Privacy Statement

Privacy Principles

At Executive Medicine your privacy is important to us and it is necessary that you understand how we collect, store, use and disclose your personal and sensitive information.

This policy is based on two core principles:

  1. Your personal and sensitive information will not be shared with third parties other than in accordance with this policy, with your permission, or in accordance with legislation
  2. We will only use your personal information for the purpose for which it was provided

Legislative basis

Executive Medicine complies with the National Privacy Principles established by the Commonwealth’s Privacy Act 1988 and its more recent amendment, Privacy Amendment (Private Sector) Act 2000. We also comply with the relevant state legislation and best practice guidelines:

  • Privacy and Personal Information Protection Act 1988
  • Health Records and Information Privacy Act 2002
  • RACGP Handbook for the Management of Health Information in Private Practice 2002
  • AMA (NSW) Privacy Kit 2007

Purposes for which we collect and store personal information

We collect and store personal and sensitive information about you so that we can efficiently and effectively carry out our business in providing you with a comprehensive health assessment and follow up health care, and in managing the supporting administrative and financial procedures. This information also enables us to comply with all applicable legislative, financial (billing) and regulatory requirements.

Your personal information allows us to do research, quality assurance activities, clinical audits, risk management, undertake surveys and send you information – all with the aim of improving the services we offer you.

We also collect and store personal de-identified information when you access our website for statistical purposes so that we can learn more about your usage patterns. All of this information helps us to improve navigation and design features and build a more useful website.

Type of personal information collected and stored

The type of personal and sensitive information we collect and store may be provided by you, or a third party such as a health professional, an insurance broker, a financial adviser, an insurance company, your employer or our internet service provider. Information may be provided to us in our office, over the telephone, through the post, via email or via our website.

Identified information:

  • Demographics such as name, address, phone numbers, emergency contact (next of kin), date of birth, Medicare number, email address and employer.
  • Health information such as past medical history, family history, current prescriptions, previous surgery, test results, reports, consultation notes, and x-rays.
  • Lifestyle information which largely relates to diet, nutrition and exercise habits but may extend to details about your ethnic background and the type of work you do as these factors may impact your health.

De-identified information:

  • Your server address and domain name.
  • When you accessed our website.
  • Which pages your browsed and which information you downloaded.
  • The type of browser you used.

If you do not provide us with the information we need

Our employees will always be sensitive to and respectful of your needs when obtaining personal and sensitive information. Our clinical staff in particular are committed to acting in your best interests by making a comprehensive assessment of your health status, medical and family history, fitness and lifestyle factors before recommending courses of action or treatment. If you provide incomplete or inaccurate information or withhold any relevant information from us we may not be able to provide you with the services you are seeking.

Employees and contractors

Our employees have formally agreed as a condition of their employment to comply with the legislation and our policies and procedures concerning the management and protection of your personal and sensitive information.

Some contractors we engage may see some of your personal information in the course of their work for us. Typically, these contractors are IT support technicians and database designers. We require them to sign confidentiality agreements before beginning any work for us, and to comply with our privacy policy.

Security and storage of personal information

We safeguard your privacy and confidentiality by securely storing your information on dedicated secure servers and use software and controlled technology and security policies and procedures which protect this information from loss, misuse and unauthorised access or alteration or disclosure.

While we cannot ensure data transmission over the internet is secure, once we receive your transmission we then take all reasonable steps to securely store your information on our dedicated secure servers. Similarly, we do not send your personal information via email or fax to any other third party unless you have given your approval for us to do so.

When you use a link from our website to the websites of third parties, those websites are not subject to our privacy standards. Those third parties are responsible for informing you of their own privacy policies.

Disclosure

We may share your personal and sensitive information with other health professionals involved in your ongoing care, but only with your knowledge and consent. We may share your information with third parties approved by you that are involved in organising your health assessment on your behalf, such as your insurance company, your insurance broker, your policy adviser or your financial adviser.

We may use your personal information to liaise with Medicare on your behalf, or to arrange payment of your account through your banking facilities (such as credit card payments).

We will not disclose any of your personal and sensitive information without your consent except where we are under legal obligation to do so, including circumstances where we are under a lawful duty of care to disclose information.

Because we cannot ensure data transmission over the internet or via facsimile is secure, we do not send your personal information via email or facsimile to any other third party unless you have given your approval for us to do so.

We record all instances of disclosure as a note in your clinical record in our clinical information system. This note includes details of where the information was sent and who authorised the transfer.

Your access to your personal information

Subject to some exemptions that are set out in the National Privacy Principles, you can gain access to the personal information that we hold about you. You may request a copy of any part of your clinical record, or the entire clinical record. You may also wish to notify us of any change in your personal information, or you may wish to make a correction to your personal information.

Please address your request to our Practice Manager and send us an email

You will need to verify your identity to gain access and we might impose a small fee in providing access. You may also request that one of our clinicians be present to help you interpret the clinical information recorded. Our Practice Manager will discuss the most suitable arrangements with you.

Please appreciate that in some cases it may take us a little time to process your application for access; this will largely be dependent on the type of request, and we may have to retrieve information from storage.

Concerns or complaints

It is important to us that your expectations about the way in which we handle your information are the same as ours. If you have a privacy concern please contact our Practice Manager at:

Executive Medicine
Suite 1, Level 1, Grace Hotel Building
77 York Street
Sydney NSW 2000

Tel: 02 9290 3259

Fax: 02 9279 0249

Email us

Our Practice Manager will reply to you within 14 days of receiving your concern or complaint with a response. You can also make complaints to the Office of the Federal Privacy Commissioner.

Version control

This policy was approved in October 2010. We will update this policy routinely in accordance with any changes in the legislation, best practice guidelines, or from your feedback.