UPDATE: This policy was amended on 19 May 2023 to include references to collection and storage or incoming phone calls and security camera footage.

North Brighton Medical is the trading name of Asclepius Nominees Pty Ltd (ACN 622 300 690) as trustee of the Peplow Family Trust (ABN 21 890 759 819) ("North Brighton Medical", "we", "our" or "us"). We operate a medical clinic and maintain a website under the domain name northbrightonmedical.com.au ("Website").

We recognise the importance of maintaining the privacy of the personal information of the individuals we deal with in conducting our business.

This Privacy Policy applies to the collection, use and disclosure of personal information by North Brighton Medical, and is made in accordance with the Australian Privacy Principles which apply to North Brighton Medical pursuant to the Privacy Act 1988 (Cth) ("Privacy Act") and the Health Privacy Principals which apply pursuant to the Health Records Act 2001 (Vic) ("Health Records Act").

In the event of inconsistency between this Privacy Policy and the Privacy Act or the Health Records Act, the Privacy Act or Health Records Act will prevail.

You agree to the terms of this Privacy Policy if you:

• engage us or our contractors to provide you with health services;

• contact us to enquire about our services; or

• visit our Website.

How is personal information collected by North Brighton Medical?

North Brighton Medical generally collects personal information from you directly, for example when you:

• enter our clinic;

• contact us to enquire about our services or to book an appointment, whether by telephone, email or using our online booking platform, which is operated by HotDoc, or in person at our clinic;

• complete our New Patient Registration Form, usually before your first consultation, using HotDoc or a paper-based form; and/or

• attend a consultation and disclose personal information to a doctor or other health professional.

We sometimes also collect personal information from other sources, such as from:

• your parent, guardian or responsible person, or a relative or friend if they attend an appointment with you or if they contact us;

• your My Health Record, Australian Immunisation Register record, National Cancer Screening Register records and MyMedicare registration;

• other health professionals you have attended, such as such as previous general practitioners, specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services;

• government health agencies such as Medicare, the Department of Veteran’s Affairs, the Pharmaceutical Benefits Scheme, WorkCover authorities (such as WorkCover Victoria), the Transport Accident Commission and SafeScript;

• your employer or prospective employer; or

• law enforcement agencies and other government entities.

We will take reasonable steps to notify you about our collection of your personal information, and will provide all relevant information prescribed under the Privacy Act or the Health Records Act.

We will only collect personal information by lawful and fair means. We will destroy or de-identify any personal information we receive if we would not ordinarily be permitted to collect that information under the Privacy Act or the Health Records Act.

What kinds of personal information are collected by North Brighton Medical?

The personal information we may collect includes:

• your name and date of birth;

• general contact information such as your address, telephone number and email address;

• your ethnic background;

• your profession, occupation or job title;

• your Medicare number, Veterans’ Affairs number, Health Care Card number or Pensioner Concession Card Number, your private health insurance details, and your Individual Healthcare Identifier, if any;

• your current and past medical history, including your family medical history, current medications and/or treatments you are using, allergies, adverse events, immunisations, social history and risk factors;

• your next of kin and/or emergency contact;

• images (including photos, videos, x-rays and scans);

• details of the health services you acquire from us;

• the name of any health service provider or medical specialist who we refer you to or who refers you to us, and copies of any referral letters and reports;

• audio recordings of incoming phone calls;

• video recordings from security cameras in the reception area and hallways of our clinic;

• financial information including bank account and credit card details to process payments; and

• any queries you have, and our response to those queries.

What happens if we don’t collect your personal information, or if you want to remain anonymous of use a pseudonym?

If you do not provide us with the personal information described above:

• your diagnosis and treatment may be inaccurate or incomplete; and/or

• you may not be able to claim Medicare benefits or private health insurance rebates for services we provide; and/or

• you may not be able to be issued with referrals or prescriptions; and/or

• we may not be able to provide the requested services to you properly, or we may not be able services to you at all.

You have the right to deal with us anonymously or under a pseudonym, unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. We note in most cases it will be impracticable for us to provide you with healthcare with you remaining anonymous or using a pseudonym, for the reasons described above.

How is personal information used by North Brighton Medical?

We will use the personal information we collect from you to provide you with the services that you have requested or otherwise to enable us to carry out our business as a medical clinic. This includes:

• supplying health services to you;

• sending you reminders about your booked consultations or follow-up consultations you need to book;

• sending you electronic prescription tokens (eScripts) and eReferrals for pathology or radiology via SMS or email;

• responding to your queries and to deal with any complaints you may have;

• for administrative and billing purposes;

• marketing including email marketing, promotional and educative activities;

• ensuring compliance with our statutory obligations;

• monitoring the safety and security of the clinic’s public areas;

• quality improvement activities, the monitoring the performance of our business and clinical audits; and

• to meet obligations of notification to our medical defence organisations or insurers.

When we collect personal information about you, we will not use that information for any purpose other than the primary purpose for which it is collected, except as otherwise set out in this Privacy Policy or as permitted or required by the Privacy Act or the Health Records Act.

How is personal information disclosed by North Brighton Medical?

We may disclose your personal information in the following circumstances: 

• as discussed with you in a consultation;

• to our employees, our medical professionals and allied health practitioners who provide medical services to you at our clinics, contractors or service providers for the purposes of operation of our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;

• to other health services providers, for example in referring you to them as a patient (such as specialists, hospitals, allied health professionals), to pharmacies for medications, or where you request a transfer of your medical records;

• to government agencies, when required to by law (including Medicare, WorkCover authorities, the Transport Accident Commission, the Australian Immunisation Register and the National Cancer Screening Register);

• when it is required or authorised by law, such as:

  • in response to court subpoena;

  • to assist in locating a missing person;

  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent; or

  • where the law requires notification of a particular disease;

• to your private health insurer, for the purpose of you obtaining rebates;

• to establish, exercise or defend an equitable claim, or for the purpose of confidential dispute resolution process;

• to suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and

• to your employer or prospective employer, their authorised representatives and their insurer in the case of a work-related consultation or service.

If we need to contact you and are unable to, we may contact your next of kin and/or emergency contact to see if they can assist us in getting in touch with you.

We report patient data to our primary health network to use for population health and research purposes, however all such data is de-identified. If you do not wish to have your de-identified data reported, please notify us to opt-out.

If North Brighton Medical sells all or part of its business operations to another party, our client database may form part of the sale such that personal information is disclosed to the new owner of the business.

North Brighton Medical will not otherwise use or disclose any information about you without your consent, except as otherwise required or permitted under the Privacy Act or the Health Records Act. Only people who need to access your information will be able to do so.

We do not disclose personal information to any recipients located outside Australia except as required or permitted under the Privacy Act or the Health Records Act.

Personal information about children under 16

Normally, a parent or guardian of a child under the age of 16 will have a right to medical information about that child.

However, there may be circumstances where medical information about a child is withheld from the child’s parents and guardians if necessary, to protect the right of a child to privacy. This will depend on our assessment of the level of the child’s understanding and intelligence to understand the various considerations in the particular circumstances.

Does North Brighton Medical use personal information for direct marketing communications?

We may contact you using the contact details which you provide to us in order to provide you with direct marketing communications about our services and business.

We will comply with our obligations under Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth) in relation to such direct marketing communications.

You may opt out of receiving direct marketing communications from us at any time by contacting us using the details set out below.

How does North Brighton Medical store personal information?

We will take all reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification or disclosure.

We store personal information we collect on on-site servers, with cloud-based backup servers located in Australia.

We also use the following secure cloud-based storage facilities:

• Foto Finder to store images collected during skin checks;

• our security camera provider, Arlo, to store video recordings from security cameras (used for safety and security, and stored for for no more than 30 days); and

• our phone provider, Maxotel, to audio store recordings of incoming phone calls (used for quality and training purposes, and stored for no more than 30 days).

We do not generally store hardcopies of documents – hardcopies are scanned and saved into our electronic patient health information system and the originals are destroyed. Hardcopies of confidential documents that are retained are stored in locked filing cabinets.

Our electronic patient health information system is accessed by our practitioners and other staff our using unique logins with secure passwords known only to the specific user. User settings mean that staff are only able to access the types of information they need to access to in order to perform their duties. We require our employees and contractors to protect the confidentiality of the personal information we hold.

By law, we are required keep medical records for a minimum of seven years from the date of last entry into a person’s record, unless the person is a child in which case must keep the records until the patient turns 25 years of age.

If we determine that we no longer require your personal information, we will take reasonable steps to dispose of it securely.

How can I access, change or delete North Brighton Medical's records of my personal information?

You may request access to our records of your personal information by contacting us using the details set out below. We will generally make your information available to you within 14 days of receiving your request. However, we may require you to pay a reasonable charge for access. We also reserve the right to refuse you access to your information in certain circumstances if permitted by the Privacy Act or the Health Records Act.

North Brighton Medical will use its best endeavours to ensure that the personal information it holds is accurate, complete and up-to-date.

If you wish to update your personal information, please contact North Brighton Medical using the details set out below to request an amendment to your record. Where it is established that personal information we hold about you is not accurate or up-to-date, we will take all steps necessary to amend it. In some cases, we may disagree that there are grounds for amendment, in which case we will add a note to the relevant section of our records stating that you disagree with that information.

Changes to the North Brighton Medical Policy

We reserve the right to change this Privacy Policy at any time. We will notify you of the changes by publishing an updated version of the policy on our Website.

How can I make a query or complaint about privacy?

If you have any enquiries about this Privacy Policy or wish to make a complaint about a matter relating to privacy, please contact us using the details set out below:

• write to us at:

Justin Meyer, Privacy Officer
North Brighton Medical
75 Asling Street
BRIGHTON VIC 3186

• telephone us on (03) 8506 9949; or

• email us at info@northbrightonmedical.com.au (please refer to our Email Policy).

North Brighton Medical takes complaints seriously, and upon receipt will examine the complaint and instigate internal procedures to ensure compliance with the Privacy Act and the Health Records Act. We will endeavour to respond to any complaints within 30 days of submission.  

You may also contact the following organisations with any privacy related complaints, or see their website more details:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

Health Complains Commissioner
Level 26, 570 Bourke Street, Melbourne VIC 3000
Phone: 1300 582 113
Email: hcc@hcc.vic.gov.au
Website: https://hcc.vic.gov.au

Generally, these organisations will require you to give us time to respond to your complaint before they will investigate.

Version 5.0
Effective date: 19 May 2023