Delmont Private Hospital (DPH) is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act) and other relevant laws about how private health service providers handle information (including but not limited to personal information).
The hospital is committed to the protection of personal and health information in accordance with the privacy laws which govern how the information is collected, used, disclosed and stored.
This policy explains how we collect, hold, use, disclose, secure and manage both the personal and health information of the patients who use the hospital’s services.
Personal information is information that identifies an individual or allows an individual to be easily identified. This information is:
- about a person’s private or family life e.g. name, signature, email address, date of birth.
- about a person’s working habits and practices e.g. job title, workplace, salary.
- commentary or opinion about a person e.g. a referees comments, a trustees opinion on bankrupts affairs, opinion on the persons attributes, tastes from web browsing history.
This information can be shard verbally, captured digitally, recorded or captured on signs.
Sensitive information is personal information that must be treated with additional care. It includes information about race or ethnic origin, political opinions, religious beliefs, sexual orientation and criminal record.
Health information is personable information including mental and psychological health. Health information is also sensitive information and has a special protection under the Privacy Act 1998 (Cth) and Health Records Act 2001.
References in this policy to personal information include sensitive information and health information.
Collection of Personal Information
Delmont Private Hospital only collects personal information that is necessary for the performance of is functions of the service to the patients and employees. Individuals can gain access to their personal information.
The type of information collected depends on who the individual is and their relationship with the hospital. Information is collected from patients admitted to the hospital, health service providers i.e. other hospitals, pharmacy, pathology, next of kin, guardians, emergency contacts, significant others, persons responsible for paying the account (health funds, TAC, DVA, WorkCover) and job applicants.
Information Collected Includes:
- Contact details for an individual and identified emergency contacts, including name, address, email, telephone numbers and next of kin.
- Demographic information including gender, date of birth, marital status, occupation, religion, country of birth and indigenous status.
- Health information including medical history, social history, medications, diagnostic imaging and reports, pathology results, diagnosis, observations, symptoms, plan of care and treatment given.
- Billing information such as credit card details, health fund membership details, workers compensation, TAC or other insurance claims, Medicare details and concession card details.
- Employment and Job application information
Individuals have the option of dealing with the hospital anonymously; however, this will limit the services that we can provide if it is impractical for us to deal with you in such an unidentified manner. All admissions to the hospital require the use of the individual’s legal name.
Use of Personal Information
Delmont Private Hospital will only use the information collected for the primary purpose for which it was collected such as:
- To verify an individual’s identity.
- To assist the treating team (doctors, nurses and other health professionals) in providing care and treatment.
- To provide necessary follow-up treatment and ongoing care, liaising with health care providers.
- For internal administrative requirements, including processing admission, discharge and billing.
- To health funds, Medicare, Transport Accident Commission, WorkCover and the Department of Veterans Affairs for accounts purposes.
- In an emergency where life is at risk and the individual cannot consent.
- To conduct patient experience surveys with the aim of evaluating and improving the services.
- To assist in the management of the hospital, including service monitoring, complaints handling, feedback and evaluation.
- For safety and quality improvement activities, including maintaining Accreditation.
- To address liability indemnity arrangements and reporting with insurers, medical defence organisations and lawyers as well as for the defence of anticipated or existing legal proceedings.
- For reporting of summarised de-identified information to the Victorian Health Department, Australian Bureau of Statistics Private Hospital Data Bureau and other Government agencies.
- Health service providers used by Delmont Private Hospital (eg pharmacy, pathology)
- To undertake research and the compilation or analysis of statistics relevant to public health and safety.
- Assess job applications.
- To comply with legal and regulatory compliance.
Personal Information is not used for unrelated secondary purposes without the patient’s consent. Examples of unrelated secondary purposes include:
- promotional offers and special events
Disclosure of Personal Information
DPH may disclose an individual’s personal information to the following third parties for the above purposes to:
- Other health service providers or diagnostic services involved in the individual’s treatment.
- Private health insurers and other insurers.
- Health profession students undertaking clinical placements (unless an individual has opted out).
- A responsible person (eg parent, guardian, spouse) if the individual is incapable or cannot communicate, unless the individual has requested otherwise.
- Other facilities as part of employment processes.
- The hospital’s insurers and legal representatives.
An individual’s consent is obtained prior to providing information to other health service providers.
From time to time DPH may need to disclosure personal information to and collect personal information from other states and territories or other countries, this will always be in accordance with privacy laws. Information will not be sent overseas without the patient’s written permission.
Security and Storage
The Hospital stores personal information in both paper and electronic form. The security of personal information is maintained by a number of methods:
- All staff are required to maintain confidentiality.
- Document security measures (safe, secure, restricted access storage areas)
- Security measures (individual log in and passwords) for access to computer systems.
- Policy and procedures governing access to information.
Personal information is retained for the period of time as applicable under Australian Laws after which it is disposed of via a secure process. Medical Records are retained for 10 years and are destroyed in a secure manner.
Accuracy and Corrections
Delmont Private Hospital will take reasonable steps to ensure that the personal and health information it collects, uses or discloses is accurate, complete, up to date and relevant to its functions or activities.
The accuracy of the information depends largely on the quality of the information provided to the hospital, if there are any errors in their personal information, it is suggested that individuals notify the Privacy Officer and keep us up to date with changes. Individuals can contact the hospital by letter or email to make changes - email@example.com
There may be circumstances where it is not possible to make the correction – DPH will notify the individual in writing explaining the reasons for the refusal and how they can complain if they are not satisfied with the explanation
Access to Information
All individuals have the right to access information held by DPH. During an admission, the health care team is the best source of information about care and treatment.
All requests and enquires should be addressed to the Privacy Officer
By mail - Delmont Private Hospital 300 Warrigal Rd Glen Iris VIC 3146
By Email - firstname.lastname@example.org
Fees are applicable as per the Privacy Act 1998 (Cth) and the Health Records Act (VIC) 2001.
If DPH refuses a request for access, the requestor will be notified in writing explaining the reasons for the refusal and how they can complain if they are not satisfied with the explanation.
For questions regarding privacy, the policy or the way in which we manage personal information, if Privacy rights have been breached or if there is a complaint; Contact the Privacy Officer:
By Mail - Delmont Private Hospital 300 Warrigal Rd Glen Iris VIC 3146
By Email - email@example.com
The Privacy Officer will endeavour to provide a written acknowledgement of receipt of the complaint within 7 days and provide a written response to the complaint within a reasonable timeframe.
If an individual is not satisfied with DPH’s response to the complaint of if you require more information about privacy, they may contact the Office of the Australian Information Commissioner (OAIC):
By Mail - Office of the Australian Information Commission GPO Box 5218 Sydney NSW 2001
By Email – firstname.lastname@example.org
Telephone - 1300 363 992
Website - www.oaic.gov.au