Privacy Policy

Qscan Privacy Policy

March 2018

1. Purpose

 Qscan Radiology Clinics (Qscan) is committed to the protection of your personal and health related information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. This privacy policy explains how Qscan collects, uses, holds, and discloses personal information, including your health information and other sensitive information.

Qscan and its related entities are bound by the Commonwealth Privacy Act 1988 (Privacy Act) with regards to the collection, use, holding and disclosure of personal information.

Qscan’s privacy policy is available from any Qscan location and on our website

2. Scope

Who does Qscan’s privacy policy apply to?
Qscan’s privacy policy applies to any person for whom Qscan currently holds, or may in the future, collect their personal information, including health information.

What information does the privacy policy apply to?
Qscan’s privacy policy applies to personal information. Personal information is information (including health information) or opinions about a person who can be identified or whose identity can be reasonably ascertained from the information.

3. Policy

Why does Qscan collect personal information?
Qscan collects personal information to:

  • Provide medical imaging services to patients;
  • Provide services to referring medical and health professionals for their patients;
  • Provide advice and information in relation to how the service will be or has been provided;
  • Administer and manage the provision of such services, including charging and billing, which in cases of overdue accounts may involve Qscan passing on your information to a debt collection agency;
  • Providing advice to a referring medical practitioner or specialist in regards to the results of services performed by Qscan
  • For the purposes of prospective employment with Qscan, Qscan may collect information from or about prospective employees. This information is used for purposes related to selecting a person for employment with Qscan.

What kinds of personal information does Qscan collect and hold?
Qscan may collect and hold personal information including (but may not be limited to):


  • Name, address, contact details (telephone and email);
  • Date of birth;
  • Gender;
  • Emergency contact details for your nominated emergency contact person;
  • Preferences for future provision of health services;
  • Details of complaints and feedback about Qscan

Clinicians, Practice Managers and Ancillary Staff

  • Name, address, contact details (telephone, fax and email);
  • Areas of specialization;
  • Referral trends;
  • IT system details and requirements;
  • Preferences for current and future provision of health services;
  • Details of complaints and feedback about Qscan

Prospective Employees

  • Name, address, contact details (telephone and email);
  • Application letters;
  • Resume;
  • References.

If the required personal information is not provided, Qscan may not be able to perform the necessary medical service due to safety risks and legal requirements.

What sensitive and health information does Qscan collect and hold?
All Qscan staff are bound by a strict legal duty of confidentiality as specified in Australian Privacy Act. Qscan may collect and hold sensitive and health information reasonably or directly related to patient’s activities within Qscan. Information including (but may not be limited to):


  • Medical history, test results (e.g. blood test results and pathology results) and results of previous scans;
  • Details of private health insurance arrangements;
  • Information that has been provided by a patient referring medical practitioner or specialist;
  • Financial information, such as credit information, banking details and credit card numbers;
  • Medicare number, pension number, Veteran Affairs details and concession cards;
  • WorkCover claim numbers and claim details if necessary;
  • Details regarding legal claims if applicable;
  • Medical provider/s details, such as your general practitioners and specialist practitioners or allied health professionals;
  • Information that has been provided on your behalf when authorised (for example, a family member or authorised representative);
  • Other information required for Qscan functions and activities that Qscan may collect directly from you (either verbally or in writing) or information that we have collected from you when you have called us, written to us, or visited Qscan;
  • Any information that we are required to collect under a Court or Tribunal order or under an Australian Law.

Clinicians, Practice Managers and Ancillary Staff

  • Medicare provider numbers and billing information

Remaining anonymous or using a pseudonym
Due to the nature of Qscan’s services it is not possible for persons to deal with Qscan anonymously or by using a pseudonym. The reasons for this are because:

  • Qscan services, including diagnosis and advice, may be seriously and negatively affected;
    • The risk to patient safety would be unacceptable and would contravene the Commission for Quality and Safety in Healthcare’s Patient Identification Safety Standards;
    • It may result in mismatching of patient information and results;
    • It may negatively impact on communication between Qscan and the patient’s treatment providers;
    • The patient may not be able to claim under Medicare or Private Health

How and when is personal information collected at Qscan?
Qscan will only collect information that is necessary to perform the services provided. Collection of personal information may occur throughout the various stages of medical imaging including:

  • At any time when your details are referred to Qscan;
  • At the time of contacting Qscan to make an enquiry or to book an appointment over the phone or online;
  • On arrival at Qscan when completing/signing the patient information/consent forms;
  • When completing any applicable safety questionnaires;
  • On first contact with a technical staff member;
  • During and after medical imaging has been provided;
  • At the time of billing you for a Qscan

Qscan will only collect information that is necessary to perform the services provided.

  • Your health service provider, practitioner, specialist, allied health professional, private health insurer or Medicare;
  • Your family (or someone who is authorised to act as your representative);
  • Other sources as necessary to provide a Qscan

If we receive unsolicited personal information which we would not normally have collected and this information is not relevant to us providing a service to you, we will destroy or de-identify the information.

How does Qscan hold personal information?
Qscan will hold your personal information securely in accordance with the requirements under the Privacy Act. Personal information may be held in the following formats:

  • Hard copy onsite or in secure storage facilities;
  • Electronically in a secure format and environment;
  • Digital audio recordings;
  • Digital and hard copy

Qscan will take all reasonable measures to ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification and disclosure. This includes:

  • Having appropriate policies, procedures and training in place for staff;
  • Implementing security procedures for business premises and IT systems;
  • Ensuring sensitive personal information can only be accessed by authorised users for the purpose of providing the relevant health service;
  • Where personal and sensitive information is requested the person is authorized to do so and meets the identification requirements;
  • Unless Qscan is required to retain your information in accordance with legislative and regulatory requirements, Qscan will take reasonable steps to destroy and/or de-identify your personal information once it is no longer necessary to hold the information for the provision of services to

How does Qscan use your personal information?
Qscan may use your personal information to:

  • Provide patients with a treatment or service;
  • Interpret results and prepare reports in relation to Qscan services that have been performed, or in relation to a patient’s health for treating practitioners, specialists or allied health professionals;
  • Send you correspondence in relation to services performed by Qscan (for example, reminding you of an appointment or asking you to update your details);
  • Notify Qscan’s legal advisors or insurers when it is necessary to do so for the purposes of obtaining advice or defending a claim;
  • Customize services and provide educational resources for clinicians, practice managers and auxiliary staff;
  • Ensure patient medical records are correctly linked with relevant healthcare providers;
  • Undertake quality assurance exercises (such as audits, accreditations, training or complaint handling);
  • Process internal administrative procedures such as invoicing and billing;
  • Respond to enquiries via telephone, online or by post;
  • Make decisions regarding employment of prospective

Disclosure of personal information
In certain circumstances, Qscan may need to disclose your personal information to third parties in circumstances such as:

  • Where there is a serious threat to life, health and/or safety;
  • Your medical provider/s (including allied health professionals) in supplying medical treatment and care;
  • Other institutions directly related to your medical treatment such as health funds for billing, processing of claims and auditing purposes;
  • Governments, Courts or Tribunals as required or authorised under an Australian law;
  • Local or offshore partners of whom we have contracts with to provide services to Qscan (under strict and compliant privacy conditions);
  • Management, service monitoring, evaluation and complaint handling;
  • Other legislative and regulatory compliance requirements;
  • Quality control and internal auditing;
  • Accreditation activities;
  • A debt collection agency for recovering unpaid invoices;
  • Preparing a defence for anticipated or existing legal proceedings;
  • Activities directly related to the provision of health services to you, in circumstances where you would reasonably expect disclosure, or have already consented to disclosure

Consent to Collect, Use and Disclose your Personal Information
In most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), Qscan will obtain consent for the purposes for which we intend to collect, use and disclose your personal and sensitive information. In the event that you are unable to provide or communicate your consent to disclose, Qscan may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary in order to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise.

You may choose not to provide Qscan with consent for the collection, use and disclosure of your personal, sensitive and health information, however, this may mean that Qscan is unable to provide the health services required.

Third Party providers
Qscan has arrangements with third party providers, such as for the purposes of providing medical reporting services to Qscan. In engaging third party providers, Qscan will take all reasonable steps to protect your personal information from misuse, interference, loss and from unauthorised access, modification or disclosure. This includes third party providers being required to provide services to Qscan under a contract that requires adherence to Australian privacy law.

Qscan also has arrangements with third parties that provide medical reporting, storage, data and communication solutions inside and outside of Australia. These third parties provide infrastructure for data transfer that may include personal information for the purposes of securely holding and storing information on behalf of Qscan. Qscan takes reasonable steps to ensure that these third-party service providers are compliant with Australian privacy legislation.

Access to personal information
At Qscan we believe that it is best for patients to consult with their referring health provider about their results. This allows the results to be explained in the context of any further testing and the patient’s ongoing treatment. Reports and images will be provided to the health providers involved in a patient’s treatment.

At your request, Qscan will provide you with access to your personal information subject to some limited exceptions permitted by law. If you wish to request access to your personal information held by Qscan, please contact our privacy officer whose details are in the “Contact” section of this policy. Such requests must be made in writing and suitable proof of identity must be provided

Accurate and up-to-date personal information
Qscan will take reasonable steps to ensure that your personal information is accurate, up-to-date and complete. This will include:

  • Confirming personal information when arranging appointments and at each attendance or meeting
  • Carrying out patient identification checks in accordance with relevant patient standards

If you need to correct or update your information, please contact the Quality Coordinator as soon as possible. It is suggested that you:

EXPLANATION OF QC- steps: QC will advise the patient to visit the nearest Qscan site, bring a valid ID, eg. Driver’s license, Medicare etc. QC will organise an appointment between our customer service leader and patient to facilitate the process)

  • Advise Qscan of any errors you notice regarding your personal and health
  • Provide details of why information may be inaccurate, incomplete, out of date or misleading.
  • Update Qscan if there are any changes to your personal

Access to your information via Qscan iQ, Inteleviewer and Medinexus
Qscan IQ, Inteleviewer and Medinexus are secure web-based password protected portals which allow referring medical practitioners, specialists or allied health professionals to access images and reports prepared by Qscan.

These professionals are able to access Qscan iQ and/or Inteleviewer with a unique provider number, subject to the professional entering into access and confidentiality agreements. By accepting these agreements, the user confirms that the information is required to provide a medical service and that it will not otherwise be used, knowingly shared or disclosed for other purposes.

Our systems track, record and store all access activities on every patient file. Qscan frequently monitors the use of this service and takes all reasonable steps to ensure that the system is being used appropriately for its intended purpose.

Online privacy and information submitted electronically
Qscan’s website contains forms for people to request information, book an appointment or supply feedback. In some cases, telephone numbers and email addresses are required. This information will only be used for the intended purpose. Qscan may track and report website traffic, but this data will not reflect any identifying information. Personal and health information submitted electronically via Qscan’s online booking form will be subject to the same privacy policy and such principles as discussed throughout this document.

Notifiable Data Breaches
Qscan has a systematic and effective response to data breaches as stipulated in Qscan’s Notifiable Data Breach Action Plan (PP-QA-24). When receiving a data breach report, this occurrence will be lodge in Q-Pulse within 24 hours. Qscan Management will endeavour to remove the risk of harm to individuals as required by the Office of the Australian Information Commissioner (OIAC).

Privacy complaints
If you have a complaint about your privacy, you can contact our Quality Coordinator directly. Qscan will investigate your complaint and will endeavour to provide you with a response as soon as possible.

If you are unhappy with our response, you can contact the Office of the Australian Information Commissioner (Privacy Commissioner) on the telephone contact number below, or on their website.

Privacy Commissioner Number: 1300 363 992

Office of the Australian Information Commissioner:

Contacting Qscan
Individuals are welcome to ask any questions regarding privacy and the way Qscan manages personal information, complain about the handling of your own information or request access to your personal information.

The contact details for the Quality Coordinator are:

Phone: (07) 3357 0970

Address:  PO Box 222 RBH Post Office Herston Q 4029

2.0 Related Documents

  • PP-QA-024 Notifiable Data Breaches Action Plan

3.0 References

  • Privacy Act 1988 (Cth)
  • Data Breach Preparation and Response- A Guide to managing data breaches in accordance with the Privacy Act 1988 (CTH), OAIC Feb. 2018