Privacy policy.

Queerious Health Privacy and Confidentiality Policy

Last Updated: 24th November 2024

This policy outlines how Queerious Health and Dr Thomas Dickson collects, uses, and protects patient information in accordance with the Privacy Act 1988, Australian Privacy Principles, and specific requirements for AI-assisted healthcare services.

1. Collection of Information

Types of Information Collected

  • Personal identification information

  • Medical history and health information

  • Medicare and healthcare identifiers

  • Session notes and transcriptions

  • Audio recordings (where applicable)

  • Correspondence with other healthcare providers

  • Payment and billing information

Collection Methods

  • Direct collection from patients

  • Electronic Health Records (EHR)

  • Audio recordings of consultations (with consent)

  • AI transcription services via Lyrebird Health

  • Correspondence from other healthcare providers

  • Telehealth platforms

2. AI Transcription and Data Processing

Lyrebird Health AI Service

All consultations processed through Lyrebird Health are:

  • Encrypted during transmission and storage

  • Processed within Australian jurisdiction

  • Subject to strict access controls

  • Automatically deleted after processing according to retention schedule

Patient Notification

Patients must be informed that:

  • AI transcription services are used

  • Their consultations may be recorded and transcribed

  • They can opt-out of AI transcription

  • How their data is processed and stored

  • The security measures in place

Consent Requirements

Explicit written consent required for:

  • Recording consultations

  • Using AI transcription services

  • Storing recordings and transcriptions

  • Sharing transcriptions with other healthcare providers

3. Data Security and Storage

Electronic Records

All electronic health records are:

  • Password protected with multi-factor authentication

  • Encrypted at rest and in transit

  • Backed up securely

  • Accessible only to authorised personnel

  • Monitored for unauthorised access attempts

Physical Records

  • Stored in locked cabinets

  • Access restricted to authorised personnel

  • Secure disposal when no longer needed

AI-Generated Content

  • Transcriptions reviewed for accuracy

  • Stored separately from main health record

  • Subject to same security protocols as other health information

  • Regular auditing of access and usage

4. Data Sharing and Third-Party Access

Authorised Sharing

Information may be shared with:

  • Other healthcare providers involved in care

  • Medicare/DVA for billing purposes

  • Legal requirements or court orders

  • With explicit patient consent

Third-Party Services

We engage with:

  • Lyrebird Health (AI transcription)

  • Practice management software

  • Secure messaging services

  • Telehealth platforms

All third-party services must:

  • Meet Australian privacy standards

  • Have appropriate security certifications

  • Process data within Australia

  • Have current data processing agreements

5. Patient Rights and Access

Patients have the right to:

  • Access their health records

  • Request corrections to information

  • Opt-out of AI transcription services

  • Receive copies of their transcripts

  • Know how their information is used

  • Lodge complaints about privacy concerns

6. Breach Management

Response Protocol

  • Immediate notification to Dr. Thomas Dickson

  • Assessment of breach severity

  • Patient notification if required

  • Report to OAIC if serious breach occurs

  • Review and update of security measures

7. Mental Health Information Privacy

Sensitive Information Classification

  • Mental health records are classified as highly sensitive information

  • Additional safeguards and restricted access protocols apply

  • Separate consent required for sharing mental health information

  • Special considerations for psychotherapy notes and sessions

Psychotherapy Notes

  • Stored separately from the general medical record

  • Access is restricted to the treating practitioner (Dr. Thomas Dickson)

  • Notes are maintained with enhanced security measures

  • AI transcription of psychotherapy sessions requires specific consent

  • Patients can restrict access to psychotherapy notes while allowing access to other health information

Information Sharing Protocols

Mental health information will only be shared in the following circumstances:

  • Explicit patient consent for specific information sharing

  • Legal requirement or court order

  • Immediate risk to patient or public safety

  • Medicare/DVA requirements (limited to required information only)

Special Considerations

  • Detailed documentation of capacity to consent

  • Additional privacy protections for vulnerable patients

  • Specific protocols for LGBTQIA+ sensitive information

  • Cultural safety considerations in information handling

  • Enhanced protections for substance use and addiction information

8. Staff Responsibilities

All staff must:

  • Sign confidentiality agreements

  • Complete privacy training annually

  • Follow access protocols

  • Report potential breaches

  • Maintain clean desk policy

  • Use secure communication methods

9. Compliance and Auditing

Regular auditing of:

  • Access logs

  • Consent records

  • AI transcription usage

  • Security measures

  • Staff compliance

  • Third-party services

10. Data Retention and Disposal

Retention Schedule

  • Clinical records: 7 years (adults)

  • Children's records: Until age 25

  • Transcriptions: 7 years

  • Audio recordings: 30 days unless specifically required longer

Secure Disposal Methods

  • Electronic data wiping

  • Physical document shredding

  • Certified destruction services

  • Documented disposal records

11. Website and Digital Services Privacy

At Queerious Health, any personal information shared through our:

  • Website

  • Email communications

  • Social media interactions

  • Online appointment bookings

Is handled securely and confidentially. Our digital platforms use:

  • Secure encryption

  • Analytics and cookies for website functionality

  • Secure payment processing

  • Protected online forms

Cookies and Web Beacons

At Queerious Health, we utilise cookies on our website. Cookies are:

  • Text files stored in your computer's browser to save preferences

  • Not personally identifiable on their own

  • Used by third parties (such as Google and Facebook) to display our advertisements on social media and online platforms

  • Potentially linked to personal information only when you choose to provide it through our website

Web beacons may be used on our website and are:

  • Small pieces of code on web pages

  • Used to monitor visitor behaviour

  • Applied to collect data about webpage viewing

  • Utilised for functions such as counting website visitors

  • Employed to deliver cookies to visitors' browsers

External Website Links

When using the Queerious Health website:

  • Links to external websites may be provided

  • We have no control over external websites

  • External websites are not governed by this Privacy Policy

  • We are not responsible for the privacy protection or personal information handling on external websites

You can opt-out of non-essential cookies and analytics tracking at any time.

12. Document Automation Technologies

Our practice uses secure medical software for:

  • Creating referral letters

  • Generating prescriptions

  • Managing medical records

  • Processing Medicare claims

All document automation is:

  • Password protected

  • Access-controlled by role

  • Regularly audited

  • Compliant with privacy legislation

13. Quality Improvement and Research

We may use de-identified patient data for:

  • Practice quality improvement

  • Healthcare research

  • Staff training

  • Population health analysis

You can:

  • Opt-out of having your de-identified data included

  • Request information about how your de-identified data is used

  • Be assured that no identifying information is shared

14. Policy Review and Updates

Review Schedule

This policy is:

  • Reviewed annually

  • Updated to reflect changes in:

  • Victorian Health Records Act 2001

  • Privacy and Data Protection Act 2014 (Vic)

  • Mental Health and Wellbeing Act 2022 (Vic)

  • Federal Privacy Act 1988

  • Australian Privacy Principles

  • Communicated to staff and patients

  • Available upon request

Policy Amendments

This Privacy Policy may be:

  • Updated at our discretion

  • Published in amended form on our website

  • Modified to reflect changes in:

  • Healthcare practices

  • Technology services

  • Legislative requirements

  • Privacy standards

Significant changes are communicated via:

  • Direct patient notification (email/SMS)

  • Practice website updates

  • Notices in waiting room

  • Direct communication during consultations

  • Updated privacy consent forms

Record Retention Requirements (Victorian Legislation)

In accordance with the Health Records Act 2001 (Vic):

  • Adult records: minimum of 7 years from date of last entry

  • Children's records: until the patient is 25 years of age

  • Mental health records: 7 years from date of last entry

  • Deceased patient records: 7 years from date of death

Complaint Procedures

Patients can lodge complaints through:

Internal Process:

  • Direct to Dr. Thomas Dickson

  • Email: info@queerioushealth.com

  • Response within 30 days

External Bodies:

Health Complaints Commissioner (Victoria)

  • Level 26, 570 Bourke Street, Melbourne VIC 3000

  • Phone: 1300 582 113

  • Website: hcc.vic.gov.au

Office of the Australian Information Commissioner (OAIC)

  • Phone: 1300 363 992

  • Website: www.oaic.gov.au

Contact

Privacy concerns should be directed to:

Dr. Thomas Dickson

Queerious Health

info@queerioushealth.com

Last reviewed: 24th November 2024

Next review: 24th November 2025