Privacy Policy

Qscan Privacy Policy

June 2018

1) Purpose

The Qscan Group (“Qscan”) is a collection of related organisations that provide diagnostic imaging services, and associated therapeutic services. The Qscan Group (“Qscan”) operates through a number of brands  http://www.qscan.com.au/locations/

The Qscan Group is committed to the protection of your personal and health related information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles. This privacy policy explains how the Qscan Group collects, uses, holds, and discloses personal information, including your health information and other sensitive information.

The Qscan Group is obliged to comply with the Privacy Act with regards to the collection, use, holding and disclosure of personal information.

The Qscan Group’s privacy policy is available from any Qscan Group location and on our website http://www.qscan.com.au/privacy-policy/.

 

2) Scope

Who does this privacy policy apply to?
This privacy policy applies to you only to the extent that the collection and handling of your personal information by the Qscan Group is subject to the Privacy Act and/or any State/Territory health records legislation.

This privacy policy applies to all Qscan Group companies.  A current list of all Qscan Group companies can be accessed at http://www.qscan.com.au/locations/

What information does the privacy policy apply to?
Qscan’s privacy policy applies to personal information. Personal information is information or an opinion about an identified person, or a person who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.

Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.

In this privacy policy, all references to personal information include sensitive information unless indicated otherwise.

 

3) Policy

Why does the Qscan Group collect, hold, use and disclose personal information?
In general, the Qscan Group collects, holds, uses and discloses personal information:

  • to provide diagnostic imaging services, and associated therapeutic services to patients;
  • to provide services to referring medical and health professionals for their patients including access to our web-based portals;
  • to provide advice and information in relation to how the diagnostic imaging services, and associated therapeutic services will be or has been provided;
  • to administer and manage the provision of such diagnostic imaging services, and associated therapeutic services including charging and billing;
  • to interpret results and provide reports and advice to a referring medical practitioner specialist or allied health professional in relation to the results of health services performed by the Qscan Group;
  • to ensure patient medical records are correctly linked with relevant healthcare professionals;
  • to manage our relationship with you including to contact you for follow up purposes, respond to your queries via telephone, online or by post, and send you correspondence in relation to services performed by the Qscan Group (for example, reminding patients of an appointment);
  • to verify and update personal information held by us;
  • to review, develop and improve our products and services and undertake quality assurance exercises (such as audits, accreditations, training or complaint handling);
  • to undertake market research, review referral patterns and perform statistical analysis;
  • to customise services and provide educational resources for clinicians, practice managers and auxiliary staff;
  • to comply with legal or regulatory obligations;
  • to recruit personnel; and
  • for other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent.

Our range of products and services and our functions and activities may change from time to time.

If you provide your email address, telephone and/or mobile phone number, you also consent to the Qscan Group using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.

What kinds of personal information does the Qscan Group collect and hold?
In the course of our business, the Qscan Group may collect personal information about you that is necessary for us to perform our functions and activities.  The Qscan Group will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.

The types of personal information we may collect and hold may vary depending on the nature of our interaction with you and may include:

Patients

  • Name, address and contact details (telephone and email);
  • Date of birth;
  • Gender;
  • Emergency contact details for your nominated emergency contact person;
  • Credit card and payment details;
  • Commonwealth identifiers (such as Medicare numbers);
  • Details of private health insurance arrangements;
  • Details of complaints and feedback about services provided by the Qscan Group; and
  • Health information including:
  • Medical history, test results (e.g. blood test results and pathology results) and results of previous scans;
  • Information that has been provided by a patient’s referring medical practitioner or specialist;
  • WorkCover claim numbers and claim details if necessary;
  • Details of the patient’s medical provider/s such as general practitioners, specialist practitioners and/or allied health professionals; and
  • Preferences for future provision of health

If the required personal information is not provided by a patient, the Qscan Group may not be able to perform the necessary medical service due to safety risks and legal requirements.

Referring healthcare practitioners and healthcare practitioners who engage Qscan to provide them with facilities and services

  • Name, address and contact details (telephone, fax and email);
  • Areas of specialization;
  • Referrer provider number;
  • Referral trends;
  • IT system details and requirements;
  • Preferences for current and future provision of health services; and

Details of complaints and feedback about services provided by the Qscan Group.

Prospective, current and past employees, contractors and service providers

  • Name, address and contact details (telephone and email);
  • Application letters;
  • Resume; and

If the required personal information is not provided, the Qscan Group may not be able to engage with you in the manner requested by you (for example, the Qscan Group will not be able to offer you employment or, if you are a healthcare professional, provide you with access to our web-based portals).

Remaining anonymous or using a pseudonym
Due to the nature of the Qscan Group’s services it is not possible for persons to deal with the Qscan Group anonymously or by using a pseudonym. The reasons for this are because:

  • The Qscan Group services, including diagnosis and advice, may be seriously and negatively affected;
  • The risk to patient safety would be unacceptable and would contravene the Commission for Quality and Safety in Healthcare’s Patient Identification Safety Standards;
  • It may result in mismatching of patient information and results;
  • It may negatively impact on communication between the Qscan Group and the patient’s treatment providers; and
  • The patient may not be able to claim under Medicare or from their private health
  • Mandatory legal requirement for Qscan to hold accurate medical records.

How and when is personal information collected by the Qscan Group?
The Qscan Group may collect your personal information in a number of ways including through application forms, claims forms and correspondence (written and verbal).

If you are a patient, collection of personal information may occur throughout the various stages of medical imaging/treatment including:

  • At any time when your details are referred to the Qscan Group;
  • At the time of contacting the Qscan Group to make an enquiry or to book an appointment over the phone or online;
  • On arrival at the Qscan Group’s clinic when completing/signing the patient information/consent forms;
  • When completing any applicable safety questionnaires;
  • On first contact with a technical staff member;
  • During and after diagnostic imaging services, and associated therapeutic services has been provided; and
  • At the time of billing you for a Qscan Group

If you are a patient, the Qscan Group typically collects your personal information directly from you but may also collect your personal information from:

  • Your health service provider, practitioner, specialist or allied health professional
  • Your private health insurer, Medicare or another organisation that is funding the provision of our services to you;
  • Your family (or someone who is authorised to act as your representative); or
  • Other sources as necessary to provide a Qscan Group

If you are a healthcare professional, the Qscan Group typically collects your personal information directly from you or from your patient or other healthcare professionals.

If you are a prospective or current employee, the Qscan Group may collect your personal information from third parties such as recruitment agencies.

If we receive unsolicited personal information which we would not normally have collected and this information is not relevant to us providing a service to you, we will destroy or de-identify the information.

How does the Qscan Group hold personal information?
The Qscan Group will hold your personal information securely in accordance with the requirements under the Privacy Act. Personal information may be held in the following formats:

  • Hard copy onsite or in secure storage facilities;
  • Electronically in a secure format and environment;
  • Digital audio recordings;
  • Digital cine-loops (sequence of individual frames)
  • Digital and hard copy images

To the extent required by the Privacy Act, the Qscan Group takes reasonable measures to ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification and disclosure. This includes:

  • Having appropriate policies, procedures and training in place for staff; and
  • Implementing security procedures for business premises and IT

Unless the Qscan Group is required to retain your personal information in accordance with legislative and regulatory requirements, the Qscan Group will take reasonable steps to destroy and/or de-identify your personal information in secure manner once it is no longer necessary to hold the information for the provision of services to you.

Disclosure of personal information
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third parties including:

  • Where there is a serious threat to life, health and/or safety;
  • Treating medical provider/s (including allied health professionals) so that they can manage the patient’s health condition and other healthcare professionals to whom we may refer the patient for further healthcare services;
  • Organisations that are funding the provision of our services to the patient such as government organisations (including Medicare Australia) and private health insurers;
  • Healthcare professionals who engage us to provide them with facilities and services;
  • Our related bodies corporate;
  • Regulatory authorities;
  • Courts, Tribunals or the police as required or authorised under an Australian law;
  • Local or offshore service providers who assist us in carrying out our functions and activities such as software providers, IT service providers, data storage providers, communications providers, medical reporting service providers, medical transcription service providers and debt collection agencies for recovering unpaid invoices; and
  • Parties involved in a prospective or actual transfer of our assets or business.

In addition, your images and reports are made available to all medical providers (including allied health professionals) who have been granted access to the Qscan Group’s web based portals, including medical providers who are not involved in your care.  Please refer to the section of this privacy policy titled “Access to your information via web based portals” for more information.

Consent to Collect, Hold, Use and Disclose your Personal Information
If you are a patient, in most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), the Qscan Group will obtain consent for the purposes for which we intend to collect, hold, use and disclose your personal information. In the event that you are unable to provide or communicate your consent, the Qscan Group may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary in order to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise.

You may choose not to provide the Qscan Group with consent for the collection, use and disclosure of your personal information, however, this may mean that the Qscan Group is unable to provide the health services required.

Transfer of personal information overseas
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third party service providers located overseas.  For example, the Qscan Group uses Microsoft Office 365 (but not for patient data) whose data centres are located in Hong Kong, Singapore and South Korea and a medical transcription service located in the Philippines.

While we typically store all patient data locally in Australia, some healthcare professionals who refer patients to us or who undertake medical reporting for us may be located overseas and access patient data held by us from overseas.

If you are participating in a clinical trial, your personal information may be disclosed overseas to the country in which the clinical trial is being conducted.

In the event the Qscan Group transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to trans-border data flows.

Access to personal information
At your request, the Qscan Group will provide you with access to your personal information held by the Qscan Group subject to some limited exceptions permitted by law. If you wish to request access to your personal information held by the Qscan Group, please contact our Quality Coordinator whose details are in the “Contacting the Qscan Group” section of this privacy policy. The Quality Coordinator will advise you of any action that you need to take in order to access your personal information, which may include visiting the nearest Qscan site and providing valid photo ID (eg. Driver’s license, passport etc).

Accurate and up-to-date personal information
The Qscan Group will take reasonable steps to ensure that your personal information is accurate, up-to-date and complete. This will include:

  • Confirming personal information when arranging appointments and at each attendance or meeting; and
  • Carrying out patient identification checks in accordance with relevant patient

If you need to correct or update your personal information, please contact the Quality Coordinator (whose details are in the “Contacting the Qscan Group” section of this privacy policy) as soon as possible. The Quality Coordinator will advise you of any action that you need to take in order to correct or update your personal information, which may include visiting the nearest Qscan site and providing valid photo ID (eg. Driver’s license, passport etc).

Access to your information via web-based portals
The Qscan Group uses secure web-based password protected portals to allow:

  • referring medical practitioners, specialists or allied health professionals;
  • healthcare professionals to whom we provide facilities and services; and
  • personnel who the above mentioned health professionals are directly responsible for in their clinical practice (Responsible Persons), to access all images and reports prepared by the Qscan Group (including current and historical images and reports).

These health professionals and their Responsible Persons are able to access these web-based portals with a unique provider number, subject to the health professional agreeing to comply with terms and conditions relating to access, privacy and confidentiality and ensuring that their Responsible Persons comply with these terms and conditions. By agreeing to these terms and conditions, the health professional confirms that the health professional will, and will ensure that their Responsible Persons will, only access information that is required for the health professional to provide a medical service to the health professional’s patients (and not the information of other Qscan patients stored in the portals) and that the information will not otherwise be used, knowingly shared or disclosed for any other purpose.

Our systems track, record and store all access activities on every patient file. Qscan frequently monitors the use of this service and takes all reasonable steps to ensure that the system is being used appropriately for its intended purpose.

Online privacy and information submitted electronically
Our website contains forms for people to request information, book an appointment or supply feedback. In some cases, telephone numbers and email addresses are required. This information will only be used for the intended purpose. The Qscan Group may track and report website traffic, but this data will not reflect any identifying information. Personal information submitted electronically via our online booking form will be subject to this privacy policy.

Privacy complaints
If you have a complaint about your privacy, you can contact our Quality Coordinator directly (the Quality Coordinator’s details are in the “Contacting the Qscan Group” section of this privacy policy). The Qscan Group will investigate your complaint and will endeavour to provide you with a response as soon as possible.

If you are unhappy with our response, you can contact the Office of the Australian Information Commissioner (Privacy Commissioner) on the telephone contact number below, or through their website.

Privacy Commissioner Number: 1300 363 992

Office of the Australian Information Commissioner: www.privacy.gov.au/complaints

Contacting the Qscan Group
Individuals are welcome to ask any questions regarding privacy and the way that Qscan Group manages personal information.

The contact details for the Quality Coordinator are:

Phone: (07) 3357 0970
Email: quality.management@qscan.com.au
Web:    www.qscan.com.au

Address:  PO Box 222 RBH Post Office Herston Q 4029