Privacy policy.

Introduction

Elevation One Physiotherapy (EOP) is committed to ensuring your personal information is professionally managed in accordance with all Australian Privacy Principles (APPs). This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff that need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

What personal information we collect and why

EOP collects your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits, and business process (e.g. staff training).

 

The personal information we collect about you includes your:

-       Names, date of birth, address, contact details

-       Information about your health condition, medical history, medications, allergies, adverse events, social and family history, risk factors, and treatment you may have already received

-       Medicare, DVA, NDIS, WorkCover or CTP numbers (where available) for identification and claiming purposes

-       Private health fund details

 

Only practice staff that need to see your personal information will have access to it. All practice staff have signed a Confidentiality Agreement.

How we collect your personal information

Our practice will collect your information in several different ways.

-       Directly and in person, over the phone, by email, SMS, through our website or by completing our online forms. We may also collect your personal information when you communicate with us using social media.

-       When you make your first appointment, our practice staff will collect your personal and demographic information via your registration.

-       During the course of providing medical services, we may collect further personal information

-       If it is not possible to collect it from you directly, we may also collect this information from:

o   Your guardian or responsible person

o   Other involved healthcare providers such as specialists, doctors, allied health professionals, hospitals, community health services and pathology and diagnostic services

o   Your private health fund, Medicare, CTP, WorkCover, NDIS or DVA (as necessary)

Who we share your personal information with and when

We sometimes share your personal information:

-       with other healthcare providers

-       when it is a statutory requirement to lawfully share certain personal information, such as mandatory notification of certain diseases

-       Court subpoenas required or authorised by law

-       with third parties who work with our practice for business purpose (such as accreditation agencies or IT providers – these third parties are required to comply with APPs and this policy)

-       when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety of public health or safety, or it is impractical to obtain the patient’s consent

-       to assist in locating a missing person

-       to establish, exercise or defend an equitable claim

-       for the purpose of confidential dispute resolution process

 

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

EOP will not use your personal information for marketing any of our goods of services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing. 

EOP use the Cliniko Allied Health Practice Management Software, which means that your information may be processed in the US, UK, EU, and Australia, but are stored in solely within Australia. Outside of this, we will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

How we store and protect your personal information

Your personal information may be store at our practice as paper records, electronic records, visual records (MRIs, CT scans, X-rays, ultrasounds, videos and photos) and audio recordings.

 

Our practice stores all personal information securely, and has strict protocols and policies to ensure your personal information is protected from misuse, loss, interference, or unauthorised access:

            - Regarding information in electronic format:

- Our primary method of storing information is in electronic format using the Cliniko Allied Health Practice Management Software.

- This software is cloud-based, password-protected, and uses end-to-end encryption. For more information regarding the security of this software please refer to https://www.cliniko.com/security

- Another method we store your information in electronic format is on our work devices, which are all password protected.

- Occasionally we may record electronic information (visual/audio) on external non-work devices, but only after obtaining explicit consent from you.

 

            - Regarding hard-copy records and information:

- We strongly encourage all clients to take any hard copy records and information that they bring in home with them, as we discourage our staff to keep hard copy records and information.

- in the case of clients leaving documents behind, we will contact the client to pick the hard copies up within 14 days.

- Our protocol involves making electronic copies before shredding the information or returning it to the client (in the case of scans, referrals, etc.).

- We do not store hard copy records and information onsite for longer than 14 days after first receiving them, unless explicitly told to hold onto the hard copies by the client.

  

            - Additional software used:

- Xero

- Xero is certified as compliant with ISO/IEC 27001:2013 which is globally recognized as the premier information security management system (ISMS) standard.

- For more information regarding the security of this software please refer to https://www.xero.com/au/about/security/

 

- Physitrack

          - EOP uses this software to generate exercise programs.

- All information regarding a patient’s medical condition, exercise and treatment program, and compliance and experience, is treated to be private between the patient and health care provider.

- Physitrack is also compliant with ISO/IEC 27001:2013.

- For more information regarding the security of this software please refer to https://www.physitrack.com/privacy

 

- Zoho Mail

- Zoho Mail is the software EOP uses for emails.

- Zoho Mail employ industry standard privacy practices, ensuring the confidentiality of data.

- Zoho Mail is compliant with ISO/IEC 27001:2013, ISO/IEC 27017, and ISO/IEC 27018.

- For more information regarding the security of this software please refer to https://www.zoho.com/mail/privacy.html

 

All staff and contractors must sign confidentiality agreements prior to commencing work with and for our practice.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

 

Our practice acknowledges patients may request access to their medical records. If you wish to access or correct personal information, we request that you put it in writing and contact the Principal Physiotherapist (Philip Leung, phil@elevation-one.com.au). Your request for access and/or correction will be processed within 30 days.

 

While we do not charge an application or processing fee, you may be charged administration, photocopying or other fees to reasonably cover our costs in fulfilling your request.

 

Our practice will take reasonable steps to correct your personal information where the information is not accurate or current. From time to time, we will ask you to verify that your information held by our practice is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to the Principal Physiotherapist (Philip Leung, phil@elevation-one.com.au).

How can you lodge a privacy-related complaint, and how will it be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to the Principal Physiotherapist (Philip Leung, phil@elevation-one.com.au). We will then attempt to investigate the issue and will notify you in writing of the outcome within 30 days form the receipt date of original written complaint.

 

If you are not satisfied with our response, you can contact us directly to discuss your further concerns, or lodge a complaint with OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

Privacy and our website

As aforementioned, we may collect your information through online mediums (website, emails, social media interactions). We collect and store this information solely for business related purposes, and do not actively use cookies or other software to gather information so that we may pass it on to other third parties.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required or authorised by law to only deal with identified individuals.

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. We will notify our patients of these changes via our website and our handout hard copy Privacy Policy available at our practice premises.

Version 1.1 (last reviewed 16/08/2021)