Australian Privacy Principless (app) Policy
Part 1 – Purpose and Context
1.0 Bodyharmonix is committed to ensuring the privacy and confidentiality of all personal information affiliated with Bodyharmonix business undertakings.
1.1 Bodyharmonix follows the terms and conditions of privacy and confidentiality in accordance to the Australian Privacy Principles (APPs) as per schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), forming part of the Privacy Act 1988 (‘the Act’).
1.3 The point of contact regarding any queries regarding this policy is the Practice manager, at firstname.lastname@example.org.
Part 2 – Australian Privacy Principles
2.0 As a private sector health service provider and under permitted health situations, Bodyharmonix is required to comply with the APPs as prescribed under the Act.
2.1 The APPs regulate how Bodyharmonix may collect, use, disclose and store personal information and how individuals, including Bodyharmonix’s clients/patients may:
- address breaches of the APPs by Bodyharmonix;
- access their own personal information; and,
- correct their own personal information.
2.2 In order to provide clients/patients with adequate health care services, Bodyharmonix will need to collect and use personal information. It is important to be aware that if the clients/patients provides incomplete or inaccurate information or the clients/patients withholds personal health information Bodyharmonix may not be able to provide the client/patient with the services they are requesting.
- “personal information” as defined by the Privacy Act 1988 (Cth). Meaning
“information or an opinion including information or an opinion forming part of a database, whether true or not, and whether recorded in a material format or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”; and,
- “health information” as defined by the Privacy Act 1988 (Cth). This is a particular subset of “personal information” and means:
(a) Information or opinion about the health or disability (at any time i.e. past, present or future) of an individual that can be classified as personal information;
(b) Information or opinion about an individual’s expressed wishes about the future provision of health or fitness services that can be classified as personal information;
(c) Information or opinion about health or fitness service provided, or to be provided, to an individual, that can be classified as personal information;
(d) Other personal information collected to provide, or in providing, a health or fitness service;
(e) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(f) Genetic information about an individual in a form that is, or could be, predictive of the health or fitness of the individual or a genetic relative of the individual.
2.3.1 Personal information also includes ‘sensitive information’ which is information including, but not limited to a clients/patients:
- political opinions;
- sexual preferences; and or,
- health information.
2.3.2 Information deemed ‘sensitive information’ attracts a higher privacy standard under the Act and is subject to additional mechanisms for the clients/patients protection.
Part 3 – Different types of personal information
3.0 Bodyharmonix collects information from each individual clients/patient that is necessary to provide the client/patient with adequate health care services.
3.1 This may include collecting information about a clients/patients health history, family history, ethnic background or current lifestyle to assist the health care team in diagnosing and treating a patient’s condition.
Part 4 – Collection & Retention
4.0 This information will in most circumstances be collected directly from the clients/patient through but not limited to the following mediums:
(g) Health Care Service patient consent form;
(h) medical treatment form; and or,
(i) face to face consultation.
4.1 In other instances, Bodyharmonix need to collect personal information about a clients/patients from a third party source. This may include:
- relatives; or,
- other health service providers.
4.2 This will only be conducted if the clients/patients has provided consent for Bodyharmonix to collect his/her information from a third party source; or, where it is not reasonable or practical for Bodyharmonix to collect this information directly from the clients/patients. This may include where:
- the clients/patients health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment.
4.3 Bodyharmonix endeavours to store and retain a clients/patient’s personal & health information in [hard copy on site, transferred electronically onto a domestic server etc].
Part 5 – Collection, Use & Disclosure
5.0 Bodyharmonix only uses a clients/patients personal information for the purpose(s) they have provided the information for unless one of the following applies:
- the clients/patients has consented for Bodyharmonix to use his/her information for an alternative or additional purpose;
- the disclosure of the clients/patients information by Bodyharmonix is reasonably necessary for the enforcement of criminal law or a law imposing a penalty or sanction, or for the protection of public revenue;
- the disclosure of the clients/patients information by Bodyharmonix will prevent or lessen a serious and imminent threat to somebody’s life or health; or,
- Bodyharmonix is required or authorised by law to disclose the clients/patients information for another purpose.
- Health Professionals to provide treatment
During the clients/patients treatment at Bodyharmonix he/she may be referred to alternative medical treatment/services where Bodyharmonix’s staff may consult with senior medical experts when determining a patient’s diagnosis or treatment.
Bodyharmonix staff may also refer the clients/patients to other health service providers for further treatment during and following the patient’s admission. These services include, but are not limited to:
- Allied health services
- Specialist services
- Outpatient or community health services.
These health professionals will be designated health service providers appointed to use the clients/patients health information as part of the process of providing treatment. Please note that this process will be conducted whilst maintaining the confidentiality and privacy of the clients/patients personal information.
Accessing Alternative Health services
At any point a patient wishes to be treated by an alternative medical practitioner or health care service that requires access to his/her personal/health information Bodyharmonix requires written authorisation. This written authorisation is to state that the clients/patients will be utilising alternative health services and that these health services have consented for a transfer of personal/health information.
Other Third Parties
Bodyharmonix may provide the clients/patients personal information regarding a clients/patients treatment or condition to additional third parties. These third parties may include:
- other relatives;
- close personal friends;
- guardians; or,
- a person exercising a patient’s power of attorney under an enduring power of attorney.
Where information is relevant or reasonable to be provided to third parties, written consent from the clients/patients is required.
Additionally, the patient may at any time wish to disclose that no third parties as stated are to access or be informed about his/her personal information or circumstances.
Other Uses of Personal Information
In order to provide the best possible environment to treat clients/patients, Bodyharmonix may also use personal/health information where necessary for:
- activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
- invoicing, billing and account management;
- to liaise with a patient’s health fund, Medicare or the Department of Veteran’s Affairs, as necessary; and,
- the purpose of complying with any applicable laws – i.e. in response to a subpoena or compulsory reporting to State or Federal authorities.
5.1 If at any point or for any of the aforementioned reasons Bodyharmonix uses or discloses personal/ health information in accordance with the APPs, Bodyharmonix will provide written notice for the clients/patients consent for the use and/or disclosure.
Part 6 – Access and/or changes to personal information
6.0 If an individual client/patient reasonably requests access to their personal information for the purposes of changing the information he/she must engage with the relevant practice manager.
6.1 The point of contact for patient access to personal information is:
[07 9191 0512]
[Monday to Friday]
6.2 Once an individual client/patient requests access to his/her personal information Bodyharmonix will respond within a reasonable period of time to provide the information.
6.3 All personal information will be updated in accordance to any changes to a clients/patients personal circumstances brought to Bodyharmonix’s attention. All changes to personal information will be subject to clients/patients consent and acknowledgement.
Part 7 – Handling Complaints
7.0 How an individual client/patient may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint.
Part 8 – Disposing of personal/health information
9.0 If Bodyharmonix receives any unsolicited personal information that is not deemed appropriate for the permitted health situation, Bodyharmonix will reasonably de-identify and dispose of the information accordingly.
9.1 If Bodyharmonix holds any personal or health information that is no longer deemed relevant or appropriate for the permitted health or fitness situation, Bodyharmonix will reasonably de-identify and dispose of the information accordingly.
Part 9 – Access to the Bodyharmonix policy
[Hard Copies provided upon request]
Part 10 – Review of the Bodyharmonix Policy
10.1 Bodyharmonix in accordance with any legislative change will review the terms and conditions of this policy to ensure all content is both accurate and up to date.
10.2 Notification of any additional review(s) or alteration(s) to this policy will be provided to clients/patients and staff within 2 months notice.
PART 11 – HOW BODYHARMONIX HANDLES WEBSITE VISITOR PERSONAL INFORMATION
When you use our www.bodyharmonix.com.au website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your personal information if you choose to provide this to us via an online form or by email, for example, if you:
- submit a general enquiry via our contacts page;
- register to receive reports or information guides; or
- send a written complaint or enquiry to our Privacy Officer.
When you use our website, our Internet Service Provider (ISP) will record and log for statistical purposes the following information about your visit:
- your computer address;
- your top level name (for example, .com,.gov, .org, .au etc);
- the date and time of your visit;
- the pages and documents you access during your visit; and
- the browser you are using.
Our web-site management agent may use statistical data collected by our ISP to evaluate the effectiveness of our web-site.
We are, however, obliged to allow law enforcement agencies and other government agencies with relevant legal authority to inspect our ISP logs, if an investigation being conducted warrants such inspection.