Client information Client files are held in a secure filing cabinet and stored on an electronic document management system which is accessible only to authorised personnel for seven years, or for seven years after a child becomes 18 years of age. HeadwayHealth operates a data security policy for the practice. The information on each file includes personal information such as name, address, contact phone numbers, medical history, and other personal information collected as part of providing the psychological service.
How client’s personal information is collected A client’s personal information is collected in a number of ways during psychological consultation with the clinician/HeadwayHealth including when the client provides information directly to the practice using hardcopy forms, correspondence via email, when the client interacts directly with their clinician or HeadwayHealth employees such as the receptionist, and when other health practitioners provide personal information to clinician/HeadwayHealth, via referrals, correspondence and medical reports.
Purpose of holding personal information A client’s personal information is gathered and used for the purpose of providing psychological services, which includes assessing, diagnosing and treating a client’s presenting concern. The personal information is retained in order to document what happens during sessions, and enables the psychologist to provide a relevant and informed psychological service.
Disclosure of personal information Clients’ personal information will remain confidential except when:
1. It is subpoenaed by a court; or
2. Failure to disclose the information would in the reasonable belief of the Psychologist/Practice place a client or another person at serious risk to life, health or safety; or
3. The client’s prior approval has been obtained to:
a. provide a written report to another professional or agency, e.g., a GP or a lawyer; or
b. discuss the material with another person, e.g. a parent, employer or health provider; or
c. disclose the information in another way; or
4. You would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected; or
5. Disclosure is otherwise required or authorised by law. We are mandatory reporters of child abuse and neglect.
A client’s personal information is not disclosed to overseas recipients, unless the client consents or such disclosure is otherwise required by law. Clients' personal information will not be used, sold, rented or disclosed for any other purpose.
Requests for access and correction to client information At any stage clients may request to see and correct the personal information about them kept on file. The Psychologist may discuss the contents with them and/or give them a copy, subject to the exceptions in the Privacy Act 1988 (Cth). If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. All requests by clients for access to or correction of personal information held about them should be lodged with the Principal of
HeadwayHealth. These requests will be responded to in writing within 28 days, and an appointment will be made if necessary for clarification purposes.
Information Security Our paper files are secure under lock/key in filing cabinets within our locked rooms; we have an security alarm system in the Frenchs Forest consulting rooms for out of business hours. All staff and clinicians are bound by privacy/confidentiality agreements as part of their employment or association with our team, and this extends to all data and remains in place post contact with our service. Our electronic files are password protected and security/virus software updated. HeadwayHealth Services has a Data Security Policy and reviews this periodically in order to ensure it remains up-to-date. Our online appointment system is secured by Cliniko a practice software system. Cliniko reports that their system meets or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA.Telehealth is provided by HealthDirect an platform which encrypts transmission and is funded by government; Healthdirect Australiais the leading provider of telehealth inAustralia and better meets privacy requirements as compare to commercially available systems.
Details of potential privacy concerns through Telehealth platforms are available in the Client Consent Information.
Concerns If clients have a concern about the management of their personal information, they may inform their clinician/HeadwayHealth. Upon request they can obtain a copy of the Australian Privacy Principles, which describe their rights and how their personal information should be handled. Ultimately, if clients wish to lodge a formal complaint about the use of, disclosure of, or access to, their personal information, they may do so with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy- complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, S ydney, NSW 2001.
If you have a complaint about our service we are very keen to respond and resolve your concern as soon as possible. We recognise many people are very distressed when they contact our service and we want to provide you with the very best assistance; your feedback can also assist us to better care for others. Please contact Dr Katharine Hodgkinson in confidence on (02) 9453 3027, or in writing to: email@example.com. Dr Hodgkinson will endeavour to respond within 48 hours (if not over a weekend or holiday period) and can direct you to more formal complaint procedures if you are not satisfied with the outcome.