CompMed Health Institute
AUSTRALIAN PRIVACY PRINCIPLES (APP) POLICY
Who ‘we’ are
We are a boutique acupuncture clinic on the Gold Coast, Australia and we provide acupuncture treatments, diet and lifestyle advice and nutritional supplements to our patients.
CompMed Health Institute are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988(Commonwealth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Commonwealth), the Australian Privacy Principles and the Information Privacy Act 2009 (Queensland).
In order to provide patients with adequate professional health care services and/or medical services, CompMed Health Institute will need to collect and use personal information.
We collect information that is necessary and relevant to provide you with professional health treatment and/or medical treatment, and manage our health care practice. It is important to be aware that if you provide incomplete or inaccurate information or withhold personal health information, we may not be able to provide you with the services you are requesting. This may include information about your health history, family history, ethnic background or current lifestyle to assist the health care team in diagnosing and treating your condition. We may also need to collect information from
other sources such as treating specialists and other health care providers. Either your practitioner, and/or non-medical staff may collect this information. In emergency situations we may also need to collect information from your relatives or friends. We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; computer and connection information and booking history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, communications); comments, feedback, recommendations, and personal profile. We may be required by law to retain records for certain periods of time depending on your age at the time we provide services. This information may be stored on our computer records system and/or in hand written medical records.
How we collect information
When you make a booking over the phone, in person or on our website, as part of the process, we collect personal information and health information you provide us. Other methods of collection include our confidential intake forms, during face to face consultation, referral from another health care professional, or online via our website, booking site, social media and newsletter sites. In other instances, we may need to collect personal information about you from a third party source eg. where your health is potentially at risk and your personal information is needed to provide you with
emergency medical treatment. Your personal information will be used for the specific reasons stated in this document only. CompMed Health Institute endeavours to store and retain your personal & health information in electronic records that are stored securely on a local server and in our
online platforms that are firewalled. For more information on those companies privacy policies please go to:
Xero Privacy Notice https://www.xero.com/au/about/terms/privacy/,
Some hard copy records such as those obtained from other health services are secured until they can be scanned and managed electronically.
How we store, use, share and disclose your personal information?
Our company website is hosted on the Wix.com platform and we use Timely online booking system and Xero accounting system. These systems provide us with the online platforms that allow us to offer our products and services to you. Your data may be stored through Wix, Timely, Xero
data storage, databases and the general applications. They store your data on secure servers behind a firewall. Your personal information may also be scanned, stored and backed up on our firewalled and password protected clinic computer system.
We will only use or disclose your personal information for the following purposes:
1 To provide and operate the services we offer;
2 To provide our patients with ongoing care and support;
3 To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
4 To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we may use to provide and improve our respective services;
5 To comply with any applicable laws and regulations.
6 To assist outside contractors in carrying out activities on our behalf, such as an IT service provider, solicitor or debt collection agent.
How we communicate with you
We may contact you to notify you regarding your bookings, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text
messages, and postal mail.
Data Quality and Security
We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. We may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by: securing our premises; placing extensive security measures across our computer network by placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and providing locked cabinets and rooms for the storage of physical records.
How you can withdraw your consent for collection of personal information, and how you can request access to, or change of, the collected information.
You are entitled to request in writing access to your personal and health records. There may be a fee for the administrative costs of retrieving and providing you with copies of your records. Some records cannot be accessed, changed or deleted as required by law. All changes to personal information will be subject to patient’s consent and acknowledgement. If you believe that the information we have about you is not accurate, complete or up-to-date, or if you wish to review your consent for receipt of CompMed’s promotional material please contact us in writing.
The address for written request for access to personal information
is: email@example.com or send us mail to: PO Box 762, Southport BC, QLD, 4215.
Use of Overseas Parties:
We do not sell or rent your information to any third parties or overseas entities. We do engage with our trusted overseas platforms via our online systems, and your information may be transferred, appointed and disclosed solely in the interest of completing tasks and providing services to you.
Disposal of Personal/Health Information
If we receive any unsolicited personal information or if we hold any personal or health information about you that is no longer deemed relevant or appropriate we will reasonably de-identify and dispose of said information accordingly.
Access to Policy
The Practice Policy and Procedure Manual:
Full Hard Copies provided upon request
Policy Summary available on request at clinic reception
Online at www.compmed.com.au
Questions and our contact information
If you would like to: access, correct, amend any personal information we have about you, you are invited to contact us at:
CompMed Health Institute
PO Box 762
Southport BC Qld 4215 Australia
The APPs regulate how CompMed Health Institute may collect, use, disclose and store personal information and how individuals, including CompMed Health Institutes patients may:
address breaches of the APPs by CompMed Health Institute
access their own personal information; and,
correct their own personal information.
"personal information" as defined by the Privacy Act 1988 (Commonwealth).
Meaning "information or an opinion including information or an opinion forming part of a database, whether true or not, and whether recorded in a material format or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion"; and,
"health information" as defined by the Privacy Act 1988 (Commonwealth).
This is a particular subset of "personal information" and means information or an opinion about:
the health or a disability (at any time) of an individual;
an individual's expressed wishes about the future provision of health services to him or her; or,
a health service provided or to be provided to an individual.
Personal information also includes 'sensitive information' which is information including, but not limited to a patient’s:
sexual preferences; and or,
Information deemed 'sensitive information' attracts a higher privacy standard under the Act and is subject to additional mechanisms for the patient’s protection.