It is the policy of Focus Eye Centre to maintain strict confidentiality about all patients. The Privacy Act means that we need to have your permission to pass on some of your details to third parties as outlined below.
The Privacy Act 1988 requires hospitals and day surgery units to obtain consent from their patients to collect, use and disclose that patient’s personal information.
Focus Eye Centre collects, holds, and uses your personal information for limited purposes
This means that we will collect information that is necessary to properly advise and treat you. Such necessary information may include:
- full medical history;
- family medical history;
- medical photographs;
- contact details;
- Medicare/provide health fund details;
- billing/account details.
The information will normally be collected directly from you. There may be occasions when we will need to obtain information from other sources, for example:
- medical practitioners, such as GP’s and specialists;
- other health care providers such as physiotherapists, occupational therapists, psychologists, pharmacists, dentists, nurses; and
- other hospitals and day surgery units.
Both our staff and the medical practitioners may participate in the collection of this information.
In emergency situations we may need to collect personal information for relatives or other sources where we are unable to obtain your prior express consent.
Disclosure of information
With your consent, the staff will use and disclose your information, for purposes such as:
- account keeping and billing purpose, such as disclosure to Medicare, the Department of Veterans affairs, your private health fund, or to a credit collection agent in the event your account is not settled in a timely fashion;
- referral to a medical practitioner or health care provider;
- sending of specimens, such as removed skin lesions or swabs, for analysis; or for similar diagnostic purpose (Blood tests, X-rays);
- referral to another hospital for treatment and/or advice;
- advice on treatment options;
- the management of our day surgery;
- training and education, including patient education;
- Research purposes
- quality assurance, day surgery accreditation and complaint handling;
- NSW Health department and Private Hospital Data Bureau reporting, to comply with the statistical reporting requirements under our hospital licence;
- to meet our obligations of notification to our insurers;
- to suppliers of prostheses for eye procedures, where required to meet their reporting obligations;
- to prevent or lessen a serious threat to an individual’s life, health or safety; and;
- where legally required to do so, such as producing records to court, mandatory reporting of child abuse or the notification of diagnosis of diagnosis of certain communicable diseases.
ACCESS to Information
You are entitled to access your own health records at any time convenient to both yourself and the day surgery. Access can be denied where:
- to provide access would create a serious threat to life or health;
- there is a legal impediment to access;
- the access would unreasonably impact on the privacy of another;
- your request is frivolous;
- the information relates to anticipated or actual legal proceedings and you would not be entitled to access the information in those proceedings; and
- in the interests of national security.
We ask that, where possible, your request be in writing. We may impose a charge for photocopying or for staff time involved in processing your request. Where you dispute the accuracy of the information we have recorded you are entitled to correct that information. It is policy that we will take all steps to record all of your corrections and place them with your file but will not erase the original record.
How we store and Transfer your Information
All Data, including personal and non-personal information, is stored electronically and is transferred to our servers across a secure virtual private network.
Our Servers are located in our data centre in the inner metropolitan region of Sydney, and your personal information will be routed through, and stored on, those servers as part of the services provided by us. If the location of our servers changes in the future, we will update this Policy. By Law, these servers will not be located outside of Australia.
By providing your personal information to us you consent to it being stored on servers hosted in our data centre. While your personal information will be stored offsite it will remain within Focus Eye Centre control at all times. The server host’s role is limited to providing a hosting and storage service to us, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, your personal information.
Focus Eye Centre takes steps to protect your personal information
We are committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. The data is protected by multiple factor password protection, and has never been breached by external parties. We have multiple backups in place, including back up to disk, backup to tape, and backups to a secondary data centre located in metropolitan Perth, WA.
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
If you have any concerns or would like to make a complaint about how we handle your information please contact us by phone or email.
Last updated: March 2014