PRIVACY POLICY

This privacy policy outlines the personal information management practices of my clinical psychology practice.


Overview

Personal information that I collect is managed in accordance with the Health Records (Privacy and Access) Act 1997, the Privacy Act 1988 (Cth), and the Privacy Amendment (Notifiable Data Breaches) Act 2017.


Definitions

Personal Information means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information, whether or not the information or opinion is true or recorded in a material form, and includes sensitive information.

Sensitive Information means information or an opinion, that is also personal information, about a person’s racial or ethnic origin, political opinions, memberships of political, professional and trade associations and unions, religious and philosophical beliefs, sexual orientation or practices, criminal history, health information, and genetic and biometric information.


The kind of personal information that I collect and hold

I collect a range of personal information in the course of providing psychological services to my clients. This information is managed in your Client Service Record and Confidential Client File.

Personal information collected and managed in your Client Service Record is held in third party accounting and/or practice management software. Information collected between 1 July 2018 and 1 July 2020 is held in accounting software and would include your name and a record of your invoices and associated payments. Information collected after 30 June 2020 is held in practice management software and would include your name, date of birth, contact details, the name of your referring doctor, date of referral, Medicare card details, additional billing information required by third party payers, and a record of your appointments, invoices, and associated payments. A record of any Medicare Assignment of Benefit agreements that you have completed would also form part of your Client Service Record.

Personal information collected and managed in your Confidential Client File is held in my practice management software, and would include file notes documenting the psychological services that I provide and relevant health information collected during the provision of these services; copies of any service-related letters or reports; and any other service-related documents that we have agreed to store on your file.


How your personal information is collected

Your personal information is collected both during and between consultations when we communicate with each other in person, or by phone or email. Your personal information is also collected during service-related oral and written communications that I have with your referring doctor, or other third parties such as your insurer, rehabilitation provider, or other health professionals involved in your treatment.


How long your personal information is held for

Personal information managed in your Client Service Record and Confidential Client File is held until seven years after the day that a service was last provided (or, if you were under 18 years old when the last service was provided, until the day you turn 25 years old).

At the end of this period (during the closure of the coinciding financial quarter) personal information managed in your Client Service Record and Confidential Client File is deleted. Your name, date of birth, and the dates of your initial and final consultations are then entered into a register that I keep (in encrypted electronic files) of health records that I have deleted/destroyed or transferred to another entity. These details are held on the register for at least a further seven years.


Who else has access to your personal information?

My accountant and bookkeeper have access to Client Service Records that are held in my accounting software, for accounting and bookkeeping purposes.

In the event of my death or incapacitation, a colleague nominated in my Practice Contingency Plan (Alexi O’Dea, Clinical Psychologist) will have access to and take over the management of your Client Service Record and Confidential Client File.


Use

Your personal information is collected and used for the purposes of documenting and informing the psychological services that I provide, supporting the administration of my business, and supporting my compliance with the various ethical and legal obligations that are required of me as a Clinical Psychologist and sole trader.


Disclosure

Your personal information will remain confidential except when:

a. it is subpoenaed by a court;

b. failure to disclose the information would, in my reasonable belief, place you or another person at serious risk to life, health or safety;

c. your approval has been obtained to:

i. provide a written report to another professional or agency; or
ii. discuss the material with another person, e.g. a rehabilitation or health provider; or
iii. disclose the information in another way;

c. you would reasonably expect your personal information to be disclosed to another professional or agency and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected; or

d. disclosure is otherwise required or authorised by law.

Note that psychologists are listed as ‘mandated reporters’ under s 356 of the Children and Young People Act 2008. Under this legislation, I am required to make a Child Concern Report if I believe on reasonable grounds, based on information obtain during the course of (or because of) my work, that a child or young person has experienced, or is experiencing sexual abuse, or non-accidental physical injury.

Your personal information will not be disclosed to overseas recipients, unless you provide consent for such disclosure, or disclosure is required by law.

Your personal information will not be used, sold, rented, or disclosed for any other purpose.

In the event that unauthorised access, disclosure, or loss of your personal information occurs, I will activate my data breach action procedures and use all reasonable endeavours to minimise any risk of consequential serious harm.


Anonymity and pseudonymity

It is not practical to engage my services anonymously. You may, however, use a pseudonym and withhold all identifying information except for a contact phone number or email address. Note that you will be required to disclose your legal name and Medicare card details if you wish to claim a Medicare benefit on your consultation fees, or if your treatment is being funded through a third party.


Requests for access to and correction of your personal information

You are welcome to lodge an oral or written request with me to view and/or obtain a copy of your Client Service Record or Confidential Client File. Access will be given within 30 days of me receiving your request. If necessary, we will make an appointment to review the records together, so that I can explain the contents and answer any questions you might have. A fee may be charged for this service.

If you are satisfied that your personal information is inaccurate, out of date, or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected.

There are some circumstances in which requests to access your personal information may be declined. These are outlined in the Health Records (Privacy and Access) Act 1997.


Complaints

If you have any concerns or complaints regarding the management of your personal information, let me know and I will attempt to address them as best I can.

You may also lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone (1300 363 992), by post (Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001), or online at https://www.oaic.gov.au.


Page last updated: 24/08/20