Privacy Policy

INTRODUCTION 

Perth Day Hospital takes privacy matters seriously and is committed to open and transparent personal information handling practices. 

 

PURPOSE 

This policy details how Perth Day Hospital (PDH) manages personal information, including what, how and why personal information is collected, how it is used, accessed and disclosed, how the hospital securely retains the information and how an individual may make a privacy complaint. 

 

DEFINITIONS 

• Collects: an organisation collects personal information only if it collects the personal information for inclusion in a record. 
• De-identified: personal information is de-identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable. 
• Holds: an organisation holds personal information if it has possession or control of a record that contains the personal information. 
• Personal information: means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
  • whether the information or opinion is true or not; and 
  • whether the information or opinion is recorded in a material form or not. 

 

• Responsible person for an individual is:
  • a parent of the individual; or 
  • a child or sibling of the individual if the child or sibling is at least 18 years old; or 
  • a spouse or de facto partner of the individual; or 
  • a relative of the individual if the relative is: 
  • at least 18 years old; and 
  • a member of the individual’s household; or 
  • a guardian of the individual; or 
  • a person exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual’s health; or 
  • a person who has an intimate personal relationship with the individual; or 
  • a person nominated by the individual to be contacted in case of emergency. 

 

Sensitive information is a type of personal information that is afforded a higher level of protection by privacy laws. It includes health, genetic and biometric information as well as information about race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs or affiliations, sexual orientation or practices and criminal record. 

 

SCOPE 

This policy applies to all staff, visiting medical officers, contractors and volunteers at PDH when dealing with personal information held by the hospital. 

 

POLICY STATEMENT 

PDH respects and upholds an individual’s rights to privacy protection under The Privacy Act (1988) as amended. This privacy policy explains how personal PRIVACY POLICY 

Privacy Policy (Website) V1 Nov2025 Page 2 of 6 

information is collected, held, used, disclosed, secured and otherwise managed, including patient health information. It describes the types of information collected and the reasons why it is collected, how to access and correct the information, and how to make a privacy complaint. 

 

PROCEDURE 

Anonymity 

Where it is lawful and practicable to do so, individuals may deal with PDH anonymously or use a pseudonym (e.g. when enquiring about services generally). However, in many instances an individual’s identity needs to be established. To ensure quality of care, a pseudonym that is confidentially linked to a patient’s real identity may assist in an individual remaining anonymous. It is not possible for healthcare providers providing a healthcare service at PDH to remain anonymous or use a pseudonym. 

Collection of personal information 

The information collected by PDH will depend on who the individual is, such as a patient admitted to the hospital, a healthcare provider, a prospective employee, a contractor or supplier, a next of kin, a guardian or other responsible person, an emergency contact, or a person responsible for paying an account. 

To provide a healthcare service to its patients, PDH collects the following information: 

• Name and contact details (address, telephone, email) for patients and their identified next of kin/emergency contacts 
• Patient demographic details including date of birth, sex, gender, marital status, employment status, country of birth, indigenous status 
• Health information 
• Private health insurance details 
• Workers’ compensation or other insurance claim details 
• Medicare details 
• Department of Veterans Affairs details 
• Department of Defence details 
• Concession card details 
• Any additional information provided to the hospital by a patient 

PDH collects information from prospective employees during the recruitment and selection process, either from the individual themselves or from identified referees. 

Information necessary for the credentialling of PDH healthcare providers will be collected from the applicant and identified referees during the accreditation application process. PRIVACY POLICY 

Privacy Policy (Website) V1 Nov2025 Page 3 of 6 

Personal information including name, contact and banking details is collected from contractors and suppliers who provide services to the hospital. 

PDH collects personal information directly from an individual concerned where it is reasonably practicable to do so. This may take place when the individual completes documents such as a hospital admission form, a job application form, or hospital healthcare provider accreditation application form, provides information over the telephone, or applies for a service contract. 

However, depending on who the individual is, personal information may be collected from third parties such as: 

• A responsible person or representative (e.g. guardian) 
• A patient’s General Practitioner or other healthcare provider to assist the hospital in providing services to the patient 
• Pathology and imaging providers 
• An individual’s health insurer, the Department of Veterans’ Affairs, or other insurer 
• Employment/hospital accreditation application referees 
• Other sources when processing applicants (e.g. police checks, working with children checks, professional registration boards for healthcare providers). 

Hospital Website 

When the hospital’s website is accessed, certain information about the browsing session may be collected, including through the use of cookies and third-party analytics tools. These tools may gather data such as: 

• Pages visited and time spent on each page 
• Browser type and device information 
• Geographic location (approximate) 
• Demographic insights (e.g., age range, gender) 
• Referral sources and search terms 

This information helps the hospital understand how users interact with the website, improve content and navigation, and tailor services to better meet user needs. Data collected is used for statistical and performance analysis and is not used to personally identify individuals. 

The hospital does not collect personal information through cookies unless it is voluntarily provided by the user (e.g., via contact forms). Cookies do not provide access to an individual’s computer or any personal data beyond what the user chooses to share. PRIVACY POLICY 

Privacy Policy (Website) V1 Nov2025 Page 4 of 6 

Users can choose to accept or decline cookies. Most browsers automatically accept cookies, but settings can be adjusted to refuse them. Declining cookies may affect the functionality of certain website features. 

Use and disclosure of personal information 

PDH uses/discloses the personal information it collects and holds: 

• To assist treating doctors, nursing staff and other health care professionals in providing medical treatment and care for patients. 
• To inform the ‘person responsible’ for a patient, of appropriate care or treatment when the patient is incapable of giving or communicating consent. 
• For charging, billing, and processing health insurance claims and collecting debts. 
• To provide information to Medical Practitioners, nurses, pathology providers and other healthcare professionals who provide necessary health services and tests, including follow-up treatment and ongoing care. 
• To assist with any calls made by the patient. 
• For health service management, including service planning and monitoring, complaint-handling, funding, incident reporting, quality assurance, hospital licensing, accreditation and audit activities. 
• To assist contractors who provide necessary services to the hospital such as IT service providers. 
• To assist in the tracking of medical devices in the event of a recall of a device implanted by the hospital. 
• To enable the provision of education and training of staff and students of the health profession. 
• To provide data in both an identified and de-identified form in compliance with legislative requirements. 
• To assess job applications. 
• To verify an individual’s identity. 
• To address liability indemnity arrangements and reporting. 
• To prepare the defense for anticipated or existing legal proceedings. 
• To conduct patient experience surveys with the aim of evaluating and improving services; and 
• To enable the hospital and service providers to comply with their legal and regulatory obligations. 
• In circumstances where required or authorised by Australian law. 

Unless allowed for by the Australian Privacy Principles, PDH will not disclose personal information about patients without their consent. It is unlikely that PDH will disclose personal information to overseas recipients. 

PDH does not use personal information for direct marketing.

 

Storage and security of personal information 

PDH stores personal and health information in both paper and electronic form and takes all reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date. Personal and health information is retained for the period determined by applicable Australian laws after which it is de-identified or disposed of in a secure manner. 

PDH stores personal information contained in paper based and other hard copy documents in a dedicated secure on-site storage area. 

Personal information is contained in databases in a secure environment; and such records are only accessible by authorised people who require access to personal information for the purpose of carrying out their duties of employment/service contract. 

 

Access to personal information 

Individuals may request access to the personal information the hospital holds about them. An individual’s identity needs to be verified prior to granting access. Patients may complete a ‘PDH Request to Access Patient Information’ form or forward a written request to the hospital. 

Access may be denied to some or all the personal information in certain circumstances allowed by the Privacy Act or other applicable laws. If PDH refuses a request for access, the individual is to be provided with written notice of the decision, including reasons for denial and how to complain if the individual is not satisfied with the decision. The hospital endeavours to give access to an individual’s personal information in the form they request. However, if that is not possible, an alternative means of access will be provided. A fee may be charged for collating and providing access to personal and health information. 

Personal information the hospital gives access to will be disclosed to the individual’s authorised representative or legal adviser where the hospital has been given written authority to do so. 

PDH takes reasonable steps to correct the personal information it holds if it is satisfied that it is inaccurate, incomplete and out of date, irrelevant or misleading. If a patient believes that the personal information the hospital holds needs to be corrected, a ‘Request to Amend Patient Information’ form is to be completed. It is hospital policy to take all steps to record the corrections and place them with the patient’s record but under no circumstances does the hospital erase or remove the original health record information. There may be circumstances in which corrections may have to be refused. If this happens, the individual is notified in writing of the reasons for the refusal and an explanation provided detailing how they can complain if they are not satisfied. PRIVACY POLICY 

Privacy Policy (Website) V1 Nov2025 Page 6 of 6 

 

Complaints 

Individuals who have any questions about privacy, this policy or the way personal information is managed at PDH or who believe that their privacy rights have been breached should contact the Director of Nursing with their questions or complaint. 

 

Director of Nursing, Perth Day Hospital 

[email protected] 

10/454 Scarborough Beach Road 

Osborne Park WA 6017 

 

PDH will endeavour to acknowledge receipt of a written complaint within 7 days and provide a written response to the complaint within a reasonable time frame. It may be necessary to request further information from the complainant before the matter can be resolved. Any such request will be made in writing. If the individual is not satisfied that PDH has resolved their complaint, they have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). If they wish to make a complaint or to find out any more information about their privacy rights, the OAIC can be contacted as follows: 

Website: www.oaic.gov.au 

Telephone number: 1300 363 992 

In writing: Office of the Australian Information Commissioner GPO Box 5288, Sydney NSW 2001 

Individuals may also make a complaint regarding the handling of their health information to the HaDSCO Health and Disability Services Complaints Office www.hadsco.wa.gov.au 

ASSOCIATED DOCUMENTS 

1. Patient Privacy Notice 
2. Patient Privacy Information Sheet 
3. Request to Access Patient Information Form 
4. Request to Amend Patient Information Form 

 

REFERENCES 

1. Privacy Act (1988) as amended 
2. Office of the Australian Information Commissioner – Australian Privacy Principles guidelines, December 2022 
3. Australian Commission on Safety and Quality in Health Care. National Safety and Quality Health Service Standards. 2nd ed. Sydney: ACSQHC; 2021. Clinical Governance Standard