Nexus Eyecare is committed to the protection of our clients’ information, both corporate and personal. Nexus Eyecare collects information from patients and other parties we interact with, such as external businesses and healthcare providers. We handle your information according to privacy legislation, including the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW).

This Privacy Policy operates together with our Collection of personal information patient consent form and our AI-assisted consultation records patient consent form, which you can access by asking our staff for a copy.

YOUR CONSENT

By providing us with your information, you consent to Nexus Eyecare collecting, storing and using your information as set out in this policy. If we change our policy, we will post the updated policy on our website, so that you can be aware of the information we collect and how we use it at all times. You will be notified of changes made to our Privacy Policy as required by law. Continued use of our services will signify that you agree to any such changes.

COLLECTING YOUR INFORMATION

When you become a client of Nexus Eyecare, we need to know your name, postal address, e-mail address, and telephone number. We may also collect further information, including:

• Residential and delivery addresses;
• Credit or debit card details, if you wish to pay using that method;
• Information regarding your interests and preferences;
• Medical information including medical history, medicines, allergies, and adverse reactions immunisations, social history, family history and risk factors;
• Medicare, health fund, worker’s compensation, and Department of Veterans’ Affairs details;
• Images and medical imaging, including scans, photographs, and CCTV footage; and
• Information from My Health Record.       

We will only collect and use your personal information where we have lawful grounds and legitimate business reasons for doing so. We will not ask for more personal information than we need. We will always comply with privacy obligations when collecting personal information from third-party sources. This includes ensuring transparency with patients, obtaining necessary consents, maintaining data accuracy, securing the information, and using it only for specified purposes

We may gather your information in a number of different ways, including when you first make an appointment or are referred to us, during the course of providing medical services, in person, over the telephone, by SMS and email, from your guardian or responsible person, through other involved healthcare providers (such as specialists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services), through CCTV, through our website (see further information below), or through your health fund, Medicare, My Health Record, electronic prescribing, and the Department of Veterans’ Affairs.

STORING AND PROTECTING THIS INFORMATION

We store your information in a number of ways including, in physical storage, in our computer systems, or in cloud storage relevant to specific devices or programs. Please see our AI-assisted consultation records patient consent form for more information about our transcription technology.

We store all your personal information securely. We retain external IT support who are experienced in ensuring your information remains secure. Additionally, access to your personal information is limited to those who need access for the performance of their job. Access is restricted with log in and password controls on our system. We review and limit off-site access and utilise multi-factor authentication to keep your information secure.

During the course of providing services, we may send your information to you, using your nominated contact details. We are committed to transmitting your data securely; however, we are not responsible for the security or use of your information once provided to third parties, such as your personal email and SMS providers.

USING THIS INFORMATION

We gather your information for the purposes of providing healthcare, communicating with you, carrying out our obligations to you, and invoicing. Relevant information is used by us to provide you with statements of your account and to communicate with you about this and any other matter relating to you. We may disclose information for secondary purposes directly related to these purposes, or where otherwise permitted or required by law. This includes:

• with third parties for business purposes, such as accreditation agencies or information technology providers (these third parties are required to comply with Australian privacy law);
• with other healthcare providers (e.g. in referral letters);
• when it is required or authorised by law (e.g. court subpoenas);
•  if requested by regulatory authorities and investigative agencies;
• when it is necessary to lessen or prevent a serious threat to a person’s life, health or safety, or public health or safety, or when it is impractical to obtain the individual’s consent;
• to assist in locating a missing person;
• to establish, exercise, or defend a claim;
• for the purpose of a confidential dispute resolution process;
• when it is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification);
• when providing medical services, e.g. electronic prescribing or My Health Record.

Only people who need to access your personal information will be able to do so. Other than providing medical services or as otherwise described in this policy, the practice will not share personal information with any third party without your consent.

We do not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

USE OF ARTIFICIAL INTELLIGENCE (AI) SCRIBE

We use an AI scribe tool to support clinicians to take notes during their consultations with you. The AI scribe uses an audio recording of your consultation to generate a clinical note for your health record. We will only use an AI scribe if you have signed the corresponding ‘AI-assisted consultation records – Patient consent form’. You can withdraw your consent to the use of an AI scribe at any time by providing an updated consent form (available at reception).
The AI scribes we use:

• do not share information outside of Australia
• destroys the audio file once the transcription is complete.
• retains sensitive, personal identifying information as part of the transcription

We will only use data from our AI scribe service for lawful purposes, such as to provide you with healthcare.

DOCUMENT AUTOMATION TECHNOLOGIES

Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare.

We use document automation technologies to create documents such as referrals, which are sent to other healthcare providers. These documents contain only your relevant medical information.

These document automation technologies are used through secure medical software.

All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role.
We comply with the Australian privacy legislation to protect your information.

All data, both electronic and paper, are stored and managed in accordance with this Privacy Policy.

OUR WEBSITE AND COOKIES

When you visit our website, Nexus Eye Care, we may store some information (commonly known as a ‘cookie’ on your computer or device). Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your information around the web. Credit card details and passwords are not stored in cookies. A cookie helps you to get the best out of the site and for us to provide you with a more customized service.

We may use cookies so that you do not have to re-enter your details every time you visit our site; and we use cookies to track how our site is used and to improve and update our content. You can block or erase cookies from your computer or device if you want to, but certain parts of our site are reliant on the use of cookies to operate correctly and may not work correctly if you set your browser not to accept cookies.

ANONYMITY

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

ACCESSING OR CORRECTING YOUR INFORMATION

You are able to request access to your personal information.

The following procedure has been developed to ensure that all requests for access are dealt with as fairly and efficiently as possible:

• Your request access must be made in writing and be clearly addressed to the Practice Manager or your treating eye specialist.
• Requests for access will be acknowledged in writing within 14 days of the receipt of the request.
• Applicants will be required to complete the standard consent form and agree to be bound by the terms of the document. If you are requesting access to another person’s information, we will require a signed and dated authority form (unless not required by law). We reserve the right to contact the person to confirm the validity of the authority form.
• The total time between the receipt of a request for access and the time when access is granted shall not ordinarily exceed 30 days. Where it is not possible for access to be granted within 30 days, you will be notified of this in writing and be advised when access will be granted.
• Where access is refused to your personal information, you will be advised in writing of the reasons for refusal and your medical practitioner will contact you to discuss whether there are any means by which access may be facilitated.
• You will not be permitted to remove any of the contents of your medical file from the medical practice. Should you wish to alter information in the medical record, a separate written request must be submitted.
• Where we provide access to your personal information, a fee of $50 will be applicable. A rebate from Medicare is not recoverable in respect of this fee.

In limited circumstances, patients may request that records are provided to another person. If you are collecting a copy of your medical record, or are authorised to collect the record of another person, you may be required to provide photographic identification.

We will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we may ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing.

Where a request to correct information is made, we may refuse to do so if we are satisfied that the current information is not incomplete, incorrect, irrelevant, out of date, or misleading.

UPDATING YOUR DETAILS

If any of the information that you have provided to Nexus Eyecare changes, for example, if you change your address, please let us know the correct details by email to: reception@nexusblacktown.com.au for our Blacktown location; or reception@nexuseyecare.com.au for our Norwest location.

You are responsible for informing us of any limitations you wish to set on the use and disclosure of your information, and for ensuring that your recorded contact details are correct.

COMPLAINTS 

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve your concerns in accordance with our resolution procedure and within 30 days of receipt of your complaint.

Please address your written complaint to your nominated eye specialist, marked ‘Private and Confidential’, and mail to:

Nexus Eyecare
Suite 310
4 Columbia Court
Norwest NSW 2153

Should you be unsatisfied with our response to your privacy complaint, you may lodge a written complaint with the NSW Privacy Commissioner or the Office of the Australian Information Commissioner (OAIC).

Generally, the OAIC will require you to give them time to respond before they investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

REVIEWING THIS POLICY

Our Privacy Policy is reviewed every 6 months to ensure it is appropriate and complies with any changes to our obligations. You will be notified of changes made to our Privacy Policy as required by law.

You can review our current Privacy Policy at any time on our website (https://nexuseyecare.com.au).

CONTACTING NEXUS EYECARE 

If you have any queries regarding how we collect, store, or use your information, please send an email to:
reception@nexusblacktown.com.au for our Blacktown location; or
reception@nexuseyecare.com.au for our Norwest location.