At Inala Primary Care and Sandstone Healthcare, we are committed to protecting the privacy and confidentiality of all patient health information. This policy applies to all staff, clinicians, and management, and reflects our obligations under the Privacy Act 1988 (Cth), the Privacy Amendment (Private Sector) Act 2000, and the Australian Privacy Principles (APPs).
Maintaining confidentiality is a critical part of ethical practice, and breaches will not be tolerated.
We collect personal and health information necessary for the delivery of safe and effective care.
This includes:
• Personal details: name, date of birth, contact information.
• Health information: medical history, medications, allergies, test results, referrals, and other clinical information.
• Administrative information: billing, Medicare, and insurance details.
Information is collected directly from patients wherever possible, or from other healthcare providers with consent. Patients are encouraged to provide complete and accurate information to ensure quality care.
Patient information is used only for purposes related to:
• Diagnosis, treatment, and ongoing management of health conditions.
• Communication with patients regarding appointments, results, and care.
• Referrals to other healthcare providers.
• Practice administration, billing, and compliance with legal requirements.
We do not use patient information for marketing without consent.
All staff, clinicians, and management must maintain confidentiality at all times. This includes:
Verbal Breach: Discussing patient conditions with unauthorised persons.
Visual Breach: Leaving patient records in view of others.
Auditory Breach: Discussing patient matters within earshot of others.
Patient information, including clinical records, accounts, referral letters, and demographic data, must never be discussed outside the practice or at social occasions.
All staff sign a Deed of Confidentiality as part of their employment, and breaches may result in disciplinary action, dismissal, or legal consequences.
Inala Primary Care and Sandstone Healthcare are both teaching-active practices and hosts medical and nursing students as part of clinical training.
• Students may sit in on consultations to observe or learn.
• Patient consent is always obtained before a student enters the consultation room.
• Patients have the right to decline the presence of a student without affecting their care.
• Student access to health information is limited to what is necessary for training, and all students have to sign a Deed of Confidentiality as part of their training and are bound by confidentiality obligations.
Inala Primary Care and Sandstone Healthcare are also research-active practices. We may collect de-identified patient data for research purposes.
• Patients can consent to participate by signing their new patient form or by notifying the practice in writing via email.
• Patients can opt out at any time by completing the “Opt-Out of De-identified Data Collection” form, available on our websites (IPC and Sandstone Healthcare) or at reception.
• De-identified data is stored securely and cannot be linked to individual patients.
• Participation in research or data collection is entirely voluntary and does not affect care.
Patients have the right to:
• Access their personal health information.
• Request corrections to ensure accuracy and completeness.
Requests for access are documented, and identification of the patient or authorised representative is verified before release. Access is provided within the timeframe required under the Privacy Act, and any exemptions are noted.
Patients are informed of these rights through practice information sheets and practice websites.
Patient information is transferred securely using:
• Medical Objects secure messaging.
• Email with patient consent, using PIN protection where possible.
• Standard mail if requested by the patient.
Electronic transfer occurs only with the patient’s documented consent. Staff are trained to use secure messaging software, and the Operations Manager oversees maintenance, troubleshooting, and compliance.
External healthcare providers are advised of our secure messaging processes, and all contact details are kept accurate in the Healthcare Provider Directory.
All patient health information and official documents, including prescription pads and letterheads, are stored securely in a locked cupboard:
• Electronic records are password protected.
• Physical records such as scripts or referrals waiting for patient collection, are kept in a drawer where it’s accessible only by authorised staff.
We take reasonable steps to protect information from misuse, loss, unauthorized access, modification, or disclosure.
Any deliberate or inadvertent access to patient information without a clinical or administrative reason must be reported immediately to the Practice Manager or Operations Manager.
All infringements of patient privacy are taken seriously and managed in line with legal and professional obligations.
If patients have concerns about the handling of their information:
1. Contact our Practice Manager on 07 3275 5444 or at fb***@*********rg.au
2. If unresolved, contact the Office of the Australian Information Commissioner (OAIC) or https://www.oho.qld.gov.au/: https://www.oaic.gov.au https://www.oho.qld.gov.au
All staff are trained as part of their induction on:
• Privacy Act and APP obligations.
• Importance of confidentiality.
• Practice privacy policies and procedures.
Training records are maintained, and staff are regularly reminded of their obligations.
The Privacy Act requires compliance with the 13 APPs:
1. Open and transparent management of personal information
2. Anonymity and pseudonymity
3. Collection of solicited personal information
4. Dealing with unsolicited personal information
5. Notification of the collection of personal information
6. Use and disclosure of personal information
7. Direct marketing
8. Cross-border disclosures
9. Adoption, use, or disclosure of government-related identifiers
10. Quality of personal information
11. Security of personal information
12. Access to personal information
13. Correction of personal information
Both our practices ensure all procedures align with these principles.
This policy is reviewed annually and updated to maintain compliance with legislation and best practice.
Contact Us: Sandstone Healthcare Yeerongpilly
Shop F 1a Yeerongpilly Green Village Centre, 25 Fig Tree Street, Yeerongpilly QLD 4105
Phone: 07 3816 1000
Email: he***@*********************rg.au
Contact Us: Inala Primary Care
64 Wirraway Prd, Inala QLD 4077
Phone: 07 3275 5444
Email: re*******@*********rg.au
