Your Privacy

The privacy of your personal information is important to us. CANCER RESEARCH SA (CRSA) collects and manages your personal information (including but not limited to patient health information) in line with Australian National Safety and Quality Health Service Standards as determined by the Australian Commission on Safety and Quality in Health Care.

CRSA is committed to ensuring the privacy and confidentiality of personal information it collects. CRSA complies with the National Privacy Principles under the commonwealth Privacy Act 1988 and all other states/territory legislative requirements in relation to the management of personal information.

Personal information we may collect about you

To provide you with the appropriate level of care that you entrusted us to deliver when you become a patient with us, we need to collect and use your personal health information. The personal information we collect about you includes: your full name (first and last), address, date of birth, employment details, email and contact details (both home and work), DVA number and other government identifiers. Although we will not use these for the purposes of identifying you in our practice, the following will also be collected; your medical history, test results, family medical history, ethnic background, Medicare, health fund and insurance details, billing/account details, current lifestyle, next of kin, emergency contact and other information that may be relevant to your diagnoses, treatment, or healthcare.

When you become a patient at CRSA, a medical record is created and it includes personal information such as your name and contact details, as well as information about your health problems and the treatment, you have and will receive.

Each time you attend CRSA, we will update your medical record, collecting information necessary for the provision of healthcare and services for you.

We may also collect information about your interactions with us, including your responses to patient surveys relating to service improvement. We may take photographs or audio-visual recordings of you in a clinical context in connection with your treatment or healthcare. We will only collect information about your health, or other sensitive information about you (including taking photographs or audio-visual recordings of you), if we have your consent to do so or if it is otherwise permitted by law.

Referring clinicians and other healthcare professionals

If you are a referring clinician or other healthcare professional, the personal information we collect about you may include your name, contact information, professional details (including qualifications, accreditation, and registration information), information regarding your interactions or work with us and any other information you choose to share with us. We may also collect personal information about other members of the public, including visitors and families and medical professionals. The types of personal information we may collect about these individuals includes their name, contact details, identification information, and any relationship they may have to a patient.

How we collect your personal information

Where practicable, we will collect your personal information directly from you (might be via a face to face discussion, telephone conversation, registration form or online form) but we may sometimes also collect information from third parties, including family members, from a person responsible for you, referring clinicians and other healthcare professionals and service provider organisations.

Our staff will always endeavour to be sensitive to your needs when obtaining personal health information. However, they are also committed to acting in your best interests by making a thorough assessment of your condition and medical history.

We will only collect health information from a third party if you have consented or where we are otherwise permitted by law to do so, such as in a medical emergency, other members of your treating team, diagnostic centres, specialists, hospitals, Medicare, your health insurer, the Pharmaceutical Benefits Scheme. We may also operate video surveillance systems at our facilities for the purposes of maintaining the safety of our staff, patients and other persons visiting our premises. This may (though not always) involve the collection of some personal information.

If you provide us with incomplete or inaccurate information, we may not be able to provide you the service you are seeking.

Why we collect and how we use your personal information

We collect and use personal information for the following purposes:

• To providing you the healthcare services you are seeking.
• To communicate with you in relation to the health service being provided to you.
• To comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
• To communicate and provide a tailored treatment plan in consultations with other doctors and allied health professional involved in your healthcare.
• To obtain, analyse and discuss test results from diagnostic and pathology laboratories findings.
• To provide care and services for you, we may also use your information where necessary for the management of CRSA, to liaise with your health fund, and Medicare as necessary, and for activities such as quality assurance processes, accreditation, audits, risk management, claims management and education of health professionals involved in your care and treatment.
• To consult with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC).
• Dealing with enquiries, complaints, and legal proceedings.
• Complying with our legal obligations, including in relation to statutory and public health reporting requirements, such as mandatory reporting of child abuse or the notification of diagnosis of certain communicable diseases.
• Sending marketing and other communications to referring clinicians and other healthcare professionals, such as clinical updates, information about our services, events, and other news relevant to them or their practice; and
• Other purposes with your consent.

Research and product development

In addition to the above, we may also use your information in de-identified form for the purposes of research and product development activities. For example, this may include the development of new diagnostic tools and products, treatment methods and pathways. As we only use de-identified information for these purposes, you will not be identified as part of any of these activities. We will require your consent prior to sharing this information.

Occasionally we may receive requests from external researchers who wish to conduct research using information in identifiable form. Any such researchers must follow strict ethical guidelines, including by asking for your consent to be part of their research.

We will not share any identifiable information for research purposes without your consent

We may need to disclose your information for one or more of the purposes described above. For example, depending on the circumstances, we may need to disclose your information to:

• Referring clinicians and other healthcare professionals, such as pathologists, radiologists, allied health professionals, pharmacists, in relation to the provision of healthcare services to you.
• Government agencies, where we provide health services to you under a contract with that agency and are required to provide the information under the relevant contract.
• Private hospitals and other private healthcare providers, where we provide health services to you under a contract with that provider and are required to provide the information under the relevant contract.
• Your close relatives, close friends, and personal representatives who are legally responsible for your healthcare decisions (though we will not do this if you tell us not to).
• Your lawyers and insurance companies that have been authorised by you to obtain personal information from us.
• Government authorities where we are required to do so by law or in response to an order issued by a court or tribunal, such as where we are required to produce records in relation to court proceedings.
• Medical defence organisations, insurers, medical experts, or lawyers who work for us and help us to deal with enquiries, complaints, and legal proceedings.
• External service providers and advisors who help us run our business, including software vendors and service providers who help run our IT systems; and
• Other CRSA group entities.

In some cases, the people we disclose your information to may be based overseas, including in the European Union, the United Kingdom, and the United States of America.

My Health Records

If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if the access permissions you have set allow this. When requested to do so, we may disclose your personal information by uploading your health information electronically to the My Health Record system. If you do not want us to access personal information stored in your My Health Record, or to upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.

How we hold and protect personal information

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of service providers who provide data storage, hosting, and cloud computing services. In all cases we implement a range of measures to protect the security of that personal information.

Please note that any information that you send to us by electronic means may not be secure in transit unless it is encrypted. We are not responsible for the security of your information before it comes into our possession.

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification, or disclosure.

How you can access or seek correction of your personal information

You have a right to have access to the health information that we hold in your medical record, subject to some exceptions allowed by law. You may request access to any personal information we hold about you by contacting our Privacy Officer using the contact details set out below. Please also let us know if your personal details change (for example, your name or contact details), or if you notice errors or discrepancies in information, we hold about you. You may do this at your next appointment with us or by contacting our Privacy Officer using the contact details set out below. We may ask you to verify your identity when you make an access or correction request. There may also be circumstances in which we will not be able to comply with your request. In these cases, we will provide reasons for why we cannot comply and will explain what other options may be available to you.

Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself. Please note:  If choosing the option of not identifying yourself or using a pseudonym when dealing with our practice then the provision of medical services is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impracticable.

Our websites

If you visit any of our websites, we may record various technical information such as your IP address, browser type, domain names, access times and referring website addresses. We use this information to run our websites and for analytical purposes. Our websites may include links to other websites that are run by third parties. We are not responsible for how those third parties may collect, use, and share your information. Please carefully review any privacy statements published on the third-party websites you visit. Our websites may use cookies to help identify and interact more effectively with the access device you are using. A cookie is a text file that is placed on a user’s device by a web page server. Cookies cannot be used to run programs or deliver viruses to your device. The cookies we use help us to maintain the continuity of your browsing sessions and remember your details and preferences for when you return. You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites. We may use Google services such as Google Analytics to analyse usage of our websites from time to time. For more about how Google collects and processes data, please see Google’s privacy policy.

What you should do if you have any privacy issues and complaints

If you have comments or concerns relating to this Privacy information or wish to make a complaint about our handling of your personal information, please contact our Privacy Officer using the contact details set out below.

We may need to verify your identity and ask for further information, to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time, and within thirty business days.

If we are unable to satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). OAIC on 1300 363 992, post to GPO Box 5218 Sydney NSW 2001 or visit their website www.oaic.gov.au.