MMC Privacy Policy
Mayfield Medical Connection (MMC) supports independent health professionals who consult from our premises. This policy outlines how MMC manages personal and health information in support of those practitioners and their patients, in accordance with relevant privacy legislation.
Last Updated: 1st July, 2025
1. Introduction
Mayfield Medical Connection (MMC) is committed to protecting the privacy of personal and health information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the Health Records and Information Privacy Act 2002 (NSW), and the Telecommunications (Interception and Access) Act 1979 (Cth). We also align our privacy practices with the expectations set by the Royal Australian College of General Practitioners (RACGP) and the Australian Health Practitioner Regulation Agency (AHPRA).
2. Scope
This policy applies to all MMC staff, contractors, and third-party service providers who manage or access personal and health information. It applies to all forms of information, whether electronic or hard copy, and includes information collected via phone, online systems, or in person.
3. Definitions
Personal Information: Information or an opinion that identifies an individual.
Health Information: Information about an individual’s health, health services provided, or intended to be provided, and includes clinical notes, prescriptions, test results, and appointment data.
Call Recording: Audio files and transcripts of incoming phone calls recorded for the purposes of care coordination, safety, and quality improvement.
4. Collection of Personal and Health Information
MMC collects personal and health information directly from individuals, or indirectly via digital forms, online appointment systems, call recordings, and other platforms. This includes:
– Patient name, date of birth, contact details, Medicare and healthcare identifiers
– Appointment types and consultation details
– Clinical reminders and test result notifications
– Information provided in incoming phone calls
– Financial details for payment processing
– Communication history (e.g., SMS, emails, call logs)
5. Purpose of Collection and Use
Information is collected to:
– Deliver safe, high-quality healthcare services
– Facilitate appointment booking and reminder systems
– Support care coordination, including via call transcription for triage
– Manage billing and administrative processes
– Comply with legal, clinical, and accreditation requirements
6. Call Recording
MMC records incoming phone calls to enhance patient care, safety, and service quality. Call recordings and transcriptions are used to:
– Accurately document patient concerns for clinical triage
– Improve service delivery and staff training
– Address complaints or concerns about communication
MMC informs callers at the start of each call that the conversation may be recorded. Recordings are stored securely, accessed only by authorised personnel, and managed according to our retention and data destruction policies. Call recording practices comply with the Telecommunications (Interception and Access) Act 1979 (Cth).
7. Consent and Notification
MMC obtains consent where required and provides notice about how personal and health information is handled. Patients are informed via:
– Phone system messages
– Practice signage
– Website privacy policy and booking forms
Patients may opt out of communications where possible, such as SMS reminders.
8. Disclosure of Information
Personal and health information may be disclosed:
– To healthcare providers involved in the patient’s care
– To third-party providers like AutoMed who provide technical services under strict privacy obligations
– When required by law (e.g., public health or court order)
MMC does not sell or share personal data for marketing purposes.
9. Data Security and Storage
MMC takes reasonable steps to protect personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure. We use encryption, password protection, role-based access controls, and secure platforms (such as AutoMed) to manage patient data.
10. Access and Correction
Patients have the right to request access to or correction of their personal and health information held by MMC. Requests must be made in writing and include the patient’s full name, date of birth, contact details, and a description of the records requested. Patients may use the official request forms available on our website or from reception.
We aim to respond to access requests within 30 calendar days. Records can be provided in electronic formats (e.g., .pdf, .xml), on USB/disc, or as printed copies. Fees may apply to cover administrative costs, and patients will be advised of the applicable charges before processing begins. Photo ID is required when collecting records in person. If a representative is collecting records on a patient’s behalf, signed third-party consent and their ID are required.
Patients may also request correction of their records if they believe the information is inaccurate, incomplete, or outdated. If the correction is not made, MMC will attach a statement from the patient to the record noting their request.
11. Retention and Destruction
Call recordings and other personal data are retained only as long as necessary for clinical, legal, or operational requirements. Data is securely destroyed when no longer required.
12. Complaints and Enquiries
Patients can raise concerns or lodge a complaint by contacting:
Practice Manager
Mayfield Medical Connection
Phone: 02 4968 2157
Email: reception@mayfieldmedicalconnection.com.au
Unresolved complaints may be directed to the Office of the Australian Information Commissioner (www.oaic.gov.au).
13. Website, Social Media and Online Appointments
MMC collects limited personal information via its website and digital platforms:
– If you use our contact form, we collect your name, email, and optional phone number.
– Appointments booked through AutoMed Systems (AMS Connect) may collect identifying data (e.g., name, DOB, contact details, Medicare number) to verify your identity. AMS’s privacy policy is available at https://automedsystems.com.au/patient-privacy/.
– Google Analytics collects non-identifiable usage data (e.g., location, device type, pages visited, and duration) via cookies to improve website functionality.
MMC also uses social media (e.g., Facebook, Instagram, LinkedIn, Twitter) to share health information. These platforms are public forums and are governed by the respective provider’s privacy policies.
14. Unsolicited Information
MMC may occasionally receive personal information without having requested it (unsolicited information). If this occurs, we will assess whether the information is necessary for our healthcare or administrative functions. If not required, we will destroy or de-identify the information as soon as practicable, in accordance with Australian Privacy Principle 4.
15. Use of Transcription Technology (Heidi)
Some clinicians consulting from MMC use medical transcription software, Heidi, to assist with note taking during consultations. This allows the clinician to focus more fully on the patient interaction and ensures a thorough and accurate record. Heidi does not make any medical decisions, and all data is processed securely and in accordance with applicable privacy laws.
Patients are informed about the use of Heidi and must provide signed consent before it is used. This consent is stored in the patient’s record. Patients may choose not to provide consent or may withdraw their consent at any time without affecting their care.