Privacy Policy

This document describes the privacy policy of David Groves Psychology (ABN: 96 593 296 415 “David Groves Psychology”, “we”, “us”, “our practice”) for protecting the privacy of personal information we collect about you, including information collected directly from you in the course of providing our service as well as through our website, located at www.davidgrovespsychology.com.au

This psychology service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

If you do not wish for your personal information to be collected in a way anticipated by this privacy policy, you may remain anonymous, but we may not be in a position to provide services to you.

What kinds of personal information we collect and store

The types of personal information we collect and store during the course providing psychology services may include:

·        Name, date of birth, addresses, contact numbers, emergency contacts, email address and other contact details;

·        Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;

·        Details of other health service providers involved in your care and copies of any referral letters and/or reports/results from those parties;

·        Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent);

·        Medicare number, healthcare identifiers and health fund details where relevant;

·        Financial payment details (such as your credit card number);

·        Other information disclosed by you, if relevant when providing our services directly to you (such as your relationships with other persons, employment information and qualifications, gender, race, sexuality or religion); and

·        Information or opinion (including our clinical treatment notes) about our client’s health and expressed wishes about future care. 

How clients' personal information is collected and where it is stored

Personal and health information is collected in a number of ways:

·        Verbally, during psychological consultation, from the client and/or responsible persons including parents and guardians

·        Via paper and/or online forms completed during psychological consultation, completed by the client, responsible persons, as well as other parties that the client has provided consent for us to contact and obtain information from (e.g., school teachers) for the purposes of gathering assessment information

·        From other health service providers who provide personal information to us, via referrals, correspondence and medical reports. 

Personal and health information is stored in the following ways:

·        The client’s personal and health information is stored primarily in the practice management software Halaxy. Halaxy is compliant with Australian Privacy Principles and is widely used by allied health practitioners in Australia. Their privacy policy can be viewed here: https://www.halaxy.com/article/privacy

·        Client information (e.g., online testing form responses and testing results) may also be stored within Pearson Clinical, which is compliant with Australian Privacy Principles (their privacy policy can be viewed here: https://www.pearsonclinical.com.au/digital-solutions/q-global/resources.html#:~:text=Examinee%20data%20is%20stored%20on,Socket%20Layer%20(SSL)%20technology. We also utilise MHS and WPS Online in order to provide some of the services available to clients (namely, psychological testing). If clients have any concerns about the storage of their information on these services, they are encouraged to review those respective organisations privacy policites, which can be found here: https://www.wpspublish.com/wps-privacy-policy and https://www.mhs.com/Privacy-Policy

·        While we endeavour to keep the transmission of clinical/health information via email to a minimum, some communication via email between psychologist and client is inevitable, particularly if the client chooses to use email to share personal or health information with our practice. Our practice uses a reputable and secure platform including protections such as two-factor authentication and strong password practices. Email data is encrypted during transit and at rest. The privacy policy can be viewed here: https://policies.google.com/privacy

·        Information in paper form is converted to digital form as soon as practicable and the original documents returned to the client or destroyed. While in paper form, paper documents are kept under lock in a location accessible only to authorised persons.

If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify the client as soon as possible in accordance with the Privacy Act and related legislation.

Why we collect, hold, use and disclose personal information

It is necessary for David Groves Psychology to collect, hold, and use information to provide our service, including for the following purposes:

·        to communicate with clients;

·        to provide psychological services including assessment and diagnosis;

·        to communicate with other relevant healthcare providers (with the client’s written consent);

·        to communicate with other parties such as school teachers to obtain clinical information (with the client’s written consent);

·        to liaise with Medicare, your health fund or government department;

·        when it is necessary to lessen or prevent a serious threat to your life, health, or safety or public health or safety;

·        to handle a complaint or respond to anticipated or existing legal action; and

·        as required by the Commonwealth Privacy Act 1988

Our privacy practices are in keeping with the Commonwealth Privacy Act 1988, and in our practice of confidentiality we also strive to conform to the ethical principles of the APS Code of Ethics.

We will seek your written consent to communicate with third parties. We may share confidential information in the following circumstances as stipulated in the APS Code of Ethics:

·        with the consent of the relevant client or a person with legal authority to act on behalf of the client;

·        where there is a legal obligation to do so (e.g., a subpoena is issued, or when a mandatory report must be made about a child at risk of harm);

·        if there is an immediate and specified risk of harm to an identifiable person or persons that can be averted only by disclosing information; or

·        when consulting colleagues, or in the course of supervision or professional training, provided the psychologist conceals the identity of clients and associated parties involved; or obtains the client’s consent, and gives prior notice to the recipients of the information that they are required to preserve the client’s privacy, and obtains an undertaking from the recipients of the information that they will preserve the client’s privacy.

In line with the Privacy Act and APS Code of Ethics, client information is retained for a minimum of 7 years after the client’s last contact with our service, or if the client is under 18, until they turn 25.

Your personal information is not likely to be sent overseas, except in the case that overseas data storage facilities are used by providers such as Google and Pearson. In each case, data is stored in encrypted form and cannot be accessed or viewed by those affiliated with each provider except under rare legal circumstances. 

How you can ask to access or correct personal information

Clients can request details of personal information that we hold about them in certain circumstances set out in the Privacy Act. If there is no legal or ethical contraindication to providing this access, we will provide access to the information if it is reasonable and practicable to do so. If your request requires significant time and effort to action, we may ask for compensation for this.

If a client believes that any information that we hold about them is inaccurate, out of date, incomplete, irrelevant, or misleading, we ask that they please contact us. We will do our best to promptly correct any information found to be inaccurate unless it is impracticable or unlawful to do so.

Concerns

If concerns arise or you would like to make a complaint about our privacy practices, we ask that you first raise these with David Groves. If a client is unsatisfied with the response, they may lodge a formal complaint about the use of, disclosure of, or access to, their personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at https://www.oaic.gov.au/privacy/privacy-complaints/ or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001

The Australian Privacy Principles are available online: https://www.oaic.gov.au/privacy/australian-privacy-principles