This document describes the privacy policy (“Privacy Policy”) of Bright Space Therapy (ABN 84 640 961 853) (“Bright Space Therapy”, “we”, “us” or “our”). This Privacy Policy sets out how Bright Space Therapy collects, uses, stores, shares and discloses personal health information. This Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) (‘Act’) and Australian Privacy Principles, and other legislation or regulations that apply to Bright Space Therapy in certain circumstances, including but not limited to the Information Privacy Act 2009 (QLD) (‘Information Privacy Act’).
Bright Space Therapy is a private practice that provides therapeutic and mental health services, and operates in accordance with the Australian Association of Social Workers Code of Ethics (“AASW Code of Ethics”). Bright Space Therapy is committed to protecting the safety and security of the personal information of their clients and all other persons with whom Bright Space Therapy interacts (“you”, “your”). Please read this Privacy Policy carefully in order to understand how your personal information is collected, held, used or otherwise processed by us.
Personal Information that we collect
“Personal Information” is information or an opinion about an individual whose identity is apparent, or can be reasonably ascertained, from that information or opinion (whether true or not, and whether recorded in a material form or not).
The type of personal information we collect from you includes, without limitation, the following:
- full name;
- address;
- email address;
- telephone number;
- date of birth;
- enquiry information;
- health fund details;
- billing information;
- Medicare numbers;
- referral information including reason for referral and diagnoses;
- social and background history;
- current medications;
- other information we required in order to accept a referral or schedule an appointment;
- details of the services we have provided or that you have enquired about, including any additional information necessary to deliver those services and respond to enquiries;
- any additional information relating to you that you provide us directly through attendance at our practice, use of our services, enquiries, use of our website; and
- any other information that we deem relevant.
- Technical data such as your IP address, details about your browser, time zone settings, and other technology on the device you use to access our website
- Information about how you use our website
- Cookies and Usage Data
Sensitive Information that we collect
You may also provide us with Personal Information from time to time that may be considered “Sensitive Information. “Sensitive Information” is defined as information or an opinion about an individual’s racial or ethnic origin, political membership, associations or opinions, religious or philosophical beliefs or affiliations, membership of a professional association or trade union, sexual orientation or practices, criminal record, health information and genetic or biometric information. The Sensitive Information we collect from you may include but is not limited to:
- racial or ethnic origin;
- political membership associations or opinions;
- religious or philosophical beliefs or affiliations;
- membership of a professional association or trade union;
- sexual orientation or practices;
- criminal record; and
- health information.
How Personal Information is collected
We will collect Personal Information only by lawful and fair means and not in an unreasonably intrusive way. Personal Information is collected in a number of ways, including:
- directly from you when you interact with us, including but not limited to completing digital and hardcopy forms, our “contact us” website form, correspondence via email, and interactions in person, fax or telephone.
- passively from you, when you interact with our website (e.g. through use of cookies); and
- from third party service providers in certain specific circumstances, including but not limited to other health care providers via referrals, correspondence and reports/assessments.
How we store Personal Information
Personal information is recorded and stored electronically using practice management software Halaxy. Halaxy’s privacy policy can be accessed via their website: www.halaxy.com/article/privacy
Bright Space Therapy does not routinely maintain paper/physical copies of personal information. When a paper/physical copy of personal information does exist (such as art work created during a session, or notes written during session in a notebook), these will be stored in a secured facility and at a secured location, access to same only being provided to authorised individuals employed by Bright Space Therapy.
We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. Your personal information held by Bright Space Therapy is maintained in a secure environment, which can be accessed only by authorised personnel. We take reasonable steps to protect the security of the personal information we hold, by:
- ensuring physical security over our paper and electronic data stores, such as locks and security systems, is maintained and enhanced where possible
- maintaining security systems, for example, by using a firewall, using passcodes to control access to electronic devices, and using two-factor authentication when available to access electronic systems
- taking reasonable steps to destroy or de-identify your personal information once we no longer need it
We cannot however guarantee the security of any personal or health information transmitted over the internet and therefore you disclose information to us at your own risk. Additionally, we cannot ensure the security of personal information left with you or provided to you, for example, a paper-based report or email sent to you. To the maximum extent permitted under law, we are not liable for any unauthorised access, modification or disclosure, or misuse of personal or health information.
Bright Space Therapy retains Personal Information for 7 years from final contact with you or, if you are under the age of 18 when we last had contact with you, 7 years after your 18th birthday. All information we retain will be handled in accordance with this Privacy Policy.
Consequences of not providing Personal Information
If you do not wish for your Personal Information to be collected in a way anticipated by this Privacy Policy, Bright Space Therapy may not be in a position to provide you with therapeutic and/or mental health services. In some circumstances, you may request to be anonymous or to use a pseudonym, which will be determined on a case by case basis.
Why we collect your Personal Information and what we use it for
Your Personal Information is gathered and used for the purpose of:
- providing actual or anticipated therapeutic and mental health services, including but not limited to assessing, diagnosing and treating your presenting issue(s);
- billing you;
- verifying your identity;
- any other purpose you have consented to;
- any use which is required or authorised by law.
We may also participate with our marketing partners for purposes of providing personalised ads. This activity is performed by collecting Usage Data and by using cookies and other tracking and data collection methodologies discussed above to transfer information to our marketing partners which manage advertising activities.
- Google Analytics (Google): Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the data collected to track and examine the use of this website, to prepare reports on its activities, and to share them with other Google services. Information collected: cookie and Usage Data.
Disclosure of Personal Information
Your Personal Information will remain confidential except when:
- It is subpoenaed by a court; or disclosure is otherwise required or authorised by law; or
- Failure to disclose the information would in the reasonable belief of Bright Space Therapy place you or another person at serious risk to life, health or safety; or
- Your prior approval has been obtained to
a. a. provide a written report to another professional or agency. e.g. GP, school or a lawyer; or
b. discuss the material with another person, eg. a parent, employer or health provider; or
c. disclose the information in another way; or - You would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected; or
- Disclosure is otherwise required or authorised by law; or
- When consulting with colleagues, or in the course of supervision, your therapist will be required to conceal your identity and any associated parties involved; and to preserve your privacy at the utmost professional manner in accordance with the AASW Code of Ethics.
Your Personal Information is not disclosed to overseas recipients unless you consent or such disclosure is otherwise required by law.
Your Personal Information will not be used, sold, rented or disclosed for any other purpose except for in accordance with this Privacy Policy.
Potential cross border disclosure of Personal Information
Halaxy is a service provider that provides a secure online platform that assists in the administration and storage of information and integration with other online systems including payment, invoicing and Medicare. While Halaxy stores their data in Australia, they and Bright Space Therapy may use third party providers who store their data offshore. In the event we share your Personal Information with Halaxy or any other third party provider, we will endeavour to ensure that the provider complies with local privacy legislation. In consenting to our use, collection and disclosure of your Personal Information you also consent to Halaxy and our third party providers to do the same.
In the event that unauthorised access, disclosure or loss of your Personal Information occurs, Bright Space Therapy will activate its data breach plan as set out by the Office of the Australian Information Commissioner and use all reasonable endeavours to minimise any risk of consequential serious harm. If the data breach is a notifiable breach under the Act, we will endeavour to notify you as soon as practicable after we become aware of the breach.
Requests for access and correction of Personal Information
Subject to some exceptions provided by law, you have the right to request access to and/or the correction of any of the Personal Information we hold about you at any time. You will not be charged for accessing your information. Should you wish to access the information kept on your client records, please discuss this with your therapist or request in writing by emailing:
britt@brightspacetherapy.com.au
All requests will be responded to in writing within 28 days, and an appointment will be made if necessary for clarification purposes. You may be asked to formally verify your identity as the client before further action can be taken. If you are satisfied that any Personal Information is inaccurate, out of date or incomplete, we will take reasonable steps to ensure that this information is corrected.
Prior to provision of any requested Personal Information, your therapist may discuss your request with you.
Concerns
If you have any concerns about the management of your Personal Information, please contact Bright Space Therapy to discuss this. Upon request we can provide you with a copy of the Australian Privacy Principles, which describe your rights and how your Personal Information should be handled. If you have any queries or wish to make a complaint about the use of, disclosure of, or access to, your Personal Information, you may do so via the contact details below: