CHMC adheres to the Australian Privacy Principles (APPS) that regulate how private sector organisations manage personal information. These APPs, currently 13, cover the collection, use, disclosure and secure management of personal information. They also allow individuals to access that information and have it amended if it is incorrect. CHMC has in place practices, procedures and systems to ensure compliance with these APPs.
Castle Hill Medical Centre’s website uses 3rd party analytics software. We use this to better understand how many people are using our website and how they find us. No personally identifiable information is stored by this software.
Castle Hill Medical Centre manages all patient records with a high degree of confidentiality and also adheres to privacy law requirements at all times.
- CHMC only collects personal information that is necessary for providing optimal quality medical care to our patients.
- CHMC obtains this information with the patient’s consent and awareness of the purpose for its collection.
- If information is collected from a third party on behalf of a patient, CHMC will take steps to notify the patient that this information has been gathered and how it will be used and stored.
- This personal information is only used or disclosed with the patient’s consent during the provision of this care.
- CHMC ensures anonymity is maintained and where required, legal and practicable, is willing to enable the patient to use a pseudonym.
- CHMC will not use a government identifier, such as Medicare number, to uniquely identify a patient. The exception to this is the Individual Healthcare Identifier.
- CHMC takes every care to ensure that this information is accurate, complete and up to date when collected and used.
- All information is kept in a safe manner, which prevents misuse, loss and unauthorized access.
- Information collected will not be disclosed or used for direct marketing unless consent has been given or it would be reasonable to expect this information to be used for this purpose.
- Personal information that is no longer required is destroyed in accordance with CHMC Disposal of Records Policy.
- CHMC will also destroy any unsolicited information that is received that is deemed inappropriate for CHMC to receive and unnecessary for the care of the patient, as long as it is lawful.
- CHMC will, on request, make every effort to provide patients with details of personal information stored, for what purpose, how it is collected, held, used and disclosed.
- Access to and correction of this personal information will be made available on request by the patient and reasonable steps will be taken to ensure that incorrect information is rectified.
- CHMC requires its employees to observe and adhere to the APPs and all staff/contractors sign a confidentiality agreement on commencement of employment.