Tweed Health for Everyone Privacy Policy

Part A – Purpose and Context

Tweed Health for Everyone Super Clinic is committed to ensuring the privacy and confidentiality of all personal information affiliated with Tweed Health for Everyone Super Clinic’s business undertakings.

Tweed Health for Everyone Super Clinic follows the terms and conditions of privacy and confidentiality in accordance to the Australian Privacy Principles (APPs) as per schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), forming part of the Privacy Act 1988 (‘the Act’).

The purpose of this Privacy Policy is to clearly communicate how Tweed Health for Everyone Super Clinic collects and manages personal information.

The point of contact regarding any queries regarding this policy is Alana Flohr, Practice Manager:  07 5589 7555,  admin@thesc.com.au.

Part B – Australian Privacy Principles

As a private sector health service provider and under permitted health situations, Tweed Health for Everyone Super Clinic is required to comply with the APPs as prescribed under the Act.

The APPs regulate how Tweed Health for Everyone Super Clinic may collect, use, disclose and store personal information and how individuals, including Tweed Health for Everyone Super Clinic’s patients may:

• address breaches of the APPs by Tweed Health for Everyone Super Clinic;

• access their own personal information; and,

• correct their own personal information.

In order to provide patients with adequate health care services, Tweed Health for Everyone Super Clinic will need to collect and use personal information. It is important to be aware that if the patient provides incomplete or inaccurate information or the patient withholds personal health information Tweed Health for Everyone Super Clinic may not be able to provide the patient with the services they are requesting.

In this Privacy Policy, common terms and definitions include:
"personal information" as defined by the Privacy Act 1988 (Cth).  Meaning "information or an opinion including information or an opinion forming part of a database, whether true or not, and whether recorded in a material format or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion"; and, "health information" as defined by the Privacy Act 1988 (Cth). 

This is a particular subset of "personal information" and means:

• Information or opinion about the health or disability (at any time i.e. past, present or future) of an individual that can be classified as personal information;

• Information or opinion about an individual’s expressed wishes about the future provision of health services that can be classified as personal information;

• Information or opinion about health service provided, or to be provided, to an individual, that can be classified as personal information;

• Other personal information collected to provide, or in providing, a health service.

Personal information also includes 'sensitive information' which is information including, but not limited to a patient’s:

• race;

• religion;

• political opinions;

• sexual preferences; and or,

• health information.

Information deemed 'sensitive information' attracts a higher privacy standard under the Act and is subject to additional mechanisms for the patient’s protection.

Part C – Types of personal information

Tweed Health for Everyone Super Clinic collects information from each individual patient that is necessary to provide the patient with adequate health care services.

This may include collecting information about a patient’s health history, family history, ethnic background or current lifestyle to assist the health care team in diagnosing and treating a patient’s condition.

C.1 Management of Staff and Contractor Information

Tweed Health for Everyone Super Clinic maintains the privacy of all contractors, including General Practitioners and allied health professionals, in accordance with privacy laws. Personal data collected during onboarding, such as ABN, bank account details, and identification, is stored securely and accessed only by authorised personnel for administrative purposes. Contractors may request access to their personal records or data held by the clinic, following the same procedure as staff

Part D – collection & Retention

This information will in most circumstances be collected directly from the patient through but not limited to the following mediums:

• Patient consent form;

• medical treatment form; and or,

• face to face consultation.

In other instances, Tweed Health for Everyone Super Clinic may need to collect personal information about a patient from a third party source. This may include:

• Emergency contact; or,

• other health service providers.

This will only be conducted if the patient has provided consent for Tweed Health for Everyone Super Clinic to collect his/her information from a third party source; or, where it is not reasonable or practical for Tweed Health for Everyone Super Clinic to collect this information directly from the patient. This may include when the patient’s health is potentially at risk and his/her personal information is needed to provide them with emergency medical treatment.

Tweed Health for Everyone Super Clinic stores and retains a patient’s personal & health information electronically onto a secure domestic server.

Telehealth Services and Electronic Records

Telehealth consultations at Tweed Health for Everyone Super Clinic are conducted through secure, approved platforms that comply with privacy laws. Data generated during telehealth consultations, including video, audio, and consultation notes, is treated as personal health information and stored securely. Patients will be informed of the telehealth platform’s data policies and must consent to the use of such platforms for consultations.

Part E – Purpose of collection, Use & Disclosure

Tweed Health for Everyone Super Clinic only uses a patient’s personal information for the purpose(s) they have provided the information for unless one of the following applies:

• the patient has consented for Tweed Health for Everyone Super Clinic to use his/her information for an alternative or additional purpose;

• the disclosure of the patient’s information by Tweed Health for Everyone Super Clinic is reasonably necessary for the enforcement of criminal law or a law imposing a penalty or sanction;

• the disclosure of the patient’s information by Tweed Health for Everyone Super Clinic will prevent or lessen a serious and imminent threat to somebody's life or health; or,

• Tweed Health for Everyone Super Clinic is required or authorised by law to disclose the patient’s information for another purpose

Health Professionals to provide treatment

During the patient’s treatment at Tweed Health for Everyone Super Clinic he/she may be referred to alternative medical treatment/services (i.e. pathology or radiology) where Tweed Health for Everyone Super Clinic’s staff may consult with senior medical experts when determining a patient’s diagnosis or treatment.

Tweed Health for Everyone Super Clinic’s staff may also refer the patient to other health service providers for further treatment during and following the patient’s admission.  These services include, but are not limited to:

• Allied Health professionals; or,

• Outpatient or community health services.

These health professionals will be designated health service providers appointed to use the patient’s health information as part of the process of providing treatment. Please note that this process will be conducted whilst maintaining the confidentiality and privacy of the patient’s personal information.

Alternative  Health services

At any point a patient wishes to be treated by an alternative medical practitioner or health care service that requires access to his/her personal/health information Tweed Health for Everyone Super Clinic requires written authorisation. This written authorisation is to state that the patient will be utilizing alternative health services and that these health services have consented for a transfer of personal/health information.

Other Third Parties

Tweed Health for Everyone Super Clinic may provide the patient’s personal information regarding a patient’s treatment or condition to additional third parties. These third parties may include:

• Legislative Requirements such as Subpoena, Court Order or Summons;

• WorkCover, Insurance Groups or law firms;

• A medical practice when patient care is being transferred.

• Where information is relevant or reasonable to be provided to third parties, written consent from the patient is required.   Additionally, the patient may at any time wish to advise that no third parties as stated are to access or be informed about his/her personal information or circumstances.

• A subpoena, court order or summons has the authority to compel production of medical records.  GPs are obligated to comply with a Legislative requirement or subpoena, and written consent from the patient is not required in this instance.

Other Uses of Personal Information

In order to provide the best possible environment to treat patients, Tweed Health for Everyone Super Clinic may also use personal/health information where necessary for:

• activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;

• invoicing, billing and account management;

• to liaise with a patient’s health fund, Medicare or the Department of Veteran's Affairs, as necessary,

Part F - Use of Artificial Intelligence (AI) Tools

Tweed Health for Everyone Super Clinic supports the ethical and responsible use of Artificial Intelligence (AI) to improve healthcare delivery and administrative efficiency.

Some doctors practising at the clinic utilise AI-powered tools to assist in documenting clinical notes. These tools are used only with the patient’s explicit consent, and patients are informed about the nature of the AI support being used during their consultation. Patients have the right to decline the use of AI tools, and alternative documentation methods will be used without affecting their care.

In addition, Tweed Health for Everyone Super Clinic uses AI in non-clinical administrative tasks, such as drafting communication templates, internal reporting, or improving workflow processes. These administrative uses do not involve any patient personal or health information and comply fully with Australian Privacy Principles and data protection legislation.

All AI tools used by the clinic, whether clinical or administrative, are vetted for compliance with relevant privacy and security standards. The clinic maintains oversight of how AI is implemented to ensure it supports staff and enhances services without compromising privacy or data integrity.

Part G – Access and changes to personal information

If an individual patient requests access to their personal information under the Health Records and Information Privacy Act 2002 (HRIP Act) he/she must follow the guidelines as laid out by the Information and Privacy Commission (IPC). Current instructions are available from www.ipc.nsw.gov.au

Once an individual patient requests access to his/her personal information Tweed Health for Everyone Super Clinic will respond within the required period of time to provide the information as per IPC current instructions.

All personal information will be updated in accordance to any changes to a patient’s personal circumstances brought to Tweed Health for Everyone Super Clinic’s attention. All changes to personal information will be subject to patient’s consent and acknowledgement.

If an individual requests access to his/her personal information from Tweed Health for Everyone Super Clinic A fee will be charged. Please note that this fee is associated with administrative costs only and the current fees are available from the Practice Manager.

G1   Data Breach Notification and Response

In the event of a data breach, Tweed Health for Everyone Super Clinic will promptly assess the nature and scope of the breach. If the breach is likely to result in serious harm, affected individuals and the Office of the Australian Information Commissioner (OAIC) will be notified within the required timeframe. Measures will be taken to contain the breach, prevent future occurrences, and provide support to affected individuals

Part H – Complaints handling

A patient may complain about a breach of their privacy to the Practice Manager or directly to the Information and Privacy Commission (IPC) NSW.  Complaints must be received within 6 months of the patient first becoming aware of the matter.

Upon receipt of patient complaint regarding a breach of his/her privacy, the Practice Manager will undertake a full investigation and report the findings in writing to the patient.  If it is deemed that a privacy breach has occurred, the practice manager will follow the current IPC procedure for reporting, and report the breach to IPC.

Part I – Personal Information and overseas recipients

Tweed Health for Everyone Super Clinic engages with carefully vetted overseas administrative service providers to support practice operations. These providers assist solely with non-clinical functions and do not access patient clinical notes or health files directly.

Types of services include:

-          Bookkeeping and reconciliation, with access limited to patient billing information.

-          Document allocation support, using secure external platforms that do not allow direct access to clinical software or patient files.

 These providers operate under strict privacy and security protocols, including:

-          Encrypted VPN access and geo-locked, office-based workstations,

-          Multi-factor authentication and endpoint threat monitoring,

-          Compliance with Australian privacy standards and HIPAA-aligned training.

 No identifiable clinical information is transferred or stored overseas. Administrative access is tightly controlled and monitored, and all data remains within Australian-based systems.

 Tweed Health for Everyone Super Clinic maintains oversight of all third-party arrangements and reviews provider security policies regularly to ensure continued compliance and protection of patient data.

 Part J – Disposal of personal/health information

Tweed Health for Everyone Super Clinic retains personal and health information in line with the Health Records and Information Privacy Act 2002 and employment legislation. When no longer required, records are securely destroyed or de-identified. Physical files are destroyed via secure shredding and electronic files are permanently deleted to prevent unauthorized access.

Part K – Access to policy

Tweed Health for Everyone Super Clinic provides access to this Privacy Policy for patients on our website: www.thesc.com.au   Hard copy of this policy will be provided upon request.

Part L – Review of Policy

Tweed Health for Everyone Super Clinic in accordance with any legislative change will review the terms and conditions of this policy to ensure all content is both accurate and up to date.

Notification of any additional review(s) or alteration(s) to this policy will be provided to patients through our website within 30 days.

Tweed Health for Everyone Super Clinic ensures all practices and documentation align with current Australian privacy legislation, including recent amendments such as the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022. Any required reporting under this legislation, such as mandatory breach notifications, will be promptly actioned.