Banyule Community Health is committed to respecting and protecting your privacy in accordance with applicable Australian privacy laws.
Banyule Community Health is required to comply with the Australian Privacy Principles in the Privacy Act 1988 (Cth) and depending on the circumstances, it is also required to comply with other applicable privacy laws such as the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic).
This policy explains how Banyule Community Health deals with your personal information (which includes your health information and your sensitive information) when you access our health services.
What personal information do we collect?
Personal information is any information (including images), whether true or not, that identifies or could identify you.
The kind of personal information we collect about you depends on our interaction with you. If you access our health services, the personal information we collect include:
• name, address and contact details;
• gender and date of birth;
• Health Care Card number (if applicable);
• Medicare number (where applicable) for processing claims;
• sensitive information such as health information, and ethnicity/ancestry (if relevant);
• financial circumstances/living arrangements (where relevant).
Sensitive information is a subset of personal information and includes, information about a person’s racial/ethnic origin, criminal record, religious beliefs and health. We collect sensitive information if it is required for us to perform our functions or activities and:
• you have consented to such collection; or
• we are required or authorised by law to do so.
How do we collect personal information?
We collect personal information in several ways:
• from you (eg. in person, by telephone) ;
• through documents we receive (eg referrals);
• through your use of our website;
• through digital portals (eg My Health Record, My Aged Care);
• from third parties (eg your guardian, other healthcare providers such as specialists, counsellors, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services).
Why do we collect personal information?
We collect, hold and use your personal information to:
• assess whether a client is eligible for assistance;
• provide our clients with healthcare services;
• help our clients manage their health/personal issues;
• send you information you have asked for;
• deal with any complaints or queries;
• improve/evaluate our programs/services;
• perform research and statistical analysis.
We may also collect, hold and use personal information for other purposes:
• for which you have provided consent;
• required or authorised by law;
• explained at time of collection.
We also use personal information, after removing identifying details to:
• meet our reporting/funding obligations;
• apply for funding grants;
• support our advocacy;
• train our workers.
When do we disclose personal information?
The healthcare workers at Banyule Community Health often function as a multidisciplinary team. To enable efficient and effective delivery of services, your personal information may be shared between Banyule Community Health workers involved in your healthcare.
We generally only disclose personal information, to other people or organisations, to the extent needed, to:
• help our clients with their health/personal issues (eg other healthcare providers);
• facilitate the sharing of information via digital portals (eg My Health Record, My Aged Care);
• resolve a complaint;
• enable us to deliver our services and carry out our activities (eg accreditation agencies and external service providers for data storage/archives, etc);
• meet the requirements of our funding providers.
We might also make disclosures:
• with your consent;
• as required or authorised by law; or
• when it is necessary to lessen or prevent a serious threat to a person’s life, health, safety or welfare, or public health, safety or welfare.
We will not share your personal information with anyone outside Australia (unless under circumstances permitted or authorised by law) without your consent.
How do we store your personal information?
We store your personal information in various forms including electronic records, visual records (eg x-rays, videos, photos), audio recordings and paper records held in cabinets or stored offsite.
We take reasonable steps to ensure the personal information we hold is accurate, complete and current. We ask people to tell us when their personal information changes so we can update our records.
How do we keep personal information safe
We take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification and disclosure. To do this we use procedural, physical and technology safeguards.
We limit access to our workspaces and systems. We only use external data storage providers when they will also take reasonable steps to protect personal information.
We require our staff to handle personal information with care, and access only what they need to do their job. We support this with usage policies and access controls.
We will take reasonable steps to destroy or de-identify information when it is no longer needed for any purpose and we are not required by law to keep it
Our services are limited if you choose to remain anonymous
People can choose not to identify themselves when contacting us, but it may limit the level and range of services we can provide to them.
We use unique identifiers
We create a client number for each system that captures the services we provide to our client. This helps us to carry out our functions effectively (eg record management and client identification).
How you can access and correct your personal information
Please contact us if you would like to access or correct the personal information that we hold about you. We will provide/assist you with the form to make the request. To protect your personal information, we may ask you to verify your identity before we process your request to access or correct your personal information.
We aim to respond to access and correction requests within 30 to 45 days dependent on the nature of the request.
If we have personal information about you that you have a right to access, we will contact you to arrange access.
If we have personal information about you that we can’t give you access, we will explain why in writing.
You can ask us to correct personal information that we hold about you if you think they are inaccurate, out-of-date, incomplete, irrelevant or misleading.
If we agree that your personal information needs to be corrected, we will take reasonable steps to do so. If we don’t agree that your personal information needs to be corrected, we will notify you in writing of our decision, and the possible actions that you can take if you disagree with our decision.
We take complaints and concerns regarding privacy seriously. Please contact us if you have a complaint about how we have collected or handled your personal information. You can raise the issue with your service provider directly (if applicable), or our Privacy Officer. We may, depending on the complexity of the issue, ask you to lodge your complaint in writing.
We aim to resolve complaints quickly and fairly. In most instances, we aim to respond to your complaint within 30 days.
If you are not happy with our response or we have not responded to your complaint within a reasonable timeframe, you may lodge a privacy complaint with the Office of the Australian Information Commissioner or the Victorian Health Complaints Commissioner (as applicable).
All requests, complaints and queries can be directed to:
Banyule Community Health
Mail: 21 Alamein Road, West Heidelberg 3081
Phone: (03) 9450 2000
Fax: (03) 9459 5808
Changes to this Policy