MedHealth Pty Ltd ABN 32 141 219 785 (MedHealth, we or us) is required by law to comply with certain specific privacy obligations including the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act).
We are sensitive to the concerns that our clients have with the confidentiality and handling of their personal information.
It is equally important to us that you are confident that any of your personal information entrusted to us directly or indirectly is afforded the appropriate degree of privacy protection.
Where the collection or handling of your personal information by MedHealth is subject to the Privacy Act, MedHealth must comply with the requirements of the Privacy Act. The Privacy Act regulates the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences, criminal history and biometric data.
3. WHO TO CONTACT
MedHealth Pty Ltd
Level 10, 451 Bourke Street
4. WHAT PERSONAL INFORMATION WE COLLECT
In the course of our business, MedHealth may collect personal information about you that is necessary for us to perform our functions and activities.
The types of personal information that we may collect and hold about you include your name, contact details, age, sex, work history, lifestyle activities and private health insurance membership number.
Depending on your interaction with us, MedHealth may also collect sensitive information such as your medical history, medical details, accident or injury/illness details, racial or ethnic origin, religious or philosophical beliefs, and sexual activity or orientation.
MedHealth may collect personal information about:
- persons who are using our services;
- persons providing support to individuals accessing MedHealth services including but not limited to carers;
- persons who make referrals to our services;
- healthcare providers who are:
- engaged by MedHealth to assist in the provision of our services and assess medical conditions and/or diagnoses;
- treating practitioners who are using our services;
- other third parties providing a service to MedHealth; and
- our employees.
5. HOW WE COLLECT PERSONAL INFORMATION
MedHealth will collect your personal information directly from you where it is reasonable and practicable to do so. We may collect your personal information from you in a number of ways including in person, over the telephone (including text messages), through a form, by email or through any mobile application.
MedHealth may also collect, or has collected, your personal information from third parties including:
- if you are receiving our services:
- o the person or organisation who referred you to our services (such as your private health insurer) as part of the referral process;
- o your treating healthcare providers in order for us to obtain your full medical history to assess your medical condition and/or diagnosis; and
- o medical consultants engaged by MedHealth to assess your medical condition and/or diagnosis; and
- other organisations engaged or contacted by MedHealth to assist us to carry out our functions and / or provide services. Such organisations may include: recruitment agencies, previous employers, credit agencies, state or federal police, state or federal government agencies or departments, or personal referrers.
6. PURPOSES FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION
6.1 Why we need personal information
In general, MedHealth collects, holds, uses and discloses your personal information for the following purposes:
- to contact you to provide information about, and to deliver, our services to you and the person or organisation that referred you to us (such as your private health insurer);
- to manage our relationship with you;
- to access and obtain medical records and history from treating healthcare providers;
- to engage healthcare providers to assist in the provision of our services and assess medical conditions and/or diagnoses;
- to review, evaluate, develop and improve our services;
- to recruit MedHealth personnel; and
- other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent.
Our range of services and our functions and activities may change from time to time.
If MedHealth collects your email address, telephone number and/or mobile phone number, you also consent to MedHealth using your email address, telephone number and/or mobile phone number to contact you (including by SMS or email) for any of the above purposes.
6.2 Disclosure of your personal information
MedHealth may disclose your personal information:
- to the organisation who referred you to our services (such as your private health insurer);
- to medical practitioners and / or allied health professionals engaged by us to provide services;
- to your treating healthcare providers;
- to our related bodies corporate, to persons or organisations to assist MedHealth in carrying out our functions and activities such as IT support providers, mailhouses, recruitment agencies
- and professional advisors; to parties involved in a prospective or actual transfer of our assets or business; and
- as otherwise required or authorised by law.
MedHealth is unlikely to transfer your personal information overseas. In the event that MedHealth transfers your personal information outside Australia, MedHealth will comply with the requirements of the Privacy Act that relate to transborder data flows.
6.3 What happens if you do not provide personal information
If you do not provide us with accurate or complete personal information when requested, MedHealth may not be able to provide you with the relevant service or information you require.
7. HOW WE MAINTAIN AND MANAGE YOUR PERSONAL INFORMATION
7.1 How we protect your personal information
The protection of your personal information is a priority and we take reasonable precautions to ensure your personal information is protected from misuse, unauthorised access, modification or disclosure.
To safeguard your personal information we have in place a range of policies and procedures to ensure protection of your information. These include:
- signed confidentiality agreements with all employees, contractors, consultants and third party organisations;
- both external and internal security systems at all premises restricting access to stored personal information; and
- regularly updated security systems to prevent unauthorised computer or electronic access to information.
7.2 Where your personal information is stored
We may store your personal information in both, or either, hard copy or electronic format.
Hard copy information is kept under lock and key with restricted access either on our premises or in secured external storage. Information stored in electronic format is password protected and security systems are constantly upgraded.
7.3 Updating your personal information
Your personal information needs to be up-to-date for us to ensure an efficient performance of our service to you. For this reason it is important that the information we collect is accurate, complete and up-to-date.
We will endeavour to ask you during the course of our relationship with you to tell us of any changes to your personal information.
If at any time you believe that any of your personal information that we store is not accurate or is out of date, please let us know by contacting our Privacy Officer directly.
8. DIRECT MARKETING
We do not collect, use or disclose personal information for direct marketing purposes (either to market our products and services or any other party’s products and services).
9. HOW YOU MAY ACCESS YOUR PERSONAL INFORMATION
You may, in most cases, access the personal information we hold about you by making a request in writing addressed to our Privacy Officer detailing the information requested, the purpose of the request and any other information that will assist us in providing you the information, including sufficient information to allow us to positively identify you.
We will use our best endeavours to respond to your request within 30 days. Some requests, however, may take longer than 30 days to process depending on the nature of the information requested and where that information may have been secured.
We may also charge you a reasonable administration fee for provision of the information.
10. WITHHOLDING ACCESS TO YOUR PERSONAL INFORMATION
10.1 When we can withhold your personal information
Whilst we acknowledge that we are required, where we hold personal information about an individual, to provide that individual with access to the information on request, there are, however, several important exceptions that may preclude us from doing so.
We may withhold access to your personal information in a number of circumstances which are permitted by the Privacy Act. These circumstances include where:
- access would pose a serious threat to the life, health or safety of any individual;
- access would have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to commercially sensitive decision making process;
- access would be unlawful or denying access is required or authorised by law;
- access would be likely to prejudice enforcement activities conducted by an enforcement body;
- we suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and access would be likely to prejudice the taking of appropriate action in relation to the matter;
- access would prejudice negotiations with the individual; or
- the information is subject to existing or anticipated legal proceedings with the individual and would not be accessible by the process of discovery in those proceedings.
10.2 Written reasons
If we do withhold access to your personal information, we will provide you with written reasons.
11. WHAT TO DO IF YOU HAVE A COMPLAINT
If you have any concerns or complaints about the manner in which your personal information has been collected or handled by MedHealth, please contact the Privacy Officer.
Your concern or complaint will be considered and responded to within 14 days.
It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response, you may contact the Office of the Australian Information Commissioner who may investigate your complaint further. Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.