Privacy Policy
The purpose of this privacy policy is to provide you with information on how your personal and health information is collected and used and the circumstances in which we may share your information with third parties.
We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
Why and when your consent is necessary
When you become a patient of Dr Paul Mason, you provide consent for practitioners and administrative staff working with Dr Paul Mason to access and use your personal and health information. Your personal information is only accessed by practitioners and staff in order to provide you with the highest level of healthcare and to keep you informed of health information that may be relevant to you. There are certain circumstances we may be required to share your personal information with third parties which are covered by this policy. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our main purpose for collecting, using, holding, and sharing your personal information is to provide you with a premium healthcare service. We also use personal information for activities directly related to the supply of healthcare services, such as Medicare claims, payments, online booking, clinic audits and accreditation. We also communicate with patients using SMS and email notifications. If you receive healthcare from Dr Paul Mason, it is a requirement that you consent to be contacted by SMS and email regarding your appointments, accounts and healthcare information.
IF YOU DO NOT AGREE TO BE CONTACTED BY SMS AND EMAIL AND STILL WISH TO MAKE AN APPOINTMENT WITH DR PAUL MASON, PLEASE CONTACT US ON (02) 7252 1158.
What personal information do we collect?
For the purposes of this Privacy Policy, personal information may mean some, or all of the following: patient’s name, contact details, date of birth, other identification details, emergency contact details, medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors; Medicare number (where available) for identification and claiming purposes; healthcare identifiers; health fund details; bank account and/or credit card details, and payment history.
How do we collect your personal information?
We collect your personal information in the following ways:
-when you become a patient of Dr Paul Mason you will be required to supply personal and demographic information, as well as health information such as allergies, health, and family history.
-when you make an appointment over the phone, you will be required to provide credit card details to secure your appointment.
-when booking your appointment online, you are required to enter your credit card details directly, without disclosing your details to our reception team.
Credit card details entered into our booking and payment software is stored by Tyro. Credit card details used to make online bookings through Health Engine are stored by Stripe. We do not store your credit card details in our systems.
In the course of providing you health services, we may collect further personal information relevant to the supply of healthcare services. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
Personal information may also be collected from other sources when it is not practical or reasonable to collect it from you directly. This may include information from:
-your guardian or responsible person;
-other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services;
-your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
Sharing your personal information
In some circumstances, we may be required to share your personal information. However, only people who need to access your information will be able to do so. Other than in the course of providing healthcare services, or as otherwise described in this policy, we will not share personal information with any third party without your consent.
We may be required to share your personal information in the following instances:
-to liaise with other healthcare providers and prepare relevant healthcare documentation including but not limited to Shared Health Summary, Event Summary and My Health Record related to the supply of healthcare services to you;
-in emergency situations to lessen or prevent a serious threat to you or another patient’s life, health or safety or public health or safety, or if you are unable to act on your own behalf due to a health condition, we may need to discuss your health information with relatives or emergency contacts, to ensure you receive necessary care;
-if required or authorised by law (e.g. Court subpoenas);
-if needed to assist in locating a missing person;
-to establish, exercise or defend an equitable claim;
-for the purpose of confidential dispute resolution process;
-if there is a statutory requirement to share certain personal information (for instance in the case of mandatory notification of certain diseases);
-where we are required to work with third parties for business purposes, such as accreditation agencies, or information technology providers. All third parties are required to comply with Australian Privacy Principles and this policy;
How do we store and protect your personal information?
Your personal and health information may be stored in various forms but is primarily retained in your secure electronic health record (Xestro).
We do not store your credit card information.
Data quality and security
We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date, and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct when you attend a consultation. Being able to contact you is necessary to ensure we can deliver care to you. We request that you let us know if any of the information we hold about you is incorrect or out-of-date.
Personal information that we hold is protected by:
-securing our premises; and
-placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure.
Where telehealth consultations are made from a private premises, reasonable steps will be taken to maintain a private and secure environment to conduct such consultations.
How can you access and correct your personal information at our clinic?
You have the right to request access to, and correction of, your personal information. All requests for access to personal information must be made in writing via email ([email protected]), and we will respond within a reasonable time.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
How can you lodge a privacy-related complaint, and how will the complaint be handled?
If you have any concerns about the privacy of your information, please send us an email at [email protected] outlining your concerns. Upon receiving your complaint, we will consider the details and attempt to resolve it in accordance with our complaints handling procedures
You may also contact the OAIC regarding privacy concerns. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Policy review statement
This Privacy Policy is current from February 2024. From time to time, we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.
We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
Why and when your consent is necessary
When you become a patient of Dr Paul Mason, you provide consent for practitioners and administrative staff working with Dr Paul Mason to access and use your personal and health information. Your personal information is only accessed by practitioners and staff in order to provide you with the highest level of healthcare and to keep you informed of health information that may be relevant to you. There are certain circumstances we may be required to share your personal information with third parties which are covered by this policy. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our main purpose for collecting, using, holding, and sharing your personal information is to provide you with a premium healthcare service. We also use personal information for activities directly related to the supply of healthcare services, such as Medicare claims, payments, online booking, clinic audits and accreditation. We also communicate with patients using SMS and email notifications. If you receive healthcare from Dr Paul Mason, it is a requirement that you consent to be contacted by SMS and email regarding your appointments, accounts and healthcare information.
IF YOU DO NOT AGREE TO BE CONTACTED BY SMS AND EMAIL AND STILL WISH TO MAKE AN APPOINTMENT WITH DR PAUL MASON, PLEASE CONTACT US ON (02) 7252 1158.
What personal information do we collect?
For the purposes of this Privacy Policy, personal information may mean some, or all of the following: patient’s name, contact details, date of birth, other identification details, emergency contact details, medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors; Medicare number (where available) for identification and claiming purposes; healthcare identifiers; health fund details; bank account and/or credit card details, and payment history.
How do we collect your personal information?
We collect your personal information in the following ways:
-when you become a patient of Dr Paul Mason you will be required to supply personal and demographic information, as well as health information such as allergies, health, and family history.
-when you make an appointment over the phone, you will be required to provide credit card details to secure your appointment.
-when booking your appointment online, you are required to enter your credit card details directly, without disclosing your details to our reception team.
Credit card details entered into our booking and payment software is stored by Tyro. Credit card details used to make online bookings through Health Engine are stored by Stripe. We do not store your credit card details in our systems.
In the course of providing you health services, we may collect further personal information relevant to the supply of healthcare services. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
Personal information may also be collected from other sources when it is not practical or reasonable to collect it from you directly. This may include information from:
-your guardian or responsible person;
-other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services;
-your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
Sharing your personal information
In some circumstances, we may be required to share your personal information. However, only people who need to access your information will be able to do so. Other than in the course of providing healthcare services, or as otherwise described in this policy, we will not share personal information with any third party without your consent.
We may be required to share your personal information in the following instances:
-to liaise with other healthcare providers and prepare relevant healthcare documentation including but not limited to Shared Health Summary, Event Summary and My Health Record related to the supply of healthcare services to you;
-in emergency situations to lessen or prevent a serious threat to you or another patient’s life, health or safety or public health or safety, or if you are unable to act on your own behalf due to a health condition, we may need to discuss your health information with relatives or emergency contacts, to ensure you receive necessary care;
-if required or authorised by law (e.g. Court subpoenas);
-if needed to assist in locating a missing person;
-to establish, exercise or defend an equitable claim;
-for the purpose of confidential dispute resolution process;
-if there is a statutory requirement to share certain personal information (for instance in the case of mandatory notification of certain diseases);
-where we are required to work with third parties for business purposes, such as accreditation agencies, or information technology providers. All third parties are required to comply with Australian Privacy Principles and this policy;
How do we store and protect your personal information?
Your personal and health information may be stored in various forms but is primarily retained in your secure electronic health record (Xestro).
We do not store your credit card information.
Data quality and security
We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date, and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct when you attend a consultation. Being able to contact you is necessary to ensure we can deliver care to you. We request that you let us know if any of the information we hold about you is incorrect or out-of-date.
Personal information that we hold is protected by:
-securing our premises; and
-placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure.
Where telehealth consultations are made from a private premises, reasonable steps will be taken to maintain a private and secure environment to conduct such consultations.
How can you access and correct your personal information at our clinic?
You have the right to request access to, and correction of, your personal information. All requests for access to personal information must be made in writing via email ([email protected]), and we will respond within a reasonable time.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
How can you lodge a privacy-related complaint, and how will the complaint be handled?
If you have any concerns about the privacy of your information, please send us an email at [email protected] outlining your concerns. Upon receiving your complaint, we will consider the details and attempt to resolve it in accordance with our complaints handling procedures
You may also contact the OAIC regarding privacy concerns. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Policy review statement
This Privacy Policy is current from February 2024. From time to time, we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.