Under the Australian Privacy Act 1988 (Cth), personal information is information about a living person which can be used (by itself or together with other information) to reasonably identify that person. As we are involved in the Health Sector, we take additional precautions with privacy and are governed by the Australian Privacy Principles.
As part of providing a health service The Talbot Centre will need to collect and record personal information from you that is relevant to your current situation. The information gathered is part of the assessment and treatment process. It is retained to document what happens in sessions, and enables the clinician to provide a relevant and informed health service. Services are provided in confidence and your information is stored securely in line with our Policy on the Management of Personal Information.
Schedule 1 – Our details if you need to contact us.
The Talbot Centre
When we talk about ‘us’ or ‘our’, we mean our business/entity as identified in the above schedule 1.
When we talk about ‘you’, ‘user’ or ‘your’ in our terms and conditions, we mean you, the user of our services or visitor to our website.
‘Personal information’ is information that directly identifies you, such as your name and email address, or data that could be used, on its own or in combination with other data, to identify you. It has the meaning given to it in the Act. Sensitive information is personal information requiring special protection and includes information about your health. For the purposes of this policy, we are including sensitive information within personal information.
In general, we only use your personal information for the delivery of our services and to send you information about our services. We routinely request consent to collect de-identifed clinical information as part of your service with us. We never sell or giveaway your personal information.
1. De-identifed information
You can browse our online website anonymously (although cookies may identify your IP address). However, if you use, request or sign up for any of our services, you will need to identify yourself and at that point we will start collecting your personal information in order to deliver a service or send information about our services. If you do not give personal information to us, it will affect our ability to provide you with requested information or to deliver our services.
2. My Health Record
Our practice is not registered with the government’s My Health Record system.
3. Collecting personal information
At all times we try to only collect the minimum information we need to keep to provide our services (as requested by you) and to keep our records up to date. All personal information collected once engaged with our service is stored for as long as is required under relevant health regulations.
The main way we collect personal information about you is when you give it to us, for example:
- when you contact us
- when you submit information to our website, in person or via email (eg initial intake forms)
- when you correspond with us in person, over the phone, via email or through completion of online forms
- when you ask for access to information we hold about you
4. Collecting information from third parties
We may also collect personal information that is given to us or available to us by a third party (for example, information that a referring specialist, general practitioner, other healthcare professional or teaching staff makes available to us). If someone calls on your behalf or provides us with information about you, we may collect the caller’s name and contact details to ensure you can access the support you require from our service.
When you use our website, we may receive data from third parties such as analytics providers and advertising networks like Google and Facebook.
This information forms part of the personal information described in this policy.
We will not intentionally collect personal information that is unintentionally disclosed.
5. What do we collect
To enable us to safely deliver our health services to you, it is necessary for us to collect and store basic health information about you. It is important that we keep your records up to date and we have processes in place to help with this. For example, we may ask you if your details have changed at the time of completing a new service agreement.
We will collect (as appropriate to your circumstances) the following types of information:
- Your name, address, telephone, email
- You date of birth
- Any relevant referral information including a referral from your General Practitioner, previous assessments completed and the like
- Information relevant to your health (current and historical) including medications
- Family medical and educational history
- Your ethnic background (if relevant to your care)
- Your work history and/or current position
- Any other information you provide or we receive from third parties that is relevant to your care within our service
We keep your records in our system while you are still an active client of ours. After that, we may keep your archived records for up to 25 years, or as long as is required under relevant health regulations.
When we collect personal information about you, we will take steps to appropriately protect the information we receive. All records are stored on an electronic data base, password protected, with two factor authentication.
6. How do we use your personal information and who do we share it with?
We collect your personal information to provide our healthcare services to you.
Additionally, we may use or share your information as follows:
- For administrative and billing purposes.
- We will share your information with your child’s carer or representative if you have authorised us to do so or they have provided us with your authority (for example under a Power of Attorney for health decisions).
- If you are under the age of 18, we may share your information with your legal guardian where appropriate.
- We will share your health information with authorised health practitioners within our business to ensure collaborative care.
- We will share your health information when we are required to do so by law. For example, if we receive a valid court subpoena to disclose information. Additionally, we will supply your personal information to child protective services if we suspect abuse, neglect or harm to a child in your care.
- If we refer you to a third party for additional therapy, we may share your information with the third party with your consent.
- We will use your information for recalls or follow up sessions.
- We will also disclose your health information if there is an emergency which we feel warrants disclosing your health or other information. For example, if you were suddenly unwell during a session and we call the paramedics, we will tell the paramedics all health information we hold about you as well as your name, date of birth etc.
We may also share your personal information (eg. contact details) for business purposes including:
- Payment third parties if there is a dispute over a payment. For example, if our third-party payment provider contacts us regarding a dispute over a payment, we will provide them with requested information and billing details on our system etc to allow the payment dispute to be resolved.
- If you have received Medicare or health insurance rebates and we receive a request for information from that provider, we will share information with them to validate your claim.
- Professional advisers including accountants, lawyers, bankers, auditors and insurers for the compliant operation of our business.
- Government bodies that require us to report processing activities.
- Third parties where we are required to in accordance with the law. We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our online services, or in accordance with a properly executed court order, or as otherwise required to do so by law.
All personal information gathered by your clinician during the provision of the health service will remain confidential and secure except where:
- It is subpoenaed by a court; or
- Failure to disclose the information would place you or another person at serious or imminent risk
- You would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected;
- Your prior approval has been obtained to:
a) provide a written report to another professional or agency. e.g. a GP or a lawyer; or b) discuss the material with another person, e.g. a parent or employer;
- You are attending under a Mental Health Care Plan, Eating Disorder Management Plan, Chronic Disease Management Plan or other Medicare funded service and a report needs to be provided to the referring practitioner for compliance purposes; or
- If disclosure is otherwise required or authorised by law.
We occasionally communicate with you by email or text message. Where possible this communication should be limited to administrative matters, however you should be aware that these forms of communication are limited in their confidentiality. Provision of such information to us indicates your consent for these forms of communication to be used.
8. Telehealth Services
The privacy of any form of communication via the internet is potentially vulnerable and limited by the security of the technology used. To support the security of your personal information this practice uses Microsoft Teams/Zoom, which is compliant with the Australian standards for online security and encryption.
9. Recording of Personal Information
All health professionals, regardless of their experience, are required to participate in peer review of treatment sessions to ensure that patients continue to receive appropriate care. We are dedicated to the provision of the best possible treatment and we therefore occasionally record sessions, with client consent, for review in peer supervision. Recordings of sessions are deleted after review and all those viewing the tapes are bound by the same level of confidentiality that applies to your clinician.
The benefit to you is that review of sessions ensures that you are receiving the highest quality of treatment as well as acting as a second opinion, if needed, from other health professionals within the practice. If you do not consent to the recording of sessions your treatment will not be affected in any way.
10. Direct Marketing
We may send you direct marketing about our products or services. You may always opt out of receiving this marketing by letting us know. For example, if we send you a marketing email there will be an opt-out option at the bottom of the email. Opting out of marketing will have your details removed from our marketing list but will not change the way we use other personal information we hold about you. For example, you may still receive reminders about upcoming appointments.
11. Testimonials, Service ratings and public comment
Under national health regulations we are prohibited from publishing testimonials from our clients.
You may talk about our services on websites or social media platforms that are not under our control.
Be aware that if you provide any public rating or comment about your use of our services, you will be making your status as our client part of public record.
12. Social media platforms and messaging systems
We may have a social media presence. Be aware that if you connect with us on social media, you may be making your status as our client, or someone related to a client, part of public record.
We may use your personal information on social media to let you know about our services or upcoming offers or events. We may confirm an appointment time with you through a messenger service.
We will not discuss or collect your health information via social media or messaging services.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some website features may not function properly without cookies.
The kind of information that can be collected includes:
- device specific information such as mobile network information
- server logs including your IP address, the times you use our services and system activity
- location information including IP address, GPS, and Wi-Fi access points
- local storage availability
We use the information to help to track your use of our online services to improve your user experience and the quality of our services.
To find out how to opt out of tailored advertising please check the options available here – http://www.networkadvertising.org/choices/.
14. Third Party Links
Our website may contain links to other websites who will have their own privacy policies. Once you leave our website, we are no longer responsible for your personal information and you should ensure you are familiar with the privacy policies of third party sites you visit.
15. Security and overseas recipients
We use safe practices and appropriate password protection for our systems and aim to ensure our third-party providers use similar care with your personal data. No security measures are 100% safe however and your data is stored with us at your own risk. We take reasonable steps to protect all personal information within our direct control from misuse, interference, loss, unauthorised access, unlawful or accidental destruction, modification or disclosure. To prevent unauthorised access or disclosure we use respected hosting services, firewall and other electronic security procedures and managerial procedures to safeguard and secure the information we collect from you.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We rely on third party providers to store the information you have provided to us securely and your data will cross international borders. Not all countries have the same level of privacy protection as Australia and you acknowledge and agree to our transferring of your personal data across international borders in this way. We will do our best to ensure your data is protected to a similar standard as set out in this policy by using third party providers with similar privacy protections.
All hard copy files are stored in Australia.
16. Accessing and correcting your personal information – Your legal rights
You have the right to know what information we hold about you and to ensure the information is accurate and up to date.
If you wish to exercise any of the rights, please contact us using our contact details in schedule 1. There may be a fee associated with release of clinical information requests and a review of all personal information to ensure accessing your personal information is safe for your ongoing health.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. For record keeping purposes, we will record and store all information exchanged during an exercise of your rights under this clause.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
Under relevant legislation, all personal information about you can be requested by a court through a subpoena, which we are required to conform to. Should we release any of your personal information, we will contact you and discuss the circumstances.
If you have a concern about the management of your personal information, please contact the client care team. Upon request you can obtain a copy of the National Privacy Principles, which describe your rights and how your information should be handled. Ultimately, if you wish to lodge a formal complaint about the use of, or access to, your personal information, you may do so with the Office of the Federal Privacy Commissioner on 1300 363 992, or GPO Box 5218, Sydney, NSW 1042.