Privacy Policy
Privacy Policy for Management of Personal Information
This document describes the privacy policy of The Mind Body Practice Pty Limited (ACN: 631 025 440) (“The Mind Body Practice”, “we”, “us”) for protecting the privacy of personal information we collect about you, including through our website, located at www.mindbodypractice.com.au, as well as through the provision of psychological services or directly from you.
The psychological service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, The Mind Body Practice may not be in a position to provide the psychological service to you. In some circumstances, you may request to be anonymous or to use a pseudonym, unless it is impracticable for The Mind Body Practice to deal with you or if The Mind Body Practice is required or authorised by law to deal with identified individuals.
Client information
The types of personal information we collect may include:
-
Name, date of birth, address(es), contact numbers, email address and other contact details;
-
Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;
-
Details of other health service providers involved in your care and copies of any referral letters and/or medical reports and test results;
-
Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent);
-
Medicare number, healthcare identifiers and health fund details;
-
Financial payment details (such as your credit card number);
-
Other information disclosed by you, if relevant when providing our services directly to you (such as your relationships with other persons, employment information and qualifications, gender, race, sexuality or religion); and
-
Information or opinion (including our clinical treatment notes) about our client’s health and expressed wishes about future care.
How clients' personal information is collected
We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly.
A client's personal information is collected in a number of ways:
-
During psychological consultation with The Mind Body Practice, including when the client provides information directly to The Mind Body Practice using hardcopy or electronic forms, correspondence including via email and when the client interacts directly with The Mind Body Practice employees; and
-
From a client’s responsible person, such as parents and guardians; and
-
From other health service providers who provide personal information to The Mind Body Practice, via referrals, correspondence and medical reports.
Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose client’s personal information as is reasonably necessary for The Mind Body Practice to provide our health services, including for the following purposes:
-
to contact and communicate with clients;
-
for the purpose of providing psychological services to clients, which include assessing, diagnosing and treating;
-
accessing and transfer of electronic client records including those contained in their My Health Record (if they have chosen to participate);
-
when communicating with other healthcare providers involved in your care
-
to liaise with Medicare, your health fund or government department;
-
to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
-
when it is necessary to lessen or prevent a serious threat to your life, health or safety or public health or safety or when it is impractical to obtain your consent;
-
to handle a complaint or respond to anticipated or existing legal action;
-
when required for administrative and internal record keeping for a minimum of 7 years after our last contact (or if the client is under 18, until they turn 25);
-
for statistical purposes; and
-
as required by law.
A client's personal information is not disclosed to overseas recipients, unless the client consents or such disclosure is otherwise required by law. Clients' personal information will not be used, sold, rented or disclosed for any other purpose.
Requests for access and correction to personal information
Access: Clients can request details of personal information that we hold about them in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act). We may refuse to provide you with information that we hold about clients in certain circumstances set out in the Act. Otherwise, we will provide access to the information if it’s reasonable and practicable to do so. In most cases we’ll do this free of charge, but if your request requires significant effort or expense on our part, we might ask for compensation for that.
Correction: If a client believes that any information we hold about them is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details set out below. We rely in part on clients advising us when their personal information changes. We will endeavour to promptly correct any information found to be inaccurate, incomplete or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.
Deletion: If a client wants us to delete personal information we hold about them or to not collect information from them for a specific purpose, please contact us using the details set out below. Please note that if we agree to delete your information, because of backups and records of deletions, it may be impossible to completely delete your information without retaining some residual information.
We will respond to any request to access, correct or delete information within a reasonable time.
Maintaining the security of personal information
We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:
-
our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;
-
we limit access to personal information to a “need-to-know” basis;
-
we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;
-
our devices are protected by cryptographic keys and are stored in secure premises;
-
data is securely stored on cloud servers;
-
our email data is encrypted;
-
all hard copies of personal information are kept in secure storage with access by authorised personnel only;
-
all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and
-
if we no longer need personal information, we take reasonable steps to delete or de-identify the information.
If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify that client as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.
Concerns
If clients have a concern about the management of their personal information, they should contact Dr Shilpa Madiwale. Upon request they can obtain a copy of the Australian Privacy Principles, which describe their rights and how their personal information should be handled. If a client is unsatisfied with our response, they may lodge a formal complaint about the use of, disclosure of, or access to, their personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at https://www.oaic.gov.au/privacy/privacy-complaints/ or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001