St Andrew’s Hospital is committed to protecting your personal information and has put procedures in place to ensure that your privacy is safeguarded. This policy explains how we manage your personal information in accordance with the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (referred to as 'The Act') effective from 12th March 2014.
What personal information does St Andrew’s Hospital hold about you?
St Andrew’s Hospital requires you to provide personal information as part of your Admission process: either as an inpatient or as an outpatient through the Emergency Department and other services. This personal information normally includes details such as your name, date of birth, gender, marital status and optional information such as nationality, occupation and religion. You will also be asked to provide contact details such as your home address, postal address, home, work and mobile telephone numbers, your fax number and your e-mail address.
Other information may also include:
- Details about your health insurance fund or other insurer such as Worker’s Compensation or Third Party
- Details about your hospital visit, including your referring and treating doctor or specialist, your procedure and your expected length of stay
- Details about your medical condition, including the medication you normally take, your medical history, known allergies, your dietary requirements and any significant disabilities
What are the consequences if you do not provide your personal information?
It is essential that the hospital is able to accurately identify you so that we can provide appropriate, timely and safe medical and nursing care. If you do not provide us with your relevant personal information, or sign the consent to St Andrew's Hospital collecting and using personal information contained in the 'Important Privacy Information' form,we may be limited in our ability to provide you with these services.
How does St Andrew’s Hospital collect your personal information?
St Andrew’s Hospital acknowledges its responsibility to collect your personal information in a fair, lawful and non-obtrusive manner. Where practical, we collect this information directly from you.
Your personal information may be collected verbally or in writing and may be stored as hard copy or electronic format. We may also collect personal information about you when you contact us by telephone, letter, fax or e-mail or when you visit our website. If you are not able to provide your own personal information, we will collect the information from an authorised person on your behalf (e.g. partner or next of kin).
There may be some occasions where we obtain personal information about you from a third party; for example, your doctor may forward details of your admission and your health cover will be confirmed with your health fund or insurer. Only personal information necessary for providing a health service will be collected.
How does St Andrew’s Hospital use your personal information?
The hospital uses your personal information for a number of purposes including:
- providing you with relevant health care service
- verifying your health insurance details with your health fund or insurer
- performing administrative tasks such as managing your hospital account
- complying with legislative and regulatory requirements
- planning, developing and informing you of services and products relevant to you
How does St Andrew's Hospital protect your personal information?
St Andrew’s Hospital accepts its responsibility to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. This includes all of your personal information, irrespective of how it is acquired.
At St Andrew’s Hospital, your personal information is protected through physical, electronic and procedural safeguards. Most of your personal information is placed in your Medical Record and is only accessed on a "need-to-know" basis by authorised staff (such as admissions staff, medical records staff, your treating doctor, specialist, nursing staff and other relevant health service providers).
Medical records are stored in a secure area and only authorised staff have access. Some of your personal information is also stored electronically through the hospital's computerised patient management system. Access to this information is limited and requires logins and passwords.
St Andrew’s Hospital does not release or disclose your personal information except to relevant health service providers and organisations. Where such information is released or disclosed the providers and organizations receiving your personal information are also required to manage your personal information in accordance with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
From time to time, we use patient information for the purposes of research, planning and quality auditing. Where this occurs, no personal details are released and individual information is de-identified.
Transborder Data Flows
Protecting your privacy when sending personal information interstate or overseas
The privacy laws are designed to protect your privacy Australia-wide. Where it is necessary for St. Andrew’s Hospital to send personal information outside Australia, the hospital will take steps to protect your privacy in accordance with the Australian Privacy Principles.
Disclosing Your Personal Information to Third Parties
As part of your ongoing care, St Andrew’s Hospital may need to release/disclose personal information about you to relevant health service providers/organisations. These may include, but are not limited to:
- Your referring/treating doctors/specialists
- Medical Imaging Services
- Pathology Services
- Pharmacy Services
- Home Nursing and other similar home based services
- Your Health Insurer
- Your Workers Compensation/Employer Organisation
These providers/organisations are also required to manage your personal information in accordance with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
Protecting your privacy when visiting our website
When you visit our website, our web server collects information about all of our users collectively. This includes information such as the areas visited most frequently and allows us to improve the content of our web site. The data collected includes information such as:
- Your ISP or internet server
- Your ISP’s domain (your top level domain name e.g. com, gov, au)
- Your server’s IP address
- The date and time of visits
- The pages accessed within our web site
This information is not shared with other organisations for commercial purposes. Our web server does not collect your e-mail address or any user-specific information on the pages you have visited. If you e-mail us from the website, your e-mail address will be recorded but will not be disclosed to any other party and will not be added to a mailing list.
St Andrew’s Hospital does not use any form of encryption to protect the information you send to us through the internet. If you are submitting personal information over the internet which you wish to remain private, please note that while all attempts are made to secure information transmitted to this site, there is a possibility that information you submit could be observed by a third party while in transit.
Your right to anonymity at St Andrew's Hospital
Where practicable, St Andrew’s Hospital will take reasonable steps to provide you with anonymity (including the use of an alias) in any of your interactions with the hospital. In making your request for anonymity, you are not required to provide the reason for your request. Where the hospital is unable to grant your request for anonymity, you will be informed of the reasons and offered alternatives.
Complaints regarding a breach of your privacy
If you believe that your privacy has been breached, you can communicate your concerns in writing to the Chief Executive Office of St Andrew's Hospital, 350 South Terrace, Adelaide, SA 5000.
Your complaint will be investigated and you will receive a response to your complaint.
Gaining access to your personal information at St Andrew's Hospital
In accordance with the Privacy Amendment (Enhancing Privacy Protection) Act 2012, you are entitled to request access to the personal information we hold about you.
In particular, you are entitled to:
- View your personal information record (normally your Medical Record)
- Be provided with a summary of this record
- Be provided with a copy and or print-out of this record
- Have relevant jargon or medical terms explained to you
- Where requested, be provided with interpreter services
To access your personal information, it is necessary for the hospital to firstly verify your identity. Photocopied identification documents are acceptable, however an original signature must accompany them.
All requests to access your personal information must be made in writing. On receipt of your request, St Andrew’s Hospital will:
- Acknowledge your request within 14 days
- Provide you with an estimate of administrative costs
- Provide you with an estimated time-frame of providing your requested information
How much will it cost to access your personal information?
You will not be charged for making a request to access to your personal information. However 'The Act' allows the hospital to charge for the costs reasonably associated with providing you access to your personal information.
How long will it take to obtain access to your personal information?
You will receive a response within 14 days. However this time may be extended if the request is unusually complex or if there are difficulties in accessing some of the information requested. In this case, you will be advised of the expected time frame.
Can requests be denied?
Normally your request for access to personal information will be granted but in some instances, your request may be denied. This may be for several reasons, including where access involves:
- Serious threat to life or health
- Frivolous or vexatious requests
- Personal information that is involved in current or potential legal proceedings
- Personal information that affects the privacy of others
In these instances, the hospital will advise you of the reasons for denying your request. You may also be offered the option of receiving part of the information requested.
Request for further information
On request, the hospital will take reasonable steps to provide you with further information about what sort of personal information it holds, for what purposes and how it collects, holds, uses and discloses that information.
How can you ensure that your personal information is accurate, complete and up to date?
You may update your personal information at any time. If you believe that your personal information is incomplete, inaccurate, or out of date, please contact us and we will endeavour to rectify the situation. Such a request is normally made in writing and once your identity has been verified, your details can be amended.
In some instances, however, such a request may involve complex issues or there may be disagreement as to matters such as medical opinion, diagnosis or evaluation. In these situations, St Andrew’s Hospital will take reasonable steps to attach a statement from you, identifying those areas of your personal information that you believe to be incorrect, incomplete or out of date.
For further information about this policy or accessing your personal information, contact:
Adrian Saunders Privacy Officer St Andrew’s Hospital 350 South Terrace Adelaide 5000 Telephone: (08) 8408 2150 Fax: (08) 8408 2101 E-mail: Adrian.Saunders@stand.org.au
Please note that Mr Saunders, the Privacy Officer, is available from Monday to Friday, 8.00am - 4.00pm.