top of page

Privacy Policy

PRIVACY REQUIREMENTS
Privacy Act.

Brilliant Minds Clinic services provide it with privileged access to personal information that might include sensitive and health information about its patients. Brilliant Minds Clinic is committed to ensuring that its collection, use, and storage of this information is treated in accordance with the Australian Privacy Act 1988 (Cth) and that it does not contravene the associated requirements of the Australian Privacy Principles (APP).

To ensure that it meets the requirements of the APP and the Privacy Act, Brilliant Minds Clinic has adopted the following policies.

 

PRIVACY REQUIREMENTS

Privacy Act.

 

Brilliant Minds Clinic is a health service provider within the meaning of the Privacy Act 1988 (Cth) (Privacy Act). To provide services, Brilliant Minds Clinic may collect personal and health information from patients.

Personal information may also be collected by Brilliant Minds Clinic as part of recruitment processes and for work-related purposes.

The collection, storage, and use of personal information are regulated by the Privacy Act and must comply with the Australian Privacy Principles (APP).

Information provided by the OAIC.

The Office of the Australian Information Commissioner oversees the operation of the Privacy Act and provides useful information on its website about its requirements and the requirements of the APP.

All workers must read and remain familiar with the information provided by the OAIC to ensure that they understand the legal requirements which apply to the collection, use, and storage of personal information.

 

INSTRUCTION

Privacy Officer.

 

Brilliant Minds Clinic may appoint a Privacy Officer who will receive appropriate training to take overall accountability for Brilliant Minds Clinic meeting the requirements of the Privacy Act.

In the absence of a Privacy Officer, the Director of Brilliant Minds Clinic assumes all responsibilities that the Privacy Officer would otherwise have pursuant to this Policy.

 

Training.

 

Workers must participate in training in relation to information privacy, if required.

Workers are encouraged to identify training in relation to information privacy as a performance development opportunity when participating in a performance discussion.

 

Questions and Concerns.

 

Questions or concerns about the application of the Privacy Act and the APP, or in relation to a privacy process or procedure, must be raised promptly with the Privacy Officer.

If the Privacy Officer is not immediately available, the worker must speak with a colleague and exercise caution before using or sharing patient information if it may contravene the APP.

A person must refrain from collecting or sharing personal information if they are concerned that doing so may contravene the APPs.

 

COLLECTION AND USE OF INFORMATION

Collection.

 

Workers must only collect as much personal information as is reasonably necessary in the circumstances and must not make inquiries into sensitive or health-related matters that do not directly relate to the services being provided.

Use and Disclosure.

Personal information must only be used or disclosed for the primary purpose for which it was collected, unless:

A person has consented to use or disclosure;

The use or disclosure directly relates to the primary purpose; or

The use or disclosure is required or authorised by law.

If the purported recipient of personal information is based overseas, reasonable steps must be taken to ensure that they comply with the APP.

 

ACCESS AND CORRECTION REQUESTS

Responsible Person.

The Privacy Officer is responsible for responding to:

Requests to access and correct personal information;

Privacy complaints; and

Patient inquiries about personal information and privacy.

 

PRIVACY PLANNING

Privacy Impact Statements.

 

Before undertaking any work process or activity that may involve handling personal information, workers must prepare a privacy impact assessment to identify and manage, minimize or eliminate any impact on the protection of personal information.

Workers must also speak with the Privacy Officer to ensure that the possible impact on the protection of personal information has been adequately assessed.

Information about preparing a privacy impact assessment is available from the OAIC.

 

SENSITIVE INFORMATION

Consent.

 

Sensitive information is personal information that includes information about a person’s racial or ethnic origin, religious beliefs or affiliations, and sexual orientation or practices. It also includes information about health, genetic, and biometric data.

Before collecting sensitive information, a patient must give their express written consent. Workers are responsible for ensuring that a patient signs any document required by Brilliant Minds Clinic to demonstrate that the patient has consented to the collection of sensitive information.

 

UNAUTHORISED ACCESS, USE OR DISCLOSURE

Need to Know.

 

Personal information must not be accessed, used, or disclosed unless it is for a permitted purpose and a requirement of a person’s position.

To limit the potential for unauthorized access, use, or disclosure, personal information must only ever be accessed on a need-to-know basis.

Protection of Information.

To prevent unauthorized access, modification, or disclosure of personal information and to protect against misuse, interference, or loss, all reasonable steps must be taken to destroy or de-identify personal information when it is no longer required to be held for a permitted purpose or by law.

 

DATA BREACH RESPONSE

Data Breach Response Plan.

If a data breach has occurred that creates a risk of unauthorized access, use, or disclosure of personal information, it must be immediately reported to the Director and the Privacy Officer.

Data breaches might occur because:

An IT system is infected by a virus, malware, ransomware, or phishing software;

An email or data file is sent to the wrong recipient or to a scammer;

Paper records are lost or stolen;

A mobile device is lost or stolen; or

A technical error gives the public access to Brilliant Minds Clinic IT systems.

A worker must provide the Director with all relevant information in relation to the Data Breach and complete a written report, if required.

Data breaches may be required to be reported to the OAIC.

All workers must cooperate with the Director and the OAIC to immediately address a data breach.

How you can lodge a privacy-related complaint and how it will be handled at our practice.

If you have any concerns about your privacy or wish to make a complaint about a privacy breach, contact our Practice Manager (yafeipsych@gmail.com). You should provide us with sufficient details regarding your complaint together with any supporting information. We will take steps to investigate the issue and will notify you in writing of the outcome within 30 days from the receipt date of the original written complaint.

If you are not satisfied with our response, you can contact us directly to discuss your further concerns or lodge a complaint with the Australian Information Commissioner at www.oaic.gov.au or call 1300 363 992.

Policy Review Statement.

The above policies will be reviewed regularly to ensure they are in accordance with any changes that may occur. We will notify our patients of these changes via our website and provide hard copies upon request at our practice premises

bottom of page