Optilase has made this and other material available to patients to inform them of our policies on management of personal information. On request, each clinic will let patients know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold and disclose that information.
‘Personal information’ is any information or an opinion about you where your identity is apparent or can reasonably be ascertained.
‘Health information’ is all identifying “personal information” collected to provide a health service. In the APP’s ‘Health information’ comes under the definition of ‘sensitive information’.
‘Consent’ means ‘expressed consent or implied consent’. The four key elements of consent are:
- The individual is adequately informed before giving consent;
- The individual gives consent voluntarily;
- The consent is current and specific; and
- The individual has the capacity to understand and communicate their consent.
Note: willingly provided information is usually sufficient to imply consent to collection of information.
‘Expressed consent’ is given explicitly, either orally or in writing.
‘Implied consent’ arises where consent may reasonably be inferred in the circumstances from the conduct of the individual and Optilase.
Collection of personal information
Optilase is a provider of health services and therefore, it is necessary for our staff and doctors to collect information from you for us to provide services to you. Your health information can help us identify which course of action is likely to be safe and effective for you and may assist us to make decisions about your treatment and care.
We will only ask you for information where we believe it is necessary for us to know that information in the course of providing our services. Further, we will only collect your health information where some specified requirements are met, including in particular:
- with your consent; or
- the collection is required, authorised or permitted by law or law enforcement purposes; or
- the information is received through an appropriate disclosure by another organisation such as another health service provider with your consent; or
- the collection is necessary to prevent or lessen a serious threat to life, health or safety of an individual or the public.
What happens if you do not provide health information
If you do not provide us with accurate or complete information when we request it, we may not be able to provide you with a proper level of service.
Anonymity and pseudonymity
You have the right to be dealt with anonymously or through use of a pseudonym, provided that this is lawful and practicable. However, in the medical context this is not likely to be practical or possible for Medicare and insurance rebate purposes.
(See also access to information).
How we obtain your information
Optilase collects information which is:
- Provided directly by you;
- Provided on your behalf with your consent;
- Received from a health service provider who refers you to a Optilase practitioner.
The kinds of information collected and held
The types of information collected by staff and doctors at Optilase generally includes:
- Your name, date of birth, address, email address, telephone number;
- Medicare, DVA and/or Health Fund details (as applicable);
- reason for attendance/symptoms;
- medical history;
- examination and test results;
- treatment and care information; and
- admission and registration information.
How Optilase uses and discloses your information
As a provider of specialty services, Optilase will usually send correspondence to your referring practitioner and/or nominated practitioner following any care or treatment received in one of our facilities. This is in accordance with the generally accepted health industry practice and intended to inform your referrer of information that may be relevant to any ongoing care or treatment provided by them. If at any time your nominated or referring practitioners’ details have changed, please notify our staff so that your records can be updated. While every effort will be made to ensure the security of data transfer you should know that this information may be sent unencrypted.
If you do not wish us to provide your information to your referrer please advise one of our staff so we can make the necessary arrangements.
In addition, we use and disclose your health information for the following purposes:
- to assist your treating team (doctors, nursing staff and other professionals) in providing health care to you;
- to process private health fund, Medicare and/or DVA claims;
- to provide necessary follow up treatment and ongoing care;
- to provide you with standard reminders, for example appointments and follow-up care. These may be made by text message, email, letter or phone to the number or address which you have provided;
- for our internal administrative requirements, including billing. This may include provision to external debt collection agencies for outstanding accounts;
- accreditation activities;
- to address liability indemnity arrangements with insurers, medical defence organisations and lawyers;
- for the defence of anticipated or existing legal proceedings;
- we may use de-identified patient information in our database or document review as part of the process of measuring outcomes and quality improvement. This may include images, results and/or data for use in research or presentations;
- for a directly-related secondary purpose that would have been within the reasonable expectations of the patient.
Transborder data transfer
Optilase will take steps to protect patient privacy if information is to be sent interstate or outside Australia and will only transfer your personal information overseas when:
- You have given consent; or
- The transfer is necessary for the fulfilment of a contract between you and Optilase; or
- The transfer is for your benefit but it is impractical to obtain consent; or
- It is believed that the information will be protected by a privacy scheme or legal provisions comparable to those in Australia.
When information can be disclosed without your consent
We will only disclose your health information to a third party with your consent, unless:
- the disclosure is directly related to the primary purpose for collection;
- in an emergency situation where release of information is necessary to aid medical treatment; or
- we are required by law to disclose the information (eg, reporting of communicable diseases).
How Optilase holds your personal information
Optilase takes all necessary and reasonable steps to ensure that your personal information is accurate, complete, up to date and secure.
We may store your health information in both hard copy and on computer. The storage, use and where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. Hard copy information is kept under lock and key. Information stored on computer is password protected. We will keep your health record for a minimum of 7 years after your visit. After that time, if the record is no longer necessary, it will be disposed of securely as required by law.
Some applications used by Optilase store data using Cloud services. All health information and patient data is stored on servers hosted within Australia.
Updating your personal information
If at any time you believe that any of your personal information that we store is not accurate or is out of date, please let us know by contacting the Practice Manager at the clinic you attend. All clinic contact details can be found on our website:
Access to and correction of your personal information
You may request access to your personal information held by Optilase. Requests for access should be made in writing. Optilase needs to be satisfied that a request for personal information is made by you or by another person who is authorised to make a request on your behalf. An identity document will need to be sighted to verify your identity or, if you are authorising another to access on your behalf, then a letter of authority and confirmation of your identity will be required prior to release of your personal information.
Where necessary, you can also request an amendment to any personal information in your record should you believe that it contains inaccurate information. Such requests should be made in writing. If Optilase does not agree to change your personal information in accordance with your request you will be notified and we will permit you to make a statement of the requested changes and we will keep the request with your record.
There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained.
The clinic acknowledges the right of children to privacy of their health information. Based on the professional judgement of the Doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents or guardians.
A fee may be payable where the clinic incurs costs in providing access. If applicable, you will be advised of the fee upon receipt of your request and access will be provided following receipt of payment.
Optilase will use our best efforts to take less than 30 days to respond to your request.
Further details relating to medical records is contained within the Optilase Health Records Management Policy, a copy of which can be provided to you upon request.
Other types of information held
Other information collected and held by Optilase includes job applications, personnel files and referrer information. All data collected is considered personal information and will only be used for the purpose for which it was collected or with prior consent from the individual and will be managed in accordance with the APP’s.
You should feel free to discuss any concerns, questions or complaints about issues related to the privacy of personal information with your Doctor or the Complaints Manager of the clinic you attend.
Optilase Clinic (Laser Suite)
Suite 7/ 4 Antony Street, Palmyra
Ph: (08) 9535 1300
All complaints are managed in accordance with the Optilase Feedback Policy, a copy of which can be provided to you upon request.
Under the Privacy Act 1988 (Privacy Act) you can make a complaint to the Office of the Australian Information Commissioner (OAIC) about the handling of your personal information.
For details please visit:
We may modify this document at any time at our sole discretion.