Protecting your privacy
Dr Rachel Mascord ensures a high level of protection for the personal information on our record. Safeguarding your privacy is a duty of care. This practice seeks to comply with all elements of the Australian Privacy Principles as well as obligations developed by the Dental Board of Australia under s. 39 of the Health Practitioner Regulation National Law Act 2009 (the National Law).
You will be asked to sign a consent form for yourself or for children under the age of 18 under your care. The privacy statements in the various forms specify how any information about you may be used and disclosed.
Every effort is made to ensure that your personal information is secure, protected from interference, misuse, loss and unauthorised access, modification and disclosure.
Collection of Your Personal Information
Personal and Sensitive Information
Personal Information refers to information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information is a subset of personal information and includes your health information as well as information pertaining to racial or ethnic origin, political opinions or membership of a political organisation, religious belief or affiliations, membership of a professional or trade association, sexual preferences or a criminal record. Sensitive information attracts additional privacy protections compared with other types of personal information.
On your first visit you will be asked to sign a Client Consent form and to provide certain personal information including:
Your name, address, phone number and email contact details;
Your gender and date of birth;
Contact details for your of next of kin and your doctor;
Medical conditions, all medications you are taking currently and have taken in the past and and medical treatments you are currently receiving and have received in the past.
Detail notes will be made about:
the date of visit
the identifying details of the practitioner providing the treatment
information about the type of examination conducted
the presenting complaint
clinical findings and observations
treatment plans and alternatives
consent of the patient, client or consumer
unusual sequelae of treatment.
radiographs and other relevant diagnostic data; digital radiographs must be readily transferable and available in high definition digital
other digital information including CAD-CAM restoration files
instructions to and communications with laboratories
all referrals to and from other practitioners
any relevant communication with or about the patient, client or consumer
details of anyone contributing to the dental record
estimates or quotations of fees
all procedures conducted
instrument batch (tracking) control identification, where relevant
a medicine/drug prescribed, administered or supplied or any other therapeutic agent used (name, quantity, dose, instructions)
details of advice provided
Children and other persons who are not able to give informed consent may come for a session with the consent of a parent or guardian. In such cases, personal information will be collected and used as described above.
We will try to collect your personal information directly from you. However, there may be instances where we will need to collect your information from other persons or entities. Whenever possible we will request this other person to have your signed consent or email giving your permission for them to provide us with your personal information. Exceptions may be if you suddenly take ill and are incapable of providing certain information which may be important for your treatment, such as if you have had a recent operation, illness or an implant and what medication you are taking.
If you have provided us with information about another person, then you will need to tell that person that you have done so, that they have a right to access their information and that they can refer to this policy for information on how we will handle their personal information.
When you access our website, anonymous technical information may be collected about your activities on the website. This may include information such as the type of browser used to access the website and the pages visited. This information is used by us to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to personal identification details.
Financial information such as credit card numbers are not gathered or stored on this website.
How we store your Personal Information
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss from unauthorised access, modification or disclosure. This includes a range of systems and communications security measures, as well as the destruction of hard copy documents once they are converted into electronic documents. In addition, access to your personal information will be restricted to people properly authorised to have access.
When you complete a consent form it is entered into your electronic records and the original document is destroyed. Only your practitioner and the staff who have properly authorised access to the database may see your personal information unless you have consented to your practitioner sharing your information with another professional such as your GP or a specialist to whom you have been referred.
When you enter your details on-line, they may only be viewed by the staff who have authorised access to the database.
We will keep your personal information for 10 years, to comply with legal requirements.
If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information.
It is your responsibility to advise us should either your health situation or your personal details change so that your record is kept up to date (see ‘Correcting your personal information').
How your Personal Information is used
Personal information is used to:
i. contact you about your appointment or any other matter in relation to the service provided to you;
ii. contact your next of kin or GP in an emergency;
iii. better understand your health history and thus ensure your treatment is of the highest quality;
iv. discuss your case with specialist practitioners and / or medical professionals if you have consented to this and when it necessary to do so in support of your case and in your best interest;
vii. answer your enquires and resolve complaints;
With whom we share your Personal Information
Your personal information will not be shared with any third party without your permission unless required by law enforcement action or subpoena. For example, we may be required to provide your personal information to the appointed case managers of insurance companies managing compensation cases or third party case in the treatment of injury or illness.
Personal information may be disclosed to anyone to whom you have given written and signed consent to have access to this information (e.g. a solicitor, accountant or a person who has authority to act as your attorney). This could also include referees, any financial institution nominated by you (for example in a direct debit) or anyone else you request.
Your personal and sensitive information will be shared with your consent, to dental specialist practitioners or general medical specialists to whom you have been referred.
Access to your Personal Information
You can request access to your personal information at any time by contacting the surgery.
If you believe that any information is incorrect or outdated, you may ask for a correction to be made. A request for access will be processed within a reasonable time, usually less than a week for a straightforward request. More time may be needed, depending on the nature of the request. There is no fee for requesting access to your information.
You can request that your records are transferred to another dental practitioners at any time. Your records will be transferred directly to that practitioner on receipt of a signed "Records Release" form. Your records will be transferred by the most secure means possible. They will not be released directly to yourself, nor to any other third party.
In a very few cases we may be unable to give you access to certain information for example where:
i. we no longer hold or use the information;
ii. providing access would have an unreasonable impact on the privacy of others;
iii. the request is vexatious;
iv. providing access would be unlawful;
v. the information relates to existing or anticipated legal proceedings;
vi. providing access would prejudice or be likely to prejudice the prevention, detection, investigation and prosecution of unlawful activity;
vii. disclosure would pose a threat to the life or health of any individual.
If we refuse your request, we will tell you the reason why. If we are not required to provide you with access to the information requested, we will consider, if reasonable, whether the use of a mutually agreed intermediary would allow sufficient access to meet your needs and ours.
Correcting your Personal Information
It is your responsibility to notify us when your details change. If you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us and we will provide you with a copy of your information to view and following your authorisation we will change your information. Your personal information can be provided either via an email with the document being attached as a PDF, or the document can be printed and mailed to you.
To protect your privacy and security your identity will be verified before granting access to your data. In some cases you will be asked to put your request in writing.
Making a Complaint
You can contact us at any time if you have any questions or concerns about this document or about how your personal information has been handled.
We value your comments and opinions. We will answer any questions you may have, correct any error on our part or resolve any complaint that you may have about our information handling practices.
Once you have contacted us in relation to your concerns, if you are not satisfied with our response, or if you do not feel your complaint has been resolved, you are able to seek advice from the Office of the Australian Information Commissioner by calling 1300 363 992.
If you want to make a complaint in NSW about a health related service you can contact the NSW Health Care Complaints Commission by calling the toll free number 1800 043 159 or emailing firstname.lastname@example.org or the Dental Board of Australia www.dentalboard.gov.au
Online data collection and use
The following discloses our information gathering and dissemination practices.
The online booking system is administered by a third party Centaur Software. It requires contact information, including name and email address, and unique identifiers.
Contact information is used to send reminder notifications for recall appointments.
Our site uses an order form for customers to request information, products, and services. We collect visitor's contact information and unique identifiers.
We use your IP address to help diagnose problems with our server, and to administer our Web site. Your IP address is used to help identify you and to gather broad demographic information.
We are not responsible for the privacy practices or the content of third party sites that have links on our site .
Security of your Personal Information
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure. We limit access to personal information to properly authorised staff within the organisation and ensure that those who do have access respect the privacy of personal information that they are handling. Authorised access to personal and sensitive information is conducted within a ‘need to know’ principle. Personal/sensitive information is only accessed by those staff members who need it to carry out their duties.
Security also includes a range of systems and communication security measures, as well as the secure storage of hard copy documents.
an encrypted client database for collection of client information;
individual database user logins for effective auditing of data amendments;
a password protected server;
a closed office WiFi network strictly accessible to staff only;
daily off site back ups; and
password locked screens on all office computers;
security alarms fitted to the premises.
The practice has an ongoing commitment to periodically brief staff on their obligations and responsibilities with digital security and to ensure they are made aware of the best practices for use of common technologies including email.
We keep your personal information for as long as it is required to comply with legal requirements.