Privacy Policy

Introduction
At Dr. Hamish Shilton's medical practice, we are committed to protecting your privacy and ensuring the security of your personal information in compliance with the Australian Privacy Act 1988 (Cth) ("the Act"). This Privacy Policy outlines how we collect, use, disclose, and store your personal information, including information related to your My Health Record, as well as your rights regarding that information.

Collection of Personal Information
We collect personal information necessary to provide you with medical and surgical services. The types of personal information we may collect include:

  • Your name, address, date of birth, and contact details.

  • Medical history, test results, and treatment information.

  • Medicare, private health insurance, or other billing information.

  • Emergency contact details.

How We Collect Personal Information
We collect your personal information directly from you in the following ways:

  • When you book an appointment.

  • When you complete patient registration forms.

  • During consultations.

  • Through communication via phone, email, or other channels.

In certain cases, we may also collect personal information from third parties, such as other healthcare providers, pathology or diagnostic imaging services, or your health insurer, but only with your consent and when necessary.

Use of Personal Information
We use your personal information to:

  • Provide you with medical and surgical care.

  • Communicate with you about your treatment.

  • Manage and improve our services.

  • Process payments and manage billing.

  • Comply with legal and regulatory obligations.

Use of Artificial Intelligence (AI) in Documentation
To enhance the accuracy and efficiency of medical documentation, our clinic may utilise secure, AI-powered transcription tools to assist in the dictation of clinical consults. These tools are used solely to convert spoken medical notes into written form and are operated in compliance with applicable privacy laws, including the Privacy Act 1988 and the My Health Records Act 2012. All data processed by the AI system is encrypted and handled with strict confidentiality. No identifiable patient information is shared with third parties outside of this purpose, and all records remain securely stored within our clinic’s electronic medical record system.

Disclosure of Personal Information
We may disclose your personal information to:

  • Other healthcare professionals involved in your care.

  • Pathology and diagnostic imaging services.

  • Medicare, private health insurers, or other payment entities.

  • Regulatory authorities or as required by law.

We will not disclose your personal information to third parties for marketing purposes without your explicit consent.

Storage and Security of Personal Information
We take reasonable steps to ensure your personal information is stored securely and protected from misuse, loss, unauthorised access, modification, or disclosure. These measures include:

  • Secure electronic record systems.

  • Restricted access to physical records.

  • Regular staff training on data privacy and security.

While we take all due care to protect the security and confidentiality of the information you provide, we cannot guarantee that our systems will be entirely free from third-party interception or cyber-attacks. However, we take reasonable precautions, such as using up-to-date anti-virus software, data encryption, and limiting staff access to clinical records, to minimise these risks.

Access and Correction of Personal Information
You have the right to access your personal information and request corrections if it is inaccurate, incomplete, or outdated. To update or correct your information, please contact us at (03) 9923 8066. We will respond to your request in a timely manner.

Complaints
If you believe we have breached your privacy or if you have a complaint about the handling of your personal information, please contact us. We will investigate the issue and respond promptly. If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

My Health Record Access Policy
Our practice is committed to safeguarding the privacy and security of your health information, including information stored in your My Health Record. Below is an outline of how we manage and protect your My Health Record data:

Patient Control and Access Management
You have the right to manage and control access to your My Health Record. Through privacy settings, you can choose who may view your records and specify which documents can be accessed. You can also set a Record Access Code for added security, restricting unauthorised access to your health information.

Access Limitations
Access to your My Health Record is strictly limited to healthcare providers who are directly involved in your care and have a legitimate need to view your information. Access is granted only for purposes related to your medical treatment and care.

Data Security
We are committed to ensuring the security and confidentiality of your health information. All data within the My Health Record system is protected by stringent security measures, including encryption, authentication, and secure storage, to prevent unauthorised access, alteration, or disclosure.

Disclosure of Information
In certain circumstances, your My Health Record information may be disclosed, such as in emergencies, when required by law, or with your explicit consent for secondary purposes, such as research. Any disclosure will be made in accordance with your preferences and applicable privacy laws.

Compliance with Legislation
We comply fully with Australian privacy laws, including the My Health Records Act 2012 and the Privacy Act 1988, ensuring all health information is managed securely and in line with legal requirements.

Access Controls and Accountability
Healthcare providers accessing your records will use unique login credentials. All access to your My Health Record is tracked and monitored. Any unauthorised access attempts will be addressed, and our practice will take appropriate action to ensure compliance with security protocols.

Data Sharing and Consent
Your health information within the My Health Record may be shared with other healthcare providers involved in your care when necessary. For non-medical purposes, such as research, explicit consent will be obtained from you before sharing your information.

Data Retention and Deletion
Your My Health Record information will be retained for as long as necessary for medical care purposes. When data is no longer required or upon your request, it will be deleted in accordance with retention policies and legal requirements.

Breach Notification
If a data breach occurs affecting your My Health Record information, we will promptly notify you and take appropriate steps to address and resolve the situation. We are committed to protecting your data and ensuring transparency in the event of a breach.

Contact Us
For more information about this Privacy Policy, or to make a request or complaint, please contact us at:
Dr. Hamish Shilton’s Rooms
Suite 19, Cabrini Hospital
183 Wattletree Rd, Malvern VIC 3144
Phone: (03) 9923 8066
Email: admin@shilton.net.au

Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the law or our practices. The updated Privacy Policy will be available on our website and at our practice.
Effective Date: 1/7/2025