Introduction
We are committed to protecting the privacy of patient information and to handling your
personal information in a responsible manner in accordance with the Privacy Act 1988, the
Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy
Principles (APPs) and also complies with the Health Records and Information Privacy Act
2002(NSW) and NSW Health Privacy Principles.
This Privacy Policy is to inform you of:
- the kinds of information that we collect and hold, which, as a medical practice, is likely to
be ‘health information’ for the purposes of the Privacy Act;
- how we collect and hold your personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you may access your personal information and how you may seek the correction of
any information;
- how you may make a complaint about a breach of privacy legislation and how we will
deal with such a complaint;
- whether we are likely to disclose personal information to overseas recipients;
This Privacy Policy is current from 1 March 2014. From time to time we may make
changes to our policy, processes and systems in relation to how we handle your personal
information. We will update this Privacy Policy to reflect any changes. Those changes will
be available on our website and in the practice.
Collection
We collect information that is necessary and relevant to provide you with medical care and
treatment, and manage our medical practice. The type of information we may collect and
hold includes:
- Your name, address, date of birth, gender, email and contact details.
- Medicare number, DVA number and other government identifiers, although we will not
use these for the purposes of identifying you in our practice
- Health information including symptoms, diagnosis and treatment given, photos of your
condition if appropriate, referrals and test results and other specialist reports,
appointment and billing details, prescriptions and family history.
This information is stored on our computer medical records system.
Wherever practicable we will only collect information from you personally or from a person
responsible for you. However, we may also need to collect information from other sources such as treating general practitioners, specialists, radiologists, pathologists, hospitals and
other health care providers.
We collect information in various ways, such as over the phone or in writing, in person in
our rooms or via email with your consent. This information may be collected by medical
and non-medical staff.
In emergency situations we may also need to collect information from your relatives or
friends. We may be required by law to retain medical records for certain periods of time
depending on your age at the time we provide services.
Use and Disclosure
We will treat your personal information as strictly private and confidential. We will only use
or disclose it for purposes directly related to your care and treatment, or in ways that you
would reasonably expect that we may use it for your ongoing care and treatment. For
example, the disclosure of blood test results to your general practitioner, another specialist
or requests for x-rays.
It may also be necessary for our staff to handle your file from time to time to address the
administrative requirements of running a medical practice. Our staff members are bound
by strict confidentiality requirements as a condition of employment and these requirements
will be observed if it is necessary for them to view your records.
There are circumstances where we may be permitted or required by law to disclose your
personal information to third parties. For example, to Medicare, Police, insurers, solicitors,
government regulatory bodies, tribunals, courts of law, hospitals, or debt collection agents.
We may also from time to time provide statistical data to third parties for research
purposes.
We may disclose information about you to outside contractors to carry out activities on our
behalf, such as an IT service provider, solicitor or debt collection agent. We impose
security and confidentiality requirements on how they handle your personal information.
Outside contractors are required not to use information about you for any purpose except
for those activities we have asked them to perform.
Data Quality and Security
We will take reasonable steps to ensure that your personal information is accurate,
complete, up to date and relevant. For this purpose our staff may ask you to confirm that
your contact details are correct when you attend a consultation. We request that you let us
know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by:
• securing our premises;
• placing a passphrase and varying access levels on databases to limit access and protect
electronic information from unauthorised interference, access, modification and
disclosure.
Corrections
If you believe that the information we have about you is not accurate, complete or up-todate, we ask that you contact us via the phone or in writing (see details below).
Access
You are entitled to request access to your medical records. We request that you put your
request in writing and we will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies
of your medical records.
We may deny access to your medical records in certain circumstances permitted by law,
for example, if disclosure may cause a serious threat to your health or safety. We will
always tell you why access is denied and the options you have to respond to our decision.
Complaints
If you have a complaint about the privacy of your personal information, we request that you
contact us in writing addressed to Dr Becker and marked Private and Confidential. Upon
receipt of a complaint we will consider the details and attempt to address your complaint
within 30 days.
If you are dissatisfied with our handling of a complaint or the outcome you may make an
application to the Australian Information Commissioner or the Privacy Commissioner in
NSW.
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Fax: +61 2 9284 9666
Post: GPO Box 5218
Sydney NSW 2001
Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint
Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying
themselves, or of using a pseudonym, when dealing with our practice, except in certain
circumstances, such as where it is impracticable for us to deal with you if you have not
identified yourself.
Overseas Transfer of Data
We will not transfer your personal information to an overseas recipient unless we have
your consent or we are required to do so by law.
Dr. Gerrie Becker Dermatologist January 2018 Version 3
Suite 214, Specialist Medical Centre, 343 Pacific Highway, Coffs Harbour NSW 2450 March 2025
Use of Artificial Intelligence
Dr Becker uses the Medow AI scribe to assist with general clinical notes and letter writing.
Dr Becker will obtain your consent to use the AI scribe at the beginning of the consultation.
Medow adheres to the Australian Privacy Act 1988 and the Australian Privacy Principles.
The voice recordings are processed in real-time and automatically deleted within 7 days,
with only essential diagnostic and documentation retained.
All clinical data remains under the ownership and control of Dr Becker. Medow Health acts
solely as a processor, never as data owner.
Medow Health strip personally identifiable information before processing the data,
ensuring that the AI never works on anything that can be traced back to an individual.
Clinical data is never shared or sold to third parties. It will never be used to refine external
datasets or AI models.
Data Breaches
A data breach is when personal information held by the practice is lost or subjected to
unauthorised access, modification, disclosure, or other misuse or interference. Examples
of a data breach are when a device containing personal information of clients is lost or
stolen, an entity’s database containing personal information is hacked or an entity
mistakenly provides personal information to the wrong person.
We have a legal requirement to notify affected people and the regulator of certain data
breaches. A data breach will be handled according to our Data Breach Response Plan.
Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology,
changes to our operations and other necessary developments. Updates will be publicised
on the practice’s website.
Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology,
changes to our operations and other necessary developments. Updates will be publicised
on the practice’s website.
Contact
Please direct any queries, complaints, requests for access to medical records in writing to:
Coffs Coast Dermatology PO Box 6528
Coffs Harbour Plaza NSW 2450
If you need to update the details we have on file you can phone us on:
02 6651 7000
