Privacy Policy
The purpose of this Privacy Policy is to communicate to you how PRP Diagnostic Imaging (ABN 18 416 389 099) (PRP, we, us) manage, collect, deal with, protect and allow access to personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act),the Australian Privacy Principles included as Schedule 1 to the Privacy Act (the APPs), the Health Records Act 2001 (Vic), the Health Records and Information Privacy Act 2002 (NSW) and the Health Records (Privacy and Access) Act 1997 (ACT) (together with the Privacy Act and the APPs, Privacy Laws).
This Privacy Policy is available on our website at www.prpimaging.com.au/privacy. We may change this Privacy Policy from time to time by publishing changes to this policy on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
Scope
We understand the importance placed on the privacy of your personal information. This Privacy Policy applies to the management of the personal information of our patients, clients and suppliers. This Privacy Policy does not apply to our acts and practices in relation to employee and prospective employee records.
Why do we collect, hold, use and disclose personal information?
The types of information we collect is set out below. The information you may have provided to us is ‘personal information’ as defined by the Privacy Act. If you are a patient or client of ours, the information we collect may include ‘health information’ as defined by the Privacy Act. We may collect, hold, use and disclose your personal information (and health information, if applicable) where it is reasonably necessary in order to provide health care services to you and for the other purposes set out in this Privacy Policy. Where we need to collect health information about you, we will seek your consent before doing so, subject to any exceptions under applicable Privacy Laws.
Where required by law, we will not collect, hold, use or disclose personal information without your consent.
You do not have to supply us with your personal information, but if you choose not to do so we may be unable to provide the health care services required or sought by you or otherwise deal with you.
If you would like to access any of our services or deal with us on an anonymous basis or by using a pseudonym, please tell us. However, we will require you to identify yourself if:
- we are required by law to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.
Please be aware that your request to be anonymous or to use a pseudonym may affect our ability to provide you with the requested services.
What kind of personal information do we collect?
The nature and extent of personal information that we collect varies depending on your particular interaction with us and the nature of our functions and activities.
If you are a patient or client of ours, personal information that we commonly collect, hold, use and disclose may include your:
- name, gender, date of birth and contact details (including your preferred means of contact);
- next of kin;
- medical history and health services provided (which we collect with your consent only);
- government identifiers (including Medicare, pension and/or health care card information);
- education and employment details;
- billing information (including your bank details);
- driver’s licence number; and
- hobbies and interests.
If you are a supplier of ours, personal information that we commonly collect, hold, use and disclose may include your:
- name and contact details (including your preferred means of contact); and
- billing information (including your bank details).
How do we collect your personal information?
Where possible, we will collect personal information directly from you. This information may be collected through interviews, appointments, forms and questionnaires (whether in hard copy or electronic format, including information submitted via our website or other electronic means). If you are uncomfortable sharing particular aspects of your personal information with us, please let us know.
Where it is unreasonable or impracticable to collect personal information directly from you, we may also obtain personal information about you from a third party source, such as from your next of kin or other family member or from other health professionals (including general practitioners, specialists and allied health workers) who are treating you or who have referred you to us. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under applicable Privacy Laws. We will not collect any information regarding your medical history and health services provided from a third party source unless we have received your consent or you have agreed to this information being provided to us.
If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and applicable Privacy Laws, we will within a reasonable period, destroy or de-identify such information received.
Our internet service provider may record details of your visits to our website. This information will only be used by us internally for statistical and research purposes.
How do we store and secure your personal information?
We hold your personal information in a number of forms, including electronic or digital images, and hard copy paper based documents. We employ a range of physical and electronic security measures to ensure your personal information is adequately protected. These measures include:
- storing your personal information in a secure facility;
- using anti-virus software to protect electronic information; and
- limiting access to your personal information to those persons who are required to access it for the purpose of providing services to you or us.
We will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. We cannot ensure or warrant that your personal information will always be protected from unauthorised access during storage therefore you provide your personal information to us at your own risk. Please contact us immediately if you become aware or have reason to believe there has been any unauthorised use of your personal information.
Should personal information be subject to misuse, interference, loss or unauthorised access, modification or disclosure, we will respond in accordance with our policies and procedures and the requirements of applicable Privacy Laws.
When do we use and disclose your personal information?
We will only use and disclose your personal information (and health information, if applicable):
- if you are a patient or client, to provide our health care services to you (which is the primary purpose that we collect patient information for);
- to deal with you or manage our relationship with you;
- if we get your consent to use or disclose this information for another purpose;
- for secondary purposes which are related (or directly related, in the case of health information) to the primary purpose for which the information was collected; or
- in accordance with this Privacy Policy and applicable Privacy Laws; or
- as required by law or court or tribunal order.
If you are a patient or client, we may disclose your personal information and health information to other parties including:
- your referring healthcare professional and other healthcare and medical professionals. These other healthcare and medical professions may be:
- involved in, or consulted in relation to, your treatment, the provision of medical services to you and consideration of the best treatment options available to you;
- involved in broader patient-related discussions (as part of a team of healthcare and medical professionals); and/or
- practising at external healthcare facilities (including, but not limited to, public and private hospitals), including emergency departments;
- where your referring healthcare professional requests for us to do so, third parties for the purposes of surgical planning, treatment planning or additional health management;
- Medicare and/or health funds for payment of fees;
- State and Federal Government agencies where required by law or court or tribunal order;
- our professional advisors, including our accountants, auditors and lawyers, for the purpose of obtaining advice with respect to our obligations;
- our Related Entities and Related Bodies Corporate (as those terms are defined in the Corporations Act 2001 (Cth)); and
- our contractors and suppliers for the purpose of ensuring we provide quality health care services to you, including external service providers involved in the installation, maintenance and repair of hardware and software for the purpose of maintaining and improving the functionality of our systems and practices.
We may also collect, use, store and disclose your personal information and health information for:
- the training of healthcare professionals, including registrars;
- the development and assessment of the efficacy of AI tools and other software used to provide healthcare services;
- medical research undertaken and published by both internal PRP Diagnostic Imaging staff and external healthcare professionals and their research teams; and
- inclusion in computerised systems designed to link health records held by different organisations, such as My Health Record,
but only where we have obtained your consent to such practices.
We may use or disclose your personal information for the purposes of sending you direct marketing communications and information about our services. The third parties we typically disclosure your personal information to for direct marketing purposes include Clickman Media and MaxStudio. This may take the form of emails, SMS, mail or other forms of communication, which will be sent in accordance with the Spam Act 2003 (Cth) and the Privacy Act. If you do not wish to receive our direct marketing material, you can opt out by contacting our Privacy Officer.
Your personal information and health information may also be disclosed by us for use in teaching medical students and medical research projects in a de-identified form.
In the event that we disclose your medical history and / or details of health services provided to a third party and we do not continue to hold a copy of such information ourselves, we will retain a record of the name and address of the third party to whom that information was transferred.
Do we send personal information overseas?
In order to provide services to you, we may be required to disclose your personal information to overseas recipients, including third party software providers and contracted radiologists who we engage to provide reporting services. These overseas recipients are typically located in Canada, India, New Zealand, the Philippines, South Africa, the United Kingdom, and the United States of America. We will take reasonable steps to ensure that overseas recipients comply with their privacy obligations.
Access and amendment of your personal information
We will take reasonable steps to ensure that the personal information held by us is accurate, up-to-date, complete, relevant and not misleading.
You have a right to access your personal information, subject to some exceptions. Such access may be granted or refused by us in accordance with applicable Privacy Laws. If we are not required to provide you with access to any or all of your personal information, we will tell you why.
To request access to personal information, please contact us using the details below or complete the Request to Access Medical Records form which is available from our practices. We will respond to your request within a reasonable period, and in any event within any required timeframes set out in applicable Privacy Laws.
If you believe that your personal information is inaccurate, incorrect or incomplete, please contact us and we will take reasonable steps to ensure that it is corrected.
If you make a request for access to or correction of personal information, we will:
- respond to your request within a reasonable period, and in any event within any required timeframes set out in applicable Privacy Laws; and
- if reasonable and practicable, give access to or correct the information in the manner requested.
If we refuse your request, we will provide you with written reasons for doing so.
Integrity of your personal information
In accordance with applicable Privacy Laws, we will take reasonable steps to:
- ensure that the personal information that we collect is accurate, up to date and complete;
- ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
- secure your personal information.
We will also take reasonable steps to destroy or de-identify personal information that we hold if we no longer need the information for the primary purpose for which the information was collected and we are not otherwise required by law to retain the information.
Emailing of Personal Records
It is a policy of PRP Diagnostic Imaging that a report is not emailed to patients. Patients are encouraged to request personal copies of reports from their referring health care practitioner, or access their report via the PRP patient portal, myPRP. If a patient requests their report directly from PRP, a hard copy may be printed and handed to the patient, or mailed to their postal address.
Complaints
We take our privacy obligations very seriously. If you have any concerns about the manner in which your personal information is handled by us, please contact our Privacy Officer on (02) 9981 4500 or privacy@prpimaging.com.au. Formal complaints regarding breach of privacy should be made to our Privacy Officer in writing.
We will reasonably endeavour to respond to your complaint within 30 days of receipt.
If you think that we have failed to resolve your complaint satisfactorily, we will provide you with information about the further steps you can take.
How to contact us
If you have any questions or would like further information regarding your privacy please contact our Privacy Officer at privacy@prpimaging.com.au.
Updated April 2024