We are committed to protecting and preserving the privacy rights of our patients.
We collect information from our patients in the course of providing optometry services and products.
We are bound by the Federal Privacy Act 1988 and the Australian Privacy Principles. This policy sets out how we treat personal information of our patients. It is available to all members, staff and the public, free of charge and further information on our information handling processes is available on request.
We collect(s) and uses personal information of patients to provide eye care and related health care needs. The specific uses to which our Practice puts patients’ personal information include to treat, coordinate and implement care plans for the treatment of eye care or related health care needs and to enable patients to order and purchase goods and services (including through this e-Commerce platform). Generally speaking most personal information is collected from the patient.
The type of information we collect about a patient includes:
At the time of the appointment: name and contact details to make the appointment.
At the time of the consultation: Patient’s name, address, date of birth, email address, gender, spoken languages, eye disease history including family eye disease history, other medical or vision-related details (including prescriptions for lenses), health insurance details, and in some cases financial details including credit card details. The information collected will be relevant to the clinical needs of the patient.
In the course of purchasing goods, including through the e-Commerce platform: Patient’s name, addresses (including residential, billing and delivery addresses), date of birth, email address, details of prescriptions for lenses, details of credit card or other payment details.
At times patient information is acquired through a third party, such as Medicare, Department of Veterans Affairs or a health fund. This information only relates to eligibility for services provided by those bodies, and is not used except in office, for third party billing procedures.
Use and disclosure of information
We will use personal information to provide an eye care related services or product.
We may disclose personal information about patients to third parties for the purpose for which that information was collected and also for related purposes that could reasonably be expected by the patient:
- to provide you with eye care and eye wear goods and services (including where such goods are provided through a third party supplier, such as through our e-Commerce platform);
- to perform authorised financial transactions with you;
- to provide (with your consent) your personal information to another health care practitioner, for example, when you are referred to a specialist for treatment;
- to provide your personal details to Medicare to the extent that is necessary for Medicare benefits to be claimed;
- to inform you, in circumstances where you might reasonably expect, and where you have not opted out from such receiving such information, about products or services we believe would benefit or be of interest to you;
- to conduct market research and marketing our products or services to you more generally (where you have consented to this);
- to investigate and resolve complaints concerning the provision of goods or services;
- to allow you to participate in interactive features of our services, including on social media, when you choose to do so; and
- to comply with legislative requirements and provisions.
We may disclose the personal information collected from you to:
organisations who conduct marketing activities for us, subject to their obligations to protect privacy; assist with the ordering, purchase and delivery of goods or services (including physical delivery) and including to businesses who facilitate the ordering, payment, supply and delivery of goods; and to third parties who act on our behalf (such as mail houses, health providers ) provided that the primary use is permitted.
Clinically relevant patient information may be shared with other relevant health care practitioners for example, a referral to an ophthalmologist or General Practitioner with the patients consent.
Patient information may also be used to contact the patient to inform them about the need for a check-up or practice relocation. A patient may elect not to be contacted in this matter if they so wish.
Information may also be required to be released to courts, tribunals or regulatory authorities as agreed or authorised by law. In most cases this will require a court to order the release of the information, although information may also be released when the optometrist believes that this is necessary to prevent a serious and imminent threat to a person’s life, health or safety, or to public health and safety. Some information, such as the patient’s identity and the type of consultation provided, may be released in order to allow Medicare benefits to be claimed. Commonwealth legislation also allows records to be inspected by representatives of the Medicare Australia in order to investigate whether Medicare benefits have been paid appropriately.
Our Practice is unlikely to disclose or transfer personal information to an overseas recipient with the exception of such matters that arise in the course of providing eye care with the consent of the patient or in the course of the patient ordering goods through the Practice’s e-Commerce platform. We may, for example, seek to purchase of a specialty optical appliance for a patient that is unavailable in Australia. The ordering of goods by or on behalf of the patient through the e-commerce platform may also involve disclosure to an overseas recipient associated with the supply, delivery and or processing of payment for goods.
We will take reasonable steps to ensure that the personal information we collect from patients is accurate, complete and up-to-date. When a patient informs our Practice of any inaccuracy, it will be corrected as soon as possible.
Our Practice will take all reasonable steps to ensure that the information we hold about a patient is protected from misuse, loss and unauthorised access, modification or disclosure.
Records are kept for each patient. The only people who have access to patient records are the optometrists involved in the care of the patient, and practice staff, who need access for purposes such as optical dispensing and billing. To the extent necessary to provide and supply optical goods, third parties associated with the fulfilment of orders through the Practice’s e-commerce platform may also have access to such information only as is necessary for that purpose. No unauthorised persons are permitted to access the records. Practice staff are bound by confidentiality clauses in the terms of their employment.
Our Practice will also take reasonable steps to destroy information held about a patient once that information is no longer required, is not contained in a public record or the Practice is required to maintain under an Australia Law or court order.
Access to and correction of personal information
Patients may request access to, and ask our Practice to make corrections to, the personal information that our Practice holds about them.
Our Practice will, on request, provide a patient with access to his or her personal information, unless there is an exception which applies under relevant privacy laws. If we refuse to provide access to the information, we will provide reasons for the refusal and inform the patient of any exceptions relied upon.
A suitable time will be arranged for a viewing, with an optometrist available to interpret the information, or explain any terms used. A fee may be charged for this service. A response to a question for access must be provided within a reasonable time (14 days in ACT; 45 days in Victoria and NSW).
Under some circumstances, the Practice may refuse to provide access to the information held about a patient. This will only occur where releasing the information would pose a serious threat to the health of the patient or another person, would unreasonably impact on the privacy of another person, would interfere in legal investigations or other proceedings, or would otherwise be illegal.
The physical/electronic record and the intellectual property contained in it remain the property of the optometrist and/or the practice at all times.
The Practice will not adopt, use or disclose any identifier assigned to a member by a government agency, except where required by law. Medicare numbers will only be used for the purposes of claiming Medicare benefits.
It is a patient’s right to be dealt with anonymously, provided that it is lawful and practicable. Our Practice will try to accommodate this wherever possible. However, it may not be possible for the Practice to provide optimal services without access to a patient’s personal information.
Trans-border data flows
The Practice may transfer or facilitate the transfer of personal information to the extent necessary to enable third parties engaged in the fulfilment of orders made through the Practice’s e-Commerce platform. Some such third parties are located in Australia and others are located in the United Kingdom. We will not transfer data about the patient to a recipient in a foreign country unless the data will receive at least the same level of protection as in Australia, unless the patient gives their permission for the practice to do so.
We will not collect sensitive information about the patient without the patient’s consent, except where collecting such information is required by law, or where the patient (or their representative) cannot give consent and the information is needed to provide a health service to the patient or to reduce a threat to the life or health of another person.
‘Sensitive information’ is defined as information about a person’s health, their racial or ethnic origin, their political, religious or philosophical beliefs and affiliations, their membership in professional or trade associations or unions, their sexual preferences or practices, or their criminal record.
Requests, complaints or questions
If a patient wishes to gain access to his or her personal information, make a complaint about a breach of his or her privacy or have any questions on how his or her personal information is collected or used, the patient can forward his or her request, complaint or question to the address at the bottom of the e-Commerce platform.
The Practice will respond to a patient’s request, complaint or question within a reasonable time (14 days in ACT; 45 days in Victoria).
Patients may also make a complaint to the Office of the Australian Information Commissioner (OAIC) about the handling of their personal information as covered by the Privacy Act. Information on how to made a complaint to the OAIC can be found at www.oaic.gov.au or 1300 363 992.