Privacy policy

Hello & Welcome

This website, joriley.com is owned and operated by me, sole trader and practitioner of acupuncture & naturopathy, Joanne Riley, ABN 79939704924

Contact Person

For any enquires please contact me, Jo Riley.

Contact Details

Office & Postal Address: 18 Home Road, Nar Nar Goon. 3812

Email:  jorileywellness@gmail.com  (this is my preferred means of contact)

Phone: 0407636453

This document sets out my Privacy Policy

It describes how I collect and manage your personal information when you interact with this site. I take this responsibility very seriously. If you have any questions or concerns about how your personal information is being handled, please do not hesitate to contact me.

I comply with the Australian Government National Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act), relevant to privacy and health records legislation.

I understand that visitors from the EU may access this site, so I also aim to comply with the General Data Protection Regulations (GDPR).

Personal Information

If you engage with me via this website, or choose to become my client I may ask to collect the following kinds of personal information from you, including:

[CONTACT DETAILS]

• Your name; mobile or other telephone number and email address.

[BOOK ONLINE]

When you “Book Online” or schedule an appointment you will be prompted to share with me personal details and some sensitive information (more on this below) pertaining to your health and lifestyle. This may be via:

Email: jorileywellness@gmail.com

Phone or texting me 0407636453

Face-to face

Or via my website at joriley.com where you may use the “Book Online” button that will link you to Halaxy, my booking platform. All of the above avenues will prompt you to complete a “Patient Intake Form”.

[PATIENT INTAKE FORM]

When you make a booking via any of the above booking pathways, you will receive a Patient Intake Form via the email address you provided. It will be emailed from my booking platform Halaxy. For privacy and security reasons, the “Patient Intake Form” is emailed using a secure link contained within the email template. You can click or copy the link into your browser to access the intake form. The link expires one week after being sent, so you must complete the form within that time.

See more on Patient Intake Form below, “Collection & Use”.

[TELEHEALTH]

On-line naturopathic consultations are held via your preferred platform. You must book an Naturopathic Consultation Initial 90 mins TELE-HEALTH appointment if you have not consulted with me within the past 24 months. The 60 minute option is for follow up consultations to the initial only and you must have consulted with me within the past 24 months (otherwise an Initial 90 minute consultation is required).

When booking you will advise me of your preferred platform:

ZOOM: (First time user on ZOOM:- You will  need to install the platform, this is very straight forward and you can do this immediately, you don’t need to wait for our meeting. Simply Google, ‘Zoom.us download’. You should only need to take this step once).

Once you have booked your Naturopathic Consultation TELE-HEALTH, you will be prompted to complete a Patient Intake Form as below, see “Sensitive Information” below, once the documents are completed, I will create a meeting time in ZOOM and you will receive a ZOOM invitation via email to meet me in my ZOOM meeting room. You will be notified with the details via the email address that you provided upon booking.

SKYPE appointments are to be scheduled as above, via “Book Online”; and your personal details will be obtained from the same pathways as noted above.

My Skype name is: joriley63

Collection & Use

 I may collect your PERSONAL INFORMATION via my booking platform, ‘Halaxy’:

• Upon making a booking in Halaxy, via the ‘Make a Booking’ option on my website or via my mobile or email as specified above under “Contact Details’, you will receive a Patient Intake Form via email, from Halaxy. This must be completed and returned to Halaxy at least 24 hours before your appointment.

The Patient Intake Form requests:

• Personal Details: name; date of birth; gender; contact email and addresses and contact phone number.

• Clinical Questionnaire (see SENSITIVE INFORMATION below) for you to detail your current health issue; secondary issues and your medical health history; family health history; current medication and supplement profiles; diet & lifestyle details relevant to your consultation.

• Requests your ‘Consent’ for me to use your information for health purposes in your treatment

I use this information for:

• So that I can provide the professional services that you are requesting in the form of acupuncture treatment; and /or naturopathic treatment/prescribing.

• Provide you with relevant news and updates about my services.

• Your email address will not be added to any mailing list, nor will it be disclosed to any other party without your knowledge and consent. You can opt to not be contacted by email by us at any time

Sensitive Information

I understand that some personal information is particularly sensitive. I will only collect sensitive information by methods that are reasonably secure, such as:

• Your ‘Patient Intake Form’, is directed from Halaxy. I use Halaxy for privacy and security reasons, this includes collecting your personal information & health details and history in the form of a ‘Patient Intake Form’ it is emailed to you using a secure link contained within the email template. You can click or copy and paste the link into your browser to access the intake form. The link expires one week after being sent, so you must complete the form within that time. For an additional layer of security, I have added a two-factor authentication (2FA); thus you will be emailed an authentication code that you will need to enter before being able to access the intake form.

• During face-to-face or via TELE-HEALTH consultation, all clinical notes are recorded in your personal file in Halaxy.

[STORING & HANDLING YOUR SENSITIVE INFORMATION]

I am committed to securely storing and handling your sensitive information.

• Your personal information will be stored securely and kept completely confidential. It will not be shared with anyone for marketing purposes. Your personal details and clinical notes have been created and stored in Halaxy, my practice management and personal health record software.

• Internally, Halaxy operates from Melbourne, and store their data within Australia in securely protected data centres with multiple back-ups in place. This data is protected by 256-bit bank grade security and encryption; meaning patient records, notes, and payment information are protected to the same level required by Australian banks.

• Only I and authorised professional colleague/s with whom I may share a client, may access sensitive material.

• Sensitive information may be collected from children under the age of 18 under the following circumstances: in the presence of their parents; with their parent or guardian’s full consent. All records for those under 18 years is securely stored in accordance with this privacy policy and is kept until they are 25 years of age.

• Some sensitive information is stored on a password protected computer. This may be in the form of emails or reports attached to emails.

• This same information may be stored in iCloud. iCloud is built with industry-standard security technologies, employs strict policies to protect your information and is leading the industry by adopting privacy-preserving technologies like end-to-end encryption for your data. For more on iClouds security policy https://support.apple.com/en-au/HT202303#:~:text=iCloud%20secures%20your%20information%20by,end%2Dto%2Dend%20encryption.

[DESTRUCTION POLICY]

All archived sensitive information is securely destroyed after 7 years.

Professional Considerations

 [REGULATIONS REGARDING PERSONAL INFORMATION & CONFIDENTIALITY]

I am subject to the following regulations regarding the collection of Personal Information & Confidentiality as a member of the professional governing body ATMS, as a member:

• I must comply with all applicable privacy legislation. 


• I must keep confidential the information given by a client in the therapeutic relationship. 


• Client records must be securely stored, archived, passed on or disposed of in accordance with applicable privacy and health records legislation. Client records must be maintained and managed in accordance with the ATMS Records Keeping Guidelines. Members must ensure that all details related to treatments, referrals, consent, and all other matters related to interactions with clients are effectively recorded in the client's clinical record. 


• Members must maintain accurate, legible, objective, comprehensive, contemporaneous and up to date records in English of each client. Any later modifications to these records must be signed and dated by the Member. 


• Members must take all reasonable steps to ensure the proper maintenance and secure storage of client records including but not limited to data protection and protection against cyber threat. 


You may choose not to provide me with your personal information. However, this comes with limitations:

• If you choose not to be completely honest with me I may not be able to provide you with the services that you request.

• I am legally required to identify my clients by collecting their name and address, and failure to provide this information means I cannot offer my services to you.

Use of Personal Information

In order to provide you with the services you have requested, it is my ‘duty of care’ to obtain your comprehensive health history. This enables me to treat you holistically, in line with the principle and philosophy of nature cure. Your information & records are maintained and managed in accordance with the ATMS Records Keeping Guidelines as noted above under REGULATIONS.

[DISCLOSURE]

• You as a patient have a right to expect that any information shared with me or my professional colleagues is held in confidence, unless release of information is required by law or public interest considerations. Good practice involves treating your personal information as confidential.

[WITH WHOM MAY YOUR PERSONAL DETAILS BE DISCLOSED TO]

• From time to time and to provide you with the services needed, I will obtain your consent to forward on personal details (i.e on-line dispensing e.g. Metagenics; vital.ly; Oborne; Integria

• Other Australia Post or courier companies

[WITH WHOM MAY YOUR PERSONAL INFORMATION BE DISCLOSED TO]

• With your consent, your personal information may be shared with other health professionals as on a referral basis where I may refer you onto another health professional to assist in your health care.

• A colleague in a locum role, whilst I take leave.

[LEGAL DISCLOSURE]

• I will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where I have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to my functions or activities has been, is being or may be engaged in, and in response to a subpoena, discovery request or a court order.

• Except where one or more elements of section 6.1 of the National Privacy Principles (2011) can be demonstrated, should a client, their legal representative, their private health insurer, or an organisation legally mandated to do so, request a copy of the client's healthcare record, you must promptly comply with that request.

• If you have any concerns regarding the disclosure of your personal information, please do not hesitate to get in touch with [me/us] to discuss this personally.]

[DISCLOSURE OVERSEAS]

I will use all reasonable means to protect the confidentiality of your personal information while in my possession or control. I will not knowingly share any of your personal information with any third party other than the service providers who assist me in providing the information and/or services I am providing to you. To the extent that I do share your personal information with a service provider, I would only do so if that party has agreed to comply with our privacy standards or has a suitably protective policy of their own. However, some of my service providers may be overseas and may not be subject to Australian Privacy Laws or compliant with GDPR. Please contact [me/us] if you have any concerns about the potential disclosure of your information.]

Security

[POLICY STATEMENT]

I take reasonable physical, technical and administrative safeguards to protect your personal information from misuse, interference, loss, and unauthorised access, modification and disclosure.

[RISK MANAGEMENT]

I manage risks to your personal information by:

• storing files securely

• ensuring that only I / key personnel have access to sensitive information

• releasing information to service providers on a strictly need-to-know basis

As mentioned above, some of your personal information such as pathology reports etc. that you may have emailed me, may also be stored with iCloud, a third-party provider, in this case it will be managed under their security policy. iCloud is built with industry-standard security technologies, employs strict policies to protect your information and is leading the industry by adopting privacy-preserving technologies like end-to-end encryption for your data. For more on iClouds security policy:

https://support.apple.com/en au/HT202303#:~:text=iCloud%20secures%20your%20information%20by,end%2Dto%2Dend%20encryption.

Access to Information

You can contact me to access, correct or update your personal information at any time. Unless I am subject to a confidentiality obligation or some other restriction on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available to you within 30 days.

Please begin the process by sending an email requesting access to your information to me at jorileywellness@gmail.com and I will endeavour to respond within 7 days.

Complaints

If a breach of this Privacy Policy occurs, such as misuse of personal information by myself or a contractor, or if you wish to request a change to your personal information, you may contact me via an email outlining your concerns and sending to jorileywellness@gmail.com and I will endeavour to respond within 48-hours.

If you are not satisfied with my response to your complaint you may seek a review by contacting an external body:

• The Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints

• ATMS offer dispute resolution policy. https://www.atms.com.au/about-us/complaints

Notification of Change to my Privacy Policy

If I decide to change my Privacy Policy, I will post a copy of the revised policy on my website.

Notification of Breach

If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate remedial action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.