Paradise Private Hospital is required to comply with medical competency standards and handle all personal information (including health information) it collects and holds in compliance with applicable health record laws of the of Papua New Guinea. Paradise Private Hospital is wholly committed to the protection of personal and health information in accordance with these privacy laws in the provision of its integrated health and medical services.
What is personal information?
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether that information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is a type of personal information that is afforded a higher level of protection by privacy laws. It includes health, genetic and biometric information as well as information about race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs, sexual orientation or practices and criminal record.
References in this policy to personal information include sensitive information.
What personal information do we collect and hold?
The information we collect at Paradise Private Hospital will depend on who the individual is, such as a person attending one of our medical clinics, obtaining clinic support services such as radiology, pharmacy or pathology services, or a patient admitted to our hospital, a health service provider, a next of kin, a guardian or other responsible person, an emergency contact or person responsible for paying an account, and may include an individual’s:
- Name, address (postal, residential and email), mobile and telephone numbers
- Date of birth
- Marital status
- Country of birth
- Next of kin
- Payment information such as banking and credit card details
- Health fund and health insurance cover details
- Workers compensation or other insurance claim details
- Corporate concession details
- Personal and family medical history and other health information we are provided with or we collect in the course of providing our services
- Other details an individual provides for admission to or discharge from our hospital
- practice details if the individual is a general practitioner; and
- Other information we need to provide our services.
How do we collect personal information?
We will collect personal information directly from the individual concerned where it is reasonably practicable to do so. This occurs when the individual completes documents such as patient registration forms, admission, health insurance claim or other forms, provides information over email or telephone, is treated at our hospital, or attends medical clinic or clinic support services, or applies for employment with us.
However, depending on who the individual is, we may also collect their personal information from third parties such as:
- A responsible person or representative (e.g. guardian)
- An individual’s health service provider including specialists
- A health professional who has treated the individual
- An individual’s health insurer or other insurer
- An individual’s family
- An individual who we are admitting (e.g. we ask them to provide emergency contact details)
- Job referees
- Other sources where necessary to provide our services (e.g. pathology labs) or to assess job applicants (e.g. police checks)
We collect sensitive information about an individual, either directly or from a third party, with the individual’s consent (which may be implied or express, depending on the circumstances).
For what purposes do we use and disclose personal information?
Paradise Private Hospital uses the personal information it collects and holds to:
- Assess and understand the health and other needs of individuals to provide them with the appropriate services and advice including for admission and discharge from our hospital, or treatment at our facilities
- Ensure continuity of care of individuals treated in our facilities and provide ongoing treatment options
- Contact individuals to respond to enquiries, to follow up, in an emergency, for authorisation in relation to any services
- Enable the provision of education and training to students of the health profession
- Effectively administer, manage, monitor and improve our services
- Funding, planning, evaluation and complaint-handling
- Communicate with individuals by various means about our services, events, offers and options available from Paradise Private Hospital
- Charging, billing, processing health insurance claims and collecting debts
- Assess employment applications
- Verify an individual’s identity
- Ensure the health and safety of our staff and individuals who use our services or attend our facilities
- Comply with quality assurance or clinical audit activities
- Undertake accreditation activities
- Provide health insurance funding
- Respond to feedback
- Address liability indemnity arrangements and reporting
- Prepare the defence for anticipated or existing legal proceedings
- Undertake research and the compilation or analysis of statistics relevant to public health and safety
- Conduct patient experience surveys with the aim of evaluating and improving services; and
- Enable our facilities and staff to comply with their legal and regulatory obligations.
We may also use personal information in circumstances where we are required or authorised by PNG law to do so or where we otherwise have consent of the individual or their representative.
To whom do we disclose personal information?
We may disclose an individual’s personal information to the following third parties for the above purposes to:
- Other health service providers involved in the individual’s treatment or diagnostic services
- Private health insurers (some of which are located overseas) and other insurers
- Students of the health profession undertaking clinical placements, but not when an individual has opted out of student teaching activities
- A responsible person (e.g. parent, guardian, spouse) when the individual is incapable or cannot communicate, unless the individual has requested otherwise
- Close family members, in accordance with recognized customs of medical practice
- Our insurers and legal representatives
- Service providers engaged to provide services to our hospitals and other facilities including manufacturers and suppliers of medical devices, providers of pathology and radiology services, some of whom may be located overseas or in provincial centres; and
- Companies within the Paradise Health Solutions Group.
What trans-border disclosures do we make?
We operate and communicate with organisations throughout Australia and overseas. We may therefore disclose personal information to related entities who are located overseas.
How do we manage privacy preferences and capacity?
Whether a child has the capacity to make their own privacy decisions is assessed by Paradise Private Hospital staff on a case-by-case basis having regard to matters such as their age and circumstances. Generally an individual aged 18 years and over will have the capacity to make their own privacy decisions. For children under 18 years or for individuals who lack capacity to make privacy decisions for themselves, we will refer or deal with requests for access, consents and notices in relation to personal information by reference to the parent and/or guardian or other responsible persons authorised by applicable laws and will treat consent given by them as consent given on behalf of a child or the individual who lacks capacity.
How do we store and secure personal information?
We store personal and health information in both paper and electronic form. The security of personal and health information is very important to us and we take reasonable steps to protect it from misuse, interference and loss and from unauthorised access, modification or disclosure.
Some of the ways we do this include:
- requiring our staff to maintain confidentiality
- implementing document storage security
- imposing security measures for access to our computer systems
- providing a discreet environment for confidential discussions; and
- allowing access to personal and health information only where the individual seeking access to their own information has satisfied our identification requirements
How do we keep personal information accurate and up-to-date?
We take all reasonable steps to ensure that the personal information we collect is accurate, complete and up-to-date, and also when we use or disclose it, that it is relevant.
We will also take reasonable steps to correct the personal information we hold if we are satisfied that it is inaccurate, incomplete and out of date, irrelevant or misleading, or if an individual asks us to correct their personal information for these reasons. A request to correct personal information can be made at any time by contacting us on the details below.
However, the accuracy of that information depends largely on the quality of the information provided to us. We therefore suggest that individuals:
- Let us know if there are any errors in their personal information; and
- Keep us up-to-date with changes to their personal information (e.g. their name and address). Individuals may do this by mail or email using the information provided below.
There may be circumstances in which we may have to refuse a request for correction. If this happens, we will notify the individual in writing of our reasons for the refusal and explain how they can complain if they are not satisfied.
How can personal information we hold be accessed?
Individuals have a right to access the personal information that Paradise Private Hospital holds about them by contacting the Front Office Supervisor. If individuals request access to their personal information, we will need to verify their identity and may ask them to complete a request for access form. We will then grant the request within a reasonable period. However, we may refuse a request for access to some or all of the personal information in certain circumstances allowed by the Privacy Act or other applicable laws. If Paradise Private Hospital refuses a request for access, we will give written notice of our decision, including our reasons and how to complain if the individual is not satisfied with the decision. We will endeavour to give access to an individual’s personal information in the form they request. However if that is not possible we will provide alternative means of access or discuss how access can be given through a mutually agreed intermediary. We may charge a fee for collating and providing access to personal and health information. We will disclose the personal information we give access to, to the individual’s authorised representative or legal adviser where we have been given written authority to do so.
How can complaints be made to us?
Individuals who have any questions about privacy, this policy or the way we manage personal information or who believe that we have breached their privacy rights should contact the Director of Medical Services, Director of Nursing Services or Director of Finance & Administration with their question or complaint. If the any of above is not able to respond to the individual’s question or complaint to their satisfaction, the individual may contact Front Office Supervisor Officer on the details below.
Complaints should be in writing and addressed to:
Director – Finance and Administration
Paradise Private Hospital
P.O Box 1421, Boroko, National Capital District
Papua New Guinea
Paradise Private Hospital will endeavour to acknowledge receipt of a written complaint within 7 days and provide a written response to the complaint within a reasonable timeframe. It may be necessary to request further information from the complainant before the matter can be resolved. Any such request will be made in writing.
Last updated September 2018