INTRODUCTION

Exact Radiology Practice Pty Ltd ACN 629 939 446 carries on the business of Exact Radiology Clinics and Exact Advanced Imaging Clinics under ABN 90 629 939 446.

In this Privacy Policy (Policy) Exact Radiology Practice Pty Ltd, Exact Radiology Clinics and Exact Advanced Imaging Clinics will be referred to as ‘Exact Radiology’, ‘it’, ‘its’, ‘us’ or ‘we’, as context requires.

Exact Radiology is committed to protecting the privacy and confidentiality of all personal information it collects from patients, healthcare professionals, employees, service providers, suppliers and other persons or entities with which it engages, in the course of its business operations.

This Policy explains how Exact Radiology collects uses, discloses and keeps personal information it collects secure and confidential and how it comply with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and other laws which regulate the way private sector health service providers must handle personal information used to provide medical and health care services to patients and their associated health care professionals.

From time to time, Exact Radiology may change or update this Policy.  Whenever changes are made, they will be posted immediately on our website.

By providing personal information to Exact Radiology, you consent to us collecting, using and disclosing your personal information in the ways set out in this Policy.

Why does Exact Radiology collect personal information?

Exact Radiology collects, uses and discloses and stores personal information to enable it to provide medical imaging and related health services.

You are not required to provide personal information to us.  However, if you do not provide us with all of the information we request or withhold information from us or provide incomplete or inaccurate information, the services we provide to you may be adversely affected or compromised and we may not be able to provide you with the services you need.

Who does Exact Radiology ask to provide personal information?

Exact Radiology collects personal information from patients, healthcare professionals, employees, service providers, suppliers and other individuals and entities with which it engages as part of its usual business.

If it is not reasonable or practical for us to collect personal information directly from a patient, it may be necessary for us to request information from a spouse or partner, carer, close family member, emergency contact, another health professional or an attorney holding an enduring power of attorney containing health directions or an attorney with an advance health directive.

How does Exact Radiology collect personal information?

We collect personal information directly from patients, healthcare professionals, employees, service providers, suppliers and other persons or entities we engage with in the course of our business by having them complete registration and other information collection forms when they visit our clinics, by email, in telephone calls, in person consultations, or through our website.

Where it is not reasonable or convenient for us to collect personal information directly from our patients, we may seek and collect information about them from other parties.

Other parties from whom Exact Radiology collects personal information may include:

  • your doctor, who will explain why information is being collected from you, how it will be used and where it will be sent;
  • other healthcare providers and professionals, including hospitals and healthcare facilities which may be involved in your care;
  • a responsible person (such as a relative, carer or attorney);
  • the My Health Record program, if you have opted to participate;
  • health insurers, law enforcement agencies or other government bodies.

What type of information does Exact Radiology collect?

Most of the personal information we collect is provided by patients when they come to our clinics.  The type of personal information we collect depends on the services we are being asked to provide.

We only collect personal information that is necessary:

  • for us to be able to provide you with medical imaging and related medical services, including coordinating treatment and communicating with other healthcare professionals;
  • for administrative and billing purposes related to the services we provide to you.

The personal information we collect may include:

  • your name, age, gender, date of birth, and contact details;
  • health information relating to your lifestyle and medical history relevant to providing healthcare services (such as your medications, diagnostic tests and treatments, family medical history, occupational history, genetic or biometric information and copies of correspondence to and from your healthcare professionals and providers);
  • healthcare identifiers (such as your Medicare number and Private Health insurance details), when necessary for billing or other administrative purposes;
  • other personal information collected in the form of clinical images and samples your medical history, medications, allergies, adverse events, immunisations, social history (including religion and ethnicity, when relevant), family history and risk factors;
  • records of past interactions with you;
  • in relation to employees, any information relating to your employment including, employment histories, applications, pre-employment checks, qualifications, training records and information required by laws, regulations or standards;
  • other information, required or authorised by law or a court or tribunal order, which may be relevant in our dealings with you.

How does Exact Radiology store and protect personal information?

The ways Exact Radiology stores personal information it has collected include electronically, on digital media devices; as paper records; as medical diagnostic images and when appropriate as video and audio recordings.

We take the security and accuracy of this information very seriously and use best endeavours to employ the latest technology and processes, including access control, encryption and firewalls to protect the information we collect, use and disclose from unauthorised access, modification or disclosure, misuse and loss

All of the management and staff of Exact Radiology are required to observe the strictest obligations of confidentiality and are required to sign Confidentiality Agreements.

Unless we are required by law to retain it, we may destroy or permanently de-personalise your personal information, when it is no longer needed for the purposes described in this Policy.

How does Exact Radiology use and disclose your personal information?

We may use your personal information including sensitive health information:

  • To provide specialist medical reporting services to referring healthcare professionals and other healthcare service providers;
  • To co-ordinate and/or communicate with healthcare providers involved in your care;
  • To procure additional healthcare services (such as providing referrals to other providers or obtaining second opinions) and engage contractors and suppliers to provide products or services;
  • To keep your authorised representative such as guardian, carer, family member or attorney or legal advisor you have nominated informed about your care;
  • To report to insurers, such as Medicare, Private Health Fund, Workers Compensation insurer, Motor Vehicle insurers;
  • To provide information to our professional and legal advisors for the purpose of seeking advice from them;
  • To report to government and regulatory authorities, as required or authorised by Australian laws;
  • To manage billing and payments;
  • To make appointments and send reminders for follow-up care and account management by text message, mail or email to the contact details you have provided to us;
  • To liaise with your health fund, Medicare, the Department of Veterans’ Affairs, Department of Health or another payers or contractors for services;
  • To fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law;
  • To report to relevant organisations, such as WorkCover, insurance companies and/or legal advisors in relation to medical claims;
  • To responding to enquiries submitted via our website;
  • To assess candidates for employment opportunities;
  • To undertake quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
  • To handle complaints and respond to legal enquiries or actions;
  • To obtain obtaining feedback about our services or providing advice or information to you about products, services, treatment options and clinical trials that are relevant to you.

We may also de-personalise and aggregate personal information we collect for use in carrying out clinical research, quality assurance or customer service, health outcome and other business analytics.

Exact Radiology may enter into arrangements with other entities outside of Australia to store, access or use data we collect, including personal information, in order for them to provide services to us such as data transcription and processing, analysis, interpretation or the performance of specialised tests.

When we do this, we require such entities to satisfy us that they have information security measures and information handling practices in place which comply to an acceptable standard with the requirements of the Privacy Act and the AAPs.

We only partner with offshore contractors with whom we have Confidentiality and Privacy Agreements in place, and which do not have cross-border disclosure obligations which may require or compel them to disclose or allow access, voluntarily or in involuntarily to personal information they hold or to which they have access to governments or organisations outside of Australia.

How may I access and correct my personal information?

Exact Radiology endeavours to ensure that the personal information (including sensitive health information it collects, uses and discloses is accurate, up-to-date.  The accuracy and completeness of that information depends on the information you provide to us.

If you believe that personal information we hold about you is inaccurate, incomplete or out-of-date you may ask us to our up-date our records.  You may do this providing us with information when you visit one of our clinics or by contacting our Human Resource/Privacy Manager, whose contact details are set out on the last page of this Policy.

You have the right to request access to the personal information we hold about you.  You may do so by contacting our Human Resource/Privacy Manager, whose contact details are set out on the last page of this Policy.  It will be necessary for you to provide us with proof of your identity before for we will provide you with access to your information.  We may also ask you to pay reasonable costs we incur to supply information to you.

We will provide you with access to that information, unless it reasonable for us to refuse or limit such access because of a provision of the Privacy Act or other law or because we believe that giving access to it could pose a serious threat to the life, health or safety of any person, or to public health or safety; or if giving access could adversely impact the privacy of others.

We prefer to provide images and report to you in consultation with your treating health care provider, so that complex clinical information can be explained to you within the context of your individual circumstances.  To that end, Exact Radiology has established a secure web-based password protected portal which allows our patients and their registered Health Professionals to access their images and reports.

To access this service, Health Professionals must request and be provided with a unique username and password by Exact Radiology.  They must accept the terms of the User Agreement prior to any access being provided.

If, having regard for the purpose for which the personal information is held we are satisfied that any part of the information we hold about you is inaccurate, incomplete or out of date, we will take reasonable steps to up-date that information.

How do I contact Exact Radiology regarding privacy enquiries, complaints or concerns?

If you wish to make a complaint about the way we handle your personal information or have comments or questions concerning this Policy, please contact our Human Resource/Privacy Manager.

We may need to verify your identity and ask for further information, in order to investigate and respond to you.  We will aim to do so within a reasonable time.

Human Resource/Privacy Manager contact details:

Human Resource/Privacy Manager
Exact Radiology Clinics
636 Moggill Road
Chapel Hill
QLD 4069

T | 07 3115 9155

E | hr@exactradiology.com.au

If we are unable to resolve your concern or complaint to your satisfaction, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination.

Office of the Australian Information Commissioner (OAIC)

GPO Box 5218
Sydney
NSW 2001

E | enquiries@oaic.gov.au

T | 1300 363 992

W | www.oaic.gov.au