- Clearly communicate how Hunter Primary Care Limited (HPC) complies with the Australian Privacy Principles and relevant legislation dealing with privacy in Australia
- Describe the personal information handling practices of HPC and enhance the transparency of its operations
- Give individuals a better and more complete understanding of the sort of personal information that HPC holds, and the way we handle that information
- Provide details of how individuals can complain or report a breach of our responsibilities in regard to privacy, and how we will handle such complaints
This policy does not extend to personal information held as part of a HPC’s employee records.
Statistical information that is used for program reporting and to support the review and improvement of services is de-identified and aggregated to a level that makes the identification of individuals impossible. Such information therefore is not personal information as defined and therefore is not covered by this policy.
We respect people’s personal information and their right to privacy.
Protecting privacy when handling personal information is very important to HPC and is fundamental to the way that we operate. When we collect or are given personal information, it imposes a serious responsibility upon us to protect that information and maintain the trust that has been given to us. For the purposes of this Policy, no distinction has been made between the handling of personal information and sensitive information (including health information).
Our methods for the collection of personal information are lawful and fair. It is our usual practice to collect personal information directly from the individual or their authorised representative. Sometimes we collect personal information from a third party or from a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way or, if it is necessary, for a specific purpose such as the investigation of a privacy complaint.
In limited circumstances we may receive personal information about third parties from individuals who contact us and supply us with the personal information of others in the documents they provide to us.
In circumstances where HPC will have no need to contact an individual in the future, and is not required or authorised by law to deal with identified individuals, they have the right to anonymity or pseudonymity when providing information.
HPC will take reasonable measures to ensure that each individual providing personal information is informed about and understands the purpose of collecting the information and the consequences (if any) of providing incomplete or inaccurate information. Privacy statements will reference this policy, set out the purposes for which we are capturing information and any intended disclosure to other parties.
At times, HPC may receive unsolicited information. If unsolicited information is received, HPC will determine whether the information could reasonably have been collected as if it had solicited the information. If not, the information will be de-identified or destroyed, provided it is not unlawful to do so.
Where we are providing direct health services, we also collect and hold records of health information as well as other sensitive information to support a biopsychosocial approach to health care delivery.
Other circumstances in which we may disclose personal information are set out below.
- To third parties to provide care or treatment. However, we will only do so with prior consent or, if a person is unable to provide consent and we are not aware that it is against their wishes, where it is necessary in order to be able to provide care or treatment. We may make such a disclosure, for example, to a carer to let them know how often to administer medication.
- To contractors to whom we outsource certain functions, such as electronic network administrators. However, where possible, we take contractual measures to ensure that they comply with the privacy standards set out in the Privacy Act. We require our contractors to sign nondisclosure agreements and do not permit them to subcontract their services.
- From time to time, to medical researchers where permitted under the Privacy Act. Where appropriate, we will de-identify information before we disclose it for research purposes.
- To persons involved in accrediting HPC. For example, a person from an accreditation agency may need to review our information handling procedures which may involve accessing patient records.
- In other circumstances where we are expressly permitted to do so under the Privacy Act; for example, where we are legally required to do so, such as under a court order.
In all circumstances, we aim to limit the amount of information disclosed to that which is necessary for the purpose of the disclosure. Further, where appropriate, we de identify information before disclosing it.
In rare circumstances, and only where it is permitted under the Privacy Act, we may not be able to provide an individual with access to all, or parts of, their information; for example, where:
- it would pose a serious threat to the life, health or safety of any individual or to public health or public safety
- it would have an unreasonable impact upon the privacy of others
- the information relates to existing or anticipated legal proceedings between us through which it would not otherwise be available
- any other lawful reason contained in the Privacy Act
If we are unable to provide access, we will state why this is so and consider whether the use of an intermediary would be appropriate to provide the individual with an explanation of the personal information.
In the unlikely event that we disagree about the accuracy of the information and refuse to correct the personal information, the individual will be notified in writing the reasons for the refusal, the mechanisms to complain and any other matter prescribed by the regulations. The individual may provide us with a statement that he or she disputes its accuracy and we will associate the statement with the information in the individual’s file in such a manner that it will be brought to the attention of each person who uses the information.
We limit access to personal information to individuals with a business need consistent with the reason the information was provided. We keep personal information only for as long as it is required for business purposes or by the law.
If you believe that there has been a breach of this policy, you should set out details of your complaint and send it to HPC’s Privacy Officer at PO Box 572, Newcastle NSW 2300.
Complaints that are received will be resolved in accordance with HPC’s complaints handling procedures. Complaints will normally be investigated and either resolved or progress communicated to the complainant within 35 days.
Amendments to policy
We may amend this policy from time to time in order to ensure that it remains accurate in view of any alterations to our information handling practices due to new technologies and changed business practices. Any updated policy will be published on our website.
References/ Related Documents
For more information about the Australian Privacy Principles visit www.oaic.gov.au.