1. Purpose and scope
Next Practice is committed to protecting your privacy, and respects and upholds your rights to privacy protection under applicable privacy laws. Next Practice complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as all other applicable legislation including State and Territory health records legislation, when dealing with personal information.
Our culture is one of trust, confidentiality and professionalism. We recognise that the information we collect is of a highly sensitive nature. We have artfully created a new kind of general practice focusing on transforming the experience so that patients receive not only “Best Practice” care but “Next Practice” care. Our approach of “Next Practice” care applies to our ongoing compliance with privacy regulations and we have adopted the highest privacy compliance standards to ensure personal information is protected.
2. What is your personal information?
Personal information is any information or an opinion (whether true or not and in any form) about an identified individual, or an individual who is reasonably identifiable.
Sensitive information is a subset of personal information and includes information or an opinion about:
- an individual's racial or ethnic origin;
- membership of a professional or trade association;
- sexual orientation or practices;
- criminal record;
- health information;
- genetic information;
- biometric information and templates.
Health information is a broad category of sensitive information about the health or a disability (at any time) of an individual or their expressed wishes about the future provision of health services to him or her or a health service provided, or to be provided, to them.
3. What personal information is collected from you?
The types of personal information that Next Practice collects from you will depend on your relationship with us, the nature of the service we are providing or activity you are involved in and the legal obligations we may have.
Examples of personal information which we may collect from patients of our clinics include, but are not limited to:
- your name, postal address, delivery and collection addresses, phone number and e-mail address
- demographic information including profession, gender, age and date of birth
- health information about patients, including medical and family history, medications, diagnostic imaging and reports, pathology results, diagnoses (including mental health or disability), observations and reported symptoms
- financial details and billing information including your credit card details, Medicare number and health fund details
- details of any other health services or providers which you see or to which you are referred.
If you are one of our suppliers or provide services to Next Practice, we may collect information about you that we consider is necessary to manage the service arrangement, such as the nature of the products and services that you provide, quotes that you provide and your account details.
Prospective employees and Partners
In order to assess applications for employment or Partners at Next Practice we collect the following information about you:
- contact details including address, postcode, telephone and fax numbers, email addresses;
- demographic information, including age, date of birth, and gender;
- qualifications and experience; and
- information contained in references obtained from third parties.
This policy does not apply to the Personal Information of Next Practice employees that relates to their former or current employment with us.
4. When we collect your personal information
We only collect personal information by lawful and fair means as reasonably necessary for one of our functions or activities, to meet our legal obligations, or otherwise in accordance with any specific consent given by you.
5. How we collect your personal information
Directly from you
Next Practice will endeavour to collect personal information directly from you or with your consent. We collect personal information about you in a number of ways, including but not limited to:
- when you provide us with information in person, electronically or over the telephone;
- if you complete relevant forms, surveys, questionnaires or you otherwise contact or communicate with Next Practice;
- if you are providing services to Next Practice or its patients; or
- if you apply for employment or partnership with Next Practice.
From someone else
Where it is unreasonable or impracticable to collect information directly from you, Next Practice may obtain personal information about you from a third party. For example, Next Practice may collect personal information about you from:
- other health service providers;
- relatives, friends or carers;
- publicly available sources of information;
- from third parties such as Medicare, DVA, your health fund, credit reporting bodies and marketing agencies, including information you may provide to us using our social media pages,
- referees identified in your application for employment or Partnership; and
- from our own records.
From our website
Like many companies, Next Practice sometimes uses "cookie" technology on its website and other online mediums. A “cookie” is a small summary file containing a unique ID number which is stored on your computer by your browser. When you log in, the cookie tells Next Practice whether you've visited the website before or if you are a new visitor. The cookie doesn't obtain any personal information about you or provide Next Practice with any way to contact you, and the cookie doesn't extract any information from your computer. Next Practice uses the cookie to help it identify the relevant website features in which you have the greatest interest, so that it may better personalise your access to the website and other online mediums you engage with.
If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
6. Can I choose to remain anonymous in dealing with Next Practice and can I use a pseudonym?
If you are a receiving a health service from us, it is not practical for you to remain anonymous because we need to keep a record of the care and services provided to you. We may be able to accommodate you using a pseudonym, however you should be aware that should you choose not to provide your real identity this may impact the quality of the services provided to you and relevant claiming/billing. If you wish to use a pseudonym that is linked confidentially to your real identity, please let us know and we will discuss with you the arrangements that can be made for relevant care and treatment at our clinics.
Otherwise, you may contact us anonymously or by using a pseudonym if you prefer to do so. If you choose to remain anonymous this may limit our ability to assist you with any feedback or enquiry. We will tell you if we need to collect your name or any other personal information to help further.
7. What happens if we cannot collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide our services, products or programs to you;
- we may not be able to provide you with information or important updates about services, products and programs that you may want;
- we may be unable to tailor the content of our Websites or a Next Practice App to your preferences and your experience of our Websites or a Next Practice App may not be as enjoyable or useful; or
- we may not be able to process or progress your employment or Partner application.
8. Why we collect, hold, use and disclose your personal information?
Next Practice collects, holds, uses and discloses your personal information so that we can perform and improve our business activities and functions as a health service provider, and to provide you with products or services which you may request.
9. How we use and disclose your personal information
We will use and disclose your personal information for the purpose for which it was collected, or otherwise in accordance with privacy laws or your consent. In some cases, this will include disclosure of your personal information to a person or entity outside of the Next Practice network.
Next Practice will take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the continuing protection of your personal information.
For patients, some disclosures that may be necessary in providing you with a health service include to:
- Next Practice staff, Partners, agents, contractors and consultants involved in the provision of your care or administrative staff involved in the provision of services to you;
- other health service providers involved in your care and treatment, and their staff;
- financial institutions, Medicare, DVA or your private health insurer for the purposes of billing;
- your authorised or responsible contact or next of kin;
- government and regulatory authorities and other organisations, as required or authorised by law, including those operating relevant public health registers.
We will otherwise only use or disclose your personal information for another, secondary, purpose if:
- you have consented to the use or disclosure;
- for the general management and operation of Next Practice, for example:
- billing/debt-recovery, service-monitoring, funding, complaint-handling, incident reporting, developing and planning services, evaluation and improvement, quality assurance or audit activities, and accreditation activities;
- education and training of our staff (who may not be our employees), where de-identified information is not sufficient for this purpose;
- third party service providers who provide services to Next Practice such as information technology, maintenance and repair, marketing, payment systems, etc.;
- we reasonably believe the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety, or a serious threat to public health or public safety;
- the use or disclosure is required or authorised by law.
10. Transfer of personal information outside Australia
In addition to holding your personal information in Australia we may hold your personal information in the cloud or on servers located outside of Australia. We take all reasonable steps to ensure that the personal information which has been transferred outside of Australia will be held in jurisdictions whose privacy laws are equal to or better then Australia’s, and will not be held, used or disclosed by the recipient of the information inconsistently with the Australian Privacy Principles.
11. Direct Marketing and your privacy
Next Practice also collects your personal information for marketing purposes, including e-newsletters, promotions and special offers. Our communications may be sent to you in various forms, including mail, SMS, in-app notifications, fax and email in accordance with applicable laws. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
If you have received marketing information from Next Practice and you wish to stop receiving it, you can contact us (either using the contact details below or the opt-out mechanism detailed in our marketing material) and ask us to stop sending the marketing information within a reasonable time after your request has been made. Next Practice will not charge you, or in any way disadvantage you, if you choose to opt out of receiving marketing material.
Next Practice may occasionally provide its marketing material to third parties to distribute material on Next Practice’s behalf.
12. Security and Data Quality
We will take all reasonable steps to secure your personal information. We recognise the importance of ensuring that personal information is accurate and we will take all reasonable steps to make sure that the personal information collected, used or disclosed is complete and up to date.
Electronic information is protected by various security measures and access to information and databases is restricted to our staff and contractors that need access to the information in order to perform their duties.
Next Practice cares about protecting the security of your personal information, and we have implemented security procedures to protect the personal information which you provide to us.
Because of the sensitive nature of the information collected by Next Practice, precautions are taken to ensure the security of the information. Information may be stored electronically and / or hard copy. Security and business continuity measures like password protection and regular backups are employed to maintain privacy and availability of electronic files.
13. How you can access and correct your personal information held by the Next Practice
You may, at any time, request details of and access to a copy of your personal information held by us by contacting us in writing. To protect your privacy, Next Practice may require proof of your identity before acting upon your request.
In response to valid requests, we will provide you with access to your personal information unless there is a legal or administrative reason for denying or limiting access, as permitted by the Privacy Act 1988 (Cth). If we propose to deny access for any reason, we will advise you of the grounds and our reasons for any refusal.
Where we provide you with access to your personal information, Next Practice reserves the right to charge you a reasonable administrative fee for providing such access. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
15. How to contact us
If you would like to contact us or require more information concerning Next Practice’s approach to privacy or how Next Practice handles your personal information, you can write to us at the below address:
Attention: Next Practice Privacy Officer
Level 11, 1 Macquarie Place
Sydney NSW 2000
Alternatively, you can email your privacy query directly to us by using the “Contact Us” page on our website.
16. How do you make a complaint or provide us with feedback?
If you wish to make a complaint to Next Practice about the manner in which we have handled your personal information, please provide full details of your complaint in writing, and send it to the Next Practice Privacy Officer (see contact details above). Please allow up to 30 days for your request or complaint to be processed.
We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the relevant privacy legislation, if applicable). We may ask you to participate in a dispute resolution scheme (such as mediation) to resolve your complaint.
If your complaint relates to our failure to provide access to or to correct any personal information that we hold about you, or if you are not satisfied with the manner in which we deal with your complaint, you may lodge or refer your complaint directly to the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au ).
Individuals enquiring about their rights and remedies for breaches of privacy, can access detailed information at the Office of the Australian Information Commissioner www.oaic.gov.au