Your Health Information and Personal Information is required to be protected by us pursuant to the Victorian Health Records Act and the Commonwealth Privacy Act.
The Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 and the Health Privacy Principles in the Victorian Health Records Act 2001:
- regulate the handling of personal and health information;
- give access rights to people in respect of their health information and personal information that has been collected by, and is held about them, by organisations;
- give people access to their personal information and health information for the purposes of correction; and
- provide a framework for resolving any disputes which may arise regarding the handling of your personal information or health information.
Collection - how we collect your personal information and health information
Alphington Sports Medicine Exercise + Rehabilitation will only collect health information necessary for the performance of its health services and with consent. Individuals who provide health information will be notified about what happens to their information and that they can gain access to it.
Use and disclosure - how we use and disclosure your personal information & health information
Alphington Sports Medicine Exercise + Rehabilitation will only use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose which the person would reasonably expect. If there is any doubt about this expectation then Alphington Sports Medicine Exercise + Rehabilitation will gain consent from the person for the use of their health information.
We never sell your information to other organisations and we comply with the requirements of the Privacy law in our marketing communications to you.
Alphington Sports Medicine Exercise + Rehabilitation will take all reasonable steps to ensure health information it holds is accurate, complete, up to date and relevant to the functions and services it provides.
Data security and retention
Alphington Sports Medicine Exercise + Rehabilitation will safeguard the health information it holds against interference, misuse, loss, unauthorized access and modification. We ensure that any providers of IT services to us (including overseas providers of IT services including Cloud services) are also privacy compliant.
Health information will be destroyed or deleted in accordance with Health Privacy Principle 4.
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for marketing purposes as you will have consented to that in writing with us.
Where Alphington Sports Medicine Exercise + Rehabilitation receive unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
In accordance with the Health Records Act, all Health information collected by Alphington Sports Medicine Exercise + Rehabilitation will not be deleted. Amendments or alterations to the health information will be recorded on a separate form and attached to the original file.
Access and correction
We will be entitled in some circumstances to refuse access and if we do so, we will consider whether a mutually agreed intermediary will allow sufficient access to meet your needs and ours.
Alphington Sports Medicine Exercise + Rehabilitation recognises that individuals have a right to seek access to health information about them, and that this right extends to correction of the information if it is inaccurate, incomplete, misleading or not up to date.
Although no fee will be charged for accessing your personal information or making a correction, Alphington Sports Medicine Exercise + Rehabilitation may charge a fee to retrieve and copy any material.
Alphington Sports Medicine Exercise + Rehabilitation will only assign a number or code number to identify a person if it is reasonably necessary to carry out the function or service efficiently.
You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Transferred data flows
Alphington Sports Medicine Exercise + Rehabilitation do not transfer any personal information overseas without the consent of the individual. Alphington Sports Medicine Exercise + Rehabilitation do, subject to your consent, send information to Sri Lanka for data inputting services. You have consented to this by ticking the box on our registration/new patient form.
We do not use overseas providers of IT services including servers and cloud services
Alphington Sports Medicine Exercise + Rehabilitation websites
Alphington Sports Medicine Exercise + Rehabilitation collect personal or sensitive information through websites, e-commerce systems, etc. Alphington Sports Medicine Exercise + Rehabilitation protects web sites through the use of encryption technology.
Transborder data flows
Alphington Sports Medicine Exercise + Rehabilitation will only transfer health information outside Victoria if the receiving organisation is subject to laws substantially similar to the Health Privacy Principles, or confidentiality and disclosure agreements are in place between the individual and the external organisation (i.e. in the case of overseas patients).
Making information available to another health service provider
Alphington Sports Medicine Exercise + Rehabilitation will make information relating to an individual available to another health service provider if requested by the individual and it is appropriate.
If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the Privacy Officer who will first deal with you usually over the phone. If we then have not dealt satisfactorily with your concerns we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
- email: email@example.com
- tel: 1300 363 992
- fax: +61 2 9284 9666
- website: https://forms.business.gov.au/aba/oaic/privacy-complaint-/
The Victorian Office of the Health Services Commissioner website is http://www.health.vic.gov.au/hsc/