St Andrew’s Hospital recognises that your privacy is very important to you. The Hospital is committed to protecting your personal information and has procedures in place to ensure that your privacy is safeguarded. This policy explains how we manage your personal information in accordance with the Privacy Amendment (Private Sector) Act 2000 that came into effect on 21 December 2001.

St Andrew’s Hospital requires you to provide personal information as part of your Admission process (either as an inpatient or as an outpatient through the Emergency Department and other services). This personal information normally includes details such as your name, date of birth, gender, marital status, nationality, occupation and religion. You will also be asked to provide contact details such as your home address, postal address, home and work telephone numbers, your mobile telephone, your fax and your e-mail address.

Other information may also include:

• Details about your health insurance fund or other insurer such as Worker’s Compensation or Third Party
• Details about your hospital visit, including your referring and treating doctor or specialist, your procedure and your expected length of stay
• Details about your medical condition, including the medication you normally take, your medical history, known allergies, your dietary requirements and any significant disabilities

It is essential that the Hospital is able to accurately identify you so that we can provide appropriate, timely and safe medical and nursing care. If you do not provide us with your relevant personal information, we may be limited in our ability to provide you with these services.

St Andrew’s Hospital acknowledges its responsibility to collect your personal information in a fair, lawful and non-obtrusive manner. Where practical we collect this information directly from you.

Your personal information may be collected verbally or in writing and may be stored as hard copy or electronic format. We may also collect personal information about you when you contact us by telephone, letter, fax or e-mail or when you visit our website. If you are not able to provide your own personal information, we will normally collect the information from a person authorised to provide such information on your behalf (e.g. parents of young children).

There may be some occasions where we obtain personal information about you from a third party; for example, your doctor may forward details of your admission and your health cover will normally be confirmed with your health fund or insurer.

The Hospital uses your personal information for a number of purposes including:

• providing you with relevant health care services
• verifying your health insurance details with your health fund or insurer
• performing administrative tasks such as managing your hospital account
• complying with legislative and regulatory requirements
• planning, developing and informing you of services and products of relevance to you

St Andrew’s Hospital accepts its responsibility to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. This includes all of your personal information, irrespective of how it is acquired.

At St Andrew’s Hospital, your personal information is protected through physical, electronic and procedural safeguards. For example, the Hospital requires all staff to maintain the confidentiality of personal information. Most of your personal information is placed in your Medical Record and is only accessed on a "needs to know" basis by authorised staff (such as admissions staff, medical records staff, your treating doctor, specialist, nursing staff and other relevant health service providers).

Medical records are stored in a secure area and only authorised staff have access. Some of your personal information is also normally stored electronically through the hospital's computerised patient management system. Access to this information is limited and requires logins and passwords.

St Andrew’s Hospital does not release or disclose your personal information except to relevant health service providers and organisations. Where such information is released or disclosed the Hospital will ensure that the providers and organisations receiving your personal information also comply with the Privacy Act.

From time to time, the Hospital uses patient information for the purposes of research, planning and quality auditing. Where this occurs, no personal details are released and individual information is de-identified.

As part of your ongoing care, St Andrew’s Hospital may need to release/disclose personal information about you to relevant health service providers/organisations. These may include (but are not limited to):

• Your referring/treating doctors/specialists
• Medical Imaging Services
• Pathology Services
• Pharmacy Services
• Home Nursing and other similar home based services
• Medicare
• Your Health Insurer
• Your Workers Compensation/Employer Organisation

These providers/organisations are also required to manage your personal information in accordance with the Privacy Amendment (Private Sector) Act 2000.

When you visit our website, our web server collects information about all of our users collectively. This includes information such as the areas visited most frequently and allows us to improve the content of our web site.

The data collected is general and normally includes information such as:

• Your ISP or Internet server
• Your ISP’s domain (your top level domain name e.g. com, gov, au)
• Your server’s IP address
• The date and time of visits
• The pages within our web site accessed

This information is not shared with other organisations for commercial purposes.

Our Web server does not collect your e-mail address or any user-specific information on the pages you have visited. If you e-mail us from the website, your e-mail address will be recorded but will not be disclosed to any other party and will not be added to a mailing list.

St Andrew’s Hospital does not use any form of encryption to protect the information you send to us via the Internet. If you are submitting personal information over the Internet which you wish to remain private, please note that, while all attempts are made to secure information transmitted to this site, there is a possibility that information you submit could be observed by a third party while in transit.

Whenever a page is sent to you via the Internet, a cookie (an electric token) is passed to your browser and your browser passes it back to the server. We do not use cookies to collect personal information or to track your activities. However, our website contains links to other sites that may use cookies or other tracking devices. St Andrew’s Hospital is not responsible for the privacy of these sites.

Where practicable, St Andrew’s Hospital will take reasonable steps to provide you with anonymity (including the use of an alias) in any of your interactions with the Hospital. In making your request for anonymity, you are not required to provide the reason for your request.

Where the Hospital is unable to grant your request for anonymity, you will be informed of the reasons and offered alternatives.

In accordance with the Act, you are entitled to request access at any time to personal information we hold about you.

• View your personal information record (normally your Medical Record)
• Be provided with a summary of this record
• Be provided with a copy and or print-out of this record
• Have relevant jargon or medical terms explained to you
• Where requested, be provided with interpreter services

To access your personal information, it is necessary for the Hospital to first verify your identity.

Requests for access to your personal information should be made in writing (refer Request For Access Form attached).

On receipt of your request, St Andrew’s Hospital will:

• Acknowledge your request within 14 days
• Provide you with an estimate of administrative costs
• Provide you with an estimated time-frame of providing your requested information

You will not be charged for making a request for access to your personal information. However the Privacy Act allows the Hospital to charge for the costs reasonably associated with providing you access to your personal information. (Refer Schedule of Fees attached).

You will receive a response to your request for access to personal information within 14 days. However this time may be extended if the request is unusually complex or if there are difficulties in accessing some of the information requested. In this case, you will be advised of the expected time frame in which your request will be met.

Normally your request for access to personal information will be granted but in some instances, your request may be denied. This may be for several reasons including where access involves:

• Serious threat to life or health
• Frivolous or vexatious requests
• Personal information that is involved in current or potential legal proceedings
• Personal information that affects the privacy of others

In these instances, the Hospital will advise you of the reasons for denying your request. You may also be offered the option of receiving part of the information requested.

You may update your personal information at any time. If you believe that your personal information is incomplete, inaccurate or out of date, please contact us and we will endeavour to update and correct this information. Such a request is normally made in writing and once your identity has been verified, your details can be amended.

In some instances, however, such a request may involve complex issues or there may be disagreement as to matters such as medical opinion, diagnosis or evaluation. In these situations, St Andrew’s Hospital will take reasonable steps to attach a statement from you, identifying those areas of your personal information that you believe to be incorrect, incomplete or out of date.

Di Lane

Privacy Officer

St Andrew’s Hospital Inc

350 South Terrace

Adelaide 5000

Telephone: (08) 8408 2150

Fax: (08) 8408 2150

E-mail: dlane@stand.org.au

Please note that the Privacy Officer is available from Monday to Friday, 8.00am – 4.00pm.