authorised or otherwise directed to by law;
    Appropriate parties in the event of emergencies: in particular to protect health and safety of you and others including where it is required to prevent serious risk to the health, safety or life of you or another;
  • You consent: in instances where you consent for example to provide a report to another medical professional, lawyer, insurer or advisor, to discuss with another person connected with your treatment (including a spouse, parent or employer);
  • Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganisation;
  • Independent contractors: including website designers, mailing and courier services, printers and distributors of direct marketing material and external advisors such as auditors, lawyers and debt collectors; and
  • Government related third parties: including Services Australia in connection with the payment and claim processing on behalf of the independent practitioner.

4.0 SECURITY

4.1 Storage and security of personal information

At Bathurst General Practice Group, we are committed to ensuring the security and accuracy of your information. We take all reasonable measures to safeguard both electronic and hard copy data, including adhering to the Payment Card Industry Data Security Standard for payment card information security.

We may keep your Personal Information in physical and electronic form (or a combination) in accordance with the Privacy Act (subject to legal obligations). We will store and process your information securely using good practice physical, technical and administrative security measures.

Where your Personal Information is also kept by an independent practitioner, how your information is dealt with is provided for under the independent practitioner’s privacy policy. We encourage you to read their privacy policy.

Exchanging information, including Personal Information, by the internet is not completely secure. Although we will take reasonable measures to protect your Personal Information, we cannot guarantee the security of information you transmit, so any transmission is at your own risk.

Your personal data is stored on secure servers within controlled facilities. Our employees and data processors are obligated to uphold confidentiality and adhere to our privacy policy and procedures.

4.2 How long your Personal Information is stored for

We retain the date we collect for different periods of time depending on what it is and how we use it.

We generally keep your information for as long as needed to provide our services to the independent practitioners, or as requested by the independent practitioner, comply with legal, accounting or regulatory requirements or to deal with claims.

We have a legal requirement to store your information for at least seven years from the time you had last contact with an independent practitioner, or if you are a minor, until you turn 25 years of age.

Once your Personal Information is no longer needed (for example you no longer see an independent practitioner at our premises), it will be destroyed (either by shredding physical documents or deleting electronic information from all servers, subject to any back-up records).

5.0 ACCESS TO AND CORRECTION OF PERSONAL INFORMATION

5.1 How you can correct your Personal Information

If you believe that any Personal Information that we hold is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us in writing.

To make such requests, kindly submit a written request to one of the emails below.

It is your responsibility to advise of any changes to your Personal Information (for example change of residential address, email address or phone number). We will respond within a reasonable time (but being no more than 30 days after your request) and will endeavour to correct any Personal Information. You may request that you be provided with your Personal Information or it be deleted. Any written request by you cannot be unreasonably withheld. However, in some limited circumstances the requested corrections to Personal Information may be refused, in which case you will be provided with written reasons for this decision.

We are committed to maintaining the accuracy, relevance, and completeness of your personal data. If any information is found to be inaccurate, out-of-date, or incomplete, we will take reasonable steps to correct it. If access or correction is refused, we will provide written reasons in compliance with the APPs.

5.2 Access to your Personal Information

At Bathurst General Practice Group, you have the right to access your personal information, with any exceptions as allowed by law. All individuals have a right to request access to their Personal Information. Please contact us if you would like to access your Personal Information. We will generally provide you with access to your Personal Information within a reasonable period (but being no more than 30 days after your request). Depending on the amount of information requested, we may charge an administration fee to cover the cost of retrieving the information and supplying it to you.

Access to Personal Information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or the request for access is frivolous or vexatious. If we deny or restrict your access, you will be provided with a written explanation.

If you have any concerns about the way your Personal Information is stored, disclosed or otherwise managed, or believe that a breach of your privacy has occurred, please contact us in writing. We will respond to your concerns as soon as reasonably practicable (and no more than 30 days after your request).

If you are for whatever reason not satisfied with the response or resolution of your concerns or complaint, you can contact the Office of the Australian Information Commissioner on 1300 363 992 or by visiting www.oaic.gov.au

6.0 COOKIES AND THIRD PARTY WEBSITES

6.1 Cookies and Google Analytics

Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and which allow us to provide you with customised services. We may use cookies and Google Analytics on our online services.

Google Analytics collects and processes data by using the website’s cookies to analyse the use of the website including, for example, how long users spend on each webpage and collect other ‘Online data’ described above. This information is used mainly for the optimisation of the website to enhance the user experience, and to allow us to better deliver our services. The data collected by Google is transmitted to a server in the United States (or other countries outside of Australia).

You can review how Google uses data by clicking on the following link: https://policies.google.com/technologies/partner-sites
Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to refuse cookies. However, if you do so, you may not be able to take full advantage of our website.

6.2 Links to third party websites

Our website, email updates and other communications may, from time to time, contain links to and from the websites of others. The Personal Information that you provide through these websites is not subject to this Privacy Policy and the treatment of your Personal Information by such websites is not our responsibility.

If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.

7.0 DEFINITIONS AND CHANGES

7.1 Definitions within this Policy

In this Privacy Policy, the following terms have the meaning given to them below unless the context requires otherwise:

  • APPs: means the Australian Privacy Principles;
  • Privacy Policy: means this privacy policy as amended from time to time made available on our website and available in physical copy upon request;
  • Personal Information: has the meaning given to it in the Privacy Act, which includes information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not or in a material form or not;
  • Privacy Act: means the Privacy Act 1988 (Cth) as amended from time to time;
  • Sensitive Information: has the meaning given to it in the Privacy Act, which includes information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal record;
  • Bathurst General Practice Group/we/us/our: Bathurst General Practice Group Pty Ltd
  • You/Your: means the individual who we collect the Personal Information from and about.

7.2 Changes to this Privacy Policy

Bathurst General Practice Group reserves the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use this site.
Bathurst General Practice Group welcomes your comments regarding this Privacy Policy. If you have any questions or complaints about this Privacy Policy or the way we hold or disclose personal information and would like further information, please contact us by any of the following means.

Phone:
Busby Medical Practice 02 6332 4266
Brooke Moore Medical Practice (formerly Russell Street Medical Centre) 02 6331 2266
Bathurst Skin Clinic 02 6324 5866

Email:
busby@bathurstgp.com.au
brookemoore@bathurstgp.com.au
skin@bathurstgp.com.au