Privacy Policy

This privacy policy provides information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

The Orofacial Surgeon Privacy Policy

Date Created: 08/01/2024

Date Reviewed: 22/11/2024

Introduction

This privacy policy provides information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

The Privacy Act 1988 regulates how all private sector health service providers handle your information. According to the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which replaces The Privacy Act of 1988, there are 13 principles by which we are bound, and which can be provided in full at your request.

When you register as a patient of our practice, you provide consent for our clinical practitioners and practice staff to access and use your personal information so they can provide you with the best possible clinical care. Only staff who need to see your personal information will have access to it.

If we need to use your information for anything else, we will generally seek additional consent from you to do this, unless obtaining your consent is not practical or reasonable, and an exception under the Privacy Act 1988 (Cth) applies.

Why do we collect, use, hold, and share your personal information?

Our practice will need to collect your personal information to provide medical services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your medical health.

We also use it for directly related business activities, such as:

  • Financial claims and payments
  • Practice audits and accreditation
  • Business processes (e.g., staff training)

What personal information do we collect?

The information we collect about you includes your:

  • Name/s, date of birth, address/es, contact details (e.g., telephone, email), family contact information
  • Details of your oral health condition and the treatment/s and service/s you have received
  • Details of your general health (e.g., medications, allergies, medical conditions) and medical history that may impact the treatment you receive
  • Private health insurance information
  • Medicare number (where available) for identification and claiming purposes
  • Information regarding other funding sources, where relevant (e.g., Child Dental Benefits Schedule, Department of Veterans’ Affairs, Return to Work SA)
  • Information on workers’ compensation, motor vehicle, and other accident claims, where relevant
  • Healthcare identifiers, where relevant

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How do we collect your personal information?

Our practice may collect your personal information in several different ways:

  1. When you make your first appointment, our practice staff will collect your personal information via your registration.
  2. During the course of providing services, we may collect further personal information.
  3. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment, or communicate with us using social media.
  4. In some circumstances, personal information may also be collected from other sources. This may include:
    • Your guardian or responsible person
    • Other healthcare providers, such as your dentist, GP, other specialists, and diagnostic imaging services
    • Your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary

When, why, and with whom do we share your personal information?

We sometimes share your personal information:

  • With third parties who work with our practice for business purposes, such as information technology providers – these third parties are required to comply with APPs
  • With other healthcare providers
  • When it is required or authorised by law (e.g., court subpoenas)
  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health, or safety, or public health or safety, or it is impractical to obtain the patient’s consent
  • To assist in locating a missing person
  • To establish, exercise, or defend an equitable claim
  • For the purpose of a confidential dispute resolution process
  • When there is a statutory requirement to share certain personal information (e.g., some diseases require mandatory notification?

Only people who need to access your information will be able to do so. Other than in the course of providing surgical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional
circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Please note the following:

  1. Photographs may be used for education (of patients, healthcare professionals, staff and students), including but not limited to: during consultations, as part of lectures or presentations provided in person or online, and on Dr Kenneth Sun’s websites/social media.
  2. Where photographs are used for educational purposes, recognisable features (face, tattoos, distinctive marks) may be digitally altered to prevent identification.
  3. Where clinical images are used online, you will not be identified. Any identifying content within the metadata attached to an image file will be removed.
  4. We will not publish patient-submitted photographs.
  5. At any time you may withdraw your consent for the publication of images online (including on our website or social media).
  6. You may have access to copies of the images stored in your medical file upon request. These images will be made available to you via our secure patient portal.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms. This includes paper records, electronic records, physical and digital copies of Xrays, CT scans, videos and photos, audio recordings.

Our practice stores all physical records securely on site in locked cabinets. Electronic data is stored on our practice management system. Access to this data is protected by passwords and subject to 2FA available only to Dr Kenneth Sun and his staff. This information cannot be accessed by any external agency. We maintain (cloud) backups of electronic data in secure off-site Australian locations, which are similarly protected by APP. You can view the data policies of these companies
by request to us.

How can you access and correct your personal information?

You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their records. We ask that you put this request in writing to admin@orofac.com.au and our practice will respond within a reasonable time. Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information
held by our practice is correct and current.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our
practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy
concerns you may have in writing. We will then attempt to resolve your issue/s in accordance with
our resolution procedure.

Privacy and our website

In the course of your visits to our website or use of our products and services, we may obtain the
following information about you: name, email address, telephone number, billing address, geographic
location, IP address, survey responses, support queries.

Our services are not directed to persons under 18 and we do not knowingly collect Personal Data from
anyone under 18. If we become aware that a child under 18 has provided us with Personal Data, we will
delete that information as quickly as possible. If you are the parent or guardian of a child and you believe
they have provided us with Personal Data without your consent, then please contact us.

You can review, correct, update or delete your Personal Data by either logging into your account and
making the changes yourself or contacting us directly to do so.

Policy review statement

This Policy will be reviewed and updated periodically to ensure the policy remains current. We may modify
this policy at any time, in our sole discretion and all modifications will be effective immediately upon posting.