This statement outlines how Alfred Medical Imaging Holdings Pty Limited (ACN 612 792 560), and its related bodies corporate (as that term is defined in section 50 of the Corporations Act 2001 (Cth)) (‘AMI’, ‘the Company’, ‘we’ or ‘our’) collects, stores, uses, shares, and otherwise handles personal and sensitive information in accordance with the Privacy Act 1988 (Cth) and associated legislation, including the Australian Privacy Principles (‘APPs’).
AMI will usually collect personal information directly from individuals. Sometimes we may need to collect information about individuals from a third party; however, we will only do this where it is not reasonable or practical for us to collect this information directly from individuals. Further details about how we collect personal, sensitive and health information from patients and prospective patients, referrers, employees, vendors, suppliers and other third parties are provided below.
Patients and prospective patients
AMI limits the collection of personal, sensitive and health information from patients to that deemed necessary to provide compliant services, optimise diagnosis, assess the appropriateness of referred examinations, and assess the safety of referred examinations or procedures.
To protect the privacy of patients and prospective patients, AMI commits to taking all reasonable steps required for the lawful and reasonable collection, use, storage and disposal of personal and sensitive information, and the protection of personal information AMI holds from misuse, interference, loss, and from unauthorised access, modification or disclosure.
AMI provides all patients and prospective patients with written Consent Forms regarding their privacy rights and the Company’s practices in relation to the collection, use and disclosure of their personal and sensitive information. This consent form also provides general information on security and storage undertakings.
Personal information collected from patients may include: name; address; date of birth; Medicare, pension and concession unique identifiers; signature; and billing related financial or account information.
Health related information (sensitive information) collected from patients is the information required for the purposes of optimising the diagnosis, assuring appropriateness of the referred examination and safety of the examination or selected protocol.
Sensitive information (predominantly health information) collected from patients may include: previous imaging; allergies; symptoms; medical history; family medical history; medications; pregnancy status; medical records relating to requested services or services undertaken; and radiology reports.
Where possible, reasonable and practicable, AMI staff will collect personal, sensitive and health related information directly from patients. Exceptions are limited to: cases where a minor consents to the collection, or it is necessary to gain assistance from a parent or legal guardian; cases where the patient is unconscious or lacks the capacity to provide the needed information; cases where it may be necessary for family members give accurate and complete medical history; cases where other healthcare providers have the relevant and necessary information; and cases where the Company is required or authorised by law to collect information from another person.
If circumstances arise where AMI representatives collect or receive personal or sensitive information lawfully but not directly from the individual, staff will make best endeavours to notify the patient involved.
AMI will collect personal and sensitive information from patients for the following purposes: to validate referral information; to ensure correct patient identification; to ensure compliance with the Medicare Benefits Scheme in terms of patient status and eligibility; to enable imaging and medical history files to be matched to existing Company unique identifiers and files for review and continuity of care; and to enable imaging and medical history files to be created.
Use or disclosure of patients’ personal information is generally consistent with the authorised primary purpose of collection, and any secondary purpose that would be reasonably expected by patients or required or authorised by law.
The Company may use and disclose personal and sensitive information from patients in the following ways:
- conducting or reporting referred Medical Imaging examination(s) and procedure(s);
- processes directly linked to conducting and reporting specific requested examination(s) and procedure(s);
- administration tasks and billing and account keeping;
- disclosure to other health professionals involved in the patient’s diagnosis and care;
- when the Company is bound by law to report or disclose records;
- disclosure to medical defence insurers;
- quality assurance activities;
- training and multi-disciplinary team meetings; and
- research (please note: a patient’s records will be de-identified if used for this purpose and the patient will be made aware of his or her participation by the research instigator or coordinator).
AMI will not use patient data and health information for research and training purposes unless an individual gives written consent to do so.
The Company retains all patient personal, sensitive and health information for its useful period or as required by legislation only.
Due to the nature of the importance of accuracy and clarity of personal and sensitive information in providing accurate high-quality healthcare, it is impracticable for AMI to afford users of our services anonymity or pseudonymity.
AMI commits to taking reasonable endeavours to ensure all data we retain on patients is accurate and current. In order to do this all patients will be asked a series of questions by our staff as they create patient files or check existing patient files on subsequent visits.
At AMI we respect patients’ rights. AMI staff will grant all patients access to their information unless deemed inappropriate by law or where such disclosure may reasonably be expected to pose a serious threat to the life or health and safety of individuals or the public. To protect patient record security, at AMI we require written requests and proof of identity to access records.
At AMI we strongly recommend that patients do not retrieve examination results before reviewing them with their referring doctor to avoid misinterpretation.
It is necessary for AMI to collect, use and disclose personal information directly from referrers and medical practitioners associated with the care of our patients. The information AMI collects from these healthcare professionals is limited to the information necessary for the provision of medical imaging services and distribution of patient results.
Personal information collected from referrers may include:
- telephone number;
- email address;
- Medicare unique identifiers; and signature;
- medical specialty
The primary purpose of the collection of personal information from referrers is to provide medical imaging services to patients.
AMI uses and discloses the personal information of referrers for the following additional purposes:
- sending material on AMI’s activities and services that we believe may be of interest to referrers and tailoring marketing services to suit referrers’ needs (including direct marketing in accordance with Australian Health Practitioner Regulation Agency Guidelines for Advertising Regulated Health Services dated May 2014 (as amended));
- meet the Company’s legal obligations and to notify referrers of matters that we are required to do so by law;
- interact with Regulators or other Government agencies;
- manage and resolve any legal or commercial complaints and issues;
- to manage our contractual relationships with referrers with whom we do business;
- investigate fraud and to carry out loss prevention activities; and/or
- carry out internal functions including training.
Employees and applicants
It is necessary for AMI to collect, use and disclose information on staff and people applying for employment with AMI.
Personal information collected from employees, contractors and applicants for employment may include:
- personal details: name, address, contact details, emergency contact details;
- payment details: banking details, superannuation fund preference, tax file number and/ or ABN as required;
- professional Qualifications and compliance documentation;
- professional and personal reference checks;
- professional information collected by the Company;
- comments regarding work performance before and during their engagement with the Company;
- records of verbal interviews;
- records of contact with past employers (reference checks; internal / external feedback on performance);
- records of complaints received from / about an individual in the workplace;
- information received about any investigation; litigation; professional disciplinary matters; criminal records; and any inquest or inquiry necessary for compliance;
- health check and vaccination results for the purposes of worker safety in potentially increased risk environments;
- workplace injury records; and
- criminal and Working with Children checks (as applicable).
AMI will collect and retain personal/sensitive information for the purposes of:
- administration of the individual’s engagement with the Company; and/or
- monitoring the individual’s compliance in relation to Company Policies and Procedures.
Vendors, suppliers and third parties
It is necessary for AMI to collect, use and disclose information on third parties with which it does business, which includes the employees, principals, representatives and agents of those third parties. The personal information AMI collects, stores, uses, shares, and otherwise handles is limited to that required to conduct the specific business activities related to any third party.
Personal information collected from vendors, suppliers and third parties may include: name; address; telephone number; email address; and signature.
AMI collects personal information from third parties in order to conduct the specific business activities related to that third party.
Use and disclosure of personal information collected from all individuals
AMI may sometimes use or disclose the personal information we collect for one or more secondary purposes, that is, for use in a way different from the original reasons for collection set out above. AMI will only do this in one of the following circumstances:
- where the individual has consented;
- where the secondary purpose is directly related to the primary purpose, and the individual would reasonably expect us to use or disclose the information in such a way;
- where AMI is permitted or required by law; or
- it is in the interests of public safety to do so.
The Company may disclose personal information to other related entities and non-related organisations for secondary purposes including the following:
- related entities that form part of our corporate group as well as licensees or agents of our corporate group;
- our contracted service providers;
- professional advisers (such as lawyers, accountants or auditors) to the extent that is reasonably required;
- payment systems operators and financial institutions;
- third party service providers that provide us with communication (e-mail) or data storage services;
- technology services including application, development and technical support, processing, storing, hosting and data analysis;
- administrative services, including mailing services, printing, archival and contract management services;
- third party agents or contractors with whom we contract in the ordinary course of business;
- one or more third parties in the event that we go through a business transition, such as a merger, being acquired by another company, or selling all or part of our assets; and
- government, regulatory and law enforcement agencies where the disclosure is required or authorised by law.
The Company commits to taking reasonable endeavours to ensure all personal information provided by third parties is accurate and current. The Company requests employees and third parties change or update relevant personal information where the information retained by the Company is incomplete, inaccurate or not up-to-date. The Company requires any changes and/or updates of professional and personal information be submitted in writing to the Company.
AMI will not disclose personal information overseas without the consent of the individual. Individuals consenting to overseas disclosure of their personal information (including any sensitive information) will be informed that although the Company will take reasonable steps to ensure the overseas recipient will not breach
the APPs, there is a risk that the overseas recipient may breach the APPs following receipt of the individual’s personal information, as APP 8.1 (concerning disclosure of personal information to overseas recipients) will not apply to the information following the disclosure.
At AMI we take reasonable steps to retain personal information and records in a secure manner. Company security measures aim to prevent the misuse, interference, loss or unauthorised accessing, modification or disclosure of personal information, and detect privacy breaches promptly. Due to the nature of Company business, the majority of personal information storage, including patient records storage and access pathways are reliant upon information technology services. Patients and other individuals can be assured that robust security measures are in place for both hard and soft copy record retention.
Security measures are in place for both hard and soft copy record retention. Security measures include:
- employee training in privacy requirements, including but not limited to:
- measures to protect confidential data;
- actions that may lead to a potential security breach;
- availability of policies and procedures on data security for all staff;
- regular audit of system and network activity;
- regular testing of defences and security measures; and
- vendor due diligence and contract management as it pertains to data access and security.
For more information on Privacy, to access your personal information, to seek correction of
your personal information, complain about the Company’s privacy practices, or provide us with feedback
please contact us at one of the following:
Street address: Alfred Imaging Administration PO BOX 546 FIVE DOCK NSW 2046
Email address: firstname.lastname@example.org
Telephone: 9713 8800