Qscan Group inclusive of all business units, have a commitment to be the premier radiology specialist provider for its Patients and Referrers.
This Policy outlines how we are subjected to several obligations to protect the privacy, security, and confidentiality of personal information. Depending on the circumstances, these may include the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (the Privacy Act) and laws relating to the protection of health records. The purpose of this policy is to clearly communicate how we collect and manage personal information.
2.1 The Qscan Group (“Qscan”) is a collection of related organisations that provide diagnostic imaging services and associated therapeutic services. The Qscan Group (“Qscan”) operates through several brands https://qscan.wpengine.com/locations/
2.3 The Qscan Group is obliged to comply with the Privacy Act with regards to the collection, use, holding and disclosure of personal information.
Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.
4.0 Purposes of collection, use & disclosure of personal information
Why does the Qscan Group collect, hold, use and disclose personal information?
In general, the Qscan Group collects, holds, uses and discloses personal information:
4.1 To provide diagnostic imaging services, and associated therapeutic services to patients.
4.2 To provide services to referring medical and health professionals for their patients including access to our web-based portals.
4.3 To provide advice and information in relation to how the diagnostic imaging services and associated therapeutic services will be or has been provided.
4.4 To administer and manage the provision of such diagnostic imaging services, and associated therapeutic services including charging and billing.
4.5 To interpret results and provide reports and advice to a referring medical practitioner specialist or allied health professional in relation to the results of health services performed by the Qscan Group.
4.6 To ensure patient medical records are correctly linked with relevant healthcare professionals.
4.7 To manage our relationship with you including to contact you for follow up purposes, respond to your queries via telephone, online or by post, and send you correspondence in relation to services performed by the Qscan Group (for example, reminding patients of an appointment).
4.8 To verify and update personal information held by us.
4.9 To review, develop and improve our products and services and undertake quality assurance exercises (such as audits, accreditations, training, or complaint handling).
4.10 To undertake market research, review referral patterns and perform statistical analysis.
4.11 To customise services and provide educational resources for clinicians, practice managers and auxiliary staff.
4.12 To comply with legal or regulatory obligations.
4.13 To recruit personnel.
4.14 And for other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent.
Our range of products and services and our functions and activities may change from time to time.
If you provide your email address, telephone and/or mobile phone number, you also consent to the Qscan Group using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.
5.0 What kinds of personal information does the Qscan Group collect and hold?
In the course of our business, the Qscan Group may collect personal information about you that is necessary for us to perform our functions and activities. The Qscan Group will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
The types of personal information we may collect, and hold may vary depending on the nature of our interaction with you and may include:
5.1 Name, address and contact details (telephone and email).
5.2 Date of birth.
5.4 Emergency contact details for your nominated emergency contact person.
5.5 Credit card and payment details.
5.6 Commonwealth identifiers (such as Medicare numbers).
5.7 Details of private health insurance arrangements.
5.8 Details of complaints and feedback about services provided by the Qscan Group; and
5.9 Health information including:
5.9.1 Medical history, test results (e.g., blood test results and pathology results) and results of previous scans.
5.9.2 Information that has been provided by a patient’s referring medical practitioner or specialist.
5.9.3 WorkCover claim numbers and claim details if necessary.
5.9.4 Details of the patient’s medical provider/s such as general practitioners, specialist practitioners and/or allied health professionals; and
5.9.5 Preferences for future provision of health services.
If the required personal information is not provided by a patient, the Qscan Group may not be able to perform the necessary medical service due to safety risks and legal requirements.
6.0 Referring healthcare practitioners and healthcare practitioners who engage Qscan to provide them with facilities and services
6.1 Name, address and contact details (telephone, fax and email);
6.2 Areas of specialization.
6.3 Referrer provider number.
6.4 Referral trends.
6.5 IT system details and requirements.
6.6 Preferences for current and future provision of health services; and
6.7 Details of complaints and feedback about services provided by the Qscan Group.
7.0 Prospective, current, and past employees, contractors, and service providers
7.1 Name, address, and contact details (telephone and email).
7.2 Application letters.
7.3 Resume and
If the required personal information is not provided, the Qscan Group may not be able to engage with you in the manner requested by you (for example, the Qscan Group will not be able to offer you employment or, if you are a healthcare professional, provide you with access to our web-based portals).
8.0 Remaining anonymous or using a pseudonym
Due to the nature of the Qscan Group’s services it is not possible for persons to deal with the Qscan Group anonymously or by using a pseudonym. The reasons for this are because:
8.1 The Qscan Group services, including diagnosis and advice, may be seriously and negatively affected.
8.2 The risk to patient safety would be unacceptable and would contravene the Commission for Quality and Safety in Healthcare’s Patient Identification Safety Standards.
8.3 It may result in mismatching of patient information and results.
8.4 It may negatively impact on communication between the Qscan Group and the patient’s treatment providers; and
8.5 The patient may not be able to claim under Medicare or from their private health fund.
8.6 Mandatory legal requirement for Qscan to hold accurate medical records.
9.0 How and when is personal information collected by the Qscan Group?
The Qscan Group may collect your personal information in a number of ways including through application forms, claims forms and correspondence (written and verbal).
If you are a patient, collection of personal information may occur throughout the various stages of medical imaging/treatment including:
9.1 At any time when your details are referred to the Qscan Group.
9.2 At the time of contacting the Qscan Group to make an enquiry or to book an appointment over the phone or online.
9.3 On arrival at the Qscan Group’s clinic when completing/signing the patient information/consent forms.
9.4 When completing any applicable safety questionnaires.
9.5 On first contact with a technical staff member.
9.6 During and after diagnostic imaging services, and associated therapeutic services has been provided; and
9.7 At the time of billing you for a Qscan Group service.
If you are a patient, the Qscan Group typically collects your personal information directly from you but may also collect your personal information from:
9.8 Your health service provider, practitioner, specialist, or allied health professional.
9.9 Your private health insurer, Medicare or another organisation that is funding the provision of our services to you.
9.10 Your family (or someone who is authorised to act as your representative); or
9.11 Other sources as necessary to provide a Qscan Group service.
If you are a healthcare professional, the Qscan Group typically collects your personal information directly from you or from your patient or other healthcare professionals.
If you are a prospective or current employee, the Qscan Group may collect your personal information from third parties such as recruitment agencies.
If we receive unsolicited personal information which we would not normally have collected and this information is not relevant to us providing a service to you, we will destroy or de-identify the information.
10.0 How does the Qscan Group hold personal information?
The Qscan Group will hold your personal information securely in accordance with the requirements under the Privacy Act. Personal information may be held in the following formats:
10.1 Hard copy onsite or in secure storage facilities.
10.2 Electronically in a secure format and environment.
10.3 Digital audio recordings.
10.4 Digital cine-loops (sequence of individual frames).
10.5 Digital and hard copy images.
To the extent required by the Privacy Act, the Qscan Group takes reasonable measures to ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification, and disclosure. This includes:
10.6 Having appropriate policies, procedures, and training in place for staff; and
10.7 Implementing security procedures for business premises and IT systems.
Unless the Qscan Group is required to retain your personal information in accordance with legislative and regulatory requirements, the Qscan Group will take reasonable steps to destroy and/or de-identify your personal information in secure manner once it is no longer necessary to hold the information for the provision of services to you.
11.0 Disclosure of personal information
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third parties including:
11.1 Where there is a serious threat to life, health and/or safety.
11.2 Treating medical provider/s (including allied health professionals) so that they can manage the patient’s health condition and other healthcare professionals to whom we may refer the patient for further healthcare services.
11.3 Organisations that are funding the provision of our services to the patient such as government organisations (including Medicare Australia) and private health insurers.
11.4 Healthcare professionals who engage us to provide them with facilities and services.
11.5 Our related bodies corporate.
11.6 Regulatory authorities.
11.7 Courts, Tribunals, or the police as required or authorised under an Australian law.
11.8 Local or offshore service providers who assist us in carrying out our functions and activities such as software providers, IT service providers, data storage providers, communications providers, medical reporting service providers, medical transcription service providers and debt collection agencies for recovering unpaid invoices; and
11.9 Parties involved in a prospective or actual transfer of our assets or business.
12.0 Consent to Collect, Hold, Use and Disclose your Personal Information
If you are a patient, in most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), the Qscan Group will obtain consent for the purposes for which we intend to collect, hold, use and disclose your personal information. In the event that you are unable to provide or communicate your consent, the Qscan Group may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary in order to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise.
You may choose not to provide the Qscan Group with consent for the collection, use and disclosure of your personal information, however, this may mean that the Qscan Group is unable to provide the health services required.
13.0 Transfer of personal information overseas
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third party service providers located overseas. For example, the Qscan Group uses Microsoft Office 365 (but not for patient data) whose data centres are located in Hong Kong, Singapore and South Korea and a medical transcription service located in the Philippines.
While we typically store all patient data locally in Australia, some healthcare professionals who refer patients to us or who undertake medical reporting for us may be located overseas and access patient data held by us from overseas.
If you are participating in a clinical trial, your personal information may be disclosed overseas to the country in which the clinical trial is being conducted.
In the event the Qscan Group transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to trans-border data flows.
14.0 Access to personal information
15.0 Accurate and up-to-date personal information
The Qscan Group will take reasonable steps to ensure that your personal information is accurate, up-to-date, and complete. This will include:
15.1 Confirming personal information when arranging appointments and at each attendance or meeting; and
15.2 Carrying out patient identification checks in accordance with relevant patient standards.
16.0 Access to your information via web-based portals
The Qscan Group uses secure web-based password protected portals to allow:
16.1 Referring medical practitioners, specialists, or allied health professionals.
16.2 Healthcare professionals to whom we provide facilities and services; and
16.3 Personnel who the above-mentioned health professionals are directly responsible for in their clinical practice (Responsible Persons), to access all images and reports prepared by the Qscan Group (including current and historical images and reports).
These health professionals and their Responsible Persons are able to access these web-based portals with a unique provider number, subject to the health professional agreeing to comply with terms and conditions relating to access, privacy and confidentiality and ensuring that their Responsible Persons comply with these terms and conditions. By agreeing to these terms and conditions, the health professional confirms that the health professional will, and will ensure that their Responsible Persons will, only access information that is required for the health professional to provide a medical service to the health professional’s patients (and not the information of other Qscan patients stored in the portals) and that the information will not otherwise be used, knowingly shared or disclosed for any other purpose.
Our systems track, record and store all access activities on every patient file. Qscan frequently monitors the use of this service and takes all reasonable steps to ensure that the system is being used appropriately for its intended purpose.
17.0 Our Websites
17.1 If you use our websites to read, browse or download information, our system may record information such as the date and time of your interaction, the pages accessed, and any information downloaded. This information is used for statistical, reporting and website administration and maintenance purposes.
17.2 Like many other websites, our websites may use ‘cookies’ from time to time. A cookie is a piece of information that allows our system to identify and interact more effectively with your browser. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our websites may not have full functionality in that case.
17.4 Our websites may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.
17.5 Our website contains forms for people to request information, book an appointment or supply feedback. In some cases, telephone numbers and email addresses are required. This information will only be used for the intended purpose. The Qscan Group may track and report website traffic, but this data will not reflect any identifying information.
18.0 Privacy complaints
If you are unhappy with our response, you can contact the Office of the Australian Information Commissioner (Privacy Commissioner) on the telephone contact number below, or through their website.
Privacy Commissioner Number: 1300 363 992
Office of the Australian Information Commissioner: www.privacy.gov.au/complaints
19.0 Contacting the Qscan Group
Individuals are welcome to ask any questions regarding privacy and the way that Qscan Group manages personal information.
The contact details for the Human Resources Manager are:
Address: PO Box 222 RBH Post Office Herston Q 4029