Privacy Policy
PRIVACY POLICY
Introduction
Sydney Medical Service Co-operative Limited (SMS) understands the importance of protecting the
privacy of your personal information and is committed to protecting the privacy of individuals who
have dealings with SMS.
This privacy policy sets out, in an open and transparent way, how SMS collects, holds and uses or
shares your personal information, how it aims to protect the privacy of your personal information and
your rights in relation to your personal information managed by SMS.
SMS is bound by and will comply with the Privacy Act 1988 (Cth) (the Act), the Australian Privacy
Principles (the APP) any relevant state legislation in relation to the handling of your personal
information including patient health records (to the extent that your personal information is subject to
the Act, the APP or other legislation).
What is personal information?
Personal information is information of an opinion (regardless of its accuracy or form) about an
identified individual, or an individual who is reasonably identifiable from the information. Personal
information also includes:
- Sensitive information includes information such as an individual’s race or ethnic origin,
political opinions, religion, sexual preferences or practices, criminal record or health
information about an individual; and - Health information includes information or an opinion about an individual’s health or
disability at any time, expressed wishes regarding future health services, health services
provided or to be provided, information collected while providing a health service or
collected in connection with the donation or intended donation of body parts and
substances.
For the purposes of this policy, references to personal information shall include references to
sensitive information and health information.
What is a patient health record?
Health information collected and held, in paper or electronic form, by SMS about a patient, including,
but not limited to, contact and demographic information, a record of the patient’s medical history,
treatment notes, observations, correspondence, investigations, test results, photographs, prescription
records, medication charts, insurance information, legal information and reports, and work health and
safety reports constitute a patient health record for legislative purposes.
What personal information does SMS collect?
The personal information collected and stored by SMS about you may (and others) include:
- your name
- your contact details including residential or business address, telephone numbers, email
addresses or fax numbers - your age or date of birth
- your gender
- health information including but not limited to current and historical health information, the
identity of treating medical practitioners, medical reports or treatment notes prepared by an
individual (including a medical practitioner who has attended upon you in connection with
SMS’s business, medication details or treatments or any other medical information which
constitutes ‘health information’ for the purposes of the Act - Medicare number, Veteran Affair number, Health Care card number, health fund details or
pension number - billing information including bank account details
- sensitive information which SMS believes is necessary to ensure the proper medical
treatment of an individual or as required for the proper operation of SMS’s business and to
discharge any legal obligations - your patient health record
SMS may request additional information from you which it determines may be necessary to provide
the best healthcare to you.
If SMS cannot collect personal information about an individual, it may not be possible for SMS to
provide any services to the individual (eg. medical treatment) or the service provided may not be
complete.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impractical for us
to do so or unless we are authorised by law to only deal with identified individuals.
Why does SMS collect, use, hold and share your personal information?
SMS collects personal information which is necessary for its functions and activities and in particular,
for the management and provision of healthcare services and medical treatment to you. This is the
primary purpose for which your personal information is collected.
SMS collects, holds, uses and discloses your personal information for the following reasons and
purposes:
- to manage and provide medical treatment to you
- for the purpose of reporting to your normal treating general practitioner or any other health
professional or facility as required for your ongoing treatment - for billing purposes
- to respond to any matters raised by you (such as a complaint regarding services received)
- for administrative purposes which are necessary for the proper conduct of SMS’s business
including ensuring that SMS’s records are up to date, to maintain accreditation, practice
audits, and for staff training to improve the service delivered to you - to comply with any laws, rules and regulations
- to report health survey evidence and statistics to associated medical bodies
- to conduct internal reviews of staff policies and management processes
- to ensure propriety with practice emergency response procedures
- to prepare referral letters to external healthcare providers, where required,
Your personal information will not be shared, sold or disclosed by SMS other than as described in
this policy or as permitted under the Act.
How does SMS collect your personal information?
In most cases, SMS will collect personal information directly from you. SMS may collect personal
information directly from you:
- providing the information directly to a representative of SMS (eg. to SMS’s telephone
operators when you make an initial or subsequent booking, or by the completion of forms) - in the course of a medical attendance by a medical practitioner
- from information supplied by email, text message or using SMS’s website or other social
media applications
In some circumstances, it may be necessary to collect personal information from a third party. SMS
will only collect personal information from a third party:
- where you have consented
- from your guardian, parent or responsible person where you do not have legal or mental
capacity - where it is not reasonably or practicable to collect information you (for example, where you
are not able to provide the information which is necessary for the provision medical
treatment) - where the information is necessary for your proper medical treatment, including information
obtained from other involved healthcare providers (including your regular general
practitioner, specialists, allied health professionals, hospitals, community health services
and pathology and diagnostic imaging services), or My Health Record (for example via
PRODA, Shared Health Summary, Event Summary) - your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary)
When, why and with whom does SMS share your personal information?
SMS may share your personal information (including health information as applicable):
- with other healthcare providers as required for the provision of healthcare services to you
including:- SMS’s contracted medical practitioners who provide healthcare services
- your treating doctor or regular general practitioner
- health professionals who may be involved in the provision of healthcare services to
you such as ambulance services and emergency department doctors , or other
healthcare providers to whom you are referred
- when it is necessary to lessen or prevent a serious threat to a person’s life, health or safety
or public health or safety, or it is impractical to obtain your consent - in the case of a minors, with a parent with parental responsibility
- with other authorised representatives such as legal guardians or persons holding a relevant
power of attorney - when it is required or authorised by law (for example, responding to court subpoenas)
- when there is a statutory requirement to share certain personal information (e.g., for some
diseases that require mandatory notification); - for the purpose of confidential dispute resolution process
- during the course of providing medical services, through eTP, My Health Record (for
example via PRODA, Shared Health Summary, Event Summary) - with persons whom you request or consent to receiving the information
- with third parties who work with SMS for business purposes, such as accreditation
agencies or information technology providers – these third parties are required to comply
with APPs and this policy - your employer or prospective employers, their authorised representatives and insurer in the
case of a compulsory work-related consultation or service - Commonwealth bodies to which patient bulk-billing claims are referred and for record
auditing purposes - associated medical bodies to report health survey evidence and statistics
Your personal information will be primarily used for the purpose for which it was collected, that is, the
provision of healthcare services to you. Other than in the course of providing medical services or as
otherwise described in this policy, SMS will not share your personal information with any third party
without your consent.
SMS will take all steps reasonable to maintain your privacy when sharing your personal information
with others. For example:
- patient health records created by SMS’s contract medical practitioners will be transmitted to
your treating doctor or regular general practitioner in encrypted form (presently via Health
Link or Interfax) unless you consent to SMS transmitting the record by another means - within SMS, only people who need to access your personal information to perform their role
will be able to do so and they will use that information for the purpose for which it was
collected. SMS has implemented systems of work and checklists for staff members relating
to privacy, whether working from SMS’s premises or otherwise - when preparing referral letters to external health care providers, SMS’s contract medical
practitioners will disclose only the relevant information necessary for the referral using the
standard template manual forms provided by SMS. SMS does not use automated
technology the raise referral letters
SMS will not share your personal information with anyone outside Australia (unless under exceptional
circumstances that are permitted by law) without your consent.
SMS will not use your personal information for marketing any of our services directly to you without
your express consent.
SMS may use your personal information to improve the quality of the healthcare services provided to
patients through research and analysis of patient data.
SMS may provide de-identified data to other organisations to improve population health outcomes.
The information is secure, patients cannot be identified and the information is stored within Australia.
You can let our staff know if you do not want your information shared for this purpose.
What does SMS do with unsolicited information?
In limited circumstances, SMS may receive unsolicited personal information belonging to you. Where
information is received without SMS taking active steps to collect it, SMS will, within a reasonable
period after receiving the information decide whether SMS could have lawfully collected the
information by other means. If SMS determines it could not have collected the information lawfully,
SMS will destroy the information.
How does SMS store and protect your personal information?
SMS is committed to ensuring that your personal information is secured and not subject to
unauthorised access. Employees and contracted medical practitioners are inducted in this policy and
undertake training on the privacy obligations relating to the collection and use of your personal
information.
Your personal information may be stored by SMS in various forms including in electronic (the
preferred form) and paper form.
SMS will take reasonable steps to protect personal information from misuse, interference, loss,
unauthorised access, modification or disclosure. SMS uses technology and processes such as
access control procedures (including passwords), network firewalls, encryption and physical security
to protect personal information. Paper documents are stored in secure premises and reasonable
steps are taken to ensure that any paper documents when used not in any situation where they can
be accessed or seen by unauthorised persons.
Despite the measures of SMS, SMS cannot provide assurances regarding information transmitted to
SMS via unencrypted email or via the website because SMS cannot control the security of the
transmission online. SMS’s website may contain links to other websites operated by third parties.
SMS does not make any representations or warranties about the privacy practices of the operators of
those third-party websites.
SMS will securely destroy or permanently de-identify personal information which is no longer needed
(subject to SMS’s obligations at law).
How can you access and correct your personal information?
SMS acknowledges that you have the right to request access to, and correction of, your personal
information. You may submit a request for access to your personal information in writing by email to
SMS (admin@sydmed.com.au). SMS will ask you to complete a consent form and will require you to
verify your identity before providing access to or transferring your personal information (including
sensitive health information). SMS will take reasonable steps to give you a copy of, and/or correct your personal information within
30 days, unless there is a reasonable or lawful reason not to do so . SMS may charge a reasonable
fee for processing a request for access to and provision of personal information which will be notified
to you before the provision of information. SMS is concerned to ensure a secure means of access or transfer of your personal information and
will only do so in a form expressly approved by you. There is an inherent risk in the transfer of
personal information across the internet as information submitted unencrypted via email may be
read, intercepted or modified by third parties (despite any reasonable steps taken by SMS to reduce
such risk). SMS will record your consent to the method of transfer with your personal information
stored by SMS and your acknowledgment of this inherent risk. SMS may refuse a request for access to personal information if it is permitted by the Act to do so.
Reasons for refusing access may include:
- access would pose a serious threat to the life or health of an individual
- where it may have an unreasonable impact on the privacy of others
- where it is frivolous or vexatious
- where refusal is otherwise required or permitted by law.
If SMS refuses a request for access, where reasonable SMS will:
- give you written notice explaining why it has refused access
- confirm how you may make a complaint (as outlined in this policy)
- at your request, make a note on your file detailing the information you believe to be in
correct.
If you believe that your personal information held by SMS is incorrect, you may send a notice in
writing by email to SMS (admin@sydmed.com.au) requesting an amendment to
the personal
information (including the grounds upon which you believe the information is incorrect and should be
amended). SMS will require you to provide evidence of your identity in connection with such request.
SMS will consider all requests for amendment and will either take reasonable steps to make the
correction, where appropriate, or add a note to the information with the details of the request for
amendment.
How can you lodge a privacy-related complaint, and how will the complaint be
handled by SMS?
SMS takes complaints and concerns regarding privacy seriously. SMS will attempt to resolve any
complaint in a fair and reasonable manner. All complaints will be treated confidentially and in
accordance with the law.
You should express any privacy concerns you may have in writing to the Chief Executive Officer by
email (admin@sydmed.com.au) or by post mailed to Locked Bag 1, PANANIA NSW 2213.
SMS will acknowledge receipt of your complaint and provide information to you regarding the process
for handling the complaint. Our intention is that any complaint or concern will be resolved within 30
days of having received the complaint or the concern.
If you have a complaint or concern, or wish to ascertain further information regarding privacy,
relevant legislation or your rights, you may also contact:
Office of the Australian Information Commissioner
Website – www.oaic.gov.au
Telephone – 1300 363 992.
Information and Privacy Commission New South Wales
Website – www.ipc.nsw.gov.au
Telephone – 1800 472 679
Privacy and SMS’s website
In addition to personal information which you may provide to us in connection with the provision of
healthcare services, SMS may collect additional personal information when you access our website.
When you visit SMS’s website, we may utilise web measurement tools and internet service providers
to collect information including:
- your server and IP address
- the name of the top level domain (for example, .gov, .com, .edu, .au)
- the type of browser used
- the date and time you accessed the website
- how you interacted with the website
- clickstream data
- the search engines and queries use to access the website
- the previous website you visited
- the operating system
If this information is collected from the website, SMS may store this information in different ways,
including:
- our document and records management system
- cloud storage
- browser storage
- cookies
A cookie is a small data file which is stored on your hard drive while navigating a website (but cannot
do anything to it). When a user visits our website, the cookie allows us to recognise and individual
web user as they browse our website. The cookie identifies your browser or device, but we cannot
use it to identify you personally as no personal information is stored within cookies used by our
website. No attempt is made to identify individual users or their browsing activities except, in the
unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the log file.
SMS may use web analytics services to obtain statistics on how the website is used. A web analytics
service uses cookies to collect standard internet log information and visitor behaviour information in
an anonymous form. The information generated by the cookie about use of the relevant website is
transmitted the provider of the service. The provider will use this information to compile reports on
website usage – such as volume of new and return visitors, which pages are the most popular and
sources of website traffic. No personally identifying information about any user is recorded or will be
provided. Users can opt out of web analytics services if they disable or refuse the cookie, disable
JavaScript or install any opt-out browser add-on.
Although SMS takes steps to protect the personal information it holds against loss, unauthorised
access, modification or disclosure in accordance with this policy you should be aware that:
- the internet is an unsecure public network
- there is an inherent risk in transmitted information across the internet – information submitted
unencrypted via email may be read, intercepted or modified by third parties before it reaches
SMS - the website or downloadable files may contain computer viruses, disabling codes, worms or
other devices or defects
Links to other sites
SMS’s website may contain links to other websites. SMS is not responsible for the content and the
privacy practices of those other websites and encourages you to review the relevant privacy policy of
each site and make an informed decision regarding use of those websites. SMS does not endorse,
and is not accountable for, any views expressed by third parties using any third -party site.
Privacy and social media
If SMS interfaces with social media sites such as Facebook, SMS may record information posted to
our social media channels and use it to:
- to administer the social media channels;
- for record keeping; and
- to consider any comments made.
We do not try to further identify social media subscribers unless requested and authorised by law.
When you use SMS’s social media pages, you are using an external site so are bound by the privacy
principles applying to that site. SMS encourages you to review their privacy policies. SMS does not
endorse, and is not accountable for, any views expressed by third parties using any third party site.
Policy review statement
This policy is current as at last review date of 23rd January 2024.
SMS reserves the right to amend this policy. The policy will be reviewed regularly to ensure that it is
in accordance with any changes that may occur.
This policy and any updated version of the policy will be published on SMS’s website.