Introduction to Privacy
ACHA hospitals are bound by the National Privacy Principles in the Commonwealth Privacy Act and by state and territory privacy laws. ACHA hospitals are committed to the right to privacy and the protection of personal and health information in accordance with privacy laws.
Dealing with ACHA Anonymously
Where it is lawful and practicable to do so, individuals may deal with ACHA anonymously (e.g. when inquiring about its services generally).
Why does ACHA Collect Personal Information?
If an individual is to receive or has received a service from ACHA, ACHA will collect and hold their personal information to:
- Gain an understanding of the individual’s needs so ACHA may provide them with the required service and advice
- Contact the individual to provide advice or information in relation to the way in which the service will be or has been provided
- Improve the quality of ACHA service
- Administer and manage those services including charging, billing and collecting debts
- Where required by law
What Personal Information does ACHA Collect and Hold?
The information collected may include an individual’s:
- Date of birth
- Address (postal and email)
- Telephone numbers
- Medicare, health fund and health insurance cover details
- Medical history, test results and other health information
- Other information necessary for ACHA's functions and activities
- Persons to contact in case of emergency
How is Personal Information Collected?
ACHA will, if reasonable and practicable to do so, collect personal and health information directly from the individual concerned. This may take place when the individual fills out documents such as an admission form or an administrative form or when the individual gives us personal and health information in person or over the telephone.
ACHA may collect personal and health information from third parties such as:
- An individual’s representatives (e.g. authorised representative or legal adviser)
- An individual’s health service provider
- A health professional who has treated the individual
- The individual’s family
- Other sources where necessary to provide a health service
Disclosing Personal Information
ACHA may disclose personal information for the purposes of:
- Continuity of care with other health service providers involved in the individual’s treatment or diagnostic services
- Providing an individual with further information about treatment options
- Conveying information to a responsible person (e.g. parent, guardian, spouse) when the individual is
- Incapable or cannot communicate, unless the individual has requested otherwise
- Conveying information to close family members in accordance with the recognised customs of medical practice
- Management, funding, service-monitoring, planning, evaluation and complaint handling
- Legislative and regulatory compliance
- Quality assurance or clinical audit activities
- Accreditation activities
- Health insurance funding
- Billing and debt recovery
- Addressing liability indemnity arrangements including reporting to the hospital’s insurers and legal representatives
- Preparing the defence for anticipated or existing legal proceeding for the hospital or treating specialist.
- Research or the compilation or analysis of statistics relevant to public health and safety
- Activities directly related to the provision of health services to an individual where the individual would reasonably expect disclosure
ACHA will only provide personal and health information for the purposes of marketing and promotional activities with the individual’s consent.
Transborder Data Flows
ACHA operates and communicates with organisations throughout Australian and overseas. Therefore some disclosures may occur outside the state or territory in which an individual is resident, and in some circumstances, outside Australia. ACHA will only disclose information to an organisation in a country, which has a substantially similar privacy regime.
Using Government Identifiers
In certain circumstances, ACHA is required to collect government identifiers such as Medicare, pension or Veteran’s Affairs numbers. ACHA will only use or disclose this information in accordance with the law.
Storing Personal Information
ACHA stores personal and health information in different ways, including in paper and electronic form. The security of personal and health information is important to ACHA and reasonable steps are taken to protect it from misuse or loss and from unauthorised access, modification or disclosure. Some of the ways this is done include:
- Requiring ACHA staff to maintain confidentiality
- Implementing document storage security
- Imposing security measures for access to ACHA computer systems
- Providing a discrete environment for confidential discussions and treatment
- Only allowing access to personal and health information where the individual seeking access has satisfied ACHA's identification requirements
Personal and health information is retained for the period of time determined by law and is disposed in a secure manner.
Keeping Personal Information Accurate and Up-To-Date
ACHA takes all reasonable steps to ensure that the personal and health information it collects, uses and discloses is accurate, complete and up-to-date. However, the accuracy of that information depends largely on the quality of the information provided to ACHA. It is therefore suggested that individuals:
- Let us know if there are any errors in their personal or health information; and
- Keep us up to date with changes to their personal information (e.g. their name and address)
Individuals may do this by mail or email (see “CONTACT US”).
Accessing Personal Information
Medical records are the property of ACHA Health Inc, however individuals have a right to access them subject to some exceptions allowed by law. Individuals can contact ACHA to request access (see “CONTACT US”). ACHA may charge a fee for collating and providing access to personal and health information. In the case of Pathology services, it is recommended that patients obtain the information from the referring doctor.
ACHA will disclose to an authorised personal representative or legal adviser where the individual has provided written authority.
Office of The Privacy Commissioner
GPO Box 5218, Sydney NSW 2001
Individuals may ask any questions about privacy and the way ACHA manages personal and health information, complain about the handling of their information or obtain a form requesting access to personal and health information by contacting the Director of Nursing of the hospital either by phone or in writing (see “CONTACT US”).