YOUnique Psychology's
Privacy Policy
Privacy Policy for the Management of Personal Information
This document describes the privacy policy of YOUNIQUE GROUP PTY LTD (ACN: 661 130 678) (“YOUnique Psychology”, “we”, “us”) for protecting the privacy of personal information we collect about you, including through our website, located at www.youniquepsychology.com.au, as well as through the provision of psychological services or directly from you.
The psychological services provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, YOUnique Psychology may not be in a position to provide the psychological service to you. In some circumstances, you may request to be anonymous or to use a pseudonym unless it is impracticable for YOUnique Psychology to deal with you or if YOUnique Psychology is required or authorised by law to deal with identified individuals.
Client information
The types of personal information we collect may include:
- Name, date of birth, address(es), contact numbers, email address, and other contact details;
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, and risk factors;
- Details of other health service providers involved in your care and copies of any referral letters and/or medical reports and test results;
- Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent);
- Medicare number, healthcare identifiers, and health fund details;
- Financial payment details (such as your credit card number);
- Other information disclosed by you, if relevant when providing our services directly to you (such as your relationships with other persons, employment information and qualifications, gender, race, sexuality or religion); and
- Information or opinion (including our clinical treatment notes) about our client’s health and expressed wishes about future care.
How client's personal information is collected
We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly. We and our psychologists collect personal information for the purposes of arranging appointments, delivering psychological services, as well as communicating with you. We may collect information through our client intake and consent forms, via the YOUnique Psychology website at youniquepsychology.com.au, or in the course of our psychologists undertaking psychological services in consultation and treatment of clients.
A client’s personal information is collected in a number of ways:
- During psychological consultation with YOUnique Psychology, including when the client provides information directly to YOUnique Psychology or our psychologists using hardcopy or electronic forms, correspondence including via email, and when the client interacts directly with YOUnique Psychology employees;
- From a client’s responsible person, such as parents and guardians; and
- From other health service providers who provide personal information to YOUnique Psychology, via referrals, correspondence and medical reports.
Why we collect, hold, use, and disclose personal information
We collect, hold, use and disclose client’s personal information as is reasonably necessary for YOUnique Psychology to provide our health services, including for the following purposes:
- to contact and communicate with clients;
- for the purpose of providing psychological services to clients, which include assessing, diagnosing, and treating;
- accessing and transfer of electronic client records including those contained in their My Health Record (if they have chosen to participate);
- when communicating with other healthcare providers involved in your care
- to liaise with Medicare, your health fund, or government departments;
- to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
- when it is necessary to lessen or prevent a serious threat to your life, health, or safety, public health or safety, or when it is impractical to obtain your consent;
- to handle a complaint or respond to anticipated or existing legal action;
- when required for administrative and internal record keeping for a minimum of 7 years after our last contact (or if the client is under 18, until they turn 25);
- for statistical purposes; and
- as required by law.
A client’s personal information is not disclosed to overseas recipients, unless the client consents or such disclosure is otherwise required by law. Clients’ personal information will not be used, sold, rented, or disclosed for any other purpose.
Requests for access and correction to personal information
Access: Clients can request details of personal information that we hold about them in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act). We may refuse to provide you with information that we hold about clients in certain circumstances set out in the Act. Otherwise, we will provide access to the information if it’s reasonable and practicable to do so. If your request requires significant effort or expense on our part, we will ask for compensation for that.
Correction: If a client believes that any information we hold about them is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details set out below. We rely in part on clients advising us when their personal information changes. We will endeavour to promptly correct any information found to be inaccurate, incomplete, or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.
Deletion: If a client wants us to delete personal information we hold about them or to not collect information from them for a specific purpose, please contact us using the details set out below. Please note that if we agree to delete your information, because of backups and records of deletions, it may be impossible to completely delete your information without retaining some residual information.
We will respond to any request to access, correct or delete information within a reasonable period. The Office of the Australian Information Commissioner considers 30 days a reasonable period in which to respond to these information requests.
Maintaining the security of personal information
We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss, unauthorised access, modification, or disclosure. We undertake the following precautions to protect personal information we hold:
- our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;
- we limit access to personal information to a “need-to-know” basis;
- we protect devices we use to collect, hold, use, and disclose personal information with industry-standard anti-virus software;
- devices are stored in secure premises;
- software used during consultations to aid the collection of health information are in strict compliance with the Australian Privacy Principles and international privacy regulations such as HIPAA, and have ISO 27001 certification. ISO 27001 (Information Security Management) certifications, PCI DSS Level 1 (Payment Card Industry Data Security Standard), HIPAA compliant, or Australian Privacy Principles compliant;
- practice data is protected by 256-bit bank grade security and encryption, meaning patient records, notes, and payment information are protected to the same level required by banks;
- client information is securely stored using cloud storage services that maintain ISO 27001, ISO 27017 (Cloud Security) and ISO 27018 (Cloud Privacy and Data Protection) certifications;
- our email data is encrypted;
- data is securely stored on cloud servers;
- all hard copies of personal information are kept in secure storage with access by authorised personnel only;
- all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and
- if we no longer need personal information, we take reasonable steps to delete or de-identify the information.
If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify that client as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.
Website cookies
Our Website may use “cookies”; technology to store data on your computer using the functionality of your browser. Many websites do this as cookies allow the website publisher to find out whether the computer has visited the site before and to personalise your user experience.
You can modify your browser to prevent cookie use. However, if you do this, our service (and our Website) may not work properly. The information stored in the cookie is used to identify you. This enables us to operate an efficient service and to track the patterns of behaviour of visitors to the Website.
In the course of serving advertisements to the Website (if any), third-party advertisers or ad servers may place or recognise a unique cookie on your browser. The use of cookies by such third party advertisers or ad servers is not subject to this Privacy Policy, but is subject to their own respective privacy policies.
Concerns
If clients have a concern about the management of their personal information, they should contact us at [email protected].
If a client is unsatisfied with our response, they may lodge a formal complaint about the use of, disclosure of, or access to, their personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at https://www.oaic.gov.au/privacy/privacy-complaints/ or by post to: Office of the Australian Information Commissioner, GPO Box 5288, Sydney, NSW, 2001