circumstances in which we may disclose it to third parties.
Related standards;RACGP Compliance indicators for the Australian Privacy Principles: an addendum to the computer and information security standards (Second edition).
Background and rationale
The APP provide a privacy protection framework that supports the rights and obligations of collecting,
holding, using, accessing and correcting personal information. The APP consist of 13 principle-based laws
and apply equally to paper-based and digital environments. The APP complement the long-standing general
practice obligation to manage personal information in a regulated, open and transparent manner.
This policy will guide Practice staff in meeting these legal obligations. It also details to patients how the
Practice uses their personal information. The policy must be made available to patients upon request.
Robs Massage will:
• provide a copy of this policy upon request
• ensure staff comply with the APP and deal appropriately with inquiries or concerns
• take such steps as are reasonable in the circumstances to implement practices, procedures and
systems to ensure compliance with the APP and deal with inquiries or complaints
• collect personal information for the primary purpose of managing a patient’s healthcare and for
financial claims and payments.
Robs Massage’s staff will take reasonable steps to ensure patients understand:
• what information has been and is being collected
• why the information is being collected, and whether this is due to a legal requirement
• how the information will be used or disclosed
• why and when their consent is necessary
• the Practice’s procedures for access and correction of information, and responding to
complaints of information breaches, including by providing this policy.
Robs Massage will only interpret and apply a patient’s consent for the primary purpose for which it was
provided. Robs Massage staff must seek additional consent from the patient if the personal information
collected may be used for any other purpose.
Managing patient health information
Collection of information
Robs Massage will need to collect personal information as a provision of clinical services to a patient
at the practice. Collected personal information will include patients’:
• names, addresses and contact details
• Medicare number (where available) (for identification and claiming purposes)
• healthcare identifiers
• medical information including medical history, medications, allergies, adverse events,
immunisations, social history, family history and risk factors.
A patient’s personal information may be held at the Practice in various forms:
• as paper records
• as electronic records
• as visual – x-rays, CT scans, videos and photos
• as audio recordings.
Robs Massage’s procedure for collecting personal information is set out below.
1. Practice staff collect patients’ personal and demographic information via registration when patients
present to the Practice for the first time. Patients are encouraged to pay attention to the collection
statement attached to/within the form and information about the management of collected
information and patient privacy.
2. During the course of providing medical services, Robs Massage’s healthcare practitioners will
consequently collect further personal information.
3. Personal information may also be collected from the patient’s guardian or responsible person
(where practicable and necessary), or from any other involved healthcare specialists.
Robs Massage holds all personal information securely, whether in electronic format, in protected
information systems or in hard copy format in a secured environment.
Use and disclosure of information
Personal information will only be used for the purpose of providing medical services and for claims and
payments, unless otherwise consented to. Some disclosure may occur to third parties engaged by or
for Robs Massage for business purposes, such as accreditation or for the provision of information
technology. These third parties are required to comply with this policy. Robs Massage will inform the patient
where there is a statutory requirement to disclose certain personal information (for example, some
diseases require mandatory notification).
Robs Massage will not disclose personal information to any third party other than in the course of providing
medical services, without full disclosure to the patient or the recipient, the reason for the information
transfer and full consent from the patient. Robs Massage will not disclose personal information to anyone
outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
• required by law
• necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health
or safety, or it is impractical to obtain the patient’s consent
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim
• for the purpose of a confidential dispute resolution process.
Robs Massage will not use any personal information in relation to direct marketing to a patient without that
patient’s express consent. Patients may opt-out of direct marketing at any time by notifying Robs Massage
in a letter or email.
Robs Massage evaluates all unsolicited information it receives to decide if it should be kept, acted on
Access, corrections and privacy concerns
Robs Massage acknowledges patients may request access to their medical records. Patients are
encouraged to make this request in writing, and Robs Massage will respond within a reasonable time.
Robs Massage will take reasonable steps to correct personal information where it is satisfied they are not
accurate or up to date. From time to time, Robs Massage will ask patients to verify the personal information
held by Robs Massage is correct and up to date. Patients may also request Robs Massage corrects or updates
their information, and patients should make such requests in writing.
Robs Massage takes complaints and concerns about the privacy of patients’ personal information seriously.
Patients should express any privacy concerns in writing. Robs Massage will then attempt to resolve it in
accordance with its complaint resolution procedure.
Compliance indicators for the Australian Privacy Principles:
The RACGP Privacy handbook & patient pamphlet