Warwick Friendly Society Association Ltd supports the Australian Privacy Principles and is serious in its responsibility to respect and manage the personal information that is collected in the course of providing service to our customers. The policies and procedures in place have been developed to protect and ensure that personal information is managed in accordance with Privacy Laws.
The purpose of this policy is to:
- outline how Warwick Friendly Society Association Ltd will ensure confidentiality and privacy, that is, a customer’s right to have identifiable personal and health information kept private.
This policy applies at all times to owners, management, team members, including contractors who are employed by Warwick Friendly Society Association Ltd. It applies at the workplace as well as when team members are representing Warwick Friendly Society Association Ltd away from the workplace. Overall responsibility to answer questions regarding confidentiality and privacy must reside with the General Manager, Privacy Officer or Pharmacist-In-Charge.
Definitions for this policy are Information, such as:
- Personal information – any information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable such as their name, address, age, health, medicines, finance, disability, family status, or any other information that can reasonably be taken to be personal or sensitive. It also includes any other information protected by legislation.
- Sensitive information – any information or an opinion about an individual’s racial or ethnic origin; political opinion, membership of a political association, religious beliefs or affiliations, Philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record. It is also information that includes personal information, health information about an individual, or generic information about an individual that is not otherwise health information.
Personal information is often required by regulation in order to provide medicines and health related services, or for us to perform necessary business functions. We may also need to pass personal details on to third-parties in the course of performing business functions, such as passing on names and addresses to information technology service providers, mailing houses or delivery/courier services. This can also include access to, talking and/or writing about, communicating or discussing personal and/or sensitive information.
A customer/patient has a general right of access to information this pharmacy holds about them. This pharmacy provides the capacity for a customer/patient to access and, where necessary, correct their own information. In circumstances where information is disclosed to third parties, this pharmacy will take all reasonable steps to ensure these third parties also have procedures in place to protect the privacy of our customers/patients. The pharmacy may disclose personal information in accordance with the Australian Privacy Principles – ‘Permitted health situations’ or ‘Permitted general situations. 1
 Australian Privacy Principles: 16A, 16B.
5. PRIVACY GUIDELINES
This pharmacy is committed to protecting an individual’s confidentiality and is subject to the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which amends the Privacy Act 1988. This Act regulates the handling of personal information about individuals, including the collection, use, storage and disclosure of personal information, and access to and correction of that information. Information about the Privacy Act and the Australian Privacy Principles (APPs) can be found at:
We will ensure that personal information is handled securely and carefully and will only be used when it is necessary for us to provide a service or perform other necessary business functions and activities. This pharmacy upholds the rights in the Community Pharmacy Service Charter and its staff are aware of where the Charter is displayed in public view within the pharmacy.
6. PURPOSE OF COLLECTING PERSONAL INFORMATION
Personal information including sensitive information is often required by regulation in order to provide medicines and health related services, or for us to perform necessary business functions.
Personal information may also be used for business functions and activities which include, amongst other things:
- Activating your account and confirming your details
- Processing orders
- Being aware of any special product and service requirements you may have
- Providing electronic confirmation of your orders (where applicable) and advising you of any changes to our products and services
- Confirming your identity when you contact us
- Addressing any feedback or complaints you may have
- Any purposes for which it was requested and directly related purposes, including developing, improving and marketing our products and services.
7. THE TYPE OF PERSONAL INFORMATION WE COLLECT AND HOLD
Information we collect may include;
- phone numbers
- email addresses
- necessary medical records
- purchases; and
- methods of payment
This information is collected and used only to deliver and provide our customers with valued services and are not sold, rented, or given away to outside parties unless required by law. The choice not to disclose certain information to Warwick Friendly Society Association Ltd may prevent us from providing customers certain services, including processing prescription medication.
8. HOW WE COLLECT AND HOLD PERSONAL INFORMATION
In most cases, the personal information we collect is provided directly by the customer when we are given the details, we require by regulation in order to provide medicines and other health related services. Other forms of collection may include verbally (either in person or via the telephone), via written forms, or through other persons or organisations collecting information on our behalf.
This information may be held digitally via secure computers or in hard copy or paper files. Access to personal information is performed only by Warwick Friendly Society Association Ltd staff with secure passwords, and only when required during the provision of services. These methods of storing personal information may be undertaken by us or by contracted third parties.
Customers may visit the website without providing any personal information. The website servers will in such instances collect the IP address of the customer’s computer, but not the email address or any other distinguishing information. This information is aggregated to measure the number of visits, average time spent at the website, pages viewed, etc. Warwick Friendly Society Association Ltd uses this information to determine the use of the website, and to improve the content thereon.
9. CONFIDENTIALITY & PRIVACY PRACTICES
- We do not sell or give out personal information to any other parties.
- We will not use patient/customer information for purposes unrelated to the services we provide without their prior consent.
- When necessary to collect personal information, we will obtain the information directly from the individual where possible, and we will always use fair and lawful means of collecting personal information.
- When transferring information to a third party, we will gain written consent from the person or their carer prior to the information being provided. The pharmacy will make the relevant templates and forms available, e.g. consent form.
- Copies of any information transferred will be filed in a confidential manner ensuring customer/patient privacy.
- Written or other information will be handled in such a way that unauthorised persons cannot view it and will only be accessible to staff who have a legitimate need to access the information in order to provide continuing care.
- Whenever information is transferred between staff and customers/patients it will always be done in a respectful and discrete manner and only such information as is necessary to ensure continuous care is offered.
- Conversations between staff members within the pharmacy concerning individual’s personal matters must be conducted in such a manner that they cannot be overheard by others, and no conversations will be held outside the pharmacy regarding an individual’s personal and sensitive information.
- Personal information may be discussed with other authorised health care professionals (e.g. General Practitioner), however this must be conducted only when deemed as necessary in the course of providing medical and/or health related services to the patient.
- We will not disclose confidential information unless the individual has given permission or to prevent injury or death or as required by law.
- The storage and distribution of all confidential and personal information will be conducted in a manner that ensures the utmost privacy from any unauthorised persons.
- Only approved personnel will have access to and be responsible for the maintenance and updating of confidential information.
- Each State/Territory has privacy and/or health record legislation regarding the retention and disposal of records. This applies to all types of information formats; including electronic records. To protect customers’ privacy rights destruction needs to occur by secure means.
- Customers/patients may have access to their own records as described in the Privacy Act. This will be managed by authorised personnel.
This policy does not apply in situations where there is a ‘Permitted General’ or Permitted Health situations’, such as:
Permitted general situations:
- Lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety.
- Taking appropriate action in relation to suspected unlawful activity or serious misconduct.
- Locating a person reported as missing.
- Asserting a legal or equitable claim.
- Conducting an alternative dispute resolution process.
Permitted health situations:
- The collection of health information to provide a health service. The collection of health information for certain research and other purposes.
- The use or disclosure of generic information.
- The disclosure of health information for a secondary purpose to a responsible person on behalf of an individual.
In applying these situations, refer to the Australian Privacy Principles Guidelines available at www.oaic.gov.au
11. DESTROYING PERSONAL INFORMATION — IRRETRIEVABLE DESTRUCTION
Personal information is destroyed when it can no longer be retrieved. We will take reasonable steps to destroy personal information and the steps taken will depend on whether the personal information is held in hard copy or electronic form.
For personal information held in hard copy:
- we will destroy the personal information through a process such as pulping, burning, pulverising, disintegrating or shredding; and
- dispose through garbage or recycling collection
For personal information held in electronic form:
- where possible we will ‘sanitise’ the hardware to completely remove stored personal information. (See the ‘Media sanitisation’ section of the Australian Government Information Security Manual (ISM) on the Australian Signals Directorate website https://www.asd.gov.au);
- that cannot be sanitised, reasonable steps will be taken to destroy the personal information by irretrievably destroying it; and
- where it is not possible to irretrievably destroy personal information held in electronic format, we will instead take reasonable steps to de-identify the personal information by removing any identifying factors such as names, addresses, date of birth
- on a third party’s hardware, such as cloud storage, we will instruct the third party to irretrievably destroy the personal information and obtain written confirmation to verify that this has occurred
12. MANDATORY REPORTING OF DATA BREACHES
Under the new Privacy Amendment (Notifiable Data Breaches) Act 2017, it will now be mandatory for Australian businesses to report data breaches to both the person/s affected & the Office of the Australian Information Commissioner (OAIC) within 30 days of the breach.
Access and correction of your personal information
You can ask to obtain access to your personal information that we and/or our contractors hold, although under some circumstances permitted by law, we may not provide such information to you. Also, we may not be able to require our contractors to provide personal information to you. We may ask you to put your request in writing and pay a reasonable fee levied by us for this. It is important to us that the personal information we hold about you is accurate, complete and up to date. If you are aware that this is not the case and would like your personal information corrected, or simply desire access to your personal information, please contact us at:
THE WARWICK FRIENDLY SOCIETY ASSOCIATION LIMITED
ABN 68 087 649 447
Postal Address: P O Box 96, WARWICK, QLD, 4370
Phone: (07) 46611944