According to the Australian Privacy Principles Guidelines (OAIC, 2019), ‘personal information’ is defined as information or opinion about an individual who is identifiable. Furthermore, information that has been de-identified is no longer considered personal information under this definition. The APP distinguishes personal information from ‘sensitive information’, which includes your health information, and requires robust security. For the purposes of this privacy policy, no distinction is made between our treatment of your personal and sensitive information. Therefore herein both identifiable personal and sensitive information will be referred to as “personal information” throughout this privacy policy. Please note, GORAH will not solicit sensitive information that is not directly related to our activities and functions.  

GORAH needs to collect your personal information in order to provide allied health care services to you. Our primary purpose for collecting, using, sharing, and retaining your personal information is to manage your health. The type of information GORAH collects and holds includes, but is not limited to, personal information about:

• Names, age, date of birth, addresses, contact details, education, occupation, relationship status
• Emergency contacts, next-of-kin, medical power of attorney
• The name and details of the referrer (e.g. health service provider or medical specialist)
• Letters of referrals, correspondences, and copies of any relevant medical or allied health reports
• Medical information including your current and prior medical history, current medications, allergies, adverse events, immunisations, social history, family history and risk factors
• Medicare number (if applicable) for identification and/or claiming purposes  
• National Disability Insurance Scheme (NDIS) details including care plan (if applicable)
• Details relating to Advanced Care Directives (if applicable)
• Health fund details used for claiming subsidies (if applicable)

GORAH may collect your personal information in the following ways:

• When you register for an appointment via our website
• On completion of client information and assessment forms
• As disclosed by you during the course of providing allied health services
• When contacting GORAH via email and telephone  
• Information may also be collected through My Health Record
• When you sign up to our newsletter via our website

In some circumstances personal information may also need to be collected from other sources. This may include information from:

• Your next of kin, guardian, or individual with Medical Power of Attorney (MPOA)
• Other healthcare providers (e.g. specialists, hospitals, community health services)
• Your private health fund, Medicare, or other third-party payer
• As consented by you in order to fulfil the requested allied health services

GORAH may use and disclose personal information held about an individual for reasons relating to administration, operational, and health care management. This includes the following:

Administrative

• For administrative an billing purposes, including debt recovery
• Anyone you authorise GORAH to disclose information (exceptions apply)

Operational

• For planning, measuring, evaluating, and monitoring our services
• For accreditation purposes
• To engage in quality assurance and improvement activities
• When it is required by law (e.g. subpoenas, statutory requirement)
• To establish, exercise or defend an equitable or legal claim

Health Care Management

• To government organisations, third-party payers, or health care insurers for administering subsidies during the course of providing allied health services
• To staff and contractors for fulfilling allied health services
• For obtaining advice from consultants and external health care providers
• For the dispute resolution process as part of complaint management
• When it is necessary to minimise or prevent serious harm to the client and/or public

GORAH engages contractors to provide services on our behalf. We must use and disclose your personal information to contractors in order to facilitate these arrangements. All contractors are bound by the APP and sign confidentiality agreements prior to commencing work for our practice.

The Great Ocean Road Allied Health does not send personal information about our clients outside of Australia without obtaining the consent of the client, or otherwise complying with legal requirements. In circumstances of cross-border disclosure, the recipient is required to acknowledge and adhere to Australian Privacy Principles. 

The GORAH staff and contractors are required to respect the confidentiality of personal information and the privacy of individuals. GORAH has in place steps to protect the personal information it holds about an individual from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of any paper records, and password protected access rights to electronic records.  

GORAH endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which GORAH holds about them and to advise GORAH of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation.

If you would like to make a request to access to your personal information, we may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, we may charge a fee to retrieve and copy any material for you. If the information sought is extensive, GORAH will advise the likely cost in advance. The fee is payable before access is given. To make a request to access any information GORAH holds about you, please contact us in writing using the contact form below.

Where the person requesting access is an authorised representative of the individual about whom the information relates (such as an attorney or guardian), we will ask the representative to provide evidence of their authority. There are exceptional circumstances where access to or correction of your personal information may be refused by us, such as where access would be unlawful.

You have the right to deal with GORAH anonymously or under a pseudonym, unless we are authorised by Australian law to only deal with identified individuals, or it is impracticable or unreasonable for us to do so (e.g. engaging in a complaints resolution process).

GORAH will hold your personal information until it is no longer required. The Australian Privacy Principles and the Health Privacy Principles require us not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored. If you are a client, your personal information will be held for a minimum of 7 years from the date of last entry into your records. Information that is no longer needed will be securely destroyed or de-identified.   

If you do not provide us with the necessary personal information described above, we may not be able to provide the requested allied health services to you.

We may send you direct marketing communications and information about our products and services that we consider to be of interest to you. These communications may be sent in various forms, including mail, SMS, email, in accordance with applicable marketing laws. You may opt-out of receiving marketing communications from us by contacting us or by using opt-out facilities provided in the marketing communications.

Links from GORAH to external websites are not covered by this privacy policy.

This Privacy Policy may be reviewed or amended from time to time. You can access the most up to date copy of this policy by visiting this page.

If you have any concerns about how we have handle your personal information or you wish to make a complaint on the basis that we have breached the Australian Privacy Principles advised by the Privacy Act 1988 (Cth), please contact us. We will endeavour to respond to your complaint within a reasonable time after it is made.

Questions regarding GORAH’s privacy policy statement, complaints about privacy, or requests for obtaining or correcting personal information can be directed to our Privacy Contact Form below.

Our privacy policy references the following Australian Government legislation and guidelines:

Australian Privacy Policy Guidelines 2019

Health Records Act 2001

Privacy Act 1988

Privacy Amendment (Enhancing Privacy Protection) Act 2012