Personal Information & Privacy

Purpose

Western Private Hospital (WPH) is committed to complying with all applicable privacy laws including the Privacy Act 1988 (Cth) and the Health Records Act (Vic) 2001 and handles the personal information (including health information) that it collects and holds in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act.

Target Audience

This policy applies to everyone in the workplace.For the purposes of this policy, “workers” shall include:

  • every organisational employee;
  • accredited medical staff;
  • contractors/sub-contractors and any of their employees whilst engaged on work for WPH;
  • volunteers;
  • work experience students;
  • consultants or consultants’ employees whilst on WPH work; and
  • agents whilst acting on behalf of the WPH.

 

Definitions

Employee Records means a record of Personal Information obtained and held by an employer in relation to a past, current or future employee in context of their employment.

Health Information means a record of Personal Information obtained and held by WPH in relation to an individual in the context of their past, current or future receipt of services from WPH.

Personal Information means information or an opinion about an individual (including information or an opinion forming part of a database) whose identity could be reasonably determined from that information or opinion. The principles do not apply to statistical data sets that would allow individuals to be identified.

Sensitive information means specific Personal Information in relation to an individual that may be subject to discrimination legislation.

Collection means the process of gathering, acquiring or obtaining Personal Information from any source and by any means.

Use means how Personal Information is used within the organisation.

Disclosure means transmission of Personal Information outside the organisation.

Eligible Data Breach has the meaning set out in the Privacy Act and generally means when there has been or is likely to be unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and a reasonable person would conclude that the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates and no remedial action has been taken.

           

Policy

What personal information does Western Private Hospital collect and hold?

The information we collect  depends on who the individual is, such as  a patient admitted to the hospital, a health service provider, a next of kin, a guardian or other responsible person, an emergency contact, an employee or persons responsible for paying an account and may include an individual’s;

  • Name, address (postal, email) and telephone numbers
  • Gender
  • Date of birth
  • Marital status
  • Religion
  • Occupation
  • Country of birth
  • Indigenous status
  • Next of kin
  • Payment information such as credit card details
  • Health fund, workers compensation and other insurance cover details
  • Medicare and concession card details
  • Medical history and other health information we are provided with or we collect in the course of providing our services
  • Other details an individual provides for admission to or discharge from the hospital
  • Other information we need to provide our services.

GPs, referring doctors, attending doctors and other healthcare professionals

We will collect personal information about individual health practitioners who are involved in the care of our patients. This information will include the individual’s name, contact details, and professional details.

 

Other individuals

We will collect personal information of people who are not patients of the hospital such as next of kin, emergency contacts, guardians and people who have made donations. Typically, this information includes name and contact details.

 

Employees, Contractors, Third Party Service Providers

We collect and hold the following personal information including;

  • Name and Contact details
  • Date of Birth
  • Country of Birth
  • Qualifications
  • Company/Business details
  • Registration details
  • Referees contact details
  • Vaccination records

Dealing with Western Private Hospital anonymously

You have the option of not identifying yourself, or using a pseudonym, when dealing with Western Private Hospital (for example, when making an enquiry). However, it may not always be practicable for Western Private Hospital to deal with you anonymously on an ongoing basis (for example, as a patient admitted to hospital). If we cannot collect personal information about you, we may be unable to provide you with certain health services or admit you as a patient of this hospital.

How does Western Private Hospital collect personal information?

We collect sensitive information about an individual, either directly from the individual concerned or from a third party, with the individual’s consent (which may be implied or express, depending on the circumstances).  The information is collected when an individual completes our admission paperwork, health insurance claim or other forms or provides information over the phone before an admission or applies for a job at the hospital or is a health care professional seeking visiting rights at our hospital.

We may also collect personal information from the following third parties such as;

  • Responsible person or guardian
  • An individual’s health service provider including specialist, referring doctor or general practitioner
  • An individual’s health insurer
  • An individual’s family or emergency contact
  • Job referees
  • Other sources where necessary to provide our services (e.g. pathology or imaging services) or to assess job applicants (e.g. police checks)

 

How does Western Private Hospital use and disclose your personal information?

Your personal information will generally be available to other health professionals and health service providers who are involved in your care. For example;

  • A discharge notification or nursing summary of your admission will be sent to your referring or local doctor when you go home.
  • If you are transferred to another hospital or health service we will send a summary of information to ensure continuity of your care
  • We disclose personal information to health service providers contracted to provide health care services at the hospital, such as diagnostic imaging provider, allied health and pathology providers.
  • Your health information may be disclosed to individuals who are legally responsible for your health care decisions. (E.g. parents, guardians & attorneys) and individuals you have nominated as your emergency contact or next of kin.
  • Enable the provision of education and training to students of the health profession
  • Respond to feedback and complaint handling
  • Charging, billing , processing health insurance claims and collecting debts
  • Assess job applications
  • Verify individual’s identity
  • Comply with quality assurance or clinical audit activities
  • Comply with legal and regulatory obligations

Is your personal information used for direct marketing and fundraising?

Western Private Hospital does not “on-sell” your personal information for use by marketing or fundraising groups.

 Occasionally, a hospital newsletter is distributed to all medical staff associated with Western Private Hospital advising of new and upcoming healthcare services. Medical staff can contact the hospital on (03) 9318 3177 if they no longer wish to receive the newsletter.

 

Will your personal information be sent overseas?

Western Private Hospital does not typically or routinely disclose personal information to overseas recipients. A number of exceptions are provided below

  • Medical devices and prosthesis -Personal information may be disclosed to the manufacturers or suppliers of those devices for product support and safety purposes.
  • Overseas insurance funds – Personal information may be disclosed to patients funded by an overseas insurance provider.

Western Private Hospital will take reasonable steps to ensure that the overseas recipient does not breach Australian privacy laws.

 

How does Western Private Hospital hold and protect your personal information?

Personal information is held in both paper based documents and in electronic form. Electronic data is stored in the hospital patient administration system which is password protected. We maintain strict policies on who has the authority to access your personal information. All our staff are bound by a formal code of conduct and sign a privacy and confidentiality statement when commencing employment at Western Private Hospital   Our staff are educated and supervised to ensure information is handled in accordance with this Privacy policy.

Personal and health information is retained for the period of time determined applicable by the Health Records Act (Vic) 2001 after which time it is de-identified and disposed of in a secure manner. An accredited third party secure storage provider is used to store paper based personal information that is no longer in active use.

Notification of Eligible Data Breaches

In the event that there is an Eligible Data breach, we will, as soon as practicable, take reasonable steps to notify those individuals whose personal information is involved or take such other steps as are required by law.

The notification will include:

  • the contact details of the entity
  • a description of the data breach;
  • the kind of information concerned; and
  • recommendation about the steps individuals should take in response to the data breach.

We will also notify the Office of the Australian Information commissioner of the Eligible Data Breach as and when required by law.

How can you access or correct your personal information?

Individuals have a right to access the personal information that Western Private Hospital holds about them. In certain circumstances we may refuse a request for access as allowed by the Privacy Act or other applicable laws. If Western Private Hospital refuses access, we will give written notice of our decision, including our reasons and how to complain if the individual is not satisfied with the decision.

Western Private Hospital aims to ensure that your information is accurate and complete. You can help us achieve this by notifying us of change in personal details, such as name or address. Please note it is generally not possible to make changes in clinical information held in your record. In that circumstance, you may be entitled to request that we associate a statement with your records.

Patient Personal Information

You can request access to personal information by contacting;

Health Information Services

Telephone: (03) 9319 3197 or

Email: medrecords@westernprivate.com.au

Mail: Health Information Services, Western Private Hospital, PO Box 4258, West Footscray VIC 3012

Each individual requesting access must complete a HIS Request for Access Form (HIS_Form_02) and will be required to verify their identity.  This form can be downloaded here or by contacting Health Information Services on (03) 9319 3197.

A fee will be charged for collating and providing access to personal and health information.

Employee Personal Information

Employees and their managers can request to access their personal information by contacting the Human Resources Manager on hr@westernprivate.com.au or telephone on (03) 9304 7320.

Other Individuals

Individuals can request access to their personal information by contacting Chief Executive Officer on ceo@westernprivate.com.ua or telephone on (03) 9318 3177.

 

Website Privacy

When you use the Western Private Hospital website, our Internet Service Provider will record and log non-personally identifiable information such as your IP address, browser type, and operating system pages viewed on our site and dates, times and frequencies of visits. Western Private Hospital uses this information for website and system administration, including monitoring to prevent security breaches, to assist in further development and to improve the functionality of the site.

 

What should you do if you have a complaint about the handling of your personal information?

Individuals who have any questions about privacy, this policy or the way we manage personal information or who believe that we have breached their privacy rights should contact the Chief Executive Officer with their question or complaint.

Complaints should be in writing and addressed to;

Complaints Officer

Western Private Hospital

PO Box 4258

West Footscray VIC 3012 Or

Email: ceo@westernprivate.com.au

Complaints will be acknowledged within 3 business days and we will provide a response within a reasonable time frame.

In line with the Health Services Regulations, WPH will ensure that a person making a complaint is not adversely affected because a complaint has been made by the patient or on behalf of the patient.

If the individual is not satisfied that Western Private Hospital has resolved their complaint, they have a right to make a complaint to the Office of the Australian Information Commissioner (OAIC). If they wish to make a complaint or to find out any more information about their privacy rights the OAIC can be contacted as follows:

Website: www.oaic.gov.au

Telephone: 1300 363 992

Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001.

Privacy Policy Updates

This privacy policy will be reviewed from time-to-time. Revisions and updates to the privacy policy will be published on Western Private Hospital’s website (www.westernprivatehospital.com.au).

Contacting Western Private Hospital

1-9 Marion Street

Footscray VIC 3011

Australia

Telephone: +61 3 9318 3177

Facsimile: +61 3 9318 3590

Web: www.westernprivatehospital.com.au

Key Legislation, Acts & Standards

Privacy Act 1988 (Cth)

Health Records Act 2001 (Vic)

Health Services Regulations 2008

Information Privacy Act 2000 (Vic)

Fair Work Act 2009 (Cth)

Australian Privacy Principles