Envision Medical Imaging Privacy Policy

Qscan Privacy Policy

June 2021

 

1.0 Statement

Qscan Group inclusive of all business units, have a commitment to be the premier radiology specialist provider for its Patients and Referrers.

This Policy outlines how we are subjected to several obligations to protect the privacy, security, and confidentiality of personal information. Depending on the circumstances, these may include the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (the Privacy Act) and laws relating to the protection of health records. The purpose of this policy is to clearly communicate how we collect and manage personal information.


2.0 Purpose

2.1 The Qscan Group (“Qscan”) is a collection of related organisations that provide diagnostic imaging services and associated therapeutic services. The Qscan Group (“Qscan”) operates through several brands https://qscan.wpengine.com/locations/

2.2 The Qscan Group is committed to the protection of your personal and health related information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles. This privacy policy explains how the Qscan Group collects, uses, holds, and discloses personal information, including your health information and other sensitive information.

2.3 The Qscan Group is obliged to comply with the Privacy Act with regards to the collection, use, holding and disclosure of personal information.

2.4 The Qscan Group’s privacy policy is available from any Qscan Group location and on our website https://qscan.wpengine.com/privacy-policy/


3.0 Scope

Who does this privacy policy apply to?

This privacy policy applies to you only to the extent that the collection and handling of your personal information by the Qscan Group is subject to the Privacy Act and/or any State/Territory health records legislation.

This privacy policy applies to all Qscan Group companies.  A current list of all Qscan Group companies can be accessed at https://qscan.wpengine.com/locations/

 

What information does the privacy policy apply to?

Qscan’s privacy policy applies to personal information. Personal information is information or an opinion about an identified person, or a person who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.

Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.

In this privacy policy, all references to personal information include sensitive information unless indicated otherwise.


4.0 Purposes of collection, use & disclosure of personal information

Why does the Qscan Group collect, hold, use and disclose personal information?

In general, the Qscan Group collects, holds, uses and discloses personal information:

4.1 To provide diagnostic imaging services, and associated therapeutic services to patients.

4.2 To provide services to referring medical and health professionals for their patients including access to our web-based portals.

4.3 To provide advice and information in relation to how the diagnostic imaging services and associated therapeutic services will be or has been provided.

4.4 To administer and manage the provision of such diagnostic imaging services, and associated therapeutic services including charging and billing.

4.5 To interpret results and provide reports and advice to a referring medical practitioner specialist or allied health professional in relation to the results of health services performed by the Qscan Group.

4.6 To ensure patient medical records are correctly linked with relevant healthcare professionals.

4.7 To manage our relationship with you including to contact you for follow up purposes, respond to your queries via telephone, online or by post, and send you correspondence in relation to services performed by the Qscan Group (for example, reminding patients of an appointment).

4.8 To verify and update personal information held by us.

4.9 To review, develop and improve our products and services and undertake quality assurance exercises (such as audits, accreditations, training, or complaint handling).

4.10 To undertake market research, review referral patterns and perform statistical analysis.

4.11 To customise services and provide educational resources for clinicians, practice managers and auxiliary staff.

4.12 To comply with legal or regulatory obligations.

4.13 To recruit personnel.            

4.14 And for other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent.

 

Our range of products and services and our functions and activities may change from time to time.
If you provide your email address, telephone and/or mobile phone number, you also consent to the Qscan Group using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.


5.0 What kinds of personal information does the Qscan Group collect and hold?

In the course of our business, the Qscan Group may collect personal information about you that is necessary for us to perform our functions and activities.  The Qscan Group will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner. 

The types of personal information we may collect, and hold may vary depending on the nature of our interaction with you and may include:

Patients

5.1 Name, address and contact details (telephone and email).

5.2 Date of birth.

5.3 Gender.

5.4 Emergency contact details for your nominated emergency contact person.

5.5 Credit card and payment details.

5.6 Commonwealth identifiers (such as Medicare numbers).

5.7 Details of private health insurance arrangements.

5.8 Details of complaints and feedback about services provided by the Qscan Group; and

5.9 Health information including:

5.9.1 Medical history, test results (e.g., blood test results and pathology results) and results of previous scans.

5.9.2 Information that has been provided by a patient’s referring medical practitioner or specialist.

5.9.3 WorkCover claim numbers and claim details if necessary.

5.9.4 Details of the patient’s medical provider/s such as general practitioners, specialist practitioners and/or allied health professionals; and

5.9.5 Preferences for future provision of health services.

 

If the required personal information is not provided by a patient, the Qscan Group may not be able to perform the necessary medical service due to safety risks and legal requirements.


6.0 Referring healthcare practitioners and healthcare practitioners who engage Qscan to provide them with facilities and services

 

6.1 Name, address and contact details (telephone, fax and email);

6.2 Areas of specialization.

6.3 Referrer provider number.

6.4 Referral trends.

6.5 IT system details and requirements.

6.6 Preferences for current and future provision of health services; and

6.7 Details of complaints and feedback about services provided by the Qscan Group.


7.0 Prospective, current, and past employees, contractors, and service providers

7.1 Name, address, and contact details (telephone and email).

7.2 Application letters.

7.3 Resume and

7.4 References 

 

If the required personal information is not provided, the Qscan Group may not be able to engage with you in the manner requested by you (for example, the Qscan Group will not be able to offer you employment or, if you are a healthcare professional, provide you with access to our web-based portals).


8.0 Remaining anonymous or using a pseudonym

Due to the nature of the Qscan Group’s services it is not possible for persons to deal with the Qscan Group anonymously or by using a pseudonym. The reasons for this are because:

8.1 The Qscan Group services, including diagnosis and advice, may be seriously and negatively affected.

8.2 The risk to patient safety would be unacceptable and would contravene the Commission for Quality and Safety in Healthcare’s Patient Identification Safety Standards.

8.3 It may result in mismatching of patient information and results.

8.4 It may negatively impact on communication between the Qscan Group and the patient’s treatment providers; and

8.5 The patient may not be able to claim under Medicare or from their private health fund.

8.6 Mandatory legal requirement for Qscan to hold accurate medical records.


    9.0 How and when is personal information collected by the Qscan Group?

    The Qscan Group may collect your personal information in a number of ways including through application forms, claims forms and correspondence (written and verbal).

    If you are a patient, collection of personal information may occur throughout the various stages of medical imaging/treatment including:

    9.1 At any time when your details are referred to the Qscan Group.

    9.2 At the time of contacting the Qscan Group to make an enquiry or to book an appointment over the phone or online.

    9.3 On arrival at the Qscan Group’s clinic when completing/signing the patient information/consent forms.

    9.4 When completing any applicable safety questionnaires.

    9.5 On first contact with a technical staff member.

    9.6 During and after diagnostic imaging services, and associated therapeutic services has been provided; and

    9.7 At the time of billing you for a Qscan Group service.

     

    If you are a patient, the Qscan Group typically collects your personal information directly from you but may also collect your personal information from:

    9.8 Your health service provider, practitioner, specialist, or allied health professional.

    9.9 Your private health insurer, Medicare or another organisation that is funding the provision of our services to you.

    9.10 Your family (or someone who is authorised to act as your representative); or

    9.11 Other sources as necessary to provide a Qscan Group service.

     

    If you are a healthcare professional, the Qscan Group typically collects your personal information directly from you or from your patient or other healthcare professionals. 

    If you are a prospective or current employee, the Qscan Group may collect your personal information from third parties such as recruitment agencies.

    If we receive unsolicited personal information which we would not normally have collected and this information is not relevant to us providing a service to you, we will destroy or de-identify the information.


    10.0 How does the Qscan Group hold personal information?

    The Qscan Group will hold your personal information securely in accordance with the requirements under the Privacy Act. Personal information may be held in the following formats:

    10.1 Hard copy onsite or in secure storage facilities.

    10.2 Electronically in a secure format and environment.

    10.3 Digital audio recordings.

    10.4 Digital cine-loops (sequence of individual frames).

    10.5 Digital and hard copy images.

     

    To the extent required by the Privacy Act, the Qscan Group takes reasonable measures to ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification, and disclosure. This includes:

    10.6 Having appropriate policies, procedures, and training in place for staff; and

    10.7 Implementing security procedures for business premises and IT systems.

     

    Unless the Qscan Group is required to retain your personal information in accordance with legislative and regulatory requirements, the Qscan Group will take reasonable steps to destroy and/or de-identify your personal information in secure manner once it is no longer necessary to hold the information for the provision of services to you.


    11.0 Disclosure of personal information

    In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third parties including:

    11.1 Where there is a serious threat to life, health and/or safety.

    11.2 Treating medical provider/s (including allied health professionals) so that they can manage the patient’s health condition and other healthcare professionals to whom we may refer the patient for further healthcare services.

    11.3 Organisations that are funding the provision of our services to the patient such as  government organisations (including Medicare Australia) and private health insurers.

    11.4 Healthcare professionals who engage us to provide them with facilities and services.

    11.5 Our related bodies corporate.

    11.6 Regulatory authorities.

    11.7 Courts, Tribunals, or the police as required or authorised under an Australian law.

    11.8 Local or offshore service providers who assist us in carrying out our functions and activities such as software providers, IT service providers, data storage providers, communications providers, medical reporting service providers, medical transcription service providers and debt collection agencies for recovering unpaid invoices; and

    11.9 Parties involved in a prospective or actual transfer of our assets or business.

     

    In addition, your images and reports are made available to all medical providers (including allied health professionals) who have been granted access to the Qscan Group’s web-based portals, including medical providers who are not involved in your care.  Please refer to the section of this privacy policy titled “Access to your information via web-based portals” for more information.


    12.0 Consent to Collect, Hold, Use and Disclose your Personal Information

    If you are a patient, in most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), the Qscan Group will obtain consent for the purposes for which we intend to collect, hold, use and disclose your personal information. In the event that you are unable to provide or communicate your consent, the Qscan Group may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary in order to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise.

     

    You may choose not to provide the Qscan Group with consent for the collection, use and disclosure of your personal information, however, this may mean that the Qscan Group is unable to provide the health services required.


    13.0 Transfer of personal information overseas

    In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third party service providers located overseas.  For example, the Qscan Group uses Microsoft Office 365 (but not for patient data) whose data centres are located in Hong Kong, Singapore and South Korea and a medical transcription service located in the Philippines. 

     

    While we typically store all patient data locally in Australia, some healthcare professionals who refer patients to us or who undertake medical reporting for us may be located overseas and access patient data held by us from overseas.

     

    If you are participating in a clinical trial, your personal information may be disclosed overseas to the country in which the clinical trial is being conducted.

     

    In the event the Qscan Group transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to trans-border data flows.


    14.0 Access to personal information

    At your request, the Qscan Group will provide you with access to your personal information held by the Qscan Group subject to some limited exceptions permitted by law. If you wish to request access to your personal information held by the Qscan Group, please contact our Quality Coordinator whose details are in the “Contacting the Qscan Group” section of this privacy policy. The Human Resources Manager will advise you of any action that you need to take in order to access your personal information, which may include visiting the nearest Qscan site and providing valid photo ID (eg. Driver’s license, passport etc).


    15.0 Accurate and up-to-date personal information

    The Qscan Group will take reasonable steps to ensure that your personal information is accurate, up-to-date, and complete. This will include:

    15.1 Confirming personal information when arranging appointments and at each attendance or meeting; and

    15.2 Carrying out patient identification checks in accordance with relevant patient standards.

     

    If you need to correct or update your personal information, please contact the Human Resources Manager (whose details are in the “Contacting the Qscan Group” section of this privacy policy) as soon as possible. The Human Resources Manager will advise you of any action that you need to take in order to correct or update your personal information, which may include visiting the nearest Qscan site and providing valid photo ID (eg. Driver’s license, passport etc).


    16.0 Access to your information via web-based portals

    The Qscan Group uses secure web-based password protected portals to allow:

    16.1 Referring medical practitioners, specialists, or allied health professionals.

    16.2 Healthcare professionals to whom we provide facilities and services; and

    16.3 Personnel who the above-mentioned health professionals are directly responsible for in their clinical practice (Responsible Persons), to access all images and reports prepared by the Qscan Group (including current and historical images and reports).

     

    These health professionals and their Responsible Persons are able to access these web-based portals with a unique provider number, subject to the health professional agreeing to comply with terms and conditions relating to access, privacy and confidentiality and ensuring that their Responsible Persons comply with these terms and conditions. By agreeing to these terms and conditions, the health professional confirms that the health professional will, and will ensure that their Responsible Persons will, only access information that is required for the health professional to provide a medical service to the health professional’s patients (and not the information of other Qscan patients stored in the portals) and that the information will not otherwise be used, knowingly shared or disclosed for any other purpose.

     

    Our systems track, record and store all access activities on every patient file. Qscan frequently monitors the use of this service and takes all reasonable steps to ensure that the system is being used appropriately for its intended purpose.


    17.0 Our Websites

    17.1 If you use our websites to read, browse or download information, our system may record information such as the date and time of your interaction, the pages accessed, and any information downloaded. This information is used for statistical, reporting and website administration and maintenance purposes.

    17.2 Like many other websites, our websites may use ‘cookies’ from time to time. A cookie is a piece of information that allows our system to identify and interact more effectively with your browser. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our websites may not have full functionality in that case.

    17.3 Our websites may use Google services such as Google analytics from time to time. For more about how Google collects and processes data, please see Google’s privacy policy and their information at google.com/policies/privacy/partners/

    17.4 Our websites may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.

    17.5 Our website contains forms for people to request information, book an appointment or supply feedback. In some cases, telephone numbers and email addresses are required. This information will only be used for the intended purpose. The Qscan Group may track and report website traffic, but this data will not reflect any identifying information.

     

    Personal information submitted electronically via our online booking form will be subject to this privacy policy.


    18.0 Privacy complaints

    If you have a complaint about your privacy, you can contact our Human Resources Manager details are in the “Contacting the Qscan Group” section of this privacy policy). The Qscan Group will investigate your complaint and will endeavour to provide you with a response as soon as possible.

    If you are unhappy with our response, you can contact the Office of the Australian Information Commissioner (Privacy Commissioner) on the telephone contact number below, or through their website.

     

    Privacy Commissioner Number:                                              1300 363 992
    Office of the Australian Information Commissioner:          www.privacy.gov.au/complaints


    19.0 Contacting the Qscan Group

    Individuals are welcome to ask any questions regarding privacy and the way that Qscan Group manages personal information.

     

    The contact details for the Human Resources Manager are:

    Email:                   people.culture@qscan.com.au
    Web:                    www.qscan.com.au
    Address:              PO Box 222 RBH Post Office Herston Q 4029