Privacy Policy

Last update: 31 August 2020

I, Dr Marjan (Jane) Ghadiri, value your privacy and want to ensure your personal and health information is handled in accordance with your expectations and all legal requirements. 

I have developed this policy to demonstrate my commitment to best practice in relation to the management of personal information. The purpose of this policy is to inform you how personal information is collected and used within my practice and organisation, and the circumstances in which I may share it with third parties.

What and who does this policy apply to? 

This policy relates to the collection, use and disclosure of personal information.  Personal information generally refers to information or an opinion about an identified individual.  If the information you have provided has been de-identified or the relevant information does not identify you, then this policy may not apply to that information.  

This privacy policy applies to individuals who provide personal information to me.  The most common individuals who will provide me personal information are my patients who I may consult, treat, perform surgeries on or be in-charge of their post-operative care. 

How do I use and collect your information? 

When do I get your consent?

When a patient wishes to consult with me for the first time, they will be required to fill out forms either in a digital form (such as those contained on the new patient registration form section of the website) or on paper upon their first consultation meeting.  These preliminary forms give me basic information about you and provide consent for me as well as other doctors, medical staff, employees and consultants involved in your healthcare to handle your personal information. 

I also collect personal information about patients during consultations, from referring doctors such as general practitioners and other third parties as may be relevant on a case by case basis.  I will always try and obtain information from patients directly, but this may not always be practical (e.g. when a patient does not have the relevant information).

Why do I need your information?

I need to collect personal information in order to provide the best quality care, medical opinion and treatment.  Without all the relevant information, I may not be able to provide the same standard of care. 

If you are a patient, my main purpose for collecting, using, holding and sharing your information with the hospital staff, and any other person involved in your care, wellbeing and treatment, is with the intention of best managing your healthcare.  In order to manage your healthcare I may have to collect and disclose your information with treating doctors (whether in the hospital or elsewhere if there are other specialist doctors involved in your treatment),  medical staff working directly for me or those working in the hospitals where I perform surgeries, referrers, hospitals, service providers (e.g. those that provide pathology or testing services) and administrative staff working either directly for me or those just mentioned. 

I may also use personal information for related business activities, such as complying with my legal obligations (which may include Medicare requirements and notification of communicable diseases), financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).

Can you deal with me anonymously?

Australian law generally allows individuals to deal with third parties anonymously or under a pseudonym, unless it is impracticable, or the law otherwise allows the third party to only deal with identified individuals.  

Considering the dynamic of my practice, it would be highly impractical for me to deal with patients on an anonymous basis or under a pseudonym, as it would prevent me from communicating with other medical professionals involved in their care and would increase the risk that I cannot contact them in the case of an emergency.  Also, because I am required to interact with Medicare, keep accurate records, provide medical reports, and ensure reliable payment I will not be able to deal with you on an anonymous basis.  

If requested, I will verbally address you by a pseudonym, however my records and those of the hospitals and medical practices I work with will need to use the name under which you are known to Medicare.

What kinds of information do I collect?

The information I may collect and maintain from patients includes, but is not limited to:

  • your name, date of birth, addresses, contact details, email;

  • details of your next of kin, including their contact details and your relationship to them;

  • medical information, including medical history, past general practitioners details, referring doctor’s details, past and present pathology or radiography results, past surgeries or operations, past and present medications prescribed to you, allergies, adverse events, immunisations, social history, family history and risk factors;

  • your Body Mass Indicator (BMI);

  • Medicare number (where available) for identification and claiming purposes;

  • healthcare identifiers and private health fund details;

  • referrals to and from other health service providers; and

  • past and present symptoms, treatment, screens, medical service outcomes, results and reports.

The documents and records in relation to the above remain my property at all times.  However, you have a right to access my records as set out in the policy or as the Privacy Act 1988 otherwise allows.

How do I collect personal information?

I will generally collect personal information from you either:

  • directly when you provide information to me, such as when you fill out new patient registration forms or when you provide your medical history or medical issues in consultations;

  • from any person responsible for you (e.g. if you are a child or under someone else’s care); or

  • from third parties where permitted by law (e.g. including but not limiting to your general practitioner, other health care providers, your health fund, the Department of Veteran’s Affairs or medical service providers).

I may also collect personal information when you send me an email or SMS or telephone me. I may also collect further information during the provision of medical services, for example, where I take notes during a consultation or complete operation reports following a surgical procedure. 

How do I hold personal information?

Your personal information may be stored in my patient databases, but also within hospital records and with other service providers (e.g. those that provide pathology or testing services), in various forms, including paper records, electronic records, visual records and other recordings. For example, if you come in for an appointment, then I may take a written note of what was discussed, I may record the key information from the consultation on a Dictaphone, I may also make notes on your electronic file or take a photo of particular condition for follow up purposes. 

All records (both physical and electronic) are kept secure to protect against unauthorised access. I have processes in place to ensure compliance with these requirements and to protect your information. I do this by ensuring that all of my staff are obliged to treat your information on a confidential basis and are trained in my privacy requirements. 

Can I use your information for research purposes? 

I occasionally undertake or participate in clinical trials or other research projects. I will not disclose any of your personal information that has not been de-identified as part of a clinical trial without your consent. 

I or my staff may contact you about potential clinical trials or research projects that may be relevant to you unless you have requested otherwise.  Please let me know if you do not want to be contacted for these purposes.  

When will I disclose personal information? 

In general, I may collect, hold, use and disclose your personal information for the following purposes:

  • to provide health services, such as when I speak with you, hospitals and specialist doctors, about your health and other relevant matters;

  • to comply with my legal obligations, which may include mandatory notifications to government bodies, reporting to Medicare and other departments; and

  • to help me manage my accounts and administrative services.

I may disclose your personal information to the following:

  • others involved in your health care, including your referring general practitioner or other referring service provider, pathology clinics, the hospital where your consultations or treatments are taking place and to other specialist doctors not working for me. This may occur through referral to other doctors, or in the reports or results returned to me following the referrals;

  • any new medical practice where your treating or referring doctor transfers or moves to in the future, as this allows them to be kept up to date on your health;

  • WorkCover or your employer, where I am engaged to provide a report on your health for WorkCover purposes or where you have made a WorkCover claim and they have requested information in relation to your health or my treatments, but only where I obtain your consent first or the disclosure is permitted by law without your consent;

  • your insurer for the purposes of any claims you are making on your insurance for any health services that I provide to you;

  • my insurer or medical defence organisation (or lawyer) for the purpose of addressing liability indemnity agreements (such as reporting an adverse incident), legal proceedings or for the provision of legal or insurance advice;

  • auditors involved in any quality assurance process that applies to my health services or those of any hospital or clinic that I work with that is involved in your health care; and

  • external contractors (e.g. IT Contractors), but only where those contractors are accessing my records generally, such as to help me with any technical issues I am having.

Despite the above, there may be occasions where the law will require me to release your personal information even if you have not provided your consent. Examples of such occasions include where:

  • there is a serious threat to an individual’s life, health and safety or suspicion of unlawful activity;

  • there is a specific requirement by law, for example, when served with a subpoena or other court order; or

  • you are physically or legally incapable of giving consent and the disclosure to a person responsible for you is necessary to provide appropriate health care or treatment or for compassionate reasons and this is not contrary to any prior wish or wish that the responsible person is aware.

Am I likely to disclose personal information to overseas recipients? 

I do not intend to intentionally disclose your personal information to overseas recipients. However, circumstances where your personal information may be disclosed overseas include the following:

  • where I use secure cloud storage services that may have servers located overseas;

  • where I communicate with you via video conferencing or other web platforms (such as via Microsoft Teams or Webex as part of a video consultation) and those platforms process or store data via overseas servers;

  • in connection with the processing of web traffic information disclosed to Google Analytics when you visit my websites, as I understand that Google stores information across multiple countries;

  • when you communicate with me through a social network service (e.g. Facebook), the social network provider and its partners may collect and hold your personal information overseas;

  • where an overseas medical practice or individual is assisting me in providing health and medical services (e.g. where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider);

  • where you authorise and direct me to disclose personal information to an overseas recipient; or

  • where I am required to disclose personal information to overseas recipients in accordance with the law.

I will endeavour to obtain your consent prior to disclosure of your personal information to an overseas recipient in any circumstances not outlined above.  If you no longer consent to your information being disclosed overseas, please contact me. 

Access and Correction of Personal Information 

How can you access your personal information? 

Subject to the Privacy Act 1988, you can request access and correction of personal information which I hold about you. 

If you want to request access to your personal information, please contact me using the details below and I will provide you with the relevant form to complete. I will use my best endeavours to respond to your request within 30 days.

I may not be able to provide you with all the personal information you have requested because I need to consider if there may be a risk of physical or mental harm to you or any other person that may result from disclosure of your information. Accordingly, I may give you access to the records after I have removed any information I am entitled to withhold that may adversely affect the safety or privacy of other individuals. 

You will not be charged for making a request, but I may charge you for the costs of complying with the request. Depending on what is involved, I am entitled to charge you fees to cover time spent by administrative staff to provide access at the employee’s hourly rate of pay, time necessarily spent by a medical practitioner (such as me) to provide access at the practitioner’s ordinary sessional rate and for photocopying and other disbursements at cost.  If a fee will be charged for providing access, you will be advised of the approximate cost before you have to pay the fee.

How can you correct your personal information?

I will take reasonable steps to ensure your personal information is accurate and kept up to date. From time to time I will ask you to verify that your personal information held by my practice is correct and up to date. You may also request that I correct or update your information, and you should make such requests in writing to me (using the details set out below). 

If I refuse a request to correct information, I will provide you with notice in writing setting out the reasons for the refusal and setting out the mechanisms available to you to complain about the refusal and note your request on the file.

I will not charge you for the costs of making a request for correction or for the costs of correcting the personal information. I will use my best endeavours to respond to your request within 30 days. 

My website

There are a number of ways in which information will be collected through my website.  I handle personal information obtained through my websites in the same manner I deal with personal information obtained via other means.   

My website may, at times, utilise “cookies” which allow me to monitor web traffic. In case you were not aware, cookies are small data files containing information transferred from websites onto computers or other devices for record-keeping purposes and to enhance website functionality.  Cookies usually do not identify you personally unless you provide the website with your name (e.g. in an enquiry or patient form).  However, cookies may contain information in relation to how you access and interact with the website (e.g. they may identify your internet service provider and your IP address).  Most browsers allow you to choose whether to accept cookies or not.  Please set your browser settings to reject all cookies before accessing my website if you would prefer to avoid sharing cookies.

I may use analytics tools to collect data about your interaction with my website and those analytics tools may be hosted by third parties.  Any data collected this way will be used primarily for the purpose of improving your experience when using my websites.  The type of information that analytics tools may collect includes your device’s IP address, device screen size, device type (including operating system and browser information), the country in which you accessed the website, search terms and pages visited and times when website pages were accessed. 

My website may, at times, contain links to other third party websites. Any access to and use of such websites is not governed by this policy, but is governed by the privacy policies of those third party websites. I am not responsible for the information practices of third party websites or those who operate them.  I also refer you to the website terms of use published on my website regarding information contained on the website and third party links. 

How can you contact me about privacy matters? 

If you have any queries about this policy, your rights about access and correction of personal information, or any privacy concerns, please contact me using the details set out below:

Telephone:    07 30777277

Email:            jane@drghadiri.com.au

Address:        PO Box 1474, Kenmore Qld 4069

Please address your correspondence to the attention of me personally (i.e. Dr Jane Ghadiri) and mark it “Private and Confidential: Privacy”.

How can you make a privacy related complaint? 

I take complaints and concerns regarding privacy seriously. I ask that you advise me of any privacy concerns you may have in writing. Please direct any questions or complaints to me personally using the postal address or email address listed above. I will then attempt to resolve it in accordance with my resolution procedure.

Any complaint will be thoroughly investigated by me and you will be notified of the making of any decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.

If I am unable to resolve your complaint you may also contact the Office of the Australian Information Commissioner (OAIC). The OAIC will generally require you to give me time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.

Updates to this Policy

This policy will be reviewed from time to time to take into account new laws and technology, changes to my operations and other necessary developments.  When this policy is updated, I will publish the updated policy on my website and place a notice at my consultation rooms advising patients of the updated policy for a few months after the change.