Privacy Policy
The purpose of this Privacy Policy is to communicate to you how PRP Diagnostic Imaging (ABN 18 416 389 099) (PRP, we, us) manage, collect, deal with, protect and allow access to personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act),the Australian Privacy Principles included as Schedule 1 to the Privacy Act (the APPs), the Health Records Act 2001 (Vic), the Health Records and Information Privacy Act 2002 (NSW) and the Health Records (Privacy and Access) Act 1997 (ACT) (together with the Privacy Act and the APPs, Privacy Laws).
This Privacy Policy is available on our website at prpimaging.com.au/privacy. We may change this Privacy Policy from time to time [by publishing changes to this policy on our website]. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy
Scope
We understand the importance placed on the privacy of your personal information. This Privacy Policy applies to the management of the personal information of our patients, clients, suppliers and prospective employees by us. This Privacy Policy does not apply to our acts and practices in relation to employee records.
Why do we collect, hold, use and disclose personal information?
The types of information we collect is set out below. The information you may have provided to us is ‘personal information’ as defined by the Privacy Act. If you are a patient or client of ours, the information we collect may include ‘health information’ as defined by the Privacy Act. We may collect, hold, use and disclose your personal information (and health information, if applicable) where it is reasonably necessary in order to provide health care services to you and for the other purposes set out in this Privacy Policy. Where we need to collect health information about you, we will seek your consent before doing so, subject to any exceptions under applicable Privacy Laws.
Unless otherwise required by law or except as set out in this Privacy Policy, we will not collect, hold, use or disclose personal information without your consent.
You do not have to supply us with your personal information, but if you choose not to do so we may be unable to provide the health care services required or sought by you or otherwise deal with you.
If you would like to access any of our services or deal with us on an anonymous basis or by using a pseudonym, please tell us. However, we will require you to identify yourself if:
- we are required by law to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.
Please be aware that your request to be anonymous or to use a pseudonym may affect our ability to provide you with the requested services.
What kind of personal information do we collect?
The nature and extent of personal information that we collect varies depending on your particular interaction with us and the nature of our functions and activities.
If you are a patient or client of ours, personal information that we commonly collect, hold, use and disclose may include your:
- name, gender, date of birth and contact details (including your preferred means of contact);
- next of kin;
- medical history and health services provided (which we collect with your consent only);
- government identifiers (including Medicare, pension and/or health care card information);
- education and employment details;
- billing information (including your bank details);
- driver’s licence number; and
- hobbies and interests.
How do we collect your personal information?
Where possible, we will collect personal information directly from you. This information may be collected through interviews, appointments, forms and questionnaires (whether in hard copy or electronic format, including information submitted via our website or other electronic means). If you are uncomfortable sharing particular aspects of your personal information with us, please let us know.
Where it is unreasonable or impracticable to collect personal information directly from you, we may also obtain personal information about you from a third party source, such as from your next of kin or other family member or from other health professionals (including general practitioners, specialists and allied health workers) who are treating you or who have referred you to us. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under applicable Privacy Laws. We will not collect any information regarding your medical history and health services provided from a third party source unless we have received your consent or you have agreed to this information being provided to us.
If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and applicable Privacy Laws, we will within a reasonable period, destroy or de-identify such information received.
Our internet service provider may record details of your visits to our website. This information will only be used by us internally for statistical and research purposes.
How do we store and secure your personal information?
We hold your personal information in a number of forms, including electronic or digital images, and hard copy paper based documents. We employ a range of physical and electronic security measures to ensure your personal information is adequately protected. These measures include:
- storing your personal information in a secure facility;
- using anti-virus software to protect electronic information; and
- limiting access to your personal information to those persons who are required to access it for the purpose of providing services to you or us.
We will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. We cannot ensure or warrant that your personal information will always be protected from unauthorised access during storage therefore you provide your personal information to us at your own risk. Please contact us immediately if you become aware or have reason to believe there has been any unauthorised use of your personal information.
Should personal information be subject to misuse, interference, loss or unauthorised access, modification or disclosure, we will respond in accordance with our policies and procedures and the requirements of applicable Privacy Laws.
When do we use and disclose your personal information?
We will only use and disclose your personal information (and health information, if applicable):
- if you are a patient or client, to provide our health care services to you (which is the primary purpose that we collect patient information for);
- to deal with you or manage our relationship with you;
- if we get your consent to use or disclose this information for another purpose;
- for secondary purposes which are related (or directly related, in the case of health information) to the primary purpose for which the information was collected; or
- in accordance with this Privacy Policy and applicable Privacy Laws.
If you are a patient or client, we may disclose your personal information and health information to other parties including:
- your referring medical practitioners, and such other medical practitioners as your referring medical practitioners may nominate, in order that they may provide health care services to you;
- Medicare and/or health funds for payment of fees;
- medical research projects and medical students for teaching and research purposes (such information will be de-identified prior to disclosure);
- State and Federal Government agencies where required by law or court or tribunal order;
- our professional advisors, including our accountants, auditors and lawyers, for the purpose of obtaining advice with respect to our obligations;
- our Related Entities and Related Bodies Corporate (as those terms are defined in the Corporations Act 2001 (Cth)); and
- our contractors and suppliers for the purpose of ensuring we provide quality health care services to you.
We may use or disclose your personal information for the purposes of sending you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, which will be sent in accordance with the Spam Act 2003 (Cth) and the Privacy Act. If you do not wish to receive our direct marketing material, you can opt out by contacting our Privacy Officer.
In the event that we disclose your medical history and / or details of health services provided to a third party and we do not continue to hold a copy of such information ourselves, we will retain a record of the name and address of the third party to whom that information was transferred.
Do we send personal information overseas?
In order to provide services to you, we may be required to disclose your personal information to overseas recipients. Your information may be made available to contracted radiologists whom PRP engage to provide reporting services in some circumstances.
The countries in which overseas recipients of personal information are located are the Philippines, United Kingdom, South Africa and USA.
We will take reasonable steps to ensure that overseas recipients comply with their privacy obligations.
Access and amendment of your personal information
We will take reasonable steps to ensure that the personal information held by us is accurate, up-to-date, complete, relevant and not misleading.
You have a right to access your personal information, subject to some exceptions. Such access may be granted or refused by us in accordance with applicable Privacy Laws. If we are not required to provide you with access to any or all of your personal information, we will tell you why.
To request access to personal information, please contact us using the details below or complete the Request to Access Medical Records form which is available from our practices. We will respond to your request within a reasonable period, and in any event within any required timeframes set out in applicable Privacy Laws.
If you believe that your personal information is inaccurate, incorrect or incomplete, please contact us and we will take reasonable steps to ensure that it is corrected.
If you make a request for access to or correction of personal information, we will:
- respond to your request within a reasonable period, and in any event within any required timeframes set out in applicable Privacy Laws; and
- if reasonable and practicable, give access to or correct the information in the manner requested.
If we refuse your request, we will provide you with written reasons for doing so.
Integrity of your personal information
In accordance with applicable Privacy Laws, we will take reasonable steps to:
- ensure that the personal information that we collect is accurate, up to date and complete;
- ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
- secure your personal information.
We will also take reasonable steps to destroy or de-identify personal information that we hold if we no longer need the information for the primary purpose for which the information was collected and we are not otherwise required by law to retain the information.
Emailing of Personal Records
It is a policy of PRP Diagnostic Imaging that a report is not emailed to patients. Patients are encouraged to request personal copies of reports from their referring health care practitioner, or access their report via the PRP patient portal, myPRP. If a patient requests their report directly from PRP, a hard copy may be printed and handed to the patient, or mailed to their postal address.
Complaints
We take our privacy obligations very seriously. If you have any concerns about the manner in which your personal information is handled by us, please contact our Privacy Officer on (02) 9981 4500 or privacy@prpimaging.com.au. Formal complaints regarding breach of privacy should be made to our Privacy Officer in writing.
We will reasonably endeavour to respond to your complaint within 30 days of receipt.
If you think that we have failed to resolve your complaint satisfactorily, we will provide you with information about the further steps you can take.
How to contact us
If you have any questions or would like further information regarding your privacy please contact our Privacy Officer on (02) 9981 4500 or privacy@prpimaging.com.au.
Updated December 2023