Oncology Clinics Victoria

At Oncology Clinics Victoria, we are committed to protecting your privacy and handling your personal and health information responsibly, securely, and in accordance with Australian and Victorian privacy laws.

This Privacy Policy explains how we collect, use, disclose, store, and manage your personal and health information when providing oncology and related healthcare services.

This policy applies to all patients, carers, authorised representatives, website users, and others who interact with Oncology Clinics Victoria.

‍ ‍

Oncology Clinics Victoria manages information in accordance with:

‍ ‍

• ·Privacy Act 1988 (Cth)

• Australian Privacy Principles (APPs) – OAIC

• ‍Health Records Act 2001 (Victoria)

• Guide to Health Privacy – Office of the Australian Information Commissioner (OAIC)

• ·My Health Records Act 2012 (Cth) (where applicable)

• ·Medical Treatment Planning and Decisions Act 2016 https://www.legislation.vic.gov.au/in-force/acts/medical-treatment-planning-and-decisions-act-2016/012

‍ Health information is treated as sensitive information and receives additional protections under Australian law.

‍ ‍

We may collect information necessary to provide oncology and related healthcare services, including:

Personal Information

• Name

• Date of birth

• Address and contact details

• Emergency contact information

• Medicare, DVA and health fund details

• Identification information

• Financial information for billing purposes

Health Information

• ·Medical history and diagnosis

• Referral letters

• Pathology and imaging results

• Treatment records

• Medication history

• Family medical history where clinically relevant

• Appointment and billing records

• Clinical notes

• Genetic or genomic information where relevant to cancer care

Health information collected in the course of providing healthcare is regulated as sensitive information under Australian privacy law.

Direct Collection

•  Patient registration forms (paper and electronic)

• Clinical consultations and appointments

• Telephone and written correspondence

•  Patient portal and online services

•  My Health Record uploads and downloads

Collection from Third Parties

We may collect information from third parties when you have consented or when it is required for your care:

• Referring general practitioners and specialists

• Hospitals and other health care facilities

• Pathology and radiology services

• Pharmaceutical dispensers

•        Medicare Australia and the Department of Veterans' Affairs

•Your authorised representatives or next of kin (where appropriate)

• Digital systems used in delivering care (including telehealth where applicable)

Collection may occur through consultations, forms, phone calls, email, website submissions, and electronic medical record systems.

OCV collects and uses your personal and health information for the following primary and secondary purposes:

Primary Purposes

•        To provide you with safe, high-quality cancer care and treatment

•        To communicate with other health professionals involved in your care

•        To manage your appointments, referrals, and follow-up care

•        To process billing, Medicare claims, and insurance claims

•        To comply with mandatory reporting obligations (e.g. cancer notifications to the Victorian Cancer Registry)

Secondary Purposes

We may use or disclose your information for secondary purposes where:

•        You have provided your consent

•        You would reasonably expect us to use or disclose it

•        Required or authorised by law

•        For research — only with your consent or with appropriate ethical approval

•        For quality improvement, accreditation, and clinical audit activities

We generally only use or disclose information for the primary purpose for which it was collected or related purposes you would reasonably expect.

OCV does not sell, rent, or trade your personal information. We may disclose information in the following circumstances:

6.1 Treating Team Disclosures

•        Your general practitioner and referring specialists

•        Other specialists, allied health professionals, and hospitals involved in your care

•        On-call and locum practitioners covering our services

•        Pharmacies (for prescriptions with your consent)

6.2 Legal and Regulatory Disclosures

•        Victorian Cancer Registry — mandatory notification under the Cancer Act 1958 (Vic)

•        AHPRA and Health Complaints Commissioner (Vic) if required

•        Courts, coroners, or tribunals pursuant to lawful orders

•        Public health authorities under the Public Health and Wellbeing Act 2008 (Vic)

Administrative Disclosures

•        Health insurers and Medicare (for billing and claims)

•        Accreditation bodies (e.g. ACHS) for quality assessment

•        IT service providers — under strict data processing agreements

Artificial intelligence (AI) tools are increasingly being used in healthcare to support doctors, nurses, and administrative staff. At Oncology Clinics Victoria (OCV), we believe you have a right to know when AI may be involved in your care — what it does, what it cannot do, and how your personal information is protected.

Artificial intelligence (AI) refers to computer systems that can perform tasks that would normally require human intelligence — such as recognising patterns in images, summarising text, or flagging potential risks. In oncology, AI tools may be used to assist clinicians with:

• Diagnostic support: Analysing pathology slides, radiology images (CT, PET, MRI), or genomic data to help identify cancer type, staging, or treatment response.

• Clinical documentation: Drafting consultation summaries, letters, or discharge notes from audio recordings of appointments (ambient AI scribing).

• Treatment planning: Providing evidence-based suggestions to support clinicians when selecting treatment regimens — including chemotherapy dosing and drug interactions.

• ·Administrative tasks: Scheduling, billing coding, appointment reminders, and patient triage workflows.

• Research and quality: Analysing de-identified population data to improve cancer outcomes and service quality.

At OCV, no AI system makes final clinical decisions about your care. Every AI-generated output is reviewed and interpreted by a qualified clinician before it affects your treatment. Your doctor retains full clinical responsibility. Please read the OCV AI Policy Document.

‍ OCV participates in the My Health Record system, operated by the Australian Digital Health Agency under the My Health Records Act 2012 (Cth). Unless you have restricted access:

‍

• We may upload clinical documents, including consultation summaries, pathology, and medications to your My Health Record

• ‍ ‍

• Authorised treating clinicians may access your record with your implicit consent

• ‍ ‍

• You may restrict access to your My Health Record at any time via www.myhealthrecord.gov.au or by calling 1800 723 471

‍ ‍

‍ ‍

By receiving services from Oncology Clinics Victoria, you consent to the collection, use and disclosure of your information as described in this policy.

Where required, we will obtain specific consent for:

• release of information to thirdgenetic testing and disclosure arrangements; andmarketing communications.

 Consent under privacy law should be informed, voluntary, current and specific.

Data Security and Storage

OCV takes reasonable steps to protect your information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.

Storage

• Electronic health records stored in secure, encrypted clinical information systems

• Servers located within Australia (no offshore storage without consent)

• Paper records held in secure, locked facilities with restricted access

Security Measures

• Role-based access controls — only staff with clinical or administrative need may access records

• Multi-factor authentication for electronic system access

• Regular security audits and staff privacy training

• Incident response procedures for data breaches, consistent with the Notifiable Data Breaches scheme (Part IIIC, Privacy Act 1988)

• All contractors and third-party service providers are bound by data processing agreements

Retention and Disposal

Health records are retained for a minimum of:

• 7 years from the date of last service for adult patients (consistent with HPP 5)

• Until the patient turns 25 years of age for records created when the patient was a minor

Records are disposed of securely in accordance with the Public Records Act 1973 (Vic) and Vic government record disposal authorities.

You have the following rights in relation to your personal and health information:

Right of Access

Under APP 12 and HPP 6, you have the right to access your health information.

To request access:

• Submit a written request to our Privacy Officer (contact details in Section 11)

• Requests will be actioned within 30 days (extensions may apply for complex requests)

• Access will not be withheld unless there is a serious and imminent threat to life or safety, or other lawful basis

• A reasonable administrative fee may apply for retrieval and copying

Right to Correction

Under APP 13 and HPP 7, if you believe your information is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request a correction. If we disagree with the proposed correction, we will note your request in your record.

Right to Anonymity

Where lawful and practicable (APP 2 and HPP 8), you may use a pseudonym or decline to identify yourself; however, this may limit our ability to provide safe clinical care.

Right to Complain

You have the right to complain if you believe your privacy rights have been breached. See Privacy Complaints & Contact below for our complaints process.

OCV may participate in cancer research, clinical trials, and medical education. Your information will only be used for research purposes where: 

• You have provided explicit written consent

• Research has been approved by a Human Research Ethics Committee (HREC) consistent with the National Statement on Ethical Conduct in Human Research (NHMRC, 2023)

• Information is de-identified wherever possible

• Your decision to participate or not will not affect your care

‍ OCV is bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach:

• ‍ ‍We will notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable

• ‍ ‍

• Affected individuals will be notified when it is reasonable to believe they are at risk of serious harm

• ‍ ‍

• A statement will be published on our website and the OAIC's website

‍ Further information: OAIC Notifiable Data Breaches Scheme

‍ ‍

Internal Complaints

If you have a privacy concern or complaint, please contact our Privacy Officer in the first instance:

Privacy Officer : Oncology Clinics Victoria

Post: Cabrini Cancer Institute 183 Wattletree Rd Malvern VIC 3144

Email: admin@ocv.net.au

Phone: +613 95923178

Response time: We will acknowledge your complaint within 5 business days and respond within 30 days.

‍ ‍

External Complaints

‍ ‍

If you are not satisfied with our response, you may lodge a complaint with:

• ‍ Office of the Australian Information Commissioner (OAIC) — for Commonwealth privacy complaints

‍ ‍www.oaic.gov.au

Phone: 1300 363 992

‍ ‍

• Health Complaints Commissioner (Vic) — for Victorian health service complaints

‍ ‍www.hcc.vic.gov.au

Phone: 1300 582 113

‍ ‍

If you use our website or communicate electronically with us, limited technical information (such as IP address, browser type, or website usage data) may be collected to improve services.

Patients should avoid sending sensitive health information through unsecured email where possible.

We may update this Privacy Policy periodically. The latest version will be available on our website and at our clinics.