Privacy Policy

Carina Medical and Specialist Centre Privacy Policy

Privacy Policy – Collection, Use, and Management of Personal and Health Information

Purpose

This Privacy Policy outlines how Carina Medical and Specialist Centre collects, stores, uses, and discloses your personal and health information. We are committed to protecting your privacy in accordance with the Information Privacy Act 2009 (Qld), the Privacy Act 1988 (Cth), and the Australian Privacy Principles (APPs), where applicable.
This policy is accessible on our website, at reception, included in our new patient consent forms for information sharing, and available upon request.
Our staff receive regular training on privacy, confidentiality, and the correct management of patient information.

1. Collection of Personal and Health Information
We collect personal and health information only for legitimate purposes related to patient care, administrative processes, and legal compliance. The types of information we collect may include, but are not limited to:
• Personal Identification Information: Name, address, date of birth, contact details, Medicare or private health insurance details.
• Health Information: Medical history, diagnoses, treatment plans, medications, pathology and radiology results, allergies, and specialist reports.
• Billing Information: Payment details, billing history, Medicare claims, and private insurance information.
• Emergency Contact Information: Name, relationship, and contact number of a nominated emergency contact.
Consent: We collect this information with your informed consent where required. In some cases, collection may be necessary to comply with legal obligations or to ensure safe and appropriate care. You have the right to withhold or withdraw consent unless collection is required or authorised by law.

2. Storage of Personal and Health Information
What is a Health Record?
A health record is a confidential document that contains information about your medical history and the care you have received. It may include details such as diagnoses, treatments, test results, medications, allergies, immunisations, and clinical notes. Health records help ensure safe, consistent, and effective care and may be maintained in paper or electronic form.
Secure Storage Methods
• Electronic Records: We primarily use an Electronic Health Record (EHR) system, which stores patient data in a secure, encrypted database accessible only to authorised personnel. Regular data backups are performed, and access is monitored and controlled.
• Physical Records: In limited circumstances—such as paper-based correspondence or during technical outages—physical records may be used temporarily. These are scanned into the EHR as soon as practicable and then securely destroyed by a certified third-party document destruction provider in compliance with privacy regulations. Certificates of secure destruction are retained for auditing purposes.
In the event of a data breach, we comply with the Notifiable Data Breaches scheme as administered by the Office of the Australian Information Commissioner (OAIC).

3. Use of Personal and Health Information
Your personal and health information will be used for the following purposes:
• Providing Medical Care: To diagnose, treat, and manage your healthcare.
• Billing and Administration: To process Medicare and private health insurance claims and manage general administrative tasks.
• Legal and Regulatory Compliance: To meet our obligations under relevant health, safety, and privacy legislation.
• Internal Operations: For quality assurance, staff training, accreditation, and operational improvement.
We will not use your personal information for any other purpose without your explicit consent, unless required or authorised by law.

4. Disclosure of Personal and Health Information
We only disclose personal and health information in the following situations:
• With Patient Consent: With your express permission, to other healthcare providers, family members, or insurers.
• For Medical Purposes: To specialists, laboratories, imaging services, or allied health professionals involved in your care.
• As Required by Law: In response to legal obligations such as subpoenas, court orders, or mandatory reporting.
• Public Health and Safety: Where necessary to protect public health (e.g., reporting notifiable diseases).
• Regulatory Oversight: For audits, accreditation, and government compliance checks.
We take reasonable steps to ensure any third parties with whom we share information are also compliant with Australian privacy legislation.

5. Patient Rights
As a patient, you have the following rights concerning your personal and health information:
• Right to Access: You have the right to request access to your medical records. To do so, please submit your request in writing to our reception. We will respond to your request within 14 days. Please be aware that a reasonable fee may apply for the provision of these records.
• Right to Correction: You may request corrections to inaccurate or incomplete information.
• Right to Withdraw Consent: You may withdraw consent to use or disclose your information, where legally permissible.
• Right to Anonymity: Where practical, you may seek healthcare anonymously or under a pseudonym.
• Right to Complain: You can lodge a complaint if you believe your information has been misused or handled improperly.
To request access to your records, correct information, or discuss consent options, please contact our reception team.

6. Data Retention and Disposal
We retain personal and health information only for as long as necessary to fulfill the purposes outlined in this policy and comply with legal requirements. Once the retention period has expired, records are securely archived or destroyed in accordance with industry best practices and legal standards.

7. Security Measures
To protect your information from unauthorised access, use, or disclosure, we implement the following safeguards:
• Physical Safeguards: Secure premises, locked filing cabinets, restricted staff access.
• Technical Safeguards: Encrypted systems, firewalls, strong password protocols, regular data backups.
• Administrative Safeguards: Staff confidentiality agreements, annual privacy training, restricted access levels, and regular audits of system access.

8. Review and Updates
This Privacy Policy is reviewed and updated regularly to ensure compliance with evolving laws, regulations, and clinical standards, including those required by RACGP and AGPAL.

Questions or Concerns About Your Health Information?

If you have any questions about your health record, how your information is used, or how your privacy is protected, please contact us directly. Our team is here to help.

Contact Us Carina Medical & Specialist Centre 396 Stanley Rd, Carina QLD 4152 Phone: (07) 3398 8188 Fax: (07) 3398 8199 Email: reception@carinamedical.com.au

If your concerns are not resolved, you may contact:
Office of the Information Commissioner Queensland (OIC)
Phone: 1800 642 753 Email: administration@oic.qld.gov.au Website: www.oic.qld.gov.au Mail: PO Box 10143, Adelaide Street, Brisbane QLD 4000
Office of the Australian Information Commissioner (OAIC) (Commonwealth matters)
Website: www.oaic.gov.au