Privacy Policy

Flow State Medical privacy policy

Current as of: 28th February 2024

Introduction

Flow State Medical Pty Ltd (ABN 456721185849) may use your personal information in accordance with the Australian Privacy Act 1988. This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our practitioners and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).

What personal information do we collect?

The information we will collect about you includes your:

· names, date of birth, gender, addresses, contact details

· medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors

· Medicare number (where available) for identification and claiming purposes

· healthcare identifiers

· payment and financial information

Dealing with us anonymously

Unfortunately, due to the nature of our work, it is impractical for you to deal with us anonymously or under a pseudonym at this current time.

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.

During the course of providing medical services, we may collect further personal information. Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record, eg via Shared Health Summary, Event Summary.

2. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.

3. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

· your guardian or responsible person

· other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services

· your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

How do we use your personal information?

We may use your personal information for the following purposes:

· Providing and managing your medical care

· Confirming appointments and sending reminders

· Maintaining medical records as required by law

· Billing and processing payments

· Responding to inquiries and customer service requests

· Sending promotional offers, newsletters, and marketing materials (with your consent)

· Conducting surveys and collecting feedback to improve our services

· Compliance with legal and regulatory requirements

When, why and with whom do we share your personal information?

We sometimes share your personal information:

· with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy

· with other healthcare providers

· when it is required or authorised by law (eg court subpoenas)

· when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

· to assist in locating a missing person

· to establish, exercise or defend an equitable claim

· for the purpose of confidential dispute resolution process

· when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)

· during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary)

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia. You can let our reception staff know if you do not want your information included.

Patient files are retained on Halaxy which is a secure practice management software. This is accessible only to authorised employees. For more information regarding Halaxy, please read the Halaxy Terms of Service and the Halaxy Privacy Policy. The information on each file includes personal information such as name, address, contact phone numbers, medical history, and other personal information collected as part of providing the service.

We use Zoom for video telehealth consultations. Zoom uses end-to-end encryption to keep your information secure.The Zoom privacy policy can be reviewed here: https://explore.zoom.us/en/privacy/

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms.

This may include paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings.

Our practice stores all personal information securely. Medical records will be stored for a period of 7 years from the date of the last entry.

We will securely store and protect your personal information. Information in electronic format is stored in protected information systems. Information in hard copy format is stored in a locked, secured cabinet. Our electronic record software is password protected and staff with access to records adhere to a patient confidentiality agreement.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

• For the primary purpose for which it was obtained

• For a secondary purpose that is directly related to the primary purpose

• With your consent; or where required or authorised by law.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing via email to hello@flowstatemedical.com.au and our practice will respond within 30 days. An administrative fee of $30 will apply to cover costs.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to hello@flowstatemedical.com.au

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure and you should receive a response within 30 days. Please address to hello@flowstatemedical.com.au. Alternatively our mailing address is Flow State Medical at Wildleaf Clinic, Shop 5, 321 Sheridan Street, North Cairns, QLD. 4870. (07 4020 5770).

You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

Privacy and our website

Our website may use cookies to analyse website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Adwords. These ads may appear on this website or other websites you visit.

A cookie is a small file placed in your web browser that collects information about your web browsing behaviour. Use of cookies allows a website to tailor its configuration to your needs and preferences. Cookies do not access information stored on your computer or any personal information (eg. name, address, email address or telephone number). Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. This may, however, prevent you from taking full advantage of our website.

Policy review statement

This privacy policy will be reviewed and updated regularly to ensure it is in accordance with any changes that may occur. The updated policy will be available to view on our website.

Privacy Collection Notice

Who is collecting your personal information?

Your personal information is being collected by Flow State Medical Pty Ltd.

Collection of your personal information

We collect personal information from you when you provide it over the phone, in correspondence or in person.

We also collect personal information from our website.

We may collect your personal information from others associated with your care.

Examples of who we might collect this information from include GP’s, another treating health service or health professional, or someone else, like your carer, a partner, a family member or guardian.

Why does Flow State Medical collect your personal information?

This information ensures that we can determine your suitability for a consultation with our doctors for lifestyle & plant-based medicine, your treatment plan, and what support you need in order to provide you with care.

Flow State Medical will only collect sensitive information where the information is reasonably necessary for one or more of our functions or activities.

What information does Flow State Medical collect?

We collect names, contact details, gender and age, as well as referral information to access health services delivered by Flow State Medical and patient case notes which summarise your consultations with your medical practitioner, clinical assessment and any prescriptions issued.

In certain circumstances we may need to collect sensitive information. Sensitive information includes criminal record information, health information or genetic information.

Who will Flow State Medical disclose your personal information to?

We may disclose your personal information for any of the purposes for which it was collected, or where it is under a legal duty to do so. This may include third parties such as:

· Pharmacies and delivery partners to facilitate the supply and delivery of products in accordance with your prescription(s);

· External suppliers that we contract with to assist with the administration and management of our organisation and service provision;

· Providers including but not limited to GP’s and other treating health services or organisations that enable us to coordinate your care;

· Government and law enforcement agencies as required by law.

Flow State Medical may disclose your personal information outside of Flow State Medical if authorised under the Privacy Act including if we are required or authorised by or under law. For example, if we are required to respond to a subpoena or court order.

Access to and correction of your personal information

You can tell us at any time if you want to make any changes to or update your personal information. You can do this by emailing hello@flowstatemedical.com.au.

Privacy complaint

Our privacy policy contains information about how you may complain about a breach of the Australian Privacy Principles and how Flow State Medical will deal with privacy complaints.

Overseas disclosure of your personal information

We may use service providers for services such as software and system development, communication networks and data storage. Your personal information may be accessed from, transferred to, and/or stored outside Australia. The data protection laws in that country may be of a lower standard than those in Australia. We will, in all circumstances, safeguard the personal information as set out in this collection notice.

Policy Updates

This Policy may change from time to time and is available on our website.

If you have any queries or complaints about our Privacy Policy please contact us at:

Flow State Medical at Wildleaf Clinic, Shop5, 321 Sheridan Street, Cairns North, QLD, 4870. hello@flowstatemedical.com.au

Changes

We reserve the right to change the terms of this Privacy Policy from time to time, without notice to you. An up-to-date copy of our Privacy Policy is available on our website and we encourage you to check our website periodically to make sure you are aware of our current Privacy Policy. The last update to this document was February 2024.