The purpose of this policy is to provide information to patients on what data (including personal details and health related information) may be collected and used within Body & Brain Centre and under which circumstances it may be shared with third parties.
What Information is Collected?
We may collect quite different types and amounts of information depending on the patient, the nature of their complaint, and the amount of collaboration required with other members of the Body & Brain Centre team or third parties (both third-party payees and third-party consultants). Information regularly collected includes:
Name, date of birth, address, contact details, emergency contact
Nature and history of the health care complaint
Treatments notes including relevant parts of discussion held during treatment or outside treatment via email / sms / phone / in person / etc
Medical history including medications, allergies, social history, risk factors, family history
Details relating to third-party payees including Medicare, Private Health Insurance, etc
How is this Information Collected?
This information may be collected in several ways including:
When booking your first appointment we will take your details so that we can add you onto our practice management system
When booking online we require your personal details so that we may either confirm you as a current patient or add you as a new patient
When there are language, capacity, age, hearing or other barriers, we may collect this information from a third party such as a legal guardian or a family member or friend
During treatment, any relevant information provided by the patient may be recorded in the practitioner’s treatment notes
From third-party health care providers such as your GP, surgeon, pathologist or any other health care practitioner
From your health fund or third-party payee such as Medicare, Private Health Insurance, WorkSafe, Department of Veteran’s Affairs, TAC and others
What About Cookies?
Who Could this Information be Shared With?
We may share your personal information:
With other healthcare providers within the clinic – while we will do our best to obtain consent for this, if you book in to see an alternate practitioner before consent has been obtained, they will have access to your past treatment notes to provide a safer and more effective treatment
With healthcare providers outside the clinic – again, we will do our best to obtain consent prior to this but may have to disclose information in the case of emergency
When it is required or authorised by law (such as with a court subpoena)
When necessary to prevent a threat to a person’s or public’s life, health or safety
To establish or defend a claim made against a patient or practitioner
When there is a legal requirement to share (some diseases require mandatory notification)
With third parties who work with our practice for business purposes (for example our accountant may require access to invoices and payment information)
When audited by a third-party payer (for example, Private Health Insurers may require treatment notes as proof that a treatment was performed on a certain date)
Most importantly, only people who require access to your information will be provided with this.
Can I Access my Records?
Yes. If you require access to your patient records or treatment notes please request this via letter or email and allow us 30 days to process your request. If you require us to correct or change your personal information, please let us know at first opportunity.
Where are my Records Stored?
Records may be stored in several ways, but the vast majority are stored electronically on our practice management system Cliniko. Cliniko stores its data with AES-256 encryption in secure datacentre facilities and the two-factor authentication required by practitioners to log into their account provides an extra layer of data security. Patient files are regularly backed up onto our own servers, again under AES-256 encryption and requiring two-factor authentication. Some information may be stored securely in a hard-copy format such as pre-consultation paperwork, X-Rays, CTs, etc. In some cases, we may hold on to paperwork until it can be uploaded to the more secure electronic format. Once uploaded, we will either return the document to the patient or destroy it (usually in our paper shredder) as necessary. For more information on electronic data retention and security please visit Cliniko’s Security Page.
What About my Consent?
When you arrive at the clinic for your first consultation, we require your consent before commencing with your treatment. Practitioners and practice staff require access to your information in order to provide you with the best possible healthcare. Please note that you can withdraw your consent at any given time. Doing so however may impact on our ability to provide you with treatment, or to provide you with access to third-party payment contributions.
We strongly urge patients to provide accurate and fully inclusive information to their healthcare provider as the advice, recommendations and treatment plan is based on this information. Non-disclosure of relevant information may increase the risk of adverse treatment outcomes and may also reduce the effectiveness of treatment received. We request that all patients update their practitioners on any changes to personal information, medial conditions or health concerns as they arise.