Your Privacy Matters: Our Commitment to Protecting Your Data
1. Purpose and Scope
This Privacy Policy applies to the collection, use, disclosure and management of personal information by The Aster Clinic and its associated entities.
This Privacy Policy explains how we collect, use, disclose, store and manage your personal information and health information. It also explains how you may access and correct your personal information, how to contact us with any concerns or enquiries, and how to make a privacy complaint.
The Aster Clinic is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable State and Territory health records legislation.
2. What Is Personal Information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not.
Sensitive information is a subset of personal information and includes information or an opinion about:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual orientation or practices
- Criminal record
- Health information
- Genetic information
- Biometric information and biometric templates
The Aster Clinic is committed to ensuring that all personal and sensitive information is afforded the highest level of protection. For the purposes of this Privacy Policy, references to personal information include sensitive information unless otherwise stated.
3. What Personal Information Do We Collect?
The types of personal information we collect depend on your relationship with us, the services we provide, and our legal and regulatory obligations.
Patients
Examples of personal information we may collect include:
- Name, address, telephone number and email address
- Date of birth, gender and demographic information
- Medicare details, Department of Veterans’ Affairs (DVA) details and private health insurance information
- Billing and payment information
- Medical history and family medical history
- Current and past medications
- Diagnostic imaging reports, pathology results and specialist reports
- Clinical assessments, diagnoses and treatment plans
- Information relating to physical health, mental health and disability
- Symptoms, observations and clinical notes
- Details of healthcare providers involved in your care
- Referral information
Other Individuals
We may also collect personal information from:
- Referring practitioners
- Contractors and service providers
- Prospective employees and contractors
- Suppliers and business partners
- Website users and individuals who contact us
4. When We Collect Personal Information
We collect personal information only where it is reasonably necessary for our functions and activities, to provide healthcare services, to comply with legal obligations, or where you have otherwise consented to the collection.
5. How We Collect Personal Information
Directly From You
Where practicable, we collect personal information directly from you. We may collect information when:
- You attend appointments
- You complete registration, consent or other forms
- You communicate with us by telephone, email, website or other electronic means
- You participate in surveys or feedback processes
- You apply for employment or engagement with The Aster Clinic
- You otherwise interact with us
From Third Parties
Where it is unreasonable or impracticable to collect information directly from you, we may collect information from:
- Referring practitioners
- Other healthcare providers involved in your care
- Hospitals and healthcare facilities
- Family members, carers or authorised representatives
- Medicare, DVA and private health insurers
- Government agencies
- Publicly available sources
- Recruitment agencies and referees
- Service providers engaged by us
We will only collect information from third parties where permitted by law or with your consent.
6. What Happens If We Cannot Collect Your Personal Information?
If you do not provide the personal information we reasonably require, we may be unable to:
- Provide healthcare services to you
- Process referrals or appointments
- Communicate important information regarding your care
- Process payments and claims
- Respond to enquiries
- Assess applications for employment or engagement
7. Why We Collect, Hold, Use and Disclose Personal Information
We collect, hold, use and disclose personal information to:
- Provide healthcare services
- Maintain accurate clinical records
- Communicate with patients and healthcare providers
- Manage appointments and referrals
- Process billing and payments
- Meet legal, regulatory and accreditation requirements
- Improve our services and operations
- Conduct quality assurance and risk management activities
- Manage employment and contractor relationships
- Protect the health and safety of patients, staff and visitors
8. How We Use and Disclose Personal Information
Primary Purpose
We use and disclose personal information primarily for the purpose for which it was collected, including providing healthcare services and managing patient care.
This may involve disclosure to:
- Medical practitioners and allied health professionals involved in your care
- Administrative staff assisting with service delivery
- Hospitals, pathology providers, radiology providers and other healthcare organisations
- Medicare, DVA and private health insurers
- Financial institutions and payment processors
- Your authorised representative, guardian or next of kin
- Government departments and regulatory bodies where required by law
The Aster Clinic takes reasonable steps to ensure that organisations receiving personal information are subject to appropriate privacy and confidentiality obligations.
Secondary Purposes
We may use or disclose personal information for secondary purposes where:
- You have provided consent
- The use or disclosure is reasonably related to the primary purpose of collection
- The use or disclosure is required or authorised by law
- The use or disclosure is necessary to prevent or lessen a serious threat to life, health or safety
- The use or disclosure is necessary for public health activities permitted by law
Examples include:
- Quality assurance and clinical audits
- Accreditation activities
- Service planning and evaluation
- Complaint handling and incident management
- Staff education and training
- Business administration and practice management
- Information technology and system support services
Where possible, de-identified information will be used for these purposes.
9. Overseas Disclosure of Personal Information
The Aster Clinic generally stores personal information within Australia.
Some service providers may use cloud-based systems that store or process data in Australia or other jurisdictions. Where overseas disclosure occurs, we will take reasonable steps to ensure that personal information is protected in accordance with Australian privacy laws.
10. Security and Data Quality
The Aster Clinic takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.
Security measures include:
- Secure electronic medical record systems
- Password protection and user authentication
- Restricted access based on staff roles
- Secure data storage and backup procedures
- Staff confidentiality obligations
- Physical security measures within our premises
We also take reasonable steps to ensure that personal information is accurate, complete, relevant and up to date.
11. Accessing and Correcting Your Personal Information
You may request access to personal information we hold about you by contacting us in writing.
To protect your privacy, we may require proof of identity before granting access.
We will provide access unless an exception applies under applicable privacy laws.
If access is refused, we will provide written reasons where required by law.
We may charge a reasonable administrative fee for providing access to records. No fee will be charged for making a request or requesting corrections.
If you believe information we hold about you is inaccurate, incomplete, out of date or misleading, you may request that it be corrected. We will consider all requests and take reasonable steps to correct information where appropriate.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legislation, technology, business practices or healthcare operations.
The current version of this Privacy Policy will always be available through our website or upon request.
13. Contact Us
If you have any questions about this Privacy Policy, wish to access or correct your personal information, or would like further information about how we handle personal information, please contact us.
The Aster Clinic
Address: Level 1, Suite 17, Foutain Corporate Building B
2, Ilya Avenue Erina NSW 2250
Email: info@theasterclinic.com.au
Phone: 02 4312 7670
Website: www.theasterclinic.com.au
14. Complaints and Feedback
If you believe that we have breached your privacy or mishandled your personal information, you may make a complaint by contacting us in writing.
Please provide sufficient details to allow us to investigate your complaint.
We will:
- Acknowledge receipt of your complaint
- Investigate the matter
- Respond within a reasonable timeframe, generally within 30 days
- Seek to resolve the complaint fairly and efficiently
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
For further information about privacy rights and remedies, visit www.oaic.gov.au.