Epworth complies with its obligations under all applicable privacy and health records laws, including the Health Services Act 1988 (Vic), the Privacy Act 1988 (Cth) (and its Australian Privacy Principles) and the Health Records Act 2001 (Vic) (and its Health Privacy Principles). Where Epworth provides public health services, those service arrangements may also require Epworth to comply with public sector privacy obligations under the Privacy and Data Protection Act 2014 (Vic) from time to time.
Epworth recognises that the privacy principles under those laws apply to our relationship with patients, employees and service providers. Epworth requires that all health professionals and organisations doing business with us will similarly adhere to those privacy principles.
What personal information does Epworth collect?
Epworth collects personal information from patients so that we can provide health services to them. The personal information that we collect from you if you are, or will become, a patient includes: name, date of birth, address, contact details, financial details, ethnic background, health and medical history, lifestyle history, family history, details regarding your current health issue and details regarding your treating doctors (such as your general practitioner).
We collect personal information from other individuals, such as employees, contractors, students, job applicants, and service providers, to enable us to assess, work with or transact with them. The personal information we may collect from those individuals in those circumstances includes: name, contact details, qualifications, education, financial details and employment history.
If you do not provide to us any of your personal information that we require, we may be unable to provide you with the services you are seeking or to otherwise work or transact with you. If you are a patient at Epworth, you cannot choose to be anonymous or use a pseudonym because this would prevent us from being able to treat you appropriately.
If you attend the private clinic of a doctor at an Epworth site, that doctor may maintain and keep their own separate medical record about you.
How Epworth collects personal information
We will ordinarily collect your personal information from you directly. Occasionally we may need to collect personal information about you from a third party such as your general practitioner, another health service provider or your family or carer. However, we will only do so if you have given us your permission, if we cannot reasonably obtain the information from you and we require the information for your care and treatment or if the law otherwise permits us to do so.
If we receive personal information about you from someone else that we have not requested and we determine that we would not have been permitted to collect that information under privacy law, we will ordinarily destroy or de-identify the information.
We may also collect personal information about someone else from you where that information forms part of your family, social and medical history and it is necessary for us to collect that information in order to provide your care and treatment.
How Epworth uses and discloses personal information
Epworth will use and disclose your personal information for the particular purpose for which we have collected it.
Generally, if you are a patient of Epworth we will use and disclose your personal information for the purpose of providing health care services to you. Your personal information will be used by and disclosed to the health professionals and other staff involved in your care and treatment at Epworth. We may use your information to refer you to external services providers for diagnostic tests or to other health professionals during your care and treatment or after you are discharged. We will share your personal information with these other providers for the purpose of your care and treatment.
We may also use and disclose personal information we collect in the following circumstances:
- To contact patients to send them a reminder for an appointment or follow up care, to check pre-admission details or to inform patients of out of pocket expenses. We may use patients’ information to give them a follow up call from our Patient Service Centre.
- We may provide general information about a patient’s condition to their family, near relative or carer, unless the patient has requested that we do not do so.
- We will ordinarily send a discharge letter or summary which will include details of a patient’s care and management at Epworth to their general practitioner or the specialist who referred the patient to Epworth, unless the patient requests that we do not do so. If appropriate, we may send a letter to other health professionals and individuals involved in a patient’s post discharge care – for example, to a physiotherapist or home nursing service.
- To communicate with Medicare and other government agencies (for example, Department of Veterans’ Affairs, WorkCover, TAC) involved in funding a patient’s health care.
- To communicate with a patient’s private health insurer.
- We may use a patient’s personal information to ask them to participate in a patient survey, quality improvement activities, a clinical trial or research. We may disclose personal information to a service provider who assists us with these activities. A patient has the right to decline to participate in these activities.
- To manage a patient’s account with us and to charge the patient (or a third party) for the services we provide.
- We will disclose certain information where we are required by law to do so about patients who have specific conditions to the Victorian or Commonwealth Government, their departments or agencies. We will also disclose certain information to organisations that maintain a health or disease register where we are required by law to do so.
- We may disclose personal information to an approved government agency, safety and quality body or law enforcement agency where required or permitted by law, for example in relation to locating missing persons, service of documents, census information collection or specified quality and safety purposes.
- We may disclose to and collect personal information from another health service for one or more specified quality and safety purposes with the appropriate Ministerial authorisation.
- Where we are contracted to provide public health services, we will disclose personal information in accordance with our contractual obligations to the relevant public health service providers and public sector privacy laws.
- For certain activities and functions related to Epworth’s business and operations, such as quality assurance and improvement, patient satisfaction assessments, audit (clinical and non-clinical), accreditation, service planning, service funding, risk assessment and management and claims investigation and management. We may disclose an individual’s personal information to our insurer and to other people or organisations we engage to assist us with these activities. We may also use personal information for training and educating our staff. Where possible, we will endeavour to remove information that identifies any individual when using it for these activities.
- From time to time, external suppliers that we engage to provide certain services to Epworth may have access to the personal information we collect – for example, external information technology providers or couriers. Where we engage such external suppliers, such persons and organisations must agree to manage any personal information they may access according to privacy laws.
- We may disclose an individual’s personal information to a third party where we are legally required to do so – for example, if we receive a subpoena.
- We may use and disclose the personal information of job applicants and individuals undertaking work experience or a student or trainee placement to assess and manage their engagement or employment, for insurance purposes and to comply with our legal obligations.
- We may use and disclose the personal information of health professionals that seek accreditation to practice at Epworth to assess their application, to manage our relationship with them, for insurance purposes and to comply with our legal obligations.
- If you are a service provider, we may use or disclose your personal information to manage our relationship with you.
- Where you have been provided with an opportunity to opt-out of receiving contact from Epworth Medical Foundation (EMF) in relation to fundraising support and you have not opted-out of receiving such contact, we may disclose your name and contact details to EMF. Further information is provided below as to how your personal information is disclosed to and used by EMF.
Ordinarily, Epworth will not transfer your personal information to any person or organisation outside Australia, without your permission. However, Epworth may enter into arrangements with service providers who may store some of Epworth’s data (which may include personal information) overseas. If we do, we will ensure we comply with any privacy law requirements that relate to cross border disclosures of personal information.
Epworth is a not-for-profit hospital group which relies on the generosity of its community to assist it to continue to deliver excellence in treatment and care. As part of your hospital admission process, you will be asked on your admission form whether you do not wish to be contacted by our fundraising trust Epworth Medical Foundation (EMF) in relation to fundraising support for Epworth. Where you have not opted-out of such contact on the admission form by ticking the relevant box, we will disclose your contact information to EMF. EMF may contact you to seek your support or to ask you to participate in Epworth’s fundraising activities.
Where you have not opted-out of receiving fundraising contact from EMF, you may be contacted by a representative of EMF or by an external fundraising agent engaged by EMF. In either circumstance, only your contact details are available to the person or organisation who will contact you, and no information regarding your medical treatment or condition is disclosed by us to them. External fundraising agents will inform you as to who they are, why they are calling and that the contact relates to fundraising for EMF or Epworth. If you are not provided with this information, please advise EMF through the contact details provided on the EMF website www.emf.org.au.
Should at any time you wish to opt-out of fundraising contact, you may contact Epworth’s Privacy Officer on the contact details set out below or use the opt-out mechanism provided under EMF’s Community Charter on the EMF website www.emf.org.au.
How we protect your personal information
Epworth has implemented measures to protect your personal information from misuse, interference, loss, unauthorised access, modification and disclosure. We store all of the information we collect from patients on their medical record which may be in hard copy and electronic format. Every time a patient attends Epworth, information is added to their medical record.
When it is not required for your care, your hard copy medical record is stored securely in our health information services department. We use various procedures and technologies to protect your privacy, including access control procedures, audit trails, network firewalls and physical security. Only authorised staff or contractors have access to your records and we monitor any access to electronic records.
Epworth will destroy or permanently de-identify any of your information which we no longer require for the purpose for which we collected it, provided we are not required under law or otherwise to retain the information.
How you may request access to or correction of your personal information
You may request access to the personal information we hold about you by contacting us at the details set out below. You may access your personal information by viewing it or by requesting a copy of your personal information.
You may also request that we correct the personal information we hold about you if you believe that it is inaccurate by contacting us at the details set out below.
Epworth will consider your request for access or correction and respond within the time required by law.
We will ordinarily charge you for giving you access to your personal information in accordance with the fees and charges we are permitted to charge under the applicable laws.
Queries and complaints regarding your privacy
If you have any queries regarding how Epworth handles your personal information or wish to make a complaint about how we may have handled your personal information, you may contact us at the details set out below. We will consider your complaint promptly and provide a written response on the outcome.
Our contact details
You may contact us in any of the following ways:
Privacy Officer, Legal Services,
Epworth HealthCare Corporate Office,
c/- 89 Bridge Road, Richmond VIC 3121
Through the feedback form on the Patient Feedback page of our website.
If you would prefer to make your complaint to an external complaint body, or you are not satisfied with the handling or outcome of the Epworth complaints process, you may contact the following organisations to lodge a complaint:
Australian Information Commissioner
Health Complaints Commissioner (Victoria)
Your use of our website
Epworth cannot ensure that any information transmitted over the internet is secure and you transmit such information at your own risk. However, once we receive a transmission of personal information, we take all reasonable steps to ensure that the information is secure on our systems.
When you access our website, we will keep a record of your visit. We may collect the following information that does not identify you in relation to your use of our website: your computer address, the date and time of your visit, the type of browser you use, the pages you visit, the information you request and the country from which you request information. We collect this information for statistical purposes and to monitor and improve our web site and services.
Current as at 27 August 2020