This Privacy Statement sets out how The Cross Radiology collects, uses, discloses and otherwise handles and retains personal information (including sensitive (health) information) in accordance with our obligations under the Australian Privacy Principles (APPs) contained in schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988 (Privacy Act).
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.
This Privacy Statement also applies to personal information that we collect and hold about referring Heath Professionals (and their nominees), Medical Specialists and hospital staff (and their nominees), other health service provider, individuals who supply goods and services to The Cross Radiology, employment applicants and other individuals that we have dealings with.
What is Personal Information and How We Collect It
Personal information is information or an opinion that identifies an individual. Personal information we commonly collect may include your:
• Date of Birth
• Government identifiers (including Medicare, pension/or health care card information)
• E-Mail addresses
• Phone numbers
• Medical History
• Billing Information (including your bank details)
• Workers compensation, third party insurance, health insurance details
• Any other information provided to us by our patients at time of visit including details of any feedback, complaints, suggestions etc.
This personal information is obtained in many ways including interviews, correspondence, by telephone and facsimile, by email, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties.
Why We Collect and Hold Your Personal Information
The Cross Radiology collects and retains personal information (Including sensitive (health) information) in order to provide:
• Quality medical imaging services, assist in the provision of medical care to patients and prospective patients; and
• Patient-related services to referring Health Professionals and/ or other health service providers and their respective nominees.
Personal information is also collected from, and about, employment applicants and held by The Cross Radiology for employment-related purposes and other individuals with whom we have business dealings.
Generally, we collect personal information directly from you. However, in some circumstances we may be provided with information by third parties, including from your referring Health Professional and/ or Medical Specialist. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
The Cross Radiology also collects and holds sensitive (health) information from others in the course of providing health services to you including but not limited to:
• The results of any tests or procedures
• Information about your past clinical history (e.g. medication taken, previous test results, pathology results, etc.) and other circumstances (including family, social, medical or employment history);
• Information provided by your referring Health Professional and/ or Medical Specialist that is necessary in the context of your treatment;
• Information provided by other third parties (such as from a family member, authorised representative, or from an Allied Health Professional (such as from a physiotherapist, chiropractor, osteopath, podiatrist, dentist, nurse, etc.));
• Payment and administrative information (such as your Medicare number and other individual health identifiers, Workers Compensation insurance, Transport Accident Compensation, private health insurance or billing details);
• Information required or authorised under an Australian law or a court/tribunal order; and/ or
• Any other information collected directly from you (including verbally) when you attend our clinics/ officers, write to or call us through our websites.
Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
If you choose not to provide your personal information (including sensitive (health) information) to The Cross Radiology, we may unable to provide you with the services you request.
How We Use Your Personal Information
The Cross Radiology will use your personal information (including sensitive (health) information) for the purpose of:
• Making an assessment of you health status
• Providing a specialist medical report about your health to your referring Health Professional and/ or Medical Specialist or to third parties (such as to a family member, authorised representative, or Allied Health Professional, etc.);
• Providing your treatment administrative services (such as billing and collection of any outstanding debts);
• Sending out appointment reminders;
• Notifying relevant organisations (such as medical defence organisations, insurance companies and/ or legal advisors) of an incident/ accident when a claim of medical malpractice has been alleged;
• Ongoing research of specific cases for the continuing education of professional personnel (all information is de-identified prior to use);
• Quality assurance activities, practice accreditation, customer satisfaction surveys, market research/ statistical analysis, providing medical imaging information and complaint handling;
• Assessing and/ or sourcing candidates for employment and processing their applications; and/ or
• Responding to messages/ enquires you submit through our websites.
Disclosure of Personal Information
The Cross Radiology do not sell or disclose personal information (including sensitive (health) information) about our patients to drug companies or other health organisations/ persons who are not involved in your medical care.
The Cross Radiology will sometimes need to use and disclose personal information (including sensitive (health) information) about you where it is reasonably necessary and relevant in the context of your treatment to organisations outside of The Cross Radiology for medical, ethical, insurance, legal and/ or procedural reasons. These organisations may include:
• Your referring Health Professional, nominees of your referring Health Professional (for example employees and other Health Professionals in your referring Health Professional’s clinic) and any ‘copied to’ Health Professional;
• Consultant Medical Specialists or other registered Health Professionals who inform us are involved in your ongoing health care outside of The Cross Radiology and who have been requested to provide further advice on your medical condition or to assist in responding to enquires submitted through our websites;
• Hospital medical staff;
• Registered Health Professionals granted access to The Cross Radiology’s secure web-based password-protected Referrer Portal (see below);
• Local and offshore contractors whom we have partnered with, under strict confidentiality and privacy requirements, including those that relate to cross-border disclosure, to provide services to our business operations;
• Your representative(s) (e.g. a guardian, carer, translator/ intermediary and/ or authorised representative (such as a family member or legal advisor));
• Health services or enforcement bodies in situations where The Cross Radiology is informer that there is a serious threat to life, health or safety;
• Insurers (such as Medicare, Workers Compensation insurer, Transport Accident insurer or your private health fund) for the purpose of benefits payable or other third parties for billing/ accounting purposes;
• Our professional advisors (such as auditors and legal advisors);
• Government and regulatory authorities and other organisations, as required or authorised by or under an Australian law, and/ or
• The Cross Radiology associated entities (as that term is defined in the Corporations Act 2001 (Cth)) within our corporate group structure.
You can contact The Cross Radiology Privacy Officer (Company Secretary) if you have any questions around the disclosure of your personal information, including information about the disclosure of personal information ton offshore contractors and the countries in which our contractors are located.
The Cross Radiology will de-identify information (including sensitive (health) information) about you for use and disclosure of that de-identified information or organisations outside of The Cross Radiology for the purposes of analysing our service quality and timeliness. De-identified personal information (including sensitive (health) information) may also be use internally for education purposes.
Storage and Security of Personal Information
The Cross Radiology has procedures in place that ensure your personal information is stored securely and protected from misuse, loss and from unauthorized access, modification or disclosure. Some of the steps taken to ensure this include:
•A secure electronic database of both your personal information (RIS – Radiology Information System) and images (PACS – Picture Archiving and Communication System) of any procedures performed by The Cross Radiology
• Dedicated back up/archive system of the RIS and PACS systems
• Database only accessible by persons requiring access to the database for the purpose of their employment. E.g. Medical Receptionist, Sonographer
• Hard copy storage in secure onsite storage facilities
• Hard copy destruction using dedicated Third Party Secure Destruction Company
• Regular review of policies and procedures
The Cross Radiology is subject to strict obligations under State and Territory laws as to the retention of health information and records. Generally, as a minimum, we retain health information as follows:
• An individual was an adult for 7 years from the last occasion we provided health services
• An individual was under the age of 18 years, until the individual turns 25
When your Personal Information is no longer needed for the purpose for which it was obtained and we are not otherwise required by law to retain the information. We will take reasonable steps to destroy or permanently de-identify your Personal Information.
Online Access by Registered Health Professionals to Your Medical Images and Reports
The Cross Radiology provides a secure web-based password-protected Referrer Portal for registered Health Professionals and hospital medical staff to access patient images and reports. Your personal information (including images and reports) maybe available through this portal. Users of this service are subject to an obligation to collect health information with your consent and, in many cases, are bound by codes of practice tat deal with obligations of professional confidentiality relevant to their profession.
Health Professionals will apply to The Cross Radiology for a username and password in order to access this service. Before a Health Professional is granted online access they must accept the terms set out in a User Access Agreement stating that the information is required in order to provide a medical service and that it will not otherwise be used or knowingly shared or disclosed. Our systems trace, record and store indefinitely all access activity on every patient file.
Your personal information will be accessible online via the Referrer Portal to your health professional, who The Cross Radiology records show is involved in your care (e.g. your family doctor or specialist). With your express consent, or the express consent of another person acting on your behalf (e.g. parents, guardian for a child), or in situations where The Cross Radiology is informed that there is a serious threat to life, health or safety, we may also provide access to other health professionals. You may also elect to give express consent to The Cross Radiology providing access to your personal information (including images and reports) to Medical Specialists or hospital medical staff.
On your visits to The Cross Radiology, your permission to use, send and disclose your records via these secure online/electronic methods will be sought. Information will only be sent to your referring or treating health professional.
Access to and Correction of Your Personal Information
The best way to obtain your results is in consultation with your referring health professional, so that they can interpret the results and explain them to you in the context of your health care. Your imaging findings are only one aspect of your health assessment. Your referring health professional is in the best position to discuss the imaging results and balance it with your other examination findings and other health test results.
You may, however, request access the personal information we hold about you. The Cross Radiology will not charge any fee for your access request, but may charge an administrative fee for reproducing a copy of your results or images (if available). We will inform you of any costs before they are incurred.
You may also request that we correct/change the personal information we hold about you if you consider it to be inaccurate, out of date, incomplete, irrelevant or misleading.
You may request access to, and /or correction of, your personal information by contacting The Cross Radiology. In order to maintain the security of your personal information, confirmation of your personal details, as well as date of last visit and type of examination taken, will generally be required before copies of information will be supplied.
You have a right to access your personal information, such access may be granted or denied by us in accordance with the APPs, We are not obliged to provide access if:
• We reasonably believe that giving access would pose a serious threat to the life =, health or safety of any individual, or to public health or public safety
• Giving access would have an unreasonable impact on the privacy of other individuals
• The request for access is frivolous or vexatious
• The information relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings
• Giving access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations
• Giving access would be unlawful
• Denying access is required or unauthorised by or under an Australian law or a court/tribunal order
• We have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would likely to prejudice the taking of appropriate action in relation to the matter
• Giving access would likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body or
• Giving access would reveal internal evaluative information in connection with a commercially sensitive decision-making process
• If your access or correction request is denied, a reason will be given to you (expect if it is unreasonable to do so) and we will inform you of the mechanisms available to complain about the refusal (see complaints section below).
The Cross Radiology provides a confidential film delivery service. This service maybe provided by our own staff, commercial couriers, taxis or Australia Post. If this is unacceptable to you, please arrange with our staff to collect your own films. If you intend to have another person to collect your films on your behalf, you must provide written consent to this collection, including the name of person collecting your films.
In order to protect your personal information we may require identification from you before releasing the requested information.
Maintaining the Quality of Your Personal Information
It is an important to us that your personal information is up to date. We will take reasonable steps to ensure that your personal information is accurate, complete and up-to-date. The accuracy and completeness of that information depends on the information you provide to us. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as possible so we can update our records and ensure we can continue to provide quality services to you.
This policy may change from time to time and is available on our website.
If you have any concerns about the manner in which your personal information is treated or privacy generally, then you may make a complaint. Complaints should be made in writing to the Privacy Officer at the address below. The complaint will be investigated and endeavour to respond as quickly as possible (generally within 30 days of receipt of the complaint). If you feel your complaint has not been dealt with correctly or you are dissatisfied with the response, you may refer the matter to The Office of the Australian Information Commissioner (OAIC)
The Cross Radiology
Attention: Privacy Officer
Suite 8, Level 1
2 Cross Street
Hurstville NSW 2220
Phone: +612 9586 0833
Fax: +612 9579 5377