Mosman Eye Centre (MEC) is committed to protecting the privacy of the personal information and sensitive information which it collects and holds.
MEC must comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and other privacy laws (including the Health Records and Information Privacy Act 2002 (NSW)) which govern the way in which the organization hold, use and disclose personal information (including your sensitive information).
- the kinds of information that MEC may collect about you and how that information is held;
- how MEC collects and holds personal information;
- the purposes for which MEC collects, holds, uses and discloses personal information;
- how you can access the personal information MEC holds about you and seek to correct such information; and
- the way in which you can complain about a breach of your privacy and how MEC will handle that complaint.
Health information is:
- personal information or an opinion about:
- an individual’s physical or mental health or disability (at any time);
- an individual’s express wishes about the future provision of health services for themselves; or
- a health service provided, or to be provided, to an individual;
- other personal information collected to provide, or in providing, a health service;
- other personal information about an individual collected in connection with the donation or intended donation, by the individual of his or her body parts, organs or body substances.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- (f) whether the information or opinion is recorded in a material form or not;
Sensitive information means personal information or opinion about an individual’s:
- racial or ethnic origins;
- political opinions or political associations;
- philosophical beliefs or religious beliefs or affiliations;
- sexual preferences or practices; or
- criminal record; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information.
Collection and use of personal information
Types of personal information collected by MEC
- (a) Patients/residents/clients/research participants
MEC collects information from you which is necessary to provide you with health care services or to enable you to participate in research studies. This includes collecting personal information such as your name, address, your health history, family history, past and current treatments, lifestyle factors, and any other information which is necessary to assist the health care team in providing appropriate care, or our research team in conducting its research.
- (b) Visiting Medical Officers (VMOs), students, contractors and volunteers
MEC collects information from you which is necessary to properly manage and operate its business. This includes collecting personal information such as your name, address, professional experience, qualifications and past employers, and any other information which may be necessary to appropriately conduct its business.
- (c) Job applicants
MEC collects information from you which is necessary to assess and engage applicants. This includes collecting personal information such as your name, address, professional experience, qualifications, references and past employers, and any other information which is necessary to process your job application.
- (d) Education and community engagement
MEC may offer opportunities for health practitioners to participate in educational events or seminars for the purpose of continuing professional development or community engagement. When you register for or attend an event, MEC may collect your personal information for the purpose of providing the service and recording your attendance.
MEC may disclose your personal information to third parties for the purpose of confirming your attendance at the event including the provision of attendance records or certification. With your express consent, we may use your information for other purposes such as including you on a marketing mailing list, research, to promote MEC goods and services and to improve and personalize our service offerings.
How we collect personal information
We will usually collect your personal information directly from you, however sometimes we may need to collect information about you from third parties, such as:
- another health service provider;
- past employers and referees.
We will only collect information from third parties where:
- you have consented to such collection;
- such collection is necessary to enable us to provide you with appropriate health care services;
- such collection is reasonably necessary to enable us to appropriately manage and conduct our business (such as in assessing applications for accreditation from VMOs); or
- it is legally permissible for us to do.
MEC will only collect information which is necessary to provide you with health care services or appropriately manage and conduct our business.
How MEC uses your personal information
MEC only uses your personal information for the purpose for which it was collected by MEC (primary purpose), unless:
- there is another purpose (secondary purpose) and that secondary purpose is directly related to the primary purpose, and you would reasonably expect, or MEC has informed you, that your information will be used for that secondary purpose;
- you have given your consent for your personal information to be used for a secondary purpose; or
- MEC is required or authorised by law to use your personal information for a secondary purpose (including for research and quality improvements within MEC).
For example, MEC may use your personal information to:
- provide health care services to you;
- provide any ongoing health related services to you;
- appropriately manage our business, such as assessing insurance requirements, conducting audits, and undertaking accreditation processes;
- assist it in running our hospital business, including quality assurance programs, invoicing, billing and account management, including storage of provider details on MEC’s billing software, improving its services, implementing appropriate security measures, conducting research and training personnel; and
- effectively communicate with third parties, including Medicare Australia, private health insurers, Workers’ Compensation insurers and Department of Veterans’ Affairs.
Complete and accurate details
Where possible and practicable, you will have the option to deal with MEC on an anonymous basis or by using a pseudonym. However, where we are providing health services to you we must be able to identify you using your full name and date of birth as risks to patient safety occur when there is a mismatch between a given patient and components of their care, whether these components are diagnostic, therapeutic or supportive. This is a requirement of the National Safety and Quality Health Service Standards, which MEC must comply with.
If the personal information you provide us is incomplete or inaccurate, or you withhold personal information, we may not be able to provide the services or support to you are seeking, or deal with you effectively. This may occur where you have dealt with us on an anonymous basis or by using a pseudonym.
MEC uses camera surveillance systems (commonly referred to as CCTV) for the purposes of maintaining safety and security of its patients, personnel, visitors and other attendees. Those CCTV systems may also collect and store personal information and MEC will comply with all privacy legislation in respect of any such information.
MEC will manage patient information in accordance with, and comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and other privacy laws (including the Health Records and Information Privacy Act 2002 (NSW)) which govern the way in which the hospital holds, uses and disclose personal information (including your sensitive information).
Disclosing your personal information
MEC will confine its disclosure of your personal information to the primary purpose for which that information has been collected, or for a related secondary purpose. This includes when disclosure is necessary to provide services to you, assist us in running our Clinic, or for security reasons.
We may provide your personal information to:
- third parties involved in your care, such as:
- pathologists and radiologists who have been asked to undertake diagnostic testing;
- senior medical experts and specialists who have been asked to assist in diagnosis or treatment;
- other health professionals involved in an individual’s further treatment (such as physiotherapists and occupational therapists);
- general practitioners (for example, by providing discharge summaries);
- government agencies, such as Department of Defence or Department of Veterans Affairs, where an individual is receiving services with MEC under arrangements with those agencies;
- government departments responsible for health, aged care and disability where MEC has a legal or contractual obligation to do so;
- relatives, close friends, guardians (unless MEC have been told otherwise);
- third parties contracted to provide services to MEC, such as entities contracted to assist in accreditation or survey processes;
- chaplains associated with MEC so that an individual may receive pastoral care during admission;
- private health insurance providers, Workers’ Compensation insurers and Medicare Australia;
- your employer and workers compensation insurers where you have consented to us corresponding with them such as in relation to a workers compensation claim;
- the motor accidents authority as required by law or where you have consented;
- anyone authorised by you to receive your personal information (your consent may be express or implied);
- MEC is required by law to disclose your personal information to which may include the police, NSW Ombudsman, and Privacy Commissioner.
Disclosure to External Service Providers
Where permissible under the privacy laws we may disclose personal information to third parties who provide services to you or to MEC and who may use, process and store that information overseas. For example, where your private health insurer is located overseas we may need to provide your personal information to the private health insurer in the country in which it is located.
Data storage, quality and security
Data quality: MEC will take reasonable steps to ensure that your personal information which is collected, used or disclosed is accurate, complete and up to date.
Storage: All your personal information held by MEC is stored securely in either hardcopy or electronic form, and may be stored at an offsite storage location contracted to MEC.
Data security: MEC strives to ensure the security, integrity and privacy of personal information, and will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. MEC reviews and updates (where necessary) its security measures in light of current technologies.
Online transfer of information: While MEC does all it can to protect the privacy of your personal information, no data transfer over the internet is 100% secure. When you share your personal information with MEC via an online process, it is at your own risk.
Accessing and amending your personal information
You have a right to access your personal information which MEC holds about you. If you make a request to access your personal information, we will ask you to verify your identity and specify the information you require.
You can also request an amendment to any of your personal information if you consider that it contains inaccurate information.
You can contact MEC about any privacy issues as follows:
Mosman Eye Centre
1A Effingham Street
Mosman NSW 2088
Ph: 02 9969 1333
While MEC aims to meet all requests to access and amendments to personal information, there may be some instances where MEC is unable to do this where it may adversely affect your health and safety or the safety of others.
Subject to applicable laws, MEC may destroy records containing personal information when the record is no longer required.
- MEC does not agree to provide you with access to your personal information; or
- You have a complaint about information handling practices,
You can lodge a complaint with or contact our Privacy Officer on the details above or directly with the Office of the Australian Information Commissioner. Full contact details can be found on the website www.oaic.gov.au.
When you use our website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your personal information if you choose to provide this to us via an online form or by email, for example, if you:
- complete your pre-admission form online;
- submit a general enquiry via our contact page;
- register for an event or request information; or
- send a written complaint or enquiry to our Practice Manager
When you use our website, we use the Google Analytics service to record and log for statistical purposes the following information about your visit:
- your computer address;
- your top level domain name (for example, .com,.gov, .org, .au etc);
- the date and time of your visit;
- the pages and documents you access during your visit; and
- the browser you are using.
Our web-site management team use statistical data collected by Google Analytics to evaluate the effectiveness of our web-site.
Google makes available a browser “add-on” that prevents Google Analytics from collecting information about web site visits, we suggest you refer to the instructions for installation of Google Analytics Opt-out to learn more about this.
We are, however, obliged to allow law enforcement agencies and other government agencies with relevant legal authority to inspect our web server logs, if an investigation being conducted warrants such inspection.
A “cookie” is a small bit of data our server sends to your browser that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
Personal information such as your email address is not collected unless you provide it to us. We do not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. You can configure your browser to accept or reject all cookies and to notify you when a cookie is used. We suggest that you refer to your browser instructions or help screens to learn more about these functions. However, please note that if you configure your browser so as not to receive any cookies, a certain level of functionality of the website may be lost.
Links to third party websites
We may create links to third party websites. We are not responsible for the content or privacy practices employed by websites that are linked from our website.
Use and disclosure
We will only use personal information collected via our website for the purposes for which you have given us this information.
We will not use or disclose your personal information to other organisations or anyone else unless:
- you have consented for us to use or disclose your personal information for this purpose;
- you would reasonably expect or we have told you (including via this policy) that your information is usually or may be used or disclosed to other organisations or persons for a related (or for sensitive information, a directly related purpose);
- the use or disclosure is required or authorised by law;
- the use or disclosure will prevent or lessen a serious and/or imminent threat to somebody’s life, health or safety or to public health or public safety; or
- the disclosure is reasonably necessary for law enforcement functions or for the protection of public revenue.
If we receive your email address because you sent us an email message, the email will only be used or disclosed for the purpose for which you have provided and we will not add your email address to an emailing list or disclose this to anyone else unless you provide us with consent for this purpose.
If we collect your personal information from our website, we will maintain and update your information as reasonably practical and necessary or when you advise us that your personal information has changed.
MEC is committed to protecting the security of your personal information. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. We will take all reasonable steps to prevent your information from loss, misuse or alteration.
If you choose to complete our online forms or lodge enquiries via our website, we will ensure that your contact details are stored on password protected databases.
Staff members associated with website maintenance have access to our website’s backend system. This is password protected. Our website service is also password protected.
Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
Health Records and Information Privacy Act 2002 (NSW)
Office of the Australian Information Commissioner www.oaic.gov.au