Last updated October 2018
Sonic Imaging (SI) is operated by Sonic Healthcare and encompasses the following medical imaging entities in Australia:
- Castlereagh Imaging (CAS)
- Hunter Imaging Group (HIG)
- Illawarra Radiology Group (IRG)
- Queensland X-ray (QXR)
- SKG Radiology (SKG)
Any references to SI in this policy can be taken to mean any of the individual entities listed above or SI as group.
Sonic Imaging respects and upholds the thirteen Australian Privacy Principles (APP’s) outlined in the Privacy Act (the Act).
- the kinds of personal information that SI holds
- how SI collects and holds personal information
- matters related to anonymity and pseudonymity
- the purpose for which SI holds, collects, uses and discloses personal information
- how an individual may access personal information about the individual that is held by the entity and see the correction of such information,
- how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds SI, and how SI will deal with such a complaint
- whether SI is likely to disclose information to overseas recipients
- if the entity is likely to disclose personal information to overseas recipients – the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy
Information we commonly collect about patients includes but is not limited to:
- name, gender, address and contact details
- medical history
- Medicare, pension, health care card and other government identifiers
- family, social and employment history and circumstances
- health services requested or provided and the outcome or results
- billing information/history
- expressed wishes about the future provision of health services
- details of feedback, complaints, suggestions
Information we commonly collect about referring clinicians, practice managers and ancillary staff, includes but is not limited to:
- name, address, telephone numbers, fax /email address and other contact details
- details of IT systems and web addresses
- Medicare provider numbers and billing information
- area of specialisation
- employment history
- service delivery preferences, referral patterns and fees paid by referred patients
- information gathered by client services/marketing staff during practice visits/interactions
- expressed wishes about the future provision of health services
- service improvement comments/preferences
- details of feedback, complaints, suggestions
Information we commonly collect about Staff includes but is not limited to:
- name, address, telephone numbers, email address and other contact details
- employment records
- performance records
Information we commonly collect about employment applicants includes but is not limited to:
- name, address, email address and other contact details
- letters of application/expressions of interest and associated correspondence
- Curriculum Vitae/Resume
- referee comments
It is impractical for persons to deal with SI anonymously or by using a pseudonym. This is because:
- diagnosis and advice may be seriously impaired
- there would be an unacceptable risk to patient safety and would conflict with Australian Commission on Safety and Quality in Healthcare’s Patient Identification Safety Standards
- there may be mismatching of an individual’s results
- there is an unacceptable risk of communication breakdown between SI and a patient’s treating physician
- it may result in a breakdown in good public health practice
- examination may not be claimed under Medicare or Private Health Funds
Patients are entitled to approach Castlereagh Imaging anonymously to request a service; however the service itself may not be able to be provided anonymously to ensure appropriate patient care is maintained.
SI collects personal information by the following means:
- face to face
- email and other electronic means
Most of the personal information collected by SI is solicited. On occasions SI may receive unsolicited information. When unsolicited information is received the principals outlined in this policy will still apply.
In order to provide the highest level of care to our patients we operate a single integrated national medical records system for Radiology and all SI entities have access to this system.
SI commonly holds personal information in the following mediums:
- hard copy
- digital audio recordings
- digital and hard copy images
- paper based and other hard copy documents located securely within the practice. (All practices have twenty four-hour security systems)
- contained in electronic records in a secure environment; and
- archived in dedicated secure storage facilities
We have procedures in place to store personal information securely to protect from misuse and loss, unauthorised access modification or disclosure.
Processes include but are not limited to:
- hard copy documents are located securely within the practice or secure storage centres. All practices have twenty four-hour security systems
- in electronic databases in a secure environment; and in a dedicated archive storage facility
- records are only accessible by persons who require access to that information for the purpose of carrying out their employment.
- hard copy documents securely destroyed using a dedicated third party document destruction service
- incident reporting of data security breaches
- strong corporate governance practices
- staff training
- regular review of policy and procedures
SI may collect personal information;
- for the primary purpose for which it was collected; or
- for directly related secondary purposes which we believe are within your reasonable expectations; or
- in a manner for which you have given consent
As required for the provision of our service SI may collect Sensitive Information as defined in the Privacy Act.
- to provide reliable healthcare services
- to link medical records of patients and to their healthcare provider
- ensure appropriate testing
- diagnose and interpret results
- allow billing and payments
- if lawfully instructed to reveal information
- for our internal administrative requirements, including for management purposes, funding, service monitoring, planning, evaluation and accreditation activities
- to provide data in both an identified and de-identified form to State and Federal Government agencies in compliance with numerous legislative requirements (eg BreastScreen, Cancer Council, National Health and Medical Research Council)
- for complaint handling and defence of anticipated or existing legal actions;
- to our insurers, brokers, lawyers and other experts for the purposes of addressing liability indemnity arrangements or to obtain advices as to our legal or other obligations
- for planning and evaluation of accreditation activities and with our professional bodies
- for teaching purposes, case studies and multidisciplinary clinical team meetings in de-identified form
- for provision of further information about medical advances in pathology/radiology and treatment options
If your health information is used or disclosed for one or more of these purposes, we will not normally seek your specific consent.
SI will obtain your consent if your health information is proposed to be used or disclosed without de-identification for:
- marketing, and to communicate special events
If research is being contemplated, reasonable steps will be taken to ensure you understand what the proposed research involves, the ways in which your health information will be used, and the risks and benefits of agreeing to participate.
- to provide reliable healthcare services for patients
- to link medical records to patients and their healthcare provider
- ensure appropriate testing
- to diagnose and interpret results
- to tailor services to a referrers needs
- to provide educational material to referrers and their staff
- direct marketing via email or mail
SI may disclose your personal information
- for the purposes of getting a second medical opinion
- to a third party health provider or service who is providing direct clinical care to a patient
- to a third party health provider within a hospital campus where an individual is being treated
- where it may be more appropriate for a test to be performed by a specialist service
- where there are statutory requirements to report results to registries
- to third parties organisation for billing/accounting/systems management purposes
SI believes that the use and disclosure of personal information in the ways described in this policy will reflect the reasonable expectations of an individual dealing with us.
An individual may understand the advantages and approve of health information being shared between several health service providers, such as SI and individual’s referring medical practitioner, as part of their overall health treatment and management.
However, sometimes the parties’ expectations do not align. For example, an individual may not want a report to be directly sent to the referring medical practitioner following the service.
An individual may also not want SI to provide certain health information or does not want their health information to be used or disclosed in a particular way.
SI respects such wishes and will, in accordance with the Act and the APPs, take all reasonable steps to comply with such wishes.
SI strongly encourages patients to obtain their health information, particularly copies of results from their referring medical practitioner. This is likely to best facilitate effective and efficient delivery of treatment and ensures that the referring medical practitioner has an opportunity to clarify any aspects of the results and to answer any questions or concerns a patient may have. It is the referring medical practitioner who makes the diagnosis. Results provided in isolation may be misleading.
SI takes reasonable steps to ensure personal information it holds is:
- accurate, complete, well organised and legible
- up to date, in that they reflect the personal information most recently obtained from the individual
- does not contain prejudicial, derogatory or irrelevant statements
- All relevant personal information is reconfirmed at each attendance
- SI fulfils regulatory, accreditation and public health requirements on patient identity
- Providing mechanisms to update personal information (address, phone, fax, email).
- Receiving feedback via face to face, phone or written contact and updating records accordingly.
Individuals have the right to access personal information held by SI. An individual does not have to provide a reason for requesting access.
The preferred method for patients to receive results is in consultation with their treating practitioner where the results can be explained in the context of their health management.
SI may provide patients with online access which provide access to their medical records. Our online patient access systems are opt-in and patients may choose not to subscribe to such systems.
SI may request that an individual complete a written request to access their medical records in order to ensure that you are given the correct health information. Proof of identity will be required.
SI is not required to provide access to the personal information to the extent that:
- SI reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings between the SI and the individual, and would not be accessible by the process of discovery in those proceedings; or
- giving access would reveal the intentions of the SI in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- giving access would be unlawful; or
- denying access is required or authorised by or under an Australian law or a court/tribunal order; or
- SI has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;
- giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
If an individual believes information held about them is incorrect, incomplete or inaccurate, then the individual may apply for the information to be corrected by contacting the privacy officer.
SI may refuse to correct personal information and will provide a written response that sets out:
- the reasons for the refusal except to the extent that it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations
- If SI refuses to correct the personal information as requested by the individual; and
- the individual requests the entity to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading;
SI will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
In rare instances SI may disclose personal information outside Australia. An individual’s privacy will continue to be protected as per APP’s.
Instances where transborder disclosure may occur include;
- where an individual is participating in a clinical trial
- when requested by a patient’s treating doctor overseas
- when requested by the patient
- when samples are sent overseas for expert opinion/analysis
Each instance where personal information is sent overseas is unique, in most cases the individual will already be aware of, and consent to, transfer. Where reasonable the individual will be notified of the overseas destination however it is not always practical to specify.
We may use personal information for marketing directly related to our services. All marketing communication includes instructions on how to opt out of future communications.
An individual may advise us that they do not wish receive direct marketing from us at any time by contacting the privacy officer.
We will not disclose your personal information to a third party for any marketing purposes.
Complaints may be lodged in any form (written, verbal email etc.) to the SI’s Privacy Officer. Where reasonable, SI will respond to privacy complaints within 30 days.
If the complainant is unsatisfied with the response from SI they may lodge a complaint with the Office of the Australian Information Commissioner.
Should you have any questions or concerns please contact your local privacy officer.
Castlereagh Imaging and Illawarra Radiology Group
P: (02) 8844 1700
Hunter Imaging Group
P: (02) 4925 5400
P: (07) 3422 8800
P: (08) 9320 1200
Office of the Australian Information Commissioner (OAIC)
GPO Box 2999
Canberra, ACT 2601
OAIC Online Privacy Complaint Form
Revised: October 2018
Related Downloads PDF