How OSHGroup handles your information

Privacy POLICY | OSHG-GEN-POL-003

OSHGroup is bound by the Privacy Act (1988) and Australian Privacy Principles (2014) (APP).We are required to operate within the guidelines set down in the Privacy Policy, and these guidelines are reflected in both of our Patient Information and Consent Forms.

OSHGroup will not disclose ANY information about a patient (if an appointment was made, if an appointment was attended, any contact details, patient treatment, patient records) to ANY third party unless the patient has given written permission. Third parties may include spouses, employers, parents, lawyers, insurance companies and the police.

You must give the Patient Information and Consent Form to every new patient attending the clinic, and any past or regular patient who attends the clinic but has not signed one of these forms.

OSHGroup recognises that due to the nature of our business we deal with individuals’ personal information. Bound by the APP and the Privacy Amendment (Private Sector) Act (2000), OSHGroup is committed to protecting the privacy of individuals and the personal information gathered in order to ethically conduct the business of healthcare. This commitment encompasses staff, contractors, clients, and patients across all areas of our operation and services.

The organisation will ensure that all personal information provided is managed in accordance with the Australian Privacy Principles. This means:

Only collecting information necessary for functions and activities required to deliver health services:

  • After obtaining consent (unless an exemption applies);

  • Using fair, lawful and non-intrusive ways;

  • Directly from an individual where reasonable and practicable;

  • Take reasonable steps to make an individual aware of why the information is being collected and who else might obtain it (eg employer or insurer).

Only using or disclosing personal information:

  • For the primary purpose of collection (i.e. delivering quality health care);

  • For a secondary purpose that is directly related (e.g. referrals to other treating Practitioners or for billing purposes) where the individual would reasonably expect such use or disclosure;

  • For health care follow-up;

  • To a third party if consent has been provided;

  • In specified law enforcement or public health and public safety circumstances;

  • To overseas recipients only if specific consent has been obtained.

Storing and maintaining personal information to ensure that information:

  • Collected, used or disclosed is accurate, complete and up-to-date;

  • Is protected from misuse and loss and from unauthorised access, modification or disclosure;

  • Is destroyed or permanently de-identified if it is no longer needed for any further purposes.

In some circumstances OSHGroup may restrict access to personal information where:

  • Access would harm or put a person at risk;

  • There are legal implications in providing the information;

  • Information is commercially sensitive or valued information.

If a patient has any concerns or complaints about the manner in which their personal information has been:

  • collected, handled or stored or

  • the accuracy of their information,

The patient should initially direct this in writing to the Chief Operating Officer (COO) of OSHGroup for consideration and response.

The COO will conduct an investigation which will:

  • Ascertain if a privacy breach has occurred;

  • Report back within a reasonable timeframe.

If the patient believes there to be a breach/interference of the APP’s they should direct their concerns in writing again to the COO of OSH Group.

If dissatisfied with the response they should be directed to contact the Office of the Australian Information Commissioner who may investigate the matter further.

Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au