PRC understands the importance of patient privacy. We strive to ensure that your information is dealt with in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This privacy policy applies to all entities in the PRC business. The PRC business comprises the Perth Radiological Clinic partnership, as well as other entities that provide facilities and services for the partnership. The main service company is PerthRadClinic Limited ACN 099 943 594.
Key definitions
This document adopts the following definitions from the Privacy Act 1988 (Cth):
- Personal information means any information or opinion, whether true or not, and whether recorded in material form or not, about an identified individual or an individual who is reasonably identifiable, and includes artificially generated personal information.
- Health information means any personal information that is also information or opinion about, or in relation to, an individual’s health (including illness or injury) or disability, or the health services provided to an individual, and includes an individual’s expresses wishes regarding the future provision of health services. Health information also includes an individual’s genetic information that is, or could be, predictive of the health of an individual or their genetic relative.
- Sensitive information is a subset of personal information. Sensitive information includes information or an opinion about an individual’s race, gender diversity, sexual orientation or practices, disability, ethnic origin, political opinions, religious or philosophical beliefs and affiliations, and criminal record, in circumstances where that information Is also personal information. Sensitive information also includes health information about an individual, genetic information and biometric information or templates. Sensitive information is generally awarded a higher level of privacy protection than other types of personal information.
AI system means a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Different AI systems vary in their levels of autonomy and adaptiveness after deployment
Collection of Patient Information
In order to provide a quality diagnostic imaging service, it is necessary for us to collect patient information.
Such necessary information may include the following information about you:
- Referral/procedural details;
- Contact details;
- Medicare/health fund details;
- Workers’ compensation/employment/accident information;
- Medical history;
- Radiological history;
- Family medical history;
- Genetic information;
- Billing/account details.
The information will usually be collected directly from you (e.g. when you make a booking, engage with our systems (including AI systems), make an enquiry, or attend for a scan). However, if on occasions it would be impracticable or unreasonable to collect this information directly from you, we may need to obtain information from other sources, including:
- Other medical practitioners or practices, such as former GPs and specialists, pathology labs;
- Other health care providers, such as physiotherapists, chiropractors, osteopaths, podiatrists, dentists, nurses; and
- Hospitals, screening/day surgery units.
We will usually obtain your consent before collecting information from these other sources, but in emergency situations we may need to collect personal information from your relatives or from other sources without your consent.
Both our practice staff and our medical practitioners may participate in the collection of this information.
We may use AI systems to assist in providing our services. Personal information generated or inferred about you by AI systems will be managed by us in accordance with the APPs and this Privacy Policy.
What happens if you do not provide this information
We may not be able to verify or respond to your enquiry, provide you with the requested information or service, if you choose not to provide us with your personal information.
Dealing with us anonymously or using a pseudonym
In very limited circumstances, where possible and lawful, you may interact with us anonymously or using a pseudonym.
However, to provide you with health services, we will need to know your name, contact information and other details
Use & Disclosure of Patient Information
The practice staff will use and disclose your information for purposes such as:
- Treating you by providing services to you, including producing and managing medical imaging reports and appropriate testing;
- Interpreting your results, developing diagnoses and providing advice on treatment options;
- Providing results to the practitioner who referred you for diagnostic imaging services;
- Complying with regulatory and public health legal requirements (e.g. for diagnosis of certain communicable diseases);
- Contribution of diagnostic imaging reports to your Australian Government “My Health Record” if you are participating and as controlled by you;
- Referral to another medical practitioner or health care practitioner;
- Referral to a hospital for treatment and/or advice, with your consent;
- Sending off specimens for analysis;
- Where it is unreasonable or impracticable to obtain your consent and we reasonably believe the use or disclosure is necessary to prevent or lessen a serious threat to an individual’s life, health or safety or to public health or safety;
- Account keeping, billing purposes and recovery of monies;
- Government agencies such as Medicare, Defence, the Department of Veteran Affairs, the Insurance Commission of Western Australia, or your private health fund (where applicable) to claim a rebate for our services on your behalf;
- The management of our practice;
- Quality assurance, training, practice accreditation and complaint handling;
- To meet our obligations of notification to our medical defence organisations or insurers;
- Where legally required to do so, such as producing records to court, producing records to Medicare for audit purposes or the notification of diagnosis of certain communicable diseases.
PRC participates in research from time to time. We will only use or disclose your personal information for research if you have given consent to participate (or, in limited cases, where the requirement to obtain consent requirement has been waived by a Human Research Ethics Committee) and the research has been approved by a Human Research Ethics Committee.
We may use your personal information in, or disclose your personal information to, secure AI systems for the following purposes:
- Booking appointments for you;
- Detecting potential medical conditions from diagnostic images;
- Prioritising cases and managing radiologist worklists; and
- As notified by us from time to time.
We do not input personal information into publicly available AI systems.
Other Medical Providers’ Access to Your Medical Records
Access to your medical records, which includes reports and images, is provided to your referring practitioner in the course of your care.
On occasions, your referring practitioner may request that your records are made available to another practitioner for the purposes of second opinion or further management. In addition, other radiology providers may request access to your images and reports to provide a further opinion, or for comparison/correlation with subsequent imaging.
All access to PRC patient data provided to other practitioners, facilities or imaging providers is logged and can be audited. This access is provided on the basis that your treating practitioners and other radiology providers have obtained your consent to access your information.
Access Limitation Options
If you have particular privacy needs not addressed by this policy, you may contact us about limiting access to your medical records.
Please note that restricting access to your information may lead to significant delays or compromise your medical management. The implications of limiting access should be considered carefully and discussed with your treating practitioner. r.
Ancillary Patient Activities
Delivery of imaging data electronically: PRC uses secured internet-based technology to deliver images and reports. All of these transfers are logged and can be audited.
Delivery of films: Our practice has a film delivery service and the utmost confidentiality and care is maintained in delivering your films. This service may be provided by our own staff, commercial couriers, taxis or registered post. If this is unacceptable to you, please arrange with our staff to collect your own films.
Maintenance personnel: For operational purposes, it is necessary to allow maintenance personnel access to our premises. However, only authorised personnel are allowed access to records.
Contact details: If we need to contact you for any reason and need to leave a message for you, it may be necessary for us to say where we are calling from. Please advise our reception staff immediately if you do not want us to do this. We may need to arrange alternate contact details.
For security purposes, PRC may use video surveillance or “CCTV” devices. Images and video captured through these devices must be handled with respect to the APPs, the Act and the Surveillance Devices Act 1998 (WA). For example, this means that PRC will:
- ensure that CCTV is only used in public areas of its premises, i.e. not in areas where persons would have an expectation of privacy (e.g. changing rooms or bathrooms);
- ensure that signage displays information about the operation of CCTV or other surveillance device in the area; and
- ensure that any recorded personal information is kept secure and destroyed when no longer needed.
CCTV footage may be accessed by a small group of PRC staff, and footage may be used and disclosed as permitted by the APPs, including PRC’s investigation of an incident occurring at our premises.
Personal information of prospective staff, medical practitioners and service providers
PRC collects personal information of persons who interact with it in the course of its business operations. We do this to operate our business. This may include:
- Your name and contact details;
- Bank details for the payment of invoices;
- Your qualifications and experience;
- Details of your referees in an application for employment; and
- Comments given by your referees
We will use and disclose the information provided to us for the purpose for which it is given, unless we are authorised by law to use or disclose it for a different purpose.
We do not input personal information into publicly available AI systems.
Direct marketing
We do not use your personal information for direct-marketing purposes.
Our Website
We may collect non-personalised information using server logs and through cookies used by us or by our third-party service providers (such as Google and Facebook) who provide analytical services in relation to our websites through these means. In particular when you visit our sites to read, browse or download information, our system will generally record/log your IP address, the type of internet browsers you use, the date and time of your visit, the site from which you linked to our websites, screen resolution, general geographical information (e.g. country, state, city), the landing webpage and exit webpage, the pages viewed and any information downloaded.
This information will be used for the purposes of site analysis, to help us offer an improved online service, maintaining the continuity of a browsing session (e.g. to maintain an online transaction) and remembering your details and preferences when you return, and to enable advertisements for our goods and services to be placed when our website and certain third party websites are visited by users who have previously visited our website. You cannot be identified from this information and it is only used to assist us in providing an effective service on our websites. We will not merge your personal information with non-personally identifiable information.
You can refuse all cookies by turning them off in your browser, however, this can limit the functionality of our websites. You are also able to use the settings in your browser to control how you deal with cookies.
If you have a Google account and you enable it to associate your web and app browsing history with your Google account, Google may use data from the Google account in accordance with the terms of use of that account (including enabling marketing to you across multiple devices that you use). Google users can control their advertising settings (or opt out of personalised ads altogether) at Google Account.
Further information about online behavioural advertising (and opting-out of some online practices and behavioural advertising) is available at www.youronlinechoices.com.au.
Our website may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.
Our collection of personal or non-personal information through social media platforms is determined by your social media account privacy settings and the privacy policy of the social media platform operator. Your use of those social media platforms is governed by the terms of use applicable to the relevant platform.
For more information, refer to our website Terms of Use available at
https://perthradclinic.com.au/perth-radiological-clinic-website-terms-of-use/
Access to Your Own Records
You are entitled to access your own records, or the records of another person where you are authorised to make a request on their behalf (e.g. you are the person’s legal guardian).
You can seek access to your own information either through the Government’s My Health Record database or PRC’s “myPRC” patient portal. Applications for access to the portal can be made via [email protected].
If you are seeking access to another person’s information, PRC will request evidence that you are authorised to obtain that information (e.g. Enduring Power of Guardianship).
We might deny access to records if:
- We reasonably believe that to provide access would create a serious threat to life or health;
- There is a legal impediment to access;
- The access would unreasonably impact on the privacy of another person;
- The information relates to anticipated or actual legal proceedings and you would not be entitled to access the information in those proceedings. .
Hard copies or scanned copies of records may be provided on request and at the patient’s expense. Requests should be made in writing to the Privacy Officer via email [email protected], or addressed to Perth Radiological Clinic, PO BOX 99, Mirrabooka, WA 6941. The Privacy Officer will provide personal information through an appropriate method determined by the Privacy Officer within 30 days of receipt of request.
- PRC will not charge an application fee but may impose reasonable charges for elements such as administration, photocopying and delivery.
- PRC will request confirmation of identity before releasing information. This may require photographic identification. .
Children, Young People and Adult Patients who lack Capacity to Consent
PRC requires the consent of a parent or legal guardian to provide services/procedures for young people under the age of 16 or any other persons incapable of providing consent.
Where a patient does not have capacity to give consent for themselves, information about the service/procedure (including personal information of the patient where necessary) must be provided to the patient’s legal guardian so that they are in a position to provide informed consent.
Correction of Your Own Records
You are entitled to make a request for correction of a record.
Where possible your request should be in writing stating the year of service, type of service, at which of our branches the service was provided, and the correction which you consider should be made. All requests should be accompanied by a certified copy of current photographic identification, evidence that you are entitled to request a correction on behalf of another person (if relevant), and be addressed as follows, regardless of where the procedure was performed:
The Privacy Officer Perth Radiological Clinic PO Box 99 Mirrabooka WA 6941
We will endeavour to respond within 30 days of receipt of your request.
We are not required to make changes to our records if we are satisfied that the information we hold is accurate, up to date, complete, relevant and not misleading. If you ask us to, we will put a note with the record stating that you believe the information to be inaccurate, out of date, incomplete, irrelevant or misleading.
Storage of records
We hold our records in electronic databases and in hardcopy files.
We store patient records within Australia and we do not ordinarily transfer identifiable information outside of Australia.
If your personal information is entered into our AI systems, the information will be temporarily stored in the Australian-based data centre of the system before being deleted. We note that some information obtained by us via third party software may be stored by that third party software provider.
We aim to store your information securely and take reasonable steps against misuse, interference, loss, unauthorised access, modification and disclosure. We have a range of security controls in place including access control mechanisms, physical site access restrictions and a range of cyber security processes, policies and procedures to keep your data secure.
Complaints
If you have any concerns about the way that we deal with your information, please contact our Privacy Officer by emailing [email protected] or writing to Perth Radiological Clinic, PO Box 99, Mirrabooka WA 6941.
We will respond to you promptly to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.
If you are not satisfied with our response, you may complain to OAIC via the OAIC website, www.oaic.gov.au.
Further Information
If you would like any further information regarding our Privacy Policy or if you have any questions or comments about privacy issues, please contact us at [email protected].