Privacy Policy

Introduction

CareScan Imaging Group (CSIG) consists of a group of Medical Imaging practices passionate about providing the highest quality of healthcare in local communities across Australia. We are committed to protecting our patients and prospective patients’ privacy by explaining our practices, collecting, using, or disclosing information as is necessary for health purposes, or with patients’ consent, and resolving any privacy-related problems as quickly as possible.

CareScan Imaging Group’s Privacy Statement sets out how we collect, use, disclose and otherwise handle and retain personal information (including sensitive (health) information) in accordance with our obligations under the Privacy Act 1988 (Privacy Act) and other relevant health privacy legislation.

Our Privacy Statement also applies to personal information that we collect and hold about referring Health Professionals (and their nominees), Medical Specialists and hospital staff (and their nominees), other health service providers, individuals who supply goods and services CSIG, employment applicants and other individuals that CSIG has dealings with.

Why do we collect and hold your personal information

CSIG collects and retains personal information (including sensitive (health) information) to provide:

• Quality medical imaging services, assist in the provision of medical care to patients and prospective patients; and
• Patient-related services to referring Health Professionals and/or other health service providers and their respective nominees.

Personal information is also collected from, and about, employment applicants and held by CSIG for employment-related purposes and other individuals with whom we have business dealings.

Generally, CSIG will only collect personal information directly from you. However, we will also collect information about you from third parties, including your referring Health Professional and/or Medical Specialist.

The main categories of personal information collected and held by CSIG are:

• Name,
• Address,
• Phone number(s),
• Email Address,
• Date of Birth, and,
• Gender.

CSIG also collects and holds sensitive (health) information from others while providing health services to you, including but not limited to:

• The results of any tests or procedures;
• Information about your past clinical history (e.g. medication taken, previous test results, pathology results, etc.) and other circumstances (including family, social, medical or employment history);
• Information provided by your referring Health Professional and/or Medical Specialist that is necessary in the context of your treatment;
• Information provided by other third parties (such as from a family member, authorised representative, or an Allied Health Professional (such as a physiotherapist, chiropractor, osteopath, podiatrist, dentist, nurse, etc.);
• Payment and administrative information (such as your Medicare number and other individual health identifiers, Worker’s Compensation insurance, Transport Accident Compensation, private health insurance or billing details);
• Information required or authorised under Australian law or a court/tribunal order; and/or
• Any other information collected from you (including verbally) when you attend our clinics, write to, call, or contact us through our website.

If you choose not to provide your personal information (including sensitive (health) information) to CSIG, we will be unable to provide you with the services you request.

How we use your personal information

CSIG will use your personal information (including sensitive (health) information) for the purposes of:

• Making an assessment of your health status;
• Providing a specialist medical report about your health to your referring Health Professional and/or Medical Specialist or to third parties (such as to a family member, authorised representative, or Allied Health Professional, etc.);
• Providing you treatment and ongoing health care (unless you have notified us otherwise);
• Providing internal administrative services (such as billing and collection of any outstanding debts);
• Sending out appointment reminders;
• Notifying relevant organisations (such as medical defence organisations, insurance companies and/or legal advisors) of an incident/accident when a claim of medical malpractice has been alleged;
• Ongoing research of specific cases for the continuing education of professional personnel (all information is de-identified prior to use);
• Quality assurance activities, practice accreditation, customer satisfaction surveys, statistical analysis, providing medical imaging information and complaint handling;
• Assessing and/or sourcing candidates for employment and processing their applications; and/or
• Responding to messages/enquiries you submit through our website.

Disclosure of your personal information

CSIG does not sell or disclose personal information (including sensitive (health) information) about our patients to drug companies or other health organisations/persons not involved in your medical care.

CSIG will sometimes need to use and disclose personal information (including sensitive (health) information) about you where it is reasonably necessary and relevant in the context of your treatment to organisations outside of CSIG for medical, ethical, insurance, legal and/or procedural reasons.

These organisations may include:

• Your referring Health Professional, nominees of your referring Health Professional (for example, employees and other Health Professionals in your referring Health Professional’s clinic) and any ‘copied to’ Health Professional;
• Consultant Medical Specialists or other registered Health Professionals who inform us they are involved in your ongoing health care outside of CSIG and who have been requested to provide further advice on your medical condition or to assist in responding to enquiries submitted through our website;
• Hospital medical staff;
• Registered Health Professionals granted access to CSIG’s secure web-based password-protected Referrer Portal (see below);
• Local contractors whom we have partnered with, under strict confidentiality and privacy requirements, including those that relate to cross-border disclosure, to provide services to our business operations;
• Your representative(s) (e.g. a guardian, carer, translator/intermediary and/or authorised representative (such as a family member or legal advisor));
• Health services or enforcement bodies in situations where CSIG is informed that there is a serious threat to life, health or safety;
• Insurers (such as Medicare, Worker’s Compensation insurer, Transport Accident insurer or your private health fund) for the purpose of benefits payable or other third parties for billing/accounting purposes;
• Our professional advisors (such as auditors and legal advisors);
• Government and regulatory authorities and other organisations, as required or authorised by or under Australian law; and/or

You can contact the CSIG Operations Manager if you have any questions about disclosing your personal information.

CSIG will de-identify personal information (including sensitive (health) information) about you for use and disclosure of that de-identified information to organisations outside of CSIG for the purposes of analysing our service quality and timeliness. De-identified personal information (including sensitive (health) information) may also be used internally for educational purposes.

Accuracy of your personal information

CSIG endeavours to ensure that the personal information (including sensitive (health) information) we collect, use, and disclose is accurate, up-to-date and complete. The accuracy and completeness of that information depends on the information you provide to us.

We recommend that you:

• Inform us if there are any errors in the information we hold; and
• Please inform us of any changes to your information (such as your name, address, or Medicare number).

Access to and correction of your information

The best way to obtain your results is to consult with your referring Health Professional who will interpret the results and explain them to you in the context of your health care. Your imaging findings are only one aspect of your health assessment. Your referring Health Professional is best positioned to discuss and explain the imaging results in the context of your other examination findings and health test results.

You may, however, request access to the personal information we hold about you. Occasionally, charges may apply to reproduce results or images (if available). We will inform you of any costs before they are incurred. In some circumstances, your request may be denied for specific legal reasons, as set out in the Privacy Act, including if the request is vexatious or if a criminal investigation is underway.
You may also request that we correct the personal information we hold about you if you consider it inaccurate, out-of-date, incomplete, irrelevant or misleading. You may request access to and/or correction of your personal information by contacting CSIG. To maintain the security of your personal information, confirmation of your details, the date of the last visit, and the type of test taken will generally be required before copies of information are supplied.

If your access or correction request is denied, a reason will be given to you (except if it is unreasonable), and we will inform you of the mechanisms available to complain about the refusal (see the Complaints section below).

CSIG provides a confidential film delivery service (if applicable). Our own staff, commercial couriers, taxis, or post may deliver this service. If this is unacceptable to you, please arrange to collect your films with our team. If you intend to have another person collect your films on your behalf, you must provide written consent to this collection, including the name of the person collecting your films.

Data security

All reasonable steps are taken to protect your personal information (including sensitive (health) information) within CSIG from misuse, interference and loss, and unauthorised access, modification or disclosure. Records are held securely for future retrieval in accordance with applicable regulatory and legislative requirements and good business practices. If CSIG no longer needs or is required to retain information, CSIG will take reasonable steps to destroy the information or ensure that the information is de-identified.

CSIG is subject to strict obligations under State and Territory laws regarding the retention of health information and records. Generally, as a minimum, we retain health information as follows:

• In the case of health information collected while an individual was an adult – for 7 years from the last occasion we provided health services to the individual; or
• In the case of health information collected while an individual was under the age of 18 years – until the individual turns 25.
• Only obtaining information about your health, as is necessary for health purposes, in accordance with this Privacy Statement or with your consent;
• Keeping your health information secure;
• Giving you reasonable access to the information we have concerning you;
• Not disclosing this information outside the organisation without your consent or otherwise contrary to this Privacy Statement, except where legally authorised or required to do so;
• Providing you with a simple complaints mechanism for complaints relating to privacy issues;
• Ensuring a process for working with the Office of the Australian Privacy Commissioner to resolve any complaints that cannot be resolved directly with you;
• Providing written procedures and instructions for staff to ensure that privacy processes are adhered to;
• Ensuring CSIG’s external (including offshore) contractors comply with the Privacy Act and other relevant laws; and
• Continuing to review and improve our privacy practices.

Online access by registered Health Professionals to your medical images and reports

CareScan Imaging Group provides a secure web-based password-protected Referrer Portal for registered Health Professionals and hospital medical staff to access patient images and reports. Your personal information (including sensitive (health) information) (such as images and reports) may be made available through this portal. Users of this service are subject to an obligation to collect health information with your consent and, in many cases, are bound by codes of practice that deal with obligations of professional confidentiality relevant to their profession.

Health Professionals will apply to CSIG for a username and password to access this service. Before a Health Professional is granted online access, they must accept the terms in a User Access Agreement stating that the information is required to provide a medical service and that it will not otherwise be used or knowingly shared or disclosed. Our systems indefinitely trace, record, and store all access activity on every patient file.

Your personal information (including sensitive (health) information) will be accessible online via our PACS to your Health Professional, who CareScan Imaging Group records show is involved in your care (e.g. to your family doctor or specialist). With your express consent, or the express consent of another person acting for you (such as a parent acting for a child), or in situations where CSIG is informed that there is a serious threat to life, health or safety, we may also provide access to other Health Professionals. You may also elect to give express consent to CSIG providing access to your personal information (including sensitive (health) information) (such as images and reports) to Medical Specialists or hospital medical staff generally.

Complaints

You can complain about how we have treated your personal information or privacy, please send your complaint to the CSIG Operations Manager. The complaint will be investigated, and a response will be sent to you as quickly as possible (generally within 30 days of receipt of the complaint).

If you are dissatisfied with the response, you can refer the matter to the Office of the Australian Privacy Commissioner. See https://www.oaic.gov.au/privacy/privacy-complaints for more information.

Your privacy is important to CareScan Imaging Group