the woods medical centre
Privacy policy
At The Woods Medical Centre, we are committed to protecting your privacy and handling
your personal and health information in accordance with the Privacy Act 1988 and the
Privacy and Other Legislation Amendment Act 2024 (Australia), as well as other
applicable Australian privacy laws.
This policy outlines how we collect, use, store, and share your information, and your rights concerning it.
What is Your Personal Health Record?
Your Personal Health Record is a vital collection of information or opinions about you, whether recorded or not, that identifies you or makes you identifiable. This record helps us provide you with comprehensive and ongoing healthcare.
How We Store and Protect Your Personal Information
Your personal information may be stored at our practice in various forms:
● Electronic records.
● Visual records (X-rays, CT scans, videos, and photos).
● Audio recordings.
We store all personal information securely:
● Electronic Format: Utilising password-protected information systems.
● Physical Records: Stored in lockable, secure cabinets.
● Confidentiality: All staff and contractors are bound by confidentiality agreements.
We take reasonable steps and implement robust safeguards to ensure the protection of the
personal information we hold. All patient information is handled securely and in accordance
with professional duties of confidentiality.
We are generally required to retain health information about an individual:
● For at least 7 years from the last occasion on which we provided a health service to the
individual, if we collected the information when the individual was 18 years old or older.
● At least until the individual turns 25 years old, if we collected the information when the
individual was less than 18 years old.
How You Can Access and Correct Your Personal
Information
You have the right to request access to, and correction of, your personal information held by
our practice.
To request access to your medical records, we require a written request, inclusive of your
signature and the date of the request. Our practice will respond within a reasonable time
(30 days) from the date of your request. Please note that there may be a fee to cover our
costs for collating and providing you with access to this information, payable before access is
given.
The Woods Medical Centre will take reasonable steps to correct your personal information if
it is inaccurate or not up-to-date. From time to time, we may ask you to verify that the
personal information we hold is correct and current. You may also request that we correct or
update your information. Such requests should be made in writing to:
● Mail: 97 Scarborough Beach Road, SCARBOROUGH W.A. 6019
● Email: practicemanager@thewoodsmedical.com.au
● In Person: At the clinic using the ‘update your personal information’ form.
How to Lodge a Privacy-Related Complaint
We take complaints and concerns regarding privacy very seriously. If you have any privacy
concerns, please express them in writing. We will then attempt to resolve your complaint in
accordance with our resolution procedure within 30 days of the complaint date.
You can contact us via:
● Attention: The Practice Manager
● Address: 97 Scarborough Beach Road Scarborough WA 6019
● Email: practicemanager@thewoodsmedical.com.au
● Telephone: 08 9245 1912
● Fax: 08 9245 5260
If you are not satisfied with our response, you may also contact the Office of the Australian
Information Commissioner (OAIC).
1 The OAIC will typically require you to allow us time to
respond to your complaint before they will investigate. For further information, visit
www.oaic.gov.au or call the OAIC on 1300 363 992.
Privacy and Our Website
Our practice does not collect or send clinical information via unencrypted email as it is
not a secure medium. Information exchanged with healthcare providers is done so securely
from within the practice’s clinical software using a secure clinical messaging system. The use
of our clinical software ensures that a record of all communications is automatically retained
in your medical record.
Policy Review Statement
This Privacy Policy will be reviewed regularly to ensure it remains compliant with any
legislative changes or updates to best practice. Any changes to our Privacy Policy will be
flagged in our waiting room and included in our practice information materials.
What Personal Information Do We Collect?
To provide you with quality medical care, we collect various types of personal information, including:
● Identification & Contact Details: Your name, date of birth, addresses, contact numbers, next of kin, and occupation.
● Medical Information: Your comprehensive medical history, current medications, known allergies, adverse events, immunisations, social history, family history, and relevant risk factors.
● Administrative & Claiming Details: Your Medicare number (for identification and claiming purposes where applicable), healthcare identifiers, and health fund details.
When you attend our practice, we create a unique digital medical record for you. Each time you receive a medical service from us, new information is added to this record to ensure it is accurate and up-to-date.
Why and When Your Consent is Necessary
When you register as a patient at The Woods Medical Centre, you provide implied consent for our GPs and practice staff to access and use your personal information. This is essential for us to deliver the best possible healthcare to you.
Access to your personal information is restricted to only those staff members who require it to perform their duties.
Should we need to use your information for any purpose beyond direct healthcare provision or directly related business activities, we will seek your explicit consent beforehand. A
consent form is integrated into our Patient Information Form for your convenience.
Why We Collect, Use, Hold, and Share Your Personal Information
Our primary purpose for collecting, using, holding, and sharing your personal information is to manage and deliver your healthcare services effectively. We also use your information for essential, directly related business activities, such as:
● Financial claims and processing payments.
● Practice audits and accreditation processes.
● Internal business processes, including staff training.
Dealing With Us Anonymously
You have the right to deal with us anonymously or under a pseudonym. However, this may not always be practicable if it hinders our ability to provide you with safe and effective medical care, or if we are legally required or authorised to only deal with identified individuals.
How We Collect Your Personal Information
We collect your personal information in several ways:
1. Initial Registration: When you make your first appointment, our practice staff collect your personal and demographic information via your new patient registration form.
2. During Medical Services: We collect further personal information as we provide medical services to you. Information may also be collected when you visit our website, send us an email or SMS, telephone us, or make an online appointment.
○ Note: Our practice uploads your information to My Health Record, including Shared Health Summaries and Event Summaries, to enhance continuity of care.
3. From Other Sources: In some instances, it may not be practical or reasonable to collect information directly from you. In such cases, we may collect personal information from:
○ Your guardian, power of attorney, or responsible person.
○ Other involved healthcare providers, such as specialists, allied health professionals,hospitals, community health services, and pathology and diagnostic imaging services.
○ Your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary for billing and eligibility).
When, Why, and With Whom We Share Your Personal Information
We collect your personal information in several ways:
1. Initial Registration: When you make your first appointment, our practice staff collect your personal and demographic information via your new patient registration form.
2. During Medical Services: We collect further personal information as we provide medical services to you. Information may also be collected when you visit our website, send us an email or SMS, telephone us, or make an online appointment.
○ Note: Our practice uploads your information to My Health Record, including Shared Health Summaries and Event Summaries, to enhance continuity of care.
3. From Other Sources: In some instances, it may not be practical or reasonable to collect information directly from you. In such cases, we may collect personal information from:
○ Your guardian, power of attorney, or responsible person.
○ Other involved healthcare providers, such as specialists, allied health professionals,hospitals, community health services, and pathology and diagnostic imaging services.
○ Your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary for billing and eligibility).
When, Why, and With Whom We Share Your Personal Information
We only share your personal information when it is necessary for your care, legally required, or for legitimate business purposes. This may include sharing with:
● Third-Party Health Providers: Via referral letters, which are carefully populated by our medical software templates with only the relevant and appropriate information for each individual specialist referral.
● Third Parties for Business Purposes: Such as accreditation agencies or information technology providers. These third parties are contractually bound to comply with
Australian Privacy Principles (APPs) and this privacy policy.
● Legal or Serious Threat Situations:
○ When required or authorised by law (e.g., court subpoenas) without your consent.
○ When necessary to prevent or lessen a serious threat to a patient’s life, health, or safety, or public health or safety, and it is impractical to obtain your consent.
○ To assist in locating a missing person.
○ To establish, exercise, or defend an equitable claim.
○ For confidential dispute resolution processes.
○ When there is a statutory requirement to share certain personal information (e.g., mandatory notification of some diseases).We do not transfer your patient information or documentation overseas without your express consent and only under exceptional circumstances permitted by law. Any necessary documentation for patients leaving the country is requested and completed before their departure.
We also use your personal information for our administrative functions, including data storage, account management, and payment processing for services provided to you.
Specifically, we will use and, where necessary, disclose your personal information to:
● Obtain payment from, as appropriate, Medicare Australia, your private health insurance fund, or any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs.
● If circumstances require, we may disclose your personal information to our insurers or those of our medical practitioners.
● Manage and securely store your personal information, including management and storage by third parties such as cloud service providers with whom we have contractual relationships to ensure data protection.
We may use your personal information to communicate with you for essential purposes, including to:
● Provide you with important information (including via SMS) about services offered by our
practice.
● Respond to your online enquiries or process requests for appointments.
● Send you appointment reminders (including via SMS) for follow-up appointments (e.g., to
discuss test results), immunisation reminders, Pap smear reminders, annual health
assessments, or other consultations or tests for you or a dependant.
Only individuals who need to access your information will be able to do so. Aside from
providing medical services or as otherwise described in this policy, our practice will not share
your personal information with any third party without your consent.
We will not use your personal information for direct marketing of any of our goods or services
to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
