- Home
- For patients and visitors
- Privacy
Privacy
For full information relating to accessing and making amendments to medical records please view requests for access or correction.
St John of God Health Care Privacy Policy
Introduction
This Privacy Policy applies to St John of God Health Care Inc and any related body corporate, collectively referred to as "SJGHC".
SJGHC is committed to upholding the dignity of each person. Guided by the value of respect, we will manage all personal information in accordance with the Australian Privacy Principles (APPs) and the Notifiable Data Breaches Scheme (NDB Scheme) under the Privacy Act 1988 (Cth) (Privacy Act) and all other relevant Commonwealth and State legislation (together "Privacy Legislation"). This SJGHC Privacy Policy details how your personal information is collected, used, stored and disclosed by SJGHC and how you may contact us if you would like to access or correct your personal information. It also details how we respond if there is an Eligible Data Breach.
In this Privacy Policy:
- “we”, “us” or “our” refers to SJGHC; and
- "you" and "your" refers to any person whose personal information we collect, except employee records.
You consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy.
Purpose of this Privacy Policy
This Privacy Policy explains:
- how and why we collect, use, store and disclose personal information;
- how you may access or correct your personal information; and
- how privacy complaints are made and managed.
Format
This Privacy Policy has been prepared to give you the ability to choose to obtain more or less detail, at your preference, about SJGHC’s information handling practices.
If you only require basic information about SJGHC’s information handling practices, you can view our 'condensed' privacy policy. This is a summary of how SJGHC collects, uses, stores and discloses your personal information and how you can access or correct your personal information.
If you require more detailed information about SJGHC’s information handling practices then please read this document.
Currency
This Privacy Policy was last updated in September 2023. We will review the Privacy Policy on a regular basis and updated versions will be available online and in print from time to time.
How SJGHC handles your personal information
Terms used
A number of terms used in this Privacy Policy are defined in the Privacy Act, including the following:
Personal information includes a broad range of information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Personal information may include:
- an individual’s name, signature, address, phone number or date of birth
- sensitive information
- financial information
- photographs and videos (including CCTV)
- government related identifiers
- information regarding location and driving of fleet vehicles
Sensitive information is personal information that includes information or an opinion about an individual’s:
- racial or ethnic origin
- religious or philosophical beliefs
- sexual orientation or practices
- health or genetic information
- criminal record
Health information is a subset of personal information and means information or an opinion about:
- the health, including an illness, disability or injury, of an individual;
- an individual’s expressed wishes about the future provision of health services;
- a health service provided, or to be provided, to an individual;
- other information collected to provide a health service to an individual;
- other information collected in connection with the donation of body parts or substances; or
- genetic information predictive of the health of an individual or their relative.
References in this Privacy Policy to personal information should be taken to include sensitive information and health information unless we specify otherwise.
What information we collect
SJGHC collects personal information about patients and clients and their relatives, employees, job applicants, contractors, vendors and suppliers, health professionals, students, trainees, volunteers, boarders, visitors, and supporters of our fundraising Foundation.
SJGHC undertakes the followings services:
- providing health care services
- operating hospitals and health care facilities
- providing community and youth services
- providing nursing care at residential settings
- providing disability support services and accommodation
- fundraising and administering charitable grants
- conducting research
SJGHC will only collect personal information that is reasonably necessary for the performance of its obligations in providing the above services as well as its business functions and activities and other directly related purposes.
If you are a patient or client then we collect information to assist in providing health care or other services to you. Examples of information we may collect include your:
- contact details;
- medical history;
- medical condition;
- family history;
- lifestyle, cultural or ethnic background; and
- previous test results.
If you are an employee issued with a fleet vehicle, we collect telematics data in relation to your use of that vehicle.
How we collect information
SJGHC usually collects your health information directly from you and with your consent. We will only collect your personal information from someone else if we have your consent, or if it is authorised or required by law, or if it is not reasonable or practical for us to collect that information from you. For example, we may do so in an emergency where your life is at risk and you cannot consent.
We will collect your personal information from third parties where it is necessary to provide our services including from health, medical and support service providers (e.g. pathology labs), allied health professionals, health insurance funds, government agencies, event organisers/partners, your family and friends and job referees.
How We Will Use and Disclose Your Information
SJGHC will only use or disclose your personal information to provide you with health care or services, or to manage our health service effectively or as is permitted or required by law.
The following paragraphs (a) to (e) outline the purposes for which SJGHC collects, uses, stores and discloses personal information. SJGHC will only use or disclose your personal information for any other purposes if we have your consent.
(a) Provision of services by SJGHC to patients and clients:
Personal information is collected and used by SJGHC for the purpose of providing our patients and clients with health care and other services. Where necessary, your personal information may be disclosed to other health care providers, such as your general practitioner, your specialist, a home service provider, district health nurse or another hospital that may be involved in providing ongoing care or services to you.
In addition, we may collect, use or disclose the personal information of our patients and clients for other purposes, including the following.
(i) Other health professionals and suppliers: Some of the services provided within or by our facilities may be outsourced or provided by a third party. We may provide your personal information to them in order to assist in your care. Further, if you require certain medical devices, medications or prostheses for your treatment, we may disclose your personal information to suppliers or manufacturers of those items. We may also provide your personal information to government agencies where we are providing health services under contracts with the Government. We require all such third parties to handle your personal information in accordance with the Privacy Legislation and this Privacy Policy.
(ii) Relatives, guardians or legal representatives: We may disclose your health information or information about services you receive to your next of kin, nominated relative, guardian or appointed legal representative, unless you inform us not to do so, however there may be certain situations where despite your objection we are still required to disclose the information.
(iii) Quality assurance/improvement and registries: From time to time, we may need to collect, use or disclose aspects of your personal information to monitor the standard of health services provided, through processes such as accreditation and evaluation, clinical audits, risk management, education and training of staff and quality assurance activities, including monitoring clinical outcomes and participating in clinical registries.
(iv) Patient satisfaction: To ensure we are delivering our services to meet the needs of our patients and clients, we monitor patient satisfaction. As a result, we, or someone we authorise, may contact you in the future to request your feedback on our services.
(v) Health service management: From time to time we may collect from, or disclose your personal or health information to, your health fund, Medicare, insurers, lawyers and your doctor for management, funding, complaint handling and claims management activities and in accordance with the My Health Records Act 2012 (Cth). This may include providing your information to other SJGHC advisers in the ordinary course of managing our business and to support our administrative functions incidental to providing the health services.
(vi) Billing: For billing and invoicing purposes, we may share relevant aspects of your personal information with third parties such as your other health care providers, Medicare, your private health insurance fund, external collection or account management agencies.
(vii) Contracted services: We engage third parties to assist us in carrying out our functions and activities. This may include IT suppliers, advisors and other professional service providers. We may provide your personal information to them where necessary to support the functions and activities related to your care. We require our contractors to handle your personal information in accordance with the Privacy Legislation.
(viii) Data required by law: From time to time we may have a legal obligation to provide information to various entities. Examples here are if your medical record is subpoenaed or for compulsory reporting to State and Federal authorities.
(ix) Direct marketing: If you agree, we may use your personal information to contact you to provide marketing or promotional information in relation to the services we offer. You can withdraw your consent at any time.
(x) Fundraising: St John of God Foundation relies on the generous support of the community to enable the delivery of better health outcomes, such as medical research, social outreach programs and major capital developments. We may use or disclose the personal information of our patients or clients to allow St John of God Foundation, or someone it authorises, to contact you regarding our fundraising or community projects. If you would prefer not to receive this information, you can opt out and withdraw your consent at any time.
(xi) Research: SJGHC conducts and participates in research across a wide range of health fields with the aim of improving patient outcomes, public health and safety and teaching. With your consent, SJGHC may use and disclose your health information which generally includes information contained in existing patient data, medical records and diagnoses by private specialists you have seen in the past
(xii) Religious Denomination: Should you indicate on admission that you wish to be visited by a hospital-endorsed representative of your religious denomination during your stay, your details will be given to the relevant chaplain, minister or cleric to enable this service to be provided.
(b) Employees:
SJGHC collects, uses and discloses personal information about its employees in order to perform its obligations as an employer and as required by law. However, the handling of past and current employee records are exempt from the Privacy Act where there is a direct relationship between SJGHC and that employee. SJGHC will retain employee records confidentially and in accordance with the Fair Work Act 2009 and the Fair Work Regulations 2009, which set out your entitlements in relation to these documents.
Telematics devices fitted to all SJGHC fleet vehicles collect and transmit data about the driver and their use of the vehicle, including location and driving data. Telematics data is used to improve caregiver safety, provide feedback regarding unsafe driving behaviour, monitor fleet utilisation, log trips for fringe benefit tax purposes, bill clients based on vehicle mileage, locate lost or stolen vehicles, provide data in the event of an accident, and maintain the telematics devices and data platform. The telematics data may be disclosed to SJGHC managers, supervisors and directors, SJGHC’s fleet management company and its subcontractors, and SJGHC’s insurer. More information about the collection and use of telematics data in fleet vehicles is available in SJGHC’s Fleet Vehicle Policy.
(c) Students, volunteers and job applicants:
We may use personal information of job applicants, students and volunteers to assess their suitability for employment or undertaking work experience or clinical placement or providing other relevant assistance. We may also use or disclose personal information about those individuals to contact them, for insurance purposes and to satisfy our legal obligations.
(d) Health professionals, contractors and suppliers:
SJGHC collects personal information about contractors, suppliers and health professionals that provide services to SJGHC for the primary purpose of assessing, accrediting and engaging their services or expertise. Personal information about some health professionals is also collected, used and disclosed for accreditation under the credentialing process set out in SJGHC’s By-Laws.
(e) SJGHC’s website:
When you visit SJGHC’s website, we do not attempt to identify you and we do not store your personal information unless you choose to provide this to us via an online form or by email, for example through our general enquiry or contacts page.
We note that our Internet Service Provider makes a record of your visit to our website and logs the following information for statistical purposes:
- your server address;
- your top level domain name (for example, .com, .gov, .au, .org);
- the date and time of your visit;
- the pages and documents you accessed; and
- the type of browser you are using.
We may also use 'cookies' or other similar tracking technologies on our website to help us track the performance of our website, your website usage and to remember your preferences. Cookies are small files that store information on your device’s browser and can be disabled through your internet browser but our website may not work as intended for you if you do so.
This information is only used to evaluate the effectiveness of our website and, in the event of an investigation, a law enforcement agency or other government agency may exercise its authority to inspect the logs maintained by our Internet Service Provider. Where we collect your personal information from our website, including through cookies, we will handle it in accordance with this Privacy Policy.
Our website may contain links to websites of third parties. We are not responsible for the privacy policy and practices of such third party websites. If you want more information, we recommend you contact those websites directly.
Data and Security Storage
SJGHC securely stores your information in a range of mediums including electronic systems, electronic instrumentation, paper files and images.
SJGHC has data protection and security measures in place which include administrative, physical and technical access restrictions, with only authorised people able to access relevant data.
Generally, we store your personal information within Australia. On occasion, we may enter into arrangements with third parties to access and store your personal information outside of Australia. Before doing so, we will take steps to ensure that the overseas third party will handle your personal information in a manner that will not breach the Privacy Legislation and require that the third party comply at all times with that legislation.
When your personal information is no longer required it will be destroyed or de-identified securely in line with our retention and destruction policy in compliance with government regulations.
Requests for Access or Correction
1. If you wish to access or correct your personal information you should:
a. make your request in writing by email, post or facsimile to the privacy officer at the hospital or service; or
b. complete and lodge an application form which is available on our website at www.sjog.org.au/privacy
2. We do not charge fees for correction of information. There is no application fee for making a request for access to your personal information. However, you may be charged administration, photocopying, counter, courier and delivery fees. Further information on our fees is set out on our website or you may contact the privacy officer at the relevant SJGHC hospital or service.
3. We will respond to your request for access or correction within a reasonable period. We will provide access or make the correction requested unless we deem it appropriate to withhold the information or not make the correction, and are permitted by law to do so. We will notify you of the basis of any denial of access or correction to your personal information.
a. Where we allow access, the relevant officer will arrange to give you access to your personal information in the manner you have requested, if it is reasonable or appropriate, and practicable to do so.
b. If we agree that the personal information requires correction, the relevant officer will make the alterations or notation. If we do not believe a correction is necessary, you may insert an addendum (noting your comments) into the record.
4. The following documents may assist you in applying for access to your health information or applying to amend your health records in Victoria, Western Australia or New South Wales. For forms relating to other states or New Zealand, please contact the hospital or service directly.
- Form: Application for release of information
- Form: Application to amend health records
- Form: Request for health records relating to adoption
5. Your request for access will normally be processed within 30 days (WA) or 45 days (Victoria and NSW) of receipt.
How to make a complaint
If you have any concerns about your privacy or wish to make a complaint about your privacy, please contact the relevant SJGHC hospital or service (see www.sjog.org.au/contactus).
Your complaint should be in writing addressed to the privacy officer of the relevant hospital or service and you should provide us with sufficient details together with any supporting material regarding your complaint. Please include your name, email address and/or telephone number and clearly describe your complaint.