We respect your rights to privacy and have a legal obligation to abide by the provisions of the Privacy Act 1988 (the Act). The law requires we must follow under the Act is known as the Australian Privacy Principles, the latest update from the APP can be accessed at: www.oaic.gov.au/privacy/privacy-act/privacy-law-reform. The APP covers areas including the collection, use, disclosure, quality and security of personal information.
College Street Specialists (‘CSS”) is committed to ensuring the privacy and confidentiality of your personal information.
In this document, CSS is variously referred to as Us and We.
CSS complies with the Privacy Act 1988 (Cth) (Privacy Act), the associated Australian Privacy Principles (APPs) and state or territory legislation that governs how private sector health service providers should handle your personal information, including, but not limited to, health information.
CSS may, from time to time, amend this Policy, in whole or part, at our sole discretion.
Any changes to this Policy will be effective immediately upon the posting of the revised Policy on our website(s). By continuing to access our services following any changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as amended from time to time, in whole or part, you must not access our services, including our website(s).
By providing personal information to us, you consent to us collecting, using and disclosing your personal information as described in this Policy. If we need to use your information for anything else, we will seek additional consent from you to do this.
In some circumstances, where it is not reasonable or practical for us to collect this information directly from you, responsible persons (for example, a spouse or partner, close family member, emergency contact or enduring medical power of attorney) can give consent for collection on your behalf.
We may collect personal information from patients, healthcare professionals, employees, contracted service providers, students, trainees, suppliers and other individuals with whom we engage in the course of our usual business operations.
You are not required to provide personal information to us. However, if you do not provide us with all the information we request, the services we provide to you may be affected. If you provide incomplete or inaccurate information to us, or withhold personal information from us, we may not be able to provide you with the services you are seeking, or otherwise engage with you.
We will usually collect your personal information directly from you by email, telephone, in writing or in person, or through our website(s). Where it is not reasonable or practical for us to collect this information directly from you, we may need to collect information about you from a third party. In the case of patients, we may also collect information from a third party where your health may be at risk and we need your personal information to provide you with emergency medical treatment.
The third parties from whom we may collect your personal information include:
• Other health service providers, including healthcare professionals, hospitals, clinics and other pathology practices if they have referred you to us or are involved in your care. (Your doctor will generally explain why he or she is collecting the information and where it is going to.)
• Your responsible persons (such as a relative or carer)
• Our own internal records to link your information
• The My Health Record program operated by the Commonwealth Department of Health, if you have chosen to participate
• Health insurers, law enforcement or other government instrumentalities.
The type of personal information we collect about you depends on who you are, our relationship with you and the nature of our interaction with you.
The personal information we collect about you will include only the information that is:
• Reasonably necessary for us to engage with you in the usual course of our business
• Necessary to provide you with services (including, in the case of patients, coordinating and communicating with your healthcare providers)
• Required for administrative and internal business purposes related to the services we provide to you.
The personal information we collect may include:
• Your name, age, gender, date of birth, contact details
• Health information relating to your lifestyle and medical history relevant to providing healthcare services (such as your medications, diagnostic tests and treatments, family medical history, occupational history, genetic or biometric information and copies of correspondence to and from your healthcare providers)
• Relevant government identifiers (such as your Medicare number), when necessary for billing or other administrative purposes
• Other personal information collected in the form of clinical images and samples
• Records of our past engagement with you
• In relation to employees, any information relating to your employment including, employment histories, applications, pre-employment checks, qualifications, training records and information required by laws, regulations or standards
• Payment details
• Other information, occasionally including religion and ethnicity, which may be relevant in our dealings with you.
In certain circumstances, you may have the option of dealing with us anonymously or by using a pseudonym, however, this may limit the services that we can provide to you or the manner in which we engage with you. In some circumstances, it may be impracticable for us to deal with you in such an unidentified manner.
We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected (or a related secondary purpose). The exceptions to this are if you have consented to another purpose, or if we are permitted/required to do so by law, which may include:
• To coordinate and/or communicate with healthcare providers involved in your care
• To procure additional healthcare services on your behalf (such as referrals to other providers or obtaining second opinions)
• To conduct activities related to quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
• To liaise with your health fund, Medicare, the Department of Veterans’ Affairs, Department of Health or another payer or contractor of services
• To fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law
• To send you standard reminders (for example, for appointments for follow-up care, account management), by text message, mail or email to the number or address which you have provided to us
• To handle a complaint or respond to anticipated or existing legal actions
• To obtain feedback about our services or provide advice or information to you about products, services, treatment options and clinical trials that are relevant to you
• For billing and payments
• To engage you (as a contractor) to provide products or services to us
• To consider your application for employment with us.
In addition, we may anonymise (de-identify) or aggregate the personal information that we collect for the purpose of carrying out clinical research, quality assurance or customer service, health outcome and other business analytics.
CSS may use electronic processes when we use your personal information as specified above. We may link, combine or share personal information about you that is held in various databases created by any, or all, of CSS’s businesses.
We will not seek your consent to use your personal information for the purposes listed above.
We may use your personal information for marketing which is directly related to our services, in compliance with applicable laws, such as the Privacy Act 1988 (Cth) and Spam Act 2003 (Cth). We may engage third parties, under contract, to provide marketing services on our behalf.
You may advise us that you do not wish to receive direct marketing from us at any time by contacting us or by using the opt-out facilities provided in our client registration processes, informed consent procedures and the marketing communications you receive.
During the course of providing services to you, or otherwise engaging with you, we may disclose your personal information to trusted third parties including:
• Healthcare service providers or other relevant parties involved in your care or requesting services on your behalf (including for the purpose of obtaining second opinions or making referrals, on your behalf, for specialist medical services)
– Our providers utilise practice management software to send referrals and only relevant medical information will be shared.
• Statutory registries or bodies where requested to do so by you or as required by law (such as national cancer registries)
• Other third parties or organisations, if required by, and in order to comply with, our legal obligations
• Approved and trusted contractors, under agreement, as engaged by us to provide professional services (such as debt collection, information and communication technology providers, specialist clinical services).
Sensitive information is only ever disclosed for the purposes for which you gave it to us or for directly related purposes you would reasonably expect, or if you agree, for example, to handle a complaint.
We may use electronic processes to disclose your personal information as specified above, where available or relevant.
We will not seek your additional consent to disclose your personal information for the purposes listed above.
If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if the access permissions you have set allow this. When requested to do so, we may disclose your personal information by uploading your health information electronically to the My Health Record system.
If you do not want us to access personal information stored in your My Health Record, or to upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.
We may enter into arrangements with other related entities or third parties outside of Australia to store, access or use data we collect, including personal information, in order to provide services to us (such as data processing, analysis, interpretation or the performance of specialised tests). In such cases, we will take reasonable steps to ensure that the third parties do not breach the APPs, including by requiring that the third party has information security measures and information handling practices in place that are of an acceptable standard and approved by us.
When you use our website(s), we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us.
We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes.
We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures, in order to protect your privacy.
We will destroy or permanently de-identify any of your personal information that is no longer needed for the purpose for which it was collected, provided we are not required, under relevant accreditation standards or an Australian law, to retain the information.
You have the right to request access to the personal information about you which is held by us.
We will provide you with access to your information, unless there is a reason under the Privacy Act or other relevant law to refuse or limit such access, such as if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or giving access would have an unreasonable impact on the privacy of other individuals.
You may request access to the personal information we hold about you by contacting our Privacy Officer.
To protect your privacy, we will need you to verify your identity prior to providing access to your information. We may recover reasonable costs associated with supplying this information to you.
In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner, so that complex clinical information can be explained to you within the context of your individual circumstances.
You have the right to request an amendment to the information we hold, should you believe it to be inaccurate.
If we are satisfied that any part of the information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant, having regard for the purpose for which it is held, we will take reasonable steps to amend that information.
If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information.
Should you wish to request changes to your personal information held by us, you can ask for our Privacy Officer, who can give you more detailed information about our correction procedure.
We take complaints and concerns regarding privacy seriously. If you have comments or concerns relating to this Policy, or wish to make a complaint about our handling of your personal information, please contact the Chief Executive Officer. We may need to verify your identity and ask for further information, in order to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time, and generally within 10 business days.
All enquiries relating to privacy concerns please address to the Chief Executive Officer
Phone: (02) 9331 7229
Attn: Chief Executive Officer
College Street Specialists
Suite 1, Level 7, 26 College St,
Darlinghurst, NSW 2000
If we are unable to satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination.
If your concern or complaint relates to health information, you may also contact the relevant state or territory privacy commissioner.
Office of the Australian Information Commissioner (OAIC)
Address: GPO Box 5218. Sydney NSW, 2001
Phone: 1300 363 992
Please note, in this document, the terms “we”, “our”, “us” or CSS, refers to College Street Specialists.