Privacy Policy

Only information relevant for your treatment and care will be requested. The term ‘personal information’ is defined as anything that could be used to identify you including:

• medical records
• clinical or criminal records
• booking data, credit card/payment details
• sexual orientation, racial group, or personal beliefs.

The personal information on each file may include:

• name
• address
• contact and phone numbers
• psychological reports and assessments, - medical history
• Medicare details
• email correspondence collected as part of providing the psychological service

Claire Korte Psychology operates a data security policy for the practice. The psychological service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988. See quick reference guide here

Halaxy

Client information files are held in a secure electronic document management system Halaxy which is accessible only to authorised personnel for 7 years, or for seven years after a child becomes 18 years of age.

A client’s personal information is collected in several ways during initial inquiry. This includes:

• via the website clairekorte.com
• psychological consultation with the clinician during sessions
• completing a client intake form
• email correspondence by the client to Claire Korte Psychology e.g. therapy feedback/questions, referrals/correspondence from other clinicians, and medical assessments or clinical reports
• correspondence by Claire Korte Psychology to relevant third-parties for the direct purpose of client care e.g. GP for mental helath care plan renewal

Halaxy, COVIU and CloudFlare

Your name, email and contact number will be held securely in Halaxy and originally captured by a software called ‘CloudFlare’. While teletherapy sessions are conducted via video conferencing platform:Coviu

Halaxy, Coviu and Cloud Flare are HIPPA compliant. Therefore, their data protection is in alignment with international health care insurance standards to prevent a breech of security.

This means they have been assessed externally to exceed the standards for data protection securely according to HIPAA Laws (Privacy Act of 1988). These are series of laws outlining federally acceptable standards for the confidential protection, integrity, and retrieval of your data.

Organisations who are HIPPA compliant are bound to ensure privacy of client data, detecting and actively safeguarding against anticipated threats and disclosure upon data breech.

For more information see HIPAA Health Insurance Portability and Accountability Act of 1996

Addressing your concerns

If you have a complaint, we are very keen to respond and address your concern as soon as possible.

We recognise great distress may arise during treatment and wish to respond to you promptly and with care. Please contact Claire Korte via psychology@clairekorte.com or call 0403077076.

Claire Korte Psychology will endeavour to respond within 48 hours (if not over a weekend or holiday period) and can direct you to more formal complaint procedures if you are not satisfied with the outcome.

Upon request you can obtain a copy of the Australian Privacy Principles, which describe their rights and how their personal information should be handled.

Ultimately, if clients wish to lodge a formal complaint about the use of, disclosure of, or access to their personal information, they may do so with via the [Office of the Australian Information](http://www.oaic.gov.au/privacy/making-a-privacy- complaint) or calling 1300 363 992

If the client does not wish for their personal information to be collected in a way anticipated by this Privacy Policy, Claire Korte Psychology may not be able to provide psychological services to the client. The client is also aware that withholding other relevant information may limit the efficacy of their treatment.

A clients’ personal information will remain confidential except when:

1. It is subpoenaed by a court; or
2. Failure to disclose the information would in the reasonable belief of the Psychologist/Practice place a client or another person at serious risk to life, health, or safety; or
3. The clients’ prior approval has been obtained to:
   1. provide a written report to another professional or agency, e.g., a GP or a lawyer; or
   2. discuss the material with another person, e.g. a parent, employer or health provider; or
   3. disclose the information in another way; or
4. You would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose directly related to your treatment and care.
5. Disclosure is otherwise required or authorised by law. Claire Korte Psychology is a mandatory reporter of child abuse and neglect.

A clients’ personal information is not disclosed to overseas recipients unless the client consents or such disclosure is otherwise required by law.

At any stage clients may request to see and correct the personal information about them kept on file. Claire Korte Psychology may discuss the contents with them and/or give them a copy, subject to the exceptions in the Privacy Act 1988 (Cth). If a session is required to discuss these files, you will be billed the standard rate and will be charged via your payment method after the session.

We do not provide copies of our clinical records unless subpoenaed as harm to the client may result if they are accessed by other third-parties. Written and current consent will be requested if a third party e.g. lawyer requests these files upon receiving a subpoena for your records.

Access to your personal information may be declined in accordance with privacy laws, for example, if providing you access would put you or another person at risk of harm. In this instance, you will be notified in writing.

If a client is satisfied that their personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected.

All requests by clients for access to or correction of personal information held about them should be lodged with Claire Korte Psychology. These requests will be responded to in writing within 28 days, and an appointment will be made if necessary for clarification purposes.

What is a data breach?

A data breach occurs when personal information is lost, accessed, or disclosed without authorisation. A data breach may occur:

• due to human error e.g. an email is sent to the wrong recipient,
• when system access is granted without requsite authorisation
• a physical asset is misplaced e.g. paper report.
• Misplaced passwords or login in details
• malicious hacking or impersonation

How do you address a data breach?

To minimize the likelihood of data breaches and resulting harms, detailed below are our data breach reporting obligations:

When there are reasonable grounds to believe a data breach has occurred, Claire Korte Psychology must assess if there is significant and preventable harm.

If we are unable to prevent serious harm, then we are obligated to report the breach to Office of Australian Information Commissioner and you as soon as reasonably possible. We will also follow up on steps to contain the impact of data breach, record the event and identifying weaknesses in data handling that contributed to breach and ways to remediate that weakness in future.

Our protocol is determined by the standards outlined by the Office of the Australian Information Commissioner.For further information please visit the Australian Information Comissioner here