Privacy Policy

Objective
Provide clear information about how your personal information is collected, used and shared by Coffs Coast GP Super Clinic, and when, how and why others may be involved in your healthcare.

  1. When and why is your consent necessary?
    When you register as a patient, you consent to our GPs and practice staff accessing and using your personal information to deliver healthcare. Access is limited to team members who require it for your care. If we wish to use your information for any purpose other than healthcare provision, we will obtain additional consent. We want you to understand why we collect and use your personal information.
  2. Personal information we collect
    We collect personal and medical information so your GP can provide high-quality care, including:
    • Name, date of birth, address(es), contact details, Medicare number, healthcare identifiers, health fund details
    • Medical history, examination findings, investigation results and treatment plans

We also use this information for directly related business activities such as Medicare claims and payments, practice audits and accreditation, and business processes (e.g. staff training).

Only staff who need to see your information will have access. If any other use is required, we will seek your consent.

Our practice follows the RACGP “Privacy and managing health information in general practice” guidance, incorporating federal and state privacy legislation and the Australian Privacy Principles (APPs). Your personal information is kept private and secure.

  1. Your medical records
    Your health record is a secure, confidential collation of documentation relevant to your care. We take steps to ensure records:
    • Are accurate, complete, well-organised and legible
    • Are kept up to date
    • Contain enough information for another GP to care for you
    • Include a summary of your care
    • Can be used (with your permission) to send reminders for follow-ups, check-ups and reviews

If you are unsure why information is requested, please ask your GP.

  1. Correcting or updating your information
    We take reasonable steps to ensure your information is accurate and current. We may periodically ask you to verify your details. You may request corrections or updates by writing to admin@ccgpsc.com.au. In some cases, we may seek verbal confirmation to ensure changes are authorised and to avoid privacy breaches.
  2. Accessing your records – Health Summary
    We can provide a patient health summary at no cost. For security, requests must be made to clinical staff (nurses) or your regular GP, and are generally provided in an appointment setting.
  3. Accessing your records – Full Medical Record
    A full medical record includes consultation notes, referral letters, medical certificates and investigation reports. A fee of $50 applies for the administrative time to collate these records.

You can also access certain health information via your myGov account. Our practice typically refers to Laverty or Sullivan & Nicolaides for pathology.

We encourage appointments to discuss medical information. Doctors are not able to respond to requests for clinical information by email. Copies can be provided during your consultation.

  1. Dealing with us anonymously
    You may deal with us anonymously or under a pseudonym unless it is impracticable or the law requires identification.
  2. How we collect personal information
    We collect information in several ways:
    • During registration (personal and demographic details)
    • While providing medical services (ongoing clinical information)
    • When you visit our website, email or SMS us, call us, make online appointments, or interact via social media

We may also collect information from other sources where reasonable and practical, including:
• Your guardian or responsible person
• Other involved providers (specialists, allied health, hospitals, community services, pathology and imaging)
• Health funds, Medicare or the Department of Veterans’ Affairs (as necessary)

Images that may be collected and used:
• CCTV footage: collected at the clinic for security and safety purposes
• Photos and medical images: your doctor will discuss the purpose (e.g. images of skin rashes) and obtain consent before taking photos. Where total body photography is used for skin checks, your doctor will discuss and obtain appropriate consent

  1. Providing your information to other GPs
    It is routine for all GPs in the practice to have access to your records. If you have concerns, please discuss them with your GP.

When transferring to another practice, we provide a medical summary upon request. If a full record is required, your new treating doctor can request a transfer; the administrative fee above may apply.

Sharing relevant information helps avoid duplication of tests and supports safe, coordinated care. Your GP shares this via referral letters or by responding to direct requests from treating professionals.

  1. Providing your information to others
    We will not share your personal health information with anyone else unless:
    • You have provided consent, or
    • We are legally obliged to disclose it (e.g. court subpoena; please discuss with your GP), or
    • It is necessary to obtain Medicare payments or health fund rebates, or
    • It is necessary to lessen or prevent a serious threat to life, health or safety (patient or public) where obtaining consent is impractical, or
    • To assist in locating a missing person, or
    • To establish, exercise or defend an equitable claim, or
    • For a confidential dispute resolution process, or
    • When statutory notification is required (e.g. certain notifiable diseases), or
    • For provision of medical services (e.g. electronic prescribing, My Health Record via Shared Health Summary or Event Summary)

Only the minimum information necessary will be shared.

Overseas disclosure
Your health information will not ordinarily be sent overseas unless you are informed and provide consent, and the destination country has privacy laws substantially similar to the APPs.

  1. Quality improvement and research
    We may use patient health information to review and improve the quality of care. De-identified information may be used in research projects to improve community healthcare. In rare instances where a government authority directs that identifying information be provided, your GP will discuss this with you before disclosure.

De-identified data may be collected through Primary Sense to inform public health and funding decisions.

  1. Security of information
    We comply with Australian privacy legislation. Personal information is stored securely using password-protected systems. Printed confidential documents are placed in secure shredding bins after being imported into our electronic records. Access is limited to authorised personnel. We will not share information with third parties without your consent except as outlined in this policy.
  2. Access to your health information
    You may request access to your medical record and other information we hold. Your GP will consider any risks of harm that may arise from disclosure and may remove information that affects the privacy of others.

Please request transfers in writing using a signed consent form from your new practice. We aim to respond within a reasonable timeframe; transfers are usually completed within a fortnight. For a full record transfer, an administrative fee of $50 applies. Depending on what is involved, you may be asked to contribute to costs.

Sharing information supports good communication. Your GP can explain your health summary or medical record.

  1. Direct marketing
    We do not engage in direct marketing.
  2. Practice updates and communications
    We limit direct communications regarding health updates. Please check our website or Facebook page for updates. In rare circumstances we may use HotDoc broadcast SMS (opt-out available).
  3. HotDoc privacy
    We use HotDoc for bookings, recalls, reminders, forms and related services. HotDoc Privacy Policy: practices.hotdoc.com.au/privacy-policy/
  4. Emergency contact and next of kin (NOK)
    Why we ask
    • In an emergency or where you are incapacitated, we may need to contact your NOK to support your care.

Can I refuse?
• Yes. You are not required to provide NOK or an emergency contact, however this may impair our ability to care for you in urgent situations.

What is shared with NOK / emergency contact?
• In an emergency, we may share only information necessary to manage the situation.
• If we cannot reach you in an urgent situation, we may contact your NOK to help locate you.
• The same level of access applies to your nominated emergency contact.

  1. Parental agreements, custody disputes and DVOs
    Please provide copies of any relevant court orders. Keep your doctor informed of custody arrangements and any changes. Our process is to include court orders in the child’s medical record and determine, in discussion with your doctor, the level of information recorded.

We operate under AGPAL guidelines and verify identity with three points of verification before disclosing information: full name, date of birth, and address or mobile number.

  1. Complaints about privacy
    We take privacy concerns seriously. Please raise concerns with your doctor or the Practice Manager via pm@ccgpsc.com.au. We will attempt to resolve the issue under our complaints process.

If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC). The OAIC generally requires you to allow us time to respond before they investigate.
Website: oaic.gov.au
Phone: 1300 363 992

  1. Policy review
    We regularly review this policy to ensure compliance. Changes will be reflected on our website. Significant changes may be communicated directly via email or other means. Please check periodically for updates.
  2. Contact
    For enquiries about this privacy policy, contact our Practice Manager at pm@ccgpsc.com.au.
  3. Document automation technologies
    We use secure document automation (e.g. in Best Practice and HealthLink) to generate documents such as referrals, containing only relevant medical information. Each user has unique credentials and access limited to their role. We comply with Australian privacy legislation and the APPs. All data (electronic and paper) is stored and managed in line with RACGP guidance.
  4. Use of AI scribes
    Some clinicians use an AI scribe tool to assist with note-taking during consultations. The tool uses an audio recording to generate a clinical note for your health record.
    • Your doctor may discuss AI scribing at your first appointment and, where appropriate, record your consent for ongoing care.
    • You can ask questions at any time and may opt out by informing your doctor.

How AI scribes work (e.g. Heidi or MBS Pro)
• AI scribes capture speech during the consultation and convert audio to text.
• Using the transcript and clinician instructions, the tool drafts clinical documentation, reducing administrative load and allowing the GP to focus on you.
• GPs review and edit all output, add notes and attachments as needed, and then sign off.

Privacy policies:
Heidi Health: heidihealth.com/au/legal/privacy-policy
MBS Pro: mbspro.com.au/company/privacy-policy

  1. Cubiko Quick Check (Medicare eligibility)
    We use Cubiko Quick Check to assist in identifying eligibility for relevant MBS item numbers. This tool is linked to your appointment record and securely accesses Medicare data to identify eligibility for services such as mental health care plans (MHCPs), chronic disease management (GPMPs/TCAs) and associated reviews.

The tool operates within secure, accredited medical software, does not store your personal data externally, and complies with Australian privacy legislation and the APPs. Information identified may be discussed with you during your consultation to support your care.

  1. Electronic prescriptions (eRx Script Exchange)
    Coffs Coast GP Super Clinic uses eRx Script Exchange to facilitate prescribing and dispensing of medicines.
    • Prescriptions are encrypted and sent from our clinical software to the secure national exchange.
    • You control pharmacy access via a token (SMS, email or print) with a unique QR code, or by registering for an Active Script List (MySL).
    • With your consent, participating pharmacies can securely retrieve your script from the exchange to dispense your medicine, including if you are away from your usual pharmacy.
    • Only the minimum necessary information is released to dispense your prescription, and only authorised staff can access it.
    • eRx acts as an electronic delivery service and does not decrypt or store data in unencrypted form.
    • Platforms are independently audited, comply with Australian Digital Health Agency standards and the APPs, and integrate with major clinical software.