We are subject to the Privacy Act 1988 (Cth) (the Privacy Act) and, as a health services provider, the Health Records and Information Privacy Act 2002 (NSW) (the HRIP Act). The Privacy Act sets out Privacy Principles (APPs) and the HRIP Act sets out Health Privacy Principles (HPPs).
As a healthcare provider, Genea Newcastle is also subject to the National Safety and Quality Health Service Standards (2012), the Australian Charter of Healthcare Rights (2008) and the Australian Open Disclosure Framework (2013) which also imposes standards (including with respect to privacy) that we must comply with to maintain our accreditation.
What is ‘personal information’?
What ‘personal information’ does Genea Newcastle collect and hold?
We collect the following types of personal information:
- mailing and street address
- email addresses
- telephone numbers
- age and date of birth
- profession or occupation
How do we collect your personal information?
We collect your information in the following ways:
- during conversations with you, over the phone and/or face to face
- through your use of our website
- from your referring doctor or fertility specialist
- when you complete our forms and paperwork
We will collect personal and health information directly from you wherever reasonably practicable. However, sometimes we may obtain health information about you from your referring doctor, fertility specialist or other treating doctors. Sometimes we may obtain health information about you from your partner or family member when it is not practicable to obtain it from you. If this ever happens, we will always confirm that information with you as soon as possible.
Collection of non-identifiable information
We may also collect some information that is not personal information because it does not identify you. For example, we may collect anonymous answers to surveys or aggregated information about how our website is used.
If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
What is ‘health information’?
Genea Newcastle is a provider of health services. ‘Health information’ is a highly sensitive type of personal information and is subject to further protection as it contains more private and comprehensive details about an individual. Health information is personal information or an opinion about:
- a person’s physical or mental health or disability
- a person’s express wishes about the future provision of health services for themselves
- a health service provided, or to be provided to a person
‘Health information’ includes your personal information. Once you are a patient of Genea Newcastle (or if we have collected health information about you), we also treat your personal information as ‘health information’ and all personal and health information is also protected by the HRIP Act.
What ‘health information’ do we collect and hold?
Health information that we collect may include:
- your medical history
- your family’s medical history
- you and your partner’s ethnicity
- your relationship status and history
- any additional information obtained throughout the course of your treatment
If you become a patient of Genea Newcastle, your health information will be held in your medical record. This is comprised of both hard copy and electronic records and will be established at the commencement of your treatment, or on admission into day surgery. It will contain medical, nursing and scientific information and documentation produced during your treatment. It includes any procedures and tests carried out at Genea Newcastle or elsewhere (and those results are provided to us).
If you do not become a patient of Genea Newcastle or receive any health services from us, any health information we obtain about you will be destroyed. Your personal information will be retained, with your consent, for future communications with you.
For what purposes do we collect, hold, and use your personal and health information?
Your personal and health information is collected and used to ensure you can be informed about the services that we provide, that you receive the best possible care if you become a patient of Genea Newcastle, and for us to manage the health services we provide to you effectively. It will also be used to:
- send communications (including results) to you and your treating doctors
- provide information and advice
- conduct business processing functions
- update our records and keep your contact details up to date
- respond to any complaint made by you
- comply with any law, rule, regulation, lawful and binding determination, decision, or direction of a regulator, or in co-operation with any governmental authority
It will also be used internally for the administrative, marketing, planning, product or service development, quality control and research purposes of Genea Newcastle and its related bodies corporate.
What happens if we can’t collect your personal or health information?
If any of the personal or health information you provide is not accurate or complete, or you choose not to provide us with your personal information, it may detrimentally affect the services that we provide or we may be unable to provide you with our services at all.
Keeping records accurate and secure
Genea Newcastle will take all reasonable steps to ensure your information is protected from misuse and loss and from unauthorised access, modification or disclosure. We will hold your health information across both electronic and hard copy form and information is destroyed or de-identified when no longer needed and when the legislative period relevant to medical records has expired.
Genea Newcastle uses a patient identification numbering system whereby a unique number is issued to each patient at the time of his or her first visit. It remains connected to your name and other personal identifying information as it is not practicable for us to provide health services individuals anonymously or under pseudonyms.
Prior to the receipt of health services, however, Genea Newcastle is able to provide information of a general nature on an anonymous basis.
All in-patient records are coded at discharge and securely stored. Statistical data is supplied to the NSW Department of Health and the National Perinatal Epidemiology and Statistics Unit. This is statistical de-identified data.
We have an internal policy with respect to how confidential information will be treated in-house to protect your privacy from accidental disclosure. They include the following directives that:
- only employees who have a need to view your file will do so
- documents containing personal information are not left on desks or workstations where they may be visible to unauthorised persons
- patient lists and medical records are covered when travelling in lifts and corridors
- patient information is not discussed in public areas where it may be overheard
- that computer screens are all turned away from the public and have screen savers to reduce the chance of casual observation
Genea Newcastle has in place the following IT protection:
- our website payment mechanism is PCI compliant, and security is provided by the participating financial institution
- we take appropriate steps to ensure the operation and effectiveness of our ICT security measures in order that they remain responsive to changing threats and other issues that may impact the security of your personal or health information
As our website and email is linked to the internet, and the internet and email transmitted over it is inherently insecure, we cannot provide assurance regarding the security of transmission of information you communicate to us on-line or via email. We also cannot guarantee that the information you supply will not be intercepted while being transmitted. Accordingly, any information which you transmit to us online or via email is transmitted at your own risk.
To whom may we disclose your information?
We may disclose your personal and health information to our employees, related bodies corporate, contractors, and service providers for the purposes of us providing the health service to you and managing our business. We may also disclose your personal and health information to healthcare professionals directly involved in your treatment. However, if you are hospitalised as a result of your treatment and your records are needed urgently, they will be forwarded to the relevant medical professional without waiting for written consent.
Health information may also be provided to third parties if we are legally obliged to do so by a court subpoena, statutory authority, search warrant, coronial summons or to defend a legal action. If information is requested by a third party connected to you it must be accompanied by an original written authorisation from you to release that information.
There may be instances where mailing houses, couriers, payment processors, data entry services providers, electronic network administrators and debt collectors are be provided with some of your personal details. They will never have access to your treatment information.
Genea Newcastle does undertake and participate in medical research with collaborators that sometimes involves identifiable health information. Such research proposals must be presented to the Genea Newcastle Ethics Committee for approval prior to any project commencing and follow strict guidelines. We will always request your permission to be involved in such research and your written consent to release your information to third party researchers.
Your personal and health information will never be disclosed other than as described in this policy.
How can you access and correct your personal information?
You may request access to any information we hold about you at any time. Where we hold information about you that you are entitled to access, we will provide you with suitable means of accessing it. We will not charge you for making the request. In circumstances where you request a copy there may be a fee of $50.00 to cover our administrative costs.
There may be instances where we cannot grant you access to some of the information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others. If that is the case, we will provide you with a written explanation of those reasons.
If you believe that the information we hold about you is incorrect, incomplete, or inaccurate, then you may request us to amend it. We will consider if the information requires amendment and amend it if we conclude that it requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the information stating that you disagree with it.
We may contact you directly or send you communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, phone and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will use that method of communication. In addition, at any time you may opt-out of receiving communications from us by contacting us (see the details below) or by using opt-out facilities provided in the communication and we will the ensure that your name is removed from our mailing list.
We will not provide your personal information to other organisations for the purposes of such communications.
Do we disclose your personal information to anyone outside Australia?
No personal or health information is disclosed to parties outside Australia except in circumstances where you request and consent to its release (ie the shipment of biological material to an overseas clinic).
If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we may investigate it.
All complaints will be dealt with confidentially. We will in the first instance contact you to confirm what investigation action will occur, conduct the internal investigation into the alleged breach and communicate the outcome to you in writing and invite a response to our conclusion about the complaint. If we receive a response from you, we will also assess it and advise if we have changed our view.
You may also contact the relevant Privacy Commission – either with respect to the Privacy Act at the Office of the Australian Information Commissioner at www.oaic.gov.au OR the HRIP Act at the Office of the Privacy Commissioner New South Wales at www.ipc.nsw.gov.au
Our contact details
Please address correspondence to:
firstname.lastname@example.org or post to
PO Box 93
THE JUNCTION NSW 2291