Privacy Policy - Doctors Control Panel Services (DCP)

March 2019

Complete Privacy Policy

About this Privacy Policy

The Privacy Act 1988 (the Privacy Act) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy.

This Privacy Policy provides detailed information about the Doctors Control Panel Software (DCP) and associated web site and web services personal information handling practices.

If you want an overview of our personal information handling practices, please refer to this Privacy Policy.

It provides an easy to understand summary of:

• the kinds of personal information that we collect and hold
• how we collect and hold your personal information
• the purpose for which we collect, hold, use and disclose your personal information
• how you can contact us if you want to access or correct personal information that we hold about you
• we do not disclose information we hold to third parties.
• how you can complain about a breach of the Privacy Act and how we will respond to your complaint

What the DCP Software does

The DCP software’s purpose is to extract local information from clinical software , apply algorithms of preventive care and present a condensed evaluation of status of preventive care to the health professional.

Ancillary functions include

• Generation of reports and templated documents from application of the algorithms.
• Printing Envelopes
• Mapping Addresses
• Communicating pathology and radiology results to consenting patients via the dcpresults.com portal.
• Sending SMS messages to patients direct from provider users.
• Enrolling patients with Home Medication Review Service provided by Medscope Pty Ltd.

DCP administers a broad range of information to support Australia’s world class general practice systems of providers and allied health and facilitate access to high quality medical software and services to help people to stay healthy through health promotion and disease prevention activities.

Further information about the DCP can be found on the DCP website.

Our obligations under the Privacy Act

This Privacy Policy explains how we comply with the Privacy Act.

https://www.legislation.gov.au/Details/C2019C00025

The Privacy Act sets out 13 APPs which regulate how we can collect, use, hold and disclose your personal information, and how you may access and correct personal information we hold about users of DCP software and Patients attending users.

As an independent entrepreneurial organisation we aim to ensure complete transparency and compliance with the highest standards as set out by the APPs in the Privacy Act.

It is inherent to the nature of entrepreneurial endeavours that we need to rest on a solid foundation and remain loyal to the needs of users which includes the need for privacy, transaction transparency and honesty in all endeavours.

Personal information

The Privacy Act defines ‘personal information’ as:

‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• Whether the information or opinion is true or not; and
• Whether the information or opinion is recorded in a material form or not.’

It will depend on the circumstances as to whether information about you will be considered ‘personal information’.

How the DCP collects and holds your personal information

Methods of collection

• DCP stores the information on users during licencing acquisition by users.
• DCP stores settings for users when users save preferences on demand.
• Additional Information that is stored in DCP services on demand.
• DCP stores transaction record of SMS for users when users send an SMS demand.
• DCP stores statistical analysis for performant chart generation weekly via search of weekly presentations to generate colours and numbers for charting to users when the service is enabled.
• DCP results service stores pathology and radiology results uploaded on behalf of patients by GP users on demand.

Collecting your personal information

DCP collects personal information on users on the following items which are required for provision of licencing services and providing support services.

• Practice Name
• Practice Address
• User Name
• Provider number (partial only – first 2 and last 2 characters)
• Phone number
• Email address
• DCP version in use

DCP also stores user’s preferences for the DCP, saved settings for Document templates and history of SMS messages sent in a cloud data centre base in Victoria.

DCP also collects statistics on performance for the provision of performance charts to end users. The statistics contain no personal information on either users or patients.

Statistics contain simply a summary numbers of presentations and algorithm results as numbers that are only decipherable within the performant charts application of the DCP and are not useful to any other purpose.

The numbers include an identifier for the GP which can only be re-constructed to represent the GP within the originating practice and only via the DCP performant charting software. Similarly, the numbers include an identifier for the patient id which can only be re-constructed to represent the patient within the originating practice and only via the DCP performant charting software.

All information is stored securely using secured transport with on the wire encryption and is backed with disk encryption at point of storage. Information is stored within a secure datacentre in Australia South East managed by Microsoft Azure Services and derives the Microsoft SLA.

Unsolicited personal information

We do not collect unsolicited personal information about users from clinical database or from individuals or other entities.

Personal information transmitted to or held by third parties

Under the Privacy Act, we are required to take measures to ensure that when your personal information is to be held by a third party, that the third party complies with the same privacy requirements applicable to the Privacy Act.

Our Third Parties

DCP software, website and services does not transmit to or involve any other third parties in the privacy chain other than the one listed Here.

1. Medscope

Medscope which provides the Home Medication Review service is a well-respected company based in Tasmania and has been providing services to the medical community for many years.

When a doctor uses the Medscope Plugin to refer a patient to the Medscope service, the recipient pharmacist of the referral will receive the patient details and referring doctors details as required to commence the creation of the Domicillary Medication Management review.

Medscope receives details of the referring provider and referred patient via secure encrypted communication and holds these details in compliance with the Privacy Act.

Privacy Impact Assessments

DCP services takes reasonable steps to implement practices, procedures and systems that will ensure compliance with the Privacy Act and enable it to deal with enquiries or complaints about privacy compliance.

Storage and data security

Storage of personal information

Personal information held by DCP services for licencing management is stored in a secured SQL database in Australia.

These Electronic records are protected in accordance with Australian industry standards security policies.

Access to records by staff is restricted to staff on a need to know basis.

Our networks and websites have security features in place to protect the information DCP services holds from misuse, interference and loss from unauthorised access, modification or disclosure.

DCP does not collect any information that is identifiable with regard to patients and any information that is stored by DCP results service is scrubbed of patient identifiable information, stored encrypted and protected via combination of two factor authorisation and industry standard Cross site tamper protection (service provided by Google) at point of access.

The information stored for performant chart analysis is held in a cloud table database that is secured and encrypted and located in a data centre in Victoria.

Retention and destruction of personal information

We will take reasonable steps to destroy or de-identify your personal information if we no longer need it for the purpose it was collected, unless required by law or a court/tribunal order to retain the information, or if it is contained in a Commonwealth record.

Complaints

How you can complain about the treatment of your personal information

If you believe that we have breached the Privacy Act or mishandled your personal information, you can contact us using the contact details set out below.

Each complaint will be dealt with on a case-by-case basis. All complaints will be investigated by us and you will be advised of the outcome.

All privacy complaints are taken seriously.

Procedure for making a privacy complaint

If you believe that we have breached the APPs or mishandled your personal information, you should take the following steps:

• Contact us: in the first instance, any privacy concern or complaint should be reported directly to the DCP support service. This can be done using the contact details set out on the DCP website.
• Reasonable amount of time: we will acknowledge your concern or complaint upon receipt, if you provide your contact details. We will try to respond to your privacy concern or complaint within 30 calendar days from the date that we receive it. We will notify you if we cannot respond to you within this time period.

If you are not happy with our response, you can complain directly to the OAIC. The Australian Information Commissioner’s details are:

Please note that the OAIC generally requires that a complaint first be raised with us before the OAIC will investigate.

This privacy policy was last updated in April 2019.