Privacy Policy
Introduction
​
Dr Melissa Tso (ABN 13 521 205 383) (“Dr Melissa Tso”, “we”, “us”, “our”) is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic) (“Applicable Privacy Laws”).
This Privacy Policy explains how we manage the personal information that we collect, hold, use and disclose in operating our practice.
“Personal information” has the meaning given in the Applicable Privacy Laws, and essentially refers to any information or opinion about a person who is identified or reasonably identifiable.
We may update this Privacy Policy from time to time, if we make changes to the ways in which we handle personal information. We will publish the updated Privacy Policy on our website (www.drmelissatso.com). Please check back from time to time to review our Privacy Policy.
1. Overview – why do we collect personal information?
Dr Melissa Tso provides counselling and other clinical psychology services.
We generally collect, hold, use and disclose personal information for the purpose of providing these services to our clients, and for the purpose of managing our practice.
For example, we may need to handle your personal information in order to:
· manage your inquiries;
· schedule and provide your counselling sessions;
· work with your other healthcare providers (such as doctors, specialists or allied health professionals) and support service providers (such as social workers);
· manage billing and benefit claims;
· conduct quality assurance and safety reviews, and other activities as part of our professional responsibilities and accreditation requirements;
· comply with our legal and regulatory obligations;
· keep in touch with you, including by sending you our newsletter (if you have subscribed); and
· manage and respond to any complaints you may have.
We endeavour to only request and collect personal information that is relevant and necessary for us to perform these activities.
If you do not wish to provide us with personal information about you that we request, we may not be able to provide you with some or all of our services.
When you register as a client of our clinic, you will be asked to complete client intake forms that will explain how we manage client confidentiality. The forms will also give you certain options about what types of information you are comfortable for your psychologist to collect and share with other parties in connection with your treatment.
There may be some circumstances where we may need to collect, hold, use and disclose personal information for particular purposes that are outside of our usual business activities. In these circumstances we will collect and handle the personal information in accordance with Applicable Privacy Laws.
2. What types of personal information do we collect, and how do we collect it?
The types of personal information that we collect and hold about our clients will typically include:
· your name, date of birth, address and contact details;
· your billing and claim information (which may include your Medicare number and your private health insurance details);
· information that you or your authorised representative provide to us (which may include details of your relevant health conditions, medical and mental history, and current medications); and
· the clinical notes, treatment records and correspondence (such as referral letters and reports) that our psychologists receive or create in the course of providing counselling services to you.
The main way that we collect personal information about you is when you provide it to us. For example, this may include:
· when you contact us by e-mail or phone;
· when you subscribe for our newsletter or other communications;
· when you use our website or our social media pages (see section 5 of this Privacy Policy for further details);
· when you complete our registration and client intake forms; and
· when you provide information to our psychologists during your sessions.
In some cases, we may need to collect certain information from third parties such as:
· your referring GP or psychiatrist;
· your other healthcare providers and support service providers;
· if you are a minor, your parent or guardian;
· your authorised representative or caregiver, if you have one; and
· your private health fund or Medicare, in relation to billing and claims issues.
We will generally try to collect information about you directly from you, where this is reasonable and practicable. In most cases, we will only collect information from third parties that you would reasonably expect, or which we have discussed with you.
If there is an emergency, we may need to collect information from your emergency contact person (if provided) or other people who may be able to assist (such as your family or close friends).
3. How do we store and secure personal information?
We hold personal information as either hard copy records, or electronically in our practice management system and other IT systems. We use third party IT service providers to host our website servers, manage our IT systems and host our practice management system.
We use a range of physical, electronic and operational security measures to protect the personal information that we hold, including by storing our hard copy records in secure filing cabinets, using reputable IT service providers to store our electronic records, and providing privacy and client confidentiality training to our psychologists and administrative staff.
Within our practice, access to personal information is limited to those staff who have an operational need to access it. Generally, your clinical records will only be accessed by the professional staff who are involved in your treatment.
We have policies and procedures in place to destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
Our psychologists and administrative staff are based in Melbourne, Victoria. We generally do not disclose your personal information to overseas recipients in the usual course of business. Some of our IT service providers use data hosting and processing infrastructure that is located across multiple countries, which include Australia, the US or in Europe.
4. When will we use and disclose personal information?
In general, we will only share your personal information with third parties outside of our practice:
· for the purposes set out in the client intake forms that you complete when you register as a client of our practice;
· where it is reasonably necessary to achieve the purpose for which we collected the information (or directly related purposes that you would reasonably expect);
· with your consent; or
· where otherwise permitted, authorised or required by law.
Some common scenarios where we may need to share your personal information with a third party are explained below.
4. Your other healthcare providers
In the course of providing counselling services, we may share information with your other healthcare providers where you have authorised us to do so, or where you would otherwise reasonably expect it. For example:
· if you have been referred to us by your GP or psychiatrist, the psychologist who is treating you may discuss your treatment with the referring GP or psychiatrist; and
· if you ask our psychologist to work with your other healthcare providers or support service providers (such as your social worker), the psychologist who is treating you may discuss relevant aspects of your treatment with them.
4.2 Emergency situations and other mandatory disclosures
In emergency situations we may need to share certain information about you with your emergency contact person (if provided), emergency service providers or other people who may be able to assist.
There are also some circumstances where we have legal obligations that require us to disclose personal information, such as:
· in response to a valid subpoena or other court order; and
· our mandatory obligations to report child protection concerns (such as where we form a belief on reasonable grounds that a child is in need or protection from physical injury or sexual abuse).
4.3 Administration of our practice
Our practice uses a number of service providers, some of whom need to store and handle personal information on our behalf as part of their services. These include IT service providers that we use to host our website and practice management system, to provide analytics for our website, to manage our mailing list.
We take steps to ensure that the personal information handled by these service providers securely and in a way that is consistent with this Privacy Policy. We try to ensure that our contracts with these service providers require them to only use or disclose the information for the purposes of performing the relevant services for us.
Our billing and claims management processes require the sharing of certain information in order to process payments and benefit claims. Where necessary, we may engage debt recovery service providers and provide them with the information that they reasonably require to perform their services.
From time to time, we may also need to share information with our accountants, insurers, lawyers, auditors, professional accreditation bodies and regulators. For example, this may include:
· participating in management, funding, complaint-handling, planning, evaluation and accreditation activities, and quality assurance, incident monitoring or clinical audit activities; and
· engaging a medical expert (for a medico-legal opinion), insurer, medical defence organisation, or lawyer, for the purpose of addressing liability indemnity arrangements (such as reporting an adverse incident), legal proceedings, or for the provision of legal advice.
In the unlikely event that our practice or its assets may be acquired (or are considered for acquisition) by a third party, we may share personal information with that third party and its advisors for that purpose.
5. Our website and social media pages
5.1 Web analytics
When people visit our website (www.drmelissatso.com), we automatically log certain web traffic data about their visit and the device that was used to access our website. For example, this includes information such as the user's IP address, browser type, operating system, and the website they visited immediately before coming to our website.
One of the ways in which this web traffic data is collected is through the use of cookies. Cookies are small data files that websites place on computers or devices to enhance the functionality of the website, to record details of the user's visit, and to remember the user if they return to the website again.
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
We use Google Analytics to analyse this web traffic data and provide us with a better understanding of the type and number of users who are visiting our website, how people are finding our website, how they are using our website during their visit (e.g. the pages that the user visited, and the date and duration of visit).
We do not combine or associate any of this web traffic data with personal information that we hold (such as a client's name or clinical records), and we do not use the web traffic data to work out the identity of visitors to our website.
5.2 Our social media pages
Our practice has pages on various social media platforms, including Facebook and Instagram. These pages are subject to the privacy policies of the relevant platforms.
We do not use our social media pages to communicate with our clients (or prospective clients) about clinical matters. If you would like to make an inquiry about counselling services, we encourage you to contact us directly by e-mail or phone (our contact details are in Section 11 of this Privacy Policy).
Please use discretion in deciding what information you choose to post to the public sections of our social media pages (such as our Facebook wall and Instagram comment sections).
5.3 Links to external websites
Our website and social media pages may contain links to external websites and social media services that are operated by third parties. These links are meant for your convenience only. Links to third party websites do not constitute our sponsorship or endorsement or approval of these websites.
This Privacy Policy only applies to our website and social media pages, and we do not have control over the privacy practices or the content of any third party website or service. We encourage you to read the privacy policies of each website that collects your personal information.
7. Children's privacy rights
Privacy laws protect the personal information of all clients, regardless of their age.
Children under the age of 18 may be entitled to make privacy decisions independent of their parents, guardians and other family members, if the child has sufficient understanding and maturity to understand these decisions on their won.
Where necessary, our psychologists will determine the decision-making capacity of a child in accordance with their professional judgement.
8. Accessing and correcting your personal information
You have rights under the Applicable Privacy Laws to request access to the personal information that we hold about you, and to request that we correct that information.
You can request access to, or correction of, your personal information by contacting us using the contact details at section 11 of this Privacy Policy. There is no charge for making a request. However, we may quote a small administrative fee for providing access to your information (as permitted by law), which will apply if you decide to proceed with the request.
We will respond to all such requests within a reasonable time (and otherwise in accordance with any timeframes required under Applicable Privacy Laws).
Under Applicable Privacy Laws, there are certain circumstances where Applicable Privacy Laws allow us (or require us) to refuse your request. If we refuse your request, we will provide you with a written explanation of our reasons.
When you make a request to access or correct personal information, we may ask for information to verify your identity. If your request relates to information about someone other than you (even if this another member of your family), we may also need to confirm your legal authority to access or correct the information on behalf of that person.
If you are a client of our practice and your request relates to your clinical records, we will handle your request in accordance with our Management of Personal Information Policy. You can obtain a copy of our Management of Personal Information Policy contacting us. Your request will generally be handled by the psychologist who was treating you and prepared the relevant records.
9. Requests to provide information to your other health service providers
If you would like us to make health information that we hold about you available to another health service provider who is treating you, you can make a request by contacting us using the details at section 11 of this Privacy Policy.
We handle such requests in accordance with our obligations under the Health Records Act 2001 (Vic). There is no charge for making a request. However, we may quote a small administrative fee for retrieving and preparing the relevant information (as permitted by law), which will apply if you decide to proceed with the request.
Your request will generally be handled by the psychologist who was treating you and prepared the relevant records.
10. Privacy complaints
If you wish to make a complaint about how we have handled your personal information (including if you believe we have breached any Applicable Privacy Laws), please contact us using the details in section 11 of this Privacy Policy.
When contacting us please provide as much detail as possible in relation to your question, concern or complaint. We request that you cooperate with us during this process and provide us with any relevant information that we may need to assess your complaint.
We take all complaints seriously, and will respond to your complaint within a reasonable period, and in accordance with requirements of Applicable Privacy Laws.
If you are not satisfied with our handling of your complaint, you may contact the Office of the Australian Information Commissioner and/or the Health Complaints Commissioner (Victoria):
Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Health Complaints Commissioner
Level 26, 570 Bourke Street, Melbourne VIC 3000
Telephone: 1300 582 113
Website: https://hcc.vic.gov.au
11. How to contact us
You can contact us by:
· by e-mail: drmelissatso@gmail.com
· by phone: 0492 893 856