Epworth HealthCare (Epworth) is committed to protecting the privacy and confidentiality of the personal information (including health information and other sensitive information) that it collects and uses.
Epworth complies with its obligations under all applicable privacy and health records laws, including the Privacy Act 1988 (Cth) (and its Australian Privacy Principles) and the Health Records Act 2001 (Vic) (and its Health Privacy Principles). Epworth recognises that the privacy principles under those laws apply to our relationship with patients, employees and service providers. Epworth requires that all health professionals and organisations doing business with us will similarly adhere to those privacy principles.
What personal information does Epworth collect?
Epworth collects personal information from patients so that we can provide health services to them. The personal information that we collect from you if you are, or will become, a patient includes: name, date of birth, address, contact details, financial details, ethnic background, health and medical history, lifestyle history, family history, details regarding your current health issue and details regarding your treating doctors (such as your general practitioner).
We collect personal information from other individuals, such as employees, contractors, students, job applicants, and service providers, to enable us to assess, work with or transact with them. The personal information we may collect from those individuals in those circumstances includes: name, contact details, qualifications, education, financial details and employment history.
If you do not provide to us any of your personal information that we require, we may be unable to provide you with the services you are seeking or to otherwise work or transact with you. If you are a patient at Epworth, you cannot choose to be anonymous or use a pseudonym because this would prevent us from being able to treat you appropriately.
If you attend the private clinic of a doctor at an Epworth site, that doctor may maintain and keep their own separate medical record about you.
How Epworth collects personal information
We will ordinarily collect your personal information from you directly. Occasionally we may need to collect personal information about you from a third party such as your general practitioner, another health service provider or your family or carer. However, we will only do so if you have given us your permission, if we cannot reasonably obtain the information from you and we require the information for your care and treatment or if the law otherwise permits us to do so.
If we receive personal information about you from someone else that we have not requested and we determine that we would not have been permitted to collect that information under privacy law, we will ordinarily destroy or de-identify the information.
How Epworth uses and discloses personal information
Epworth will use and disclose your personal information for the particular purpose for which we have collected it.
Generally, if you are a patient of Epworth we will use and disclose your personal information for the purpose of providing health care services to you. Your personal information will be used by and disclosed to the health professionals and other staff involved in your care and treatment at Epworth. We may use your information to refer you to external services providers for diagnostic tests or to other health professionals during your care and treatment or after you are discharged. We will share your personal information with these other providers for the purpose of your care and treatment.
We may also use and disclose personal information we collect in the following circumstances:
- To contact patients to send them a reminder for an appointment or follow up care, to check pre-admission details or to inform patients of out of pocket expenses. We may use patients’ information to give them a follow up call from our Patient Service Centre.
- We may provide general information about a patient’s condition to their family, near relative or carer, unless the patient has requested that we do not do so.
- We will ordinarily send a discharge letter or summary which will include details of a patient’s care and management at Epworth to their general practitioner or the specialist who referred the patient to Epworth, unless the patient requests that we do not do so. If appropriate, we may send a letter to other health professionals and individuals involved in a patient’s post discharge care – for example, to a physiotherapist or home nursing service.
- To communicate with Medicare and other government agencies (for example, Department of Veterans’ Affairs, WorkCover, TAC) involved in funding a patient’s health care.
- To communicate with a patient’s private health insurer.
- We may use a patient’s personal information to ask them to participate in a patient survey, quality improvement activities, a clinical trial or research. We may disclose personal information to a service provider who assists us with these activities. A patient has the right to decline to participate in these activities.
- To manage a patient’s account with us and to charge the patient (or a third party) for the services we provide.
- We will disclose certain information where we are required by law to do so about patients who have specific conditions to the Victorian or Commonwealth Government, their departments or agencies. We will also disclose certain information to organisations that maintain a health or disease register where we are required by law to do so.
- For certain activities and functions related to Epworth’s business and operations, such as quality assurance and improvement, patient satisfaction assessments, audit (clinical and non-clinical), accreditation, service planning, service funding, risk assessment and management and claims investigation and management. We may disclose an individual’s personal information to our insurer and to other people or organisations we engage to assist us with these activities. We may also use personal information for training and educating our staff. Where possible, we will endeavour to remove information that identifies any individual when using it for these activities.
- From time to time, external parties that we engage to provide certain services to Epworth may have access to the personal information we collect – for example, external information technology providers or couriers. Where we engage such external party, such person must agree to manage any personal information they may access according to privacy laws.
- We may disclose an individual’s personal information to a third party where we are legally required to do so – for example, if we receive a subpoena.
- We may use and disclose the personal information of job applicants and individuals undertaking work experience or a student or trainee placement to assess and manage their engagement or employment, for insurance purposes and to comply with our legal obligations.
- We may use and disclose the personal information of health professionals that seek accreditation to practice at Epworth to assess their application, to manage our relationship with them, for insurance purposes and to comply with our legal obligations.
- If you are a service provider, we may use or disclose your personal information to manage our relationship with you.
Epworth is a not-for-profit hospital group which relies on the generosity of its community to assist it to continue to deliver excellence in treatment and care. We may disclose your information to our fund raising entity, the Epworth Medical Foundation, which may contact you to seek your support or to ask you to participate in Epworth’s fundraising activities. Please let us know if you do not wish to be contacted for this purpose by contacting us at the details set out below.
Ordinarily, Epworth will not transfer your personal information to any person or organisation outside Australia, without your permission. However, Epworth may enter into arrangements with service providers who may store some of Epworth’s data (which may include personal information) overseas. If we do, we will ensure we comply with any privacy law requirements that relate to cross border disclosures of personal information.
How we protect your personal information
Epworth has implemented measures to protect your personal information from misuse, interference, loss, unauthorised access, modification and disclosure. We store all of the information we collect from patients on their medical record which may be in hard copy and electronic format. Every time a patient attends Epworth, information is added to their medical record.
When it is not required for your care, your hard copy medical record is stored securely in our health information services department. We use various procedures and technologies to protect your privacy, including access control procedures, audit trails, network firewalls and physical security. Only authorised staff or contractors have access to your records and we monitor any access to electronic records.
Epworth will destroy or permanently de-identify any of your information which we no longer require for the purpose for which we collected it, provided we are not required under law or otherwise to retain the information.
How you may request access to or correction of your personal information
You may request access to the personal information we hold about you by contacting us at the details set out below. You may access your personal information by viewing it or by requesting a copy of your personal information.
You may also request that we correct the personal information we hold about you if you believe that it is inaccurate by contacting us at the details set out below.
Epworth will consider your request for access or correction and respond within the time required by law.
We will ordinarily charge you for giving you access to your personal information in accordance with the fees and charges we are permitted to charge under the applicable laws.
Queries and complaints regarding your privacy
If you have any queries regarding how Epworth handles your personal information or wish to make a complaint about how we may have handled your personal information, you may contact us at the details set out below. We will consider your complaint promptly and provide a written response on the outcome.
Our contact details
You may contact us in any of the following ways:
By telephone: 03 9426 6666
By letter: Privacy Officer, Epworth HealthCare, 89 Bridge Road, Richmond, VIC 3121
Online: Through the feedback form on the patient feedback page of our website.
If you would prefer to make your complaint to an external complaint body, or you are not satisfied with the handling or outcome of the Epworth complaints process, you may contact the following organisations to lodge a complaint:
Australian Information Commissioner
By telephone: 1300 363 992
By email: email@example.com
Online: OAIC privacy complaint form
Health Services Commissioner (Victoria)
By telephone: 1300 582 113
By mail: Health Services Commissioner, 26th Floor, 570 Bourke Street, Melbourne VIC 3000
Online: Health Services Commissioner online complaint form
Your use of our website
Epworth cannot ensure that any information transmitted over the internet is secure and you transmit such information at your own risk. However, once we receive a transmission of personal information, we take all reasonable steps to ensure that the information is secure on our systems.
When you access our website, we will keep a record of your visit. We may collect the following information that does not identify you in relation to your use of our website: your computer address, the date and time of your visit, the type of browser you use, the pages you visit, the information you request and the country from which you request information. We collect this information for statistical purposes and to monitor and improve our web site and services.
Current as at 1 June 2015.