Privacy and Terms
Protecting the Privacy of your Personal and
Sensitive Information.
Privacy Policy
Stonewall Medical Centre is committed to ensuring the privacy and confidentiality of your personal information in accordance with its obligations under the Privacy Act 1988 (Cth) (the Privacy Act) and other privacy laws. This privacy policy is to inform you about how Stonewall handles your personal and health information.
How we handle your personal information
Stonewall, as a private sector health service provider, is required to comply with the Australian Privacy Principles (APPs) under the Privacy Act. The APPs regulate how we may collect, use, disclose and store personal information and how individuals may access and correct personal information which we hold about them.
Your personal and health information
Personal information under the Privacy Act is defined as ‘information or an opinion about an identified individual, or
an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not’
Stonewall collects personal information, such as your name, address, phone number, email address, date of birth, gender and emergency contact information. Stonewall also collects financial information such as credit card details.
Stonewall collects ‘health information’ as defined under the Privacy Act, including information about your health or disability (at any time), your medical records (including for example your clinical history, diagnoses, medications, results of tests/procedures and other circumstances), billing information, Medicare number, insurance details, and genetic information and could be held in any form, including paper, electronic and visual information. Stonewall will alsways seek your informed consent should real-time audio/visual recording, duplication and storage of a consultation, including those via telehealth and those conducted remotely occur. As a general rule however, we do not routinely make any type of audio / visual recording of consultations.
What happens if we can’t collect your personal information?
If you do not provide us with your personal information, we may not be able to provide or provide to the same standard the services requested by you and/or your diagnosis and treatment may be inaccurate or incomplete.
How do we collect your personal information?
Stonewall collects and uses your personal information with your consent and will obtain that information from you directly, unless it is unreasonable or impractical to do so, for the purpose of providing you with the health care services you seek.
Your personal information is collected by Stonewall from you in the following ways:
- by clerical employees of Stonewall, including receptionists;
- by independent health practitioners in our medical centres and recorded on patient medical records that belong to Stonewall;
- through our websites in the form of online enquiries and requests for appointments.
There may be occasions when Stonewall needs to obtain personal information and health information about you indirectly from a third party. For example,
Stonewall may collect personal information indirectly in the following ways:
- from referring health care practitioners;
- from medical specialists; or
- from the ‘My Health Record’ system.
What information does Stonewall collect?
We collect information from you that is necessary for healthcare practitioners and allied healthcare professionals in our medical centres to provide you with health care. This includes the personal information and health information referred to above, and may include collecting information about your health history, family history, your ethnic background, or your lifestyle to assist with the diagnosis and treatment of your condition.
For what purposes do we collect, hold, use and disclose your personal information?
We collect, hold, use and disclose your personal information for the following purposes:
- to enable the health care practitioners and other allied healthcare professionals co-located within and external to our facilities to provide medical services and treatment to you;
- to enable the health care practitioners and other allied healthcare professionals co-located within and external to our facilities to provide specialist referrals; Only relevant and necessary information is recorded in referrals.
- to enable the health care practitioners and other allied health professionals co-located within and external to our facilities to report to referring practitioners and any such other medical practitioners as your referring healthcare practitioners may nominate;
- to enable the health care practitioners and other allied health professionals within our facilities to input information into your ‘My Health Record’ as required;
- for administrative and billing purposes;
- to comply with any legal or regulatory obligations;
- to send appointment reminders (including by SMS or email);
- for inclusion in a recall register to be advised of follow up visits;
- for the purpose of reporting back to your employer or a prospective employer, their authorised representatives and their insurer in the case of a work-related consultation or service;
- to provide notifications (including by mail, telephone call, SMS or email) from time to time, of the health care and clinical services that you or a dependent can access at our medical centre;
- to process and respond to any complaint made by you;
- to assess and engage with job applicants;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of Stonewall, its contractors or service providers; and
- to meet obligations of notification to our medical defence organisations or insurers.
We will only use your personal and health information for the purposes described above, unless one of the following applies:
- The other purpose is directly related to the purpose for which you have given us the information and you would reasonably expect that we would use or disclose the information for that purpose, including but not limited to:
- storage of the data by a contractor engaged to provide storage services to Stonewall, including a cloud storage service provider. Our agreements with such contractors require that they keep your personal information confidential, and that they only use or disclose your personal information for the purposes of providing those goods or services to us.
- You have consented for us to use your information for another purpose;
- Stonewall is required or authorised by law to disclose your information for another purpose (for example, to prevent a threat to the life, health or safety of any individual); or
- We reasonably believe that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy or as permitted under the Privacy Act.
Document automation technologies
The privacy of your personal and health information is of the utmost importance to Stonewall. Stonewall utilises a secure medical records software system which meets all the relevant legal requirements and standards. The word processing application of the medical records software system uses algorithms that will only import personal and health information that is necessary for the particular application such as referrals and medical certificates.
The medical records software system has the appropriate level of security authentication protocols and all necessary unique user access credentials are in place to ensure security integrity.
How can you access your data?
On request, you may have access to your personal information held by Stonewall. You will need to complete a request for access form which is available at the medical centre. Please note that you may have access to your personal information held by Stonewall, except in circumstances where access may be denied under the Privacy Act or other law. Examples of these circumstances are:
- where providing access will pose an unreasonable impact on the privacy of another individual; or
- where your request for access is frivolous or vexatious; or
- where the information relates to existing or anticipated legal proceedings between Stonewall and you, and the information would not be accessible by the process of discovery in those legal proceedings; or
- where providing access would be unlawful, would pose a threat to the life or health of an individual, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law.
Stonewall will endeavour to acknowledge a request for access to personal information and provide the information requested within 30 days.
If access is provided to you as the result of a request, you will be charged a fee for costs incurred in providing access to that information.
If access is denied, Stonewall will provide you with reasons for its decision.
Quality and correction of your health information
Stonewall takes reasonable steps to ensure the personal information we collect, store, and disclose from you is accurate, up-to-date and complete.
If you believe that personal information of a clinical or medical nature that Stonewall holds about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading you will need to contact either your treating health practitioner at the medical centre that you attend or alternatively contact the Practice Manager of the centre who will assist you.
If your nonclinical or medical type personal information such as name, address or contact phone numbers are incorrect or out – of-date or incomplete it is important that you correct that information as soon as possible or when you next attend the medical centre. Alternatively, where reasonable and practical, Stonewall will correct it and will advise any third parties to whom we may have previously disclosed that information of the correction.
If you request that your information be corrected and we do not agree that it is incorrect, we may refuse to update that information. In such a scenario, we will provide written notice of our refusal to do so within 30 days and upon your request, will place a statement of what you allege is correct where your personal information is kept and accessed.
Do we disclose your personal information to anyone overseas?
As at the date of this Privacy Policy, we do not disclose any of your personal information to recipients located outside of Australia.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
Direct marketing materials
From time to time, we may send you direct marketing communications such as by mail, SMS, or email, in accordance with the Spam Act 2003 (Cth). If your preference is to opt-out of receiving marketing communications from us, you may unsubscribe in the manner described in the particular communication you have received. Your preference will be recorded in our practice management and clinical management systems.
Security
Stonewall takes reasonable steps, and implements reasonable safeguards, to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. All patient information is handled securely and in accordance with professional duties of confidentiality. We will destroy or permanently de-identify any of your information once it is no longer required for the purpose for which it was collected provided, we are not otherwise required by law to retain that information.
Stonewall is subject to a range of rules relating to the periods for which it must retain certain health information and records. As the owner of medical records and a health service provider, Stonewall must generally retain health information about an individual:
- for 7 years from the last occasion on which we provided a health service to the individual – if we collected the information when the individual was 18 years old; or
- until the individual turns 25 – if we collected the information when the individual was less than 18 years old.
Website data
We are committed to protecting the privacy of visitors to our website. Information collected via our website is voluntarily provided by you.
When you visit our website, a small data file called a “cookie” is stored on your computer or mobile device by our server. We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.
Stonewall is not responsible for the content or privacy policies employed by any website linked to ours.
We endeavour to take all reasonable steps to protect your personal data including use of encryption technology However, the internet is inherently insecure and therefore we cannot guarantee the security of transmission of information you communicate to us online. Accordingly, any information which you transmit to us online is transmitted at your own risk.
What is the process for complaining about a breach of privacy?
If you have any complaints or questions about this policy or regarding our collection, use or management of your personal information, please contact:
Practice Manager
Stonewall Medical Centre
52 Newmarket Road
Windsor QLD 4030
We will endeavour to respond to your complaint within a reasonable period. If you are unhappy with our response, you may refer your complaint to the Office of the Australian Information Commissioner: www.oaic.gov.au.
GPO Box 5218
Sydney NSW 1042
Privacy Hotline 1300 363 992
Changes to our privacy policy
This privacy policy was last updated February 2023. We may change this privacy policy from time to time. Current versions of our privacy policy will be available on our website and will commence from the date of posting on our website.