Appointments are arranged via referral. Please email us to begin the booking process.

Privacy Policy

Your privacy is important to us, so we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer and store your information.

Our practice is required to manage personal information we collect in a manner that complies with the Privacy Act 1988 (Cth) (‘the Privacy Act’). This Privacy Policy outlines the types of personal information (including health information) we collect and hold, how we collect, hold and use the information as well as what we disclose.

The legal framework includes Commonwealth and state/territory legislation and governs:

  1. the collection, use and disclosure of personal information, including when an organisation can disclose information to someone other than the patient
  2. an organisation’s accountability and governance obligations relating to privacy and security
  3. the integrity and correction of personal information
  4. the rights of individuals to access their personal information

The Commonwealth Privacy Act 1988 contains 13 Australian Privacy Principles (APPs) that apply to all private sector entities in Australia, including health care providers.

Collection and Use of Personal Information

Our practice will collect personal information in a responsible and lawful manner. The type of information we may collect and hold includes:

  1. Your name, date of birth, address, email and contact details
  2. Medicare number, DVA number, IHI number and other government identifiers that may be applicable
  3. Other health and medical information about you may include:
  • your medical history, including symptoms, diagnosis, previous and current treatment, medications, prescriptions, family history and photos
  • notes of your symptoms or diagnosis and previous treatments given to you
  • referrals, results and reports received from other health service providers
  • your specialist reports, test results and other medical history
  • your appointment and billing details
  • your prescriptions and any other medication you take
  • your genetic information if applicable
  • information about your ethnicity, social and family history

Except for authorised law enforcement investigations or other valid legal processes, we will not share any personally identifiable information we receive from you with any parties outside of our clinic.

In some instances we will need to collect information about you from other sources, such as your treating General Practitioner (GP), specialists, pathologists, radiologists, hospitals, nursing homes and other health care providers.

Our practice uses Medical Software. Patient information may be collected by medical and non-medical staff employed by Laye Dermatology. Patient information is entered into the medical software by our team including receptionists, nurses, dermal therapists and dermatologists.

Appointment confirmations are usually sent via SMS to the mobile number provided by the patient at registration. If no mobile number is recorded, or no response received, our practice will contact the patient on their listed number(s).

Results may be given in person in our rooms, via a phone call, email and/or via SMS to the mobile number we have received at registration. If a patient does not want to receive results or communication via SMS, we ask that they make our reception team aware.

The Privacy Act does not specify an age after which individuals can make their own privacy decisions. It is the practice of Laye Dermatology that once a patient turns 18, their results are disclosed directly to them and not a parent/guardian unless there has been consent to disclose to an authorised representative.

It is the practice of Laye Dermatology for patients under the age of 18, to disclose health information to a person responsible for the child, such as a parent or guardian. There is an allowance in the Privacy Act for patients between the ages of 15 and 18 to make their own privacy decisions where they have sufficient understanding and maturity. This is assessed on a case by case basis but may be enforced by Laye Dermatology at a minor’s request if it is deemed they have capacity for consent.

Security of Information and Accuracy

We will take reasonable steps to ensure that your personal information is accurate, complete and up to date. Our staff may ask you to confirm that your personal details are correct when booking appointments and/or at your consultation. We do request that our patient’s advise us if there has been any change to their contact details.

Our practice uses Genie Desktop Medical Software. Our computer workstations and our server are password protected.

We utilise Genie’s Online Patient Registration, where patient demographic details, including contact and Medicare information is securely and automatically updated to the patient’s Genie record.

Genie confirms that No Protected Health Information (PHI) or Personally Identifiable Information (PII) will be shared with a third-party. Below is the link to the privacy policy of Genie.

https://www.geniesolutionssoftware.com.au/privacy-policy

Data Breaches

A data breach is unauthorised access to or unauthorised disclosure of personal information held by the practice. As per the Notifiable Data Breach Scheme covered by the Privacy Act 1988, as at 22 February 2018 we are required to notify the Office of the Australian Information Commissioner (OAIC) and individuals likely to be at risk of serious harm because of a data breach. The organisation needs to notify the individual and OAIC as soon as practicable, after becoming aware of a breach but should not be more than 30 days. An example of a data breach is where a computer Medical Record System is hacked or personal information is mistakenly given to the wrong person.

Access and correction of Information

You have a right to seek access to and request correction of your personal information we hold on file. We ask that you put your request in writing. A fee for the retrieval and copying of your Medical Record may apply. We aim to respond to your request within a reasonable time frame.

If you require your Medical Record to be forwarded to another health care provider, we also ask that this request is made in writing. A fee for retrieving, copying and posting your file may apply.

If you wish to access or correct your personal information, please refer to the Contact Details at the end of this document.

Storage of your personal information

Your personal information is stored predominantly in electronic format. We take all necessary precautions to maintain your personal information securely and prevent unauthorised access, interference, modification or disclosure. Access to electronic records is limited to our practice personnel via a series of passwords.

Hard copies of old medical records are stored securely in locked cabinets. Once details of personal information are transferred from hard copies to your electronic file or old medical records are no longer required to be kept, the documents are then disposed of securely.

Our practice personnel are required to maintain and protect your privacy in accordance with this Privacy Policy and their confidentiality agreements.

Electronic records are backed up daily and our IT systems are protected by passwords, antivirus software, antispyware and firewalls.

Contact Details

If you have a question about the privacy of your personal information, we request that you contact us in writing:

Practice Manager

Laye Dermatology

2 Birrell Street, Bondi Junction, NSW 2022.

Updates to this Policy

This Privacy Policy will be updated from time to time to reflect changes in regulations and our procedures.

Privacy Policy - LAYE DERMATOLOGY | Sydney Dermatologist & Mohs Surgeon