BEFORE AND AFTER PHOTOGRAPHY
PRIVACY
DIGNITY AND RESPECT
MY HEALTH RECORD
COMPLAINTS
Our practice policy prevents sharing patient before and afters online. Indicative before and after photos can be viewed during your consultation.
Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:
What kinds of personal information do we collect?
The type of information we may collect and hold includes:
How do we collect and hold personal information?
We will generally collect personal information:
Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
How can you access and correct your personal information?
You have a right to seek access to, and correction of the personal information which we hold about you. An administrative fee of $20 is payable for copies of records.
For details on how to access and correct your health record, please contact our practice as noted below. We will normally respond to your request within 7 days.Y
How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy and have signed confidentiality statements to this effect. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure including multi-factor access and strong passwords to our systems.
Your medical records are held in our medical record management system. For security reasons we have not provided the name of our system here.
The following information applies to our record management system:
An Australian-based cloud provider, whose infrastructure is designed to adhere to security best practices. Your data is protected by multiple layers of defence including physical, network, and encryption.
Network security refers to the security of the network connections to the system, and the measures in place to protect the data from attack. There are several precautions in place to shield the system from potential attacks.
Encryption: The systems – and therefore the confidential patient and practice information stored – are encrypted at rest and in transit, as per industry best practice. This means that the data is protected when it is stored, as it travels between the individual components, and all the way to the end user’s browser.
Our data storage and backup processes also minimise the risk of any loss of your data. Each night, a full snapshot of data is taken – a complete and fully-encrypted backup of every single user’s data. On top of this, incremental backups are logged throughout the day, meaning that the database can be restored to within 5 seconds of a problem occurring.
We have a best practice security certification (ISO27001)
The certification covers all our operations involved in the development, maintenance, and support of our Practice Management Software products.
An ISO27001:2013 certificate demonstrates that we:
Our practice also has additional cloud space storage facilities. For security reasons we have not listed the name of our system however the following information applies to that system.
The system helps protect organizations, users, files and folders through a comprehensive approach to security. It encrypts data at rest and in transfer. Its Privacy-by-Design, Zero-Knowledge-Architecture as well as optional on-premises hosting make the system the safe choice for at-risk data. It authenticates using multiple auth factors and can integrate with existing identity providers. Thorough permissions management and policy enforcement as well as extensive logging make sure access is traceable and limited to eligible users.
When sharing files or folders, they do not leave your organizations hard drive. Instead, recipients have to authenticate so your organization knows who accessed which file when. If sending out public links, you can optionally set an expiration date and a password.
Privacy related questions and complaints
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days.
If you are dissatisfied with our response, you may refer the matter to the OAIC:
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Fax: +61 2 9284 9666
Post: GPO Box 5218
Sydney NSW 2001
Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself. Please note the provision of medical services will be impacted and is likely to be impracticable.
Overseas Disclosure
Web traffic information is disclosed to Analytics when you visit our website. Analytic services store information across multiple countries. When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be in this location website.
Website and Social Media
Website analytics and cookies
The website primarily uses Analytics to help us continually improve the user experience.
Analytics are hosted by a third party to collect data about your interaction with our website. The type of data that we may collect includes:
Analytics collects information using cookies. Cookies are small data files transferred onto computers or devices by websites. We use cookies on our website for record-keeping purposes and to enhance the website’s functionalities.
Most browsers allow you to choose whether or not to accept cookies. You can find further information on how to manage or disable cookies in common browsers below:
If you disable all cookies in your browser, you may find that certain sections of our website may not work.
Our Subscriber Services
Our Subscriber Services are managed for us. How this is handled is governed by Australian Law and our agreement which prohibits the service from using your personal information except to provide our Subscriber Services. By giving us your personal information to receive Subscriber Services, you consent to our disclosure of this information to that service to help us provide the Subscriber Services.
Third Party Websites
In addition to our websites, which we control directly, we also use and provide links to websites that are controlled by third parties, including:
Google maps, Facebook, Instagram
Royal Australian College of Surgeons
Plastic Research University of Louisville
Royal College of Surgeons of Edinburgh
PACES Plastic Surgery Atlanta USA
Australian Medical Association
Australian Society of Aesthetic Plastic Surgeons
National Medical Board of Australia
American Society of Plastic Surgeons
Australian Society of Plastic Surgeons
If you use or follow a link to any of these third party websites, please be aware that these websites have their own privacy policies and that we do not accept any responsibility for how they use information obtained about you from your use of their website. It is your responsibility to read and understand the privacy policies of these entities.
Contact details for privacy related issues
Practice Manager
02 9387 2110
JULY 23 VERSION
We all have a right to a workplace free from bullying, harassment and discrimination. We also have a responsibility to ensure that our own behaviour contributes to a respectful environment for everyone.
To build and maintain a respectful workplace, both staff and patients are responsible for always:
In addition, managers or principals are responsible for setting clear expectations of respectful behaviour and responding to ideas, concerns, complaints and feedback with empathy, fairness, dignity and respect.
This policy explains how the Australian Digital Health Agency (the Agency), as System Operator under the My Health Records Act 2012 (Cth), collects, uses, and discloses personal information to operate and manage the My Health Record system.
This information is handled subject to the My Health Records Act, Healthcare Identifiers Act 2010 (Cth), and Privacy Act 1988 (Cth). This policy is published in accordance with Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act.
When we refer to 'System Operator', 'our', 'we' or, 'us' in this policy, this may include our delegates in the Department of Health or the Chief Executive Medicare and contractors who assist us to carry out our functions.
When we refer to 'you' or 'your' in this policy, we may be referring to you as a healthcare recipient with a My Health Record, or to another person who is a representative authorised to manage your My Health Record under the My Health Records Act. We may also be referring to a healthcare provider or other authorised staff of a registered healthcare provider organisation.
References to personal information in this policy may also include health information or culturally and linguistically diverse (CALD) information. Health information is a type of personal information that is about your health or disability. Health information is considered sensitive information and generally has a higher level of privacy protection than other types of personal information.
CALD information is also considered sensitive information and includes information or opinion about an individual’s race or ethnicity. This includes the individual’s preferred language and country of birth.
Technical terms, such as 'System Operator', are explained in our glossary. If you have any questions about the terms used in this policy, please contact us using the contact details at the end of this policy.
If you would like to access this policy in an alternative format or language, for example if you have a disability or are from a non-English speaking background, please contact us using the contact details at the end of this page. We will take reasonable steps to provide you with alternative access.
We only collect, use, and disclose personal information where this is permitted by the My Health Records Act, Healthcare Identifiers Act, and the Privacy Act to fulfil our functions as the System Operator.
Specific information about the personal information we collect, use, and disclose to carry out specific activities is outlined below.
What is 'personal information'?
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable from that information.
Collection of your personal information
To register and create a My Health Record for yourself or someone else, we need to collect your personal information. This includes:
We also collect evidence of identity information or documentation from you as part of this process.
We collect this personal information directly from you. We may also collect this information from:
If you are registering for a My Health Record on behalf of someone else as their authorised representative, we also need to collect evidence of your authority to act on their behalf.
We also collect health information or culturally and linguistically diverse (CALD) information when you register and create a My Health Record for yourself or another person.
Collecting sensitive information
We may need to collect sensitive information about you. This might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information.
We may collect sensitive information from you only where the collection of the information is reasonably necessary for, and directly related to, our functions and activities and with your consent. However, there are exceptions to this principle. We may collect sensitive information about you without your consent if we reasonably believe it is necessary. These exceptions are:
If we do collect, use, or disclose your personal information in this way we will explain why we have done so.
Anonymity/Pseudonymity
You may be eligible to have a My Health Record under a pseudonym. For information, including to see if you are eligible, please contact us.
If you contact us with a general question, we will not ask for your name unless we need it to adequately handle your question.
In other limited circumstances, we will allow you to interact with us anonymously or using a pseudonym. However, we usually need your name, contact information and enough information about your matter to enable us to handle your enquiry, request or complaint fairly and efficiently.
Collecting through our website
We will collect your personal information if you provide it when using the Agency website. We will use and disclose this information for the purpose for which you provided it. Your first name and the content of your email, and any additional information you choose to provide, may also be used for reporting and feedback purposes.
Website analytics and cookies
The Agency website primarily uses Google Analytics to help us continually improve the user experience.
Google Analytics is hosted by a third party. We use Google Analytics to collect data about your interaction with our website. The type of data that we may collect includes:
Google Analytics collects information using cookies. Cookies are small data files transferred onto computers or devices by websites. We use cookies on our website for record-keeping purposes and to enhance the website’s functionalities. The Agency collects other information about user interaction through cookies associated with:
We use cookie data to improve your experience when using our website.
Most browsers allow you to choose whether or not to accept cookies. You can find further information on how to manage or disable cookies in common browsers below:
If you disable all cookies in your browser, you may find that certain sections of our website may not work.
Disclosure of personal information overseas
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Social Networking
We use social networking services such as Twitter, Facebook, LinkedIn, and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook, LinkedIn, and YouTube (a Google company) on their websites.
Disclosure
We may disclose personal information included in a My Health Record if it is required or authorised under the My Health Records Act. This does not include your personal health notes. The limited circumstances where your personal information may be required or authorised to be disclosed include when it is:
Should this occur, we will handle health information if we reasonably believe that it is necessary to investigate the matter or report our concerns to the relevant person or authority. However, we are only authorised to disclose the minimal amount of personal information necessary for the relevant person or authority to identify the matter sufficiently, to consider it and to apply a judicial order in relation to the matter.
Some authorisations listed above do not include handling your personal health notes.
My Health Record data used for research and other purposes
Part 7 of the My Health Records Act established the role of the Data Governance Board (the Board). The Board oversees the operation of the secondary use governance framework as outlined in the Framework to guide the Secondary Use of My Health Record system data.
The Board’s role also includes guiding and directing us to prepare and provide de-identified data for research or public health purposes and, with the consent of the healthcare recipient, health information for the same purposes.
We may also use and disclose de-identified aggregated My Health Record information to educate healthcare provider organisations and the public about the use and performance of the My Health Record system.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date, and complete we:
We also review the quality of personal information before we use or disclose it.
Storage and security of personal information
The protection of your personal information is something we take very seriously, and we are committed to keeping it secure. We take significant precautions to protect personal information from misuse and loss, and from unauthorised access, modification, or disclosure.
A range of measures are in place to protect information in the My Health Record system, including:
A mandatory data breach reporting framework under s 75 of the My Health Records Act which:
Accessing and correcting your personal information
Under the Privacy Act, you have a right to access the personal information we hold about you. If you cannot find the personal information you are looking for directly through your My Health Record, please contact us for assistance.
You can also view which healthcare provider organisations and nominated, or authorised, representatives have accessed or updated your My Health Record at any time through your access history. If you are concerned about something in your access history, or a notification that you have received, please contact us. We investigate all issues reported to us.
If you consider the personal information we hold that is about you is not accurate, complete, or up to date, please contact us as soon as possible for assistance.
How to make a complaint
If you wish to complain to us about how we have handled your personal information you should first complain to us in writing by sending your enquiry or complaint to our postal address (see below) or by email to privacy@digitalhealth.gov.au. Please address your correspondence to ‘The Privacy Officer’. If you need help lodging a complaint, you can contact us - see ‘How to contact us’ below.
If we receive a complaint from you about how we have handled your personal information we will determine what, if any, action we should take to resolve the complaint.
If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior officer than the officer whose actions you are complaining about.
We will assess and handle complaints about the conduct of Agency staff using the APS Values and Code of Conduct and the guidelines issued by the Australian Public Service Commission.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are dissatisfied with the outcome of the complaint or the way in which the complaint was handled, you may contact the Office of the Australian Information Commissioner for advice about your complaint.
CONTACT US
You can contact us by:
Website: See our online contact form
Telephone: 1300 901 001, 8am - 5pm (AEST/AEDT), Monday - Friday
Email: help@digitalhealth.gov.au
Assisted contact:
This policy was last reviewed on 17 June 2022.
Our goals is for our patients to receive the highest standard of care. If we have missed that mark we want to know. Please find below our complaints policy.
We aim to resolve complaints as soon as possible and when the complaint is first made.
If our staff member is unable to find a resolution, the customer can request a review of the issue and this review must be independent. To be an independent review, the staff member reviewing the complaint must not have been involved in the initial investigation of the complaint.
Where a person making a complaint is dissatisfied with the outcome of this further review of their complaint, they may seek an external review.
There are six key principles that underpin our complaints handling processes. They are that we:
If you are unhappy with the care or advice you are given please discuss this with us.
Speak to the practice manager or Dr Somia who will do their best to resolve your complaint.
If you wish to make a formal written complaint either email info@naveensomia.com.au or complete this form https://naveensomia.snapforms.com.au/form/patient-complaint-form
If after reasonable discussion you are unhappy with our responses, or you think the care you received was not of a good standard, then you may consider contacting the Health Complaints Commission.
The Health Complaints Commissioner is an independent and accessible ombudsman. The Commissioner strongly emphasises conciliation in resolving complaints between patients and providers. Serious complaints are investigated. The Commissioner also recommends action to improve health services. The Commissioner will determine if your complaint is a serious matter affecting standards of care and whether it should be referred to Australian Health Practitioner Regulation Agency, AHPRA.
What can the Australian Health Practitioner Regulation Agency do?
AHPRA receives complaints about registered health practitioners for the relevant Board[1]. The Board registers health practitioners so they can practice their profession in Australia. The Register of Practitioners is available https://www.ahpra.gov.au/
The Board will act to protect the public if:
The Board might need to gather more information before it can take action. The Board can ensure that to keep practicing, the practitioner must:
The Board can decide to talk to the OHCC about your complaint. For very serious matters, the Board may refer the practitioner to the Tasmanian Health Practitioners Tribunal. The tribunal can suspend or cancel the practitioner’s registration.
If you make a complaint to a Board, AHPRA will update you about what is happening and let you know the Board’s final decision.
What can the Office of the Health Complaints Commissioner do?
You can make a complaint if you:
OHCC can help you:
OHCC:
If the practitioner is a registered health practitioner, OHCC must talk to AHPRA and the Board about your complaint to decide whether the Board or OHCC will manage all or part of your complaint. You can complain to the OHCC about all health services provided in Tasmania including:
By working together, the OHCC, AHPRA and the Boards can improve the quality and safety of health services.
If a Board believes there is a serious risk to public safety, it can restrict or remove a practitioner’s right to practice.
We can’t...
Have you contacted the health service or health practitioner directly?
This is often the quickest way to resolve a complaint.
AHPRA
Level 5, 99 Bathurst St, Hobart TAS 7000
GPO Box 9958 Hobart, TAS 7001
1300 419 495 www.ahpra.gov.au
OHCC
Level 6, 86 Collins St, Hobart TAS 7000
1800 001 170 www.healthcomplaints.tas.gov.au
National Relay Service - www.relayservice.gov.au
Translating and Interpreting Service - www.tisnational.gov.au 131 450
Receive notifications new articles are published.
Bondi Junction
Westfield Tower 2,
Suite 1305, 101 Grafton St,
Bondi Junction NSW 2022
info@naveensomia.com.au
02 9387 2110
Bella Vista
Suite 212, Level 2, 10 Norbrik Dr
Bella Vista NSW 2153
info@naveensomia.com.au
02 9387 2110