Privacy policy

In this Privacy Policy, we, us and our means Blueprint Podiatry Trading as Shanahan Family (Aust) Pty Ltd. This privacy policy sets out how Blueprint Podiatry uses, handles, and protects your personal information.

Blueprint Podiatry is committed to the Australian privacy legislation in the way it collects, uses, secures, and discloses personal information.

The information we collect- Website

We collect personal information that is necessary for our business to function. The information we collect and hold will depend upon the products and services you request from us and may include:

• Information you provide us when you purchase goods or services. This information will include your name, address, and contact details.
• Information from publicly available sources of information
• Information derived from communications between us and you.

We also collect information about you when you use our website www.blueprintpodiatry.com.au

The use of the facilities and services available through our website will determine the amount and type of information we collect. The only personal information we collect when you use our website is what you tell us about yourself, for example, by completing an online form when you request product information, or when you send us an email, we will record your email address.

We track usage patterns on our website on an anonymous aggregate basis. Your identity cannot reasonably be ascertained from this information. Each time you visit our website a web server makes a record of your visit. Specifically, it records your:

• Internet Provider
• Date and time of your visit
• Pages accessed and the documents downloaded
• Search items entered
• Referring URLs (universal locators)

How we use your information

We use the information we collect for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. We will not use your personal information for any other purpose without first seeking your consent unless authorized or required by law. Generally, we will only use and disclose your personal information:

• To answer your inquiry.
• To register you for events, promotions, or seminars.
• For direct marketing (this includes email, telephone, and direct paper mail marketing) to keep you informed of new developments we believe may be of interest to you.

If we contact you in this way without obtaining your prior consent, we will provide you with the opportunity to decline any further marketing communications. If you at any time receive any communication from Blueprint Podiatry that you would not like to receive, please let us know and we will remove your name from our mailing list.

OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION

“Personal health information” is a particular subset of personal information and can include any information collected to provide a health service. This information includes medical details, family information, name, address, employment and other demographic data, past medical and family/social history, current health issues and future medical care. Personal Health Information also includes your Medicare number, account details and any health information such as medical, disability or health status. It is a formal electronic record and holds information held or recorded on any other medium, eg, letter, fax, electronically or information conveyed verbally.

We collect this health information to help us provide comprehensive, coordinated and continuing whole person professional podiatry care for individuals, families and the community. We collect patient information to gain sufficient information to provide for optimal ongoing management of each patient’s health, care and well-being and to ensure practice is viable to continue treating patients.

At your initial attendance, where you are asked to read and the sign the consent form, for all or the limited parts that you consent to, you are consenting to the handling and sharing of patient health information as deemed necessary for your comprehensive healthcare. Eg, if you present to an Emergency Department of a hospital and they contact us requesting a copy of your patient health summary to assist them with your medical management.

Patient health information is stored in the patient’s electronic file and used for:

• Maintaining current information about patients.
• Updating demographics.
• Accounts – payment, invoicing, follow-up.
• Recall and reminder system.
• Actioning report results.
• Adding to clinical records for comprehensive data – results, imaging reports, past, present and future operations.
• Telephone notes.
• We endeavour to maintain the integrity of personal information by updating demographics at reception as advised by the patient. An Update Your Details Form is located at the front desk. More personal information should be shared with your GP so that our records are up-to-date, complete and relevant

ANONYMITY AND PSEUDONUMITY We recognise that on occasion patients wish for their consultations to be anonymous and choose to use a pseudonym. We are able to facilitate this if required. However, if standard identifiers are not used, a Medicare rebate would not be available if a patient holds such referral. This would also be the case with any other allied health care services, such as imaging that we refer you to under your choice of anonymity or pseudonymity. In terms of recalls or important results or reminders for recommended testing, a system would be in place to ensure that all information is managed as per our current policies and procedures.

COLLECTION OF SOLICITED PERSONAL INFORMATION

If information is required to assist in your clinical management, and you are unable to provide this information, we will seek your consent prior to seeking to obtain this information from other sources. We will only collect sensitive information that is deemed reasonably necessary. We will only collect information by lawful and fair means.

DEALING WITH UNSOLICITED PERSONAL INFORMATION

If we receive personal information that we did not solicit, that we could not have collected if we did solicit the information we must, within a reasonable period of time, if lawful to do so, destroy the information or ensure that it is de-identified. If we collect personal information for an individual, Blueprint Podiatry must ensure that the individual is aware that we have collected this information and the circumstances of that collection, why we collect that information and the consequences for the patient if we don’t collect it.

NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION

Each new patient to the practice is asked to complete a New Patient Registration and Consent form. Your Podiatrist will also ask further personal health information to complete a picture of your current and past health information.

An Update Your Details Form is held at the front desk for patients to update any demographic details. Other information such past and previous injuries should be updated with your Podiatrist at your consultation. To enable us to obtain copies of other personal information that we require, we will on an as needs basis ask for your consent, either verbally if the patient is not present in the practice, or by signing our consent form, prior to soliciting the information we require. All actions to this effect are documented in your file.

USE OR DISCLOSURE OF PERSONAL INFORMATION

• Information regarding individual patients will not be disclosed in any form except for strictly authorised use for patient care or as legally directed. Failure to abide by this directive will result in disciplinary action, possible dismissal and other legal consequences. Each staff member must sign a confidentiality agreement.
• For primary purpose and related secondary purpose your personal health information can only be accessed via authorised Podiatrists and staff. Staff who access files have signed privacy agreements. The Practice Manager and reception staff require access to accounts, demographic records and from time-to-time actual medical records. Podiatrists are also aware of privacy restrictions and access issues and use passwords for computer access.
• Patients referred to another health service provider will be aware that their personal health information will be included in their referral letter/request, given to that service provider for the normal course of ongoing patient care and management. The patient has the right to not to give consent to this, however they would then not be referred to that provider! Radiology, other medical specialists, and allied health care service providers included here. These referrals are handed to the patient, and where deemed necessary are also faxed, or emailed to the relevant service provided.

There are instances where patient information is requested by another health service provider, such as the Emergency Department of a Hospital – where the patient is being seen and they request a copy of the patient’s health summary. We provide this to them to assist in patient care and management, and document this action in your file.

Where patients have been presented with a referral to another health service provider, then present for their appointment without the associated referral, we will at the request of either the patient or that health service provider forward a copy of the initial referral. Documenting the action taken in the patient file.

For other requests/disclose of information we will either telephone you and ask for your consent, telling you what we have been asked to release, to whom and why. If you are in the practice at the time, we will ask you to sign a consent form, advising what has been requested, by whom and why.

• Account details only provided to gain payment from insurance/Medicare office.
• No additional unnecessary data given
• Under certain legislation we must disclose patient information eg Infectious Diseases Act – Health (Infectious Diseases) Regulations, Adoption Act. Records must be disclosed under court orders, subpoenas, search warrants and Coroner’s Court cases.
• Visiting Podiatry Students, with patient consent, may access patient file to present patient case history to teaching Podiatrist. All Podiatry Students sign confidentiality agreements.

DIRECT MARKETING

We do not release your information to direct marketing companies and do not participate in direct marketing.

CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION

At times we may use companies overseas to help with data management

ADOPTION, USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS

We do not adopt, use or disclose government related identifiers of an individual unless permitted by an Australian law or court/tribunal order.

QUALITY OF PERSONAL INFORMATION

We endeavour to ensure that the personal information that we collect is accurate, up-to-date and complete. An Update Your Details Form is available at the front desk for patients to update personal information.

SECURITY OF PERSONAL INFORMATION

In our practice, to ensure the maintenance of privacy and security, health records are stored on the computer. Computer screens are positioned so that individuals cannot see information about other individuals. Access to computerised patient information is strictly controlled with passwords and personal logins, automatic screen savers and computer terminals are logged off when the computer is left unattended for a significant period of time so that unauthorised persons are unable to access information

ACCESS TO PERSONAL INFORMATION

• Patients of our practice have the right to access their own personal health information under the Federal Privacy Act 1998 and the APP (Australian Privacy Principles), with noted exceptions.
• On receipt of a written request for access to personal health information, our practice documents each request and endeavours to assist patients in granting access where possible and according to the privacy legislation. This correspondence should be addressed to Matthew Shanahan and Practice Manager; Blueprint Podiatry, Block G, Suite 1/2 Reliance Dr, Tuggerah NSW 2259. Phone: 024319 4004 to discuss further.
• We forward the patient request to the patient’s Podiatrist to check for exemptions. Exemptions to access must be noted and each patient or legally nominated representative must have their identification checked prior to access being granted.
• The request and approval must be scanned into the record.
• As a patient must not have unsupervised access to the computer, a staff member must be present at all times to access the documents for the patient, when required. Both active and inactive patient health records are kept and stored securely. A fee may be charged.
• If a patient feels that the information in their file is incorrect, this matter will be dealt with on a case-by-case situation The patient would be requested to provide in writing reasoning as to what information needs to be corrected and evidence as to why. Then an appointment would be made for the Podiatrist to discuss this matter with the patient.

Situations in which health records may need to be transferred from our Practice include:

1. A patient requests records to be sent to another practice

2. Legal reasons eg subpoena

3. Where health records are requested from another source.

The particular Podiatrist is to be notified. The request is to be scanned into the patient’s file and must include all details. The written request must be signed by the patient. All records are retained in the computer records, and only a copy will be sent. The Practice retains the right to charge a fee for the transfer of records. Practices are advised to contact their insurers if they have any concerns about third party request for transfer of patient health information.

CORRECTION OF PERSONAL INFORMATION

We take reasonable steps to correct personal information to ensure that our information is accurate, up-to-date, complete, relevant and not misleading.

COMPLAINTS

Our Policy is to treat all Complaints seriously, to acknowledge receipt of complaint, maintain a register of complaints and resultant actions, discuss issues within the complaint and solve the problem if we are able. If no resolution can be made, details of appropriate tribunals for the complainant to contact will be given to the complainant to take the issue further.

DATA BREACH

Should the practice become aware of a data breach, we will notify the individual whose personal information has been breached. This will provide a reasonable step in the protection of this information against misuse, loss or unauthorised access.

As a practice we will explain what has gone wrong and what has been done to try to avoid a repeat situation, as well as what has been done to remedy any potential harm.

We will help patients regain control of information eg, change passwords and request re-issue of identifiers. We will endeavour to regain public trust. We take the protection of your personal information seriously. Our data breach response includes notifying the patient.

If a patient believes there has been a breach of the Australian Privacy Principles (APP) in the first instance they should make the practice aware.

HOW LONG IS YOUR PERSONAL HEALTH INFORMATION KEPT

Our practice refers to State or Territory and/or Federal legislation regarding the length of time patient health records must be kept. This includes those that are inactive and when the patient is deceased. At a minimum, patient health records must be kept for a minimum of 7 years.

RESEARCH

The Practice does not involve itself widely in research and quality programs due to our strong belief in patient confidentiality. There will be odd occasions when it is felt appropriate to vary that stance. Wherever possible, patient data should be de-identified, however if it is unavoidable, our practice ensures:

• The patient provides explicitly and documented written consent
• The patient received a written and verbal explanation about the research
• The patient can withdraw their consent at any time
• The project is approved by a relevant Human Research Ethics Committee (HREC) established under the National Health and Medical Research Council guidelines
• Privacy laws are followed.

WHO IS RESPONSIBLE FOR THIS

Our practice has a designated person (Matthew Shanahan) with primary responsibility for the practice’s electronic systems, computer security and adherence to protocols. Tasks may be delegated to others and this person works in consultation with the privacy officer.

Our security policies and procedures regarding the confidentiality of patient health records and information are documented and our Practice team are informed about these at induction and when updates or changes occur.

The practice team can describe how we correctly identify our patients using 3 patient identifiers: name and date of birth, address or gender to ascertain we have the correct patient record before entering or actioning anything from that record. For each patient we have an individual patient health electronic record containing all clinical information held by our practice relating to that patient. The Practice ensures the protection of all information contained therein. Our patient health records can be assessed by appropriate team members when required. We also ensure information held about the patient in different records (eg, at a residential aged care facility) is available when required

Access to your personal information

In most cases, you can gain access to the personal information that Blueprint Podiatry holds about you, subject to some exceptions allowed by law.

If you would like to check or amend your contact details, please. We will deal with all requests for access to personal information as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given. In some cases, we may refuse to give you access to the personal information we hold about you. If we do refuse your request, we will provide you with a reason for our refusal.

Security

Blueprint Podiatry will take reasonable steps to keep secure any personal information that we hold and to keep this information accurate and up to date. Personal information is stored in a secure server or secure files.

The Internet is not always a secure method of transmitting information. Accordingly, Blueprint Podiatry cannot accept responsibility for the security of information you send to, or receive from us over the Internet or for any unauthorized access or use of that information

Changes to this Privacy Policy

It may be necessary for us to review and revise our Privacy Policy from time to time. An amended version will be posted on our website at www.blueprintpodiatry.com.au. We suggest that you visit our website regularly to keep up to date with any changes.

Contact Us

If you would like any further information or have any queries, problems, or complaints in relation to this Privacy Policy or our information-handling practices in general, please contact us.

We aim to resolve all complaints promptly. However, if you are still concerned about the way in which any privacy issue has been handled by us, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.