'Personal Information' is defined in the Privacy Act to mean any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. Personal Information includes information collected in connection with the provision of health services.
Collection of Personal Information
In order to provide you with our services, we will ask you to provide us with Personal Information, including sensitive information, by entering it onto our website through our registration process and throughout the course of using our services. You have the right to deal with us anonymously or under a pseudonym or withhold Personal Information, however we may not be able to provide you with our services or our ability to provide you with our services may be limited. We may also be provided with Personal Information by a patient, hospital, health care provider or another body which is involved in the provision of services for example, Medicare, private health insurers, Department of Veterans’ Affairs or TAC (as necessary).
The Personal Information that we collect from patients will include sensitive information, and may include the following:
Your name and contact details, as well as that of your next of kin and guardian (if relevant).
Details of your medical history and current symptoms.
Details of any medication you are currently taking or have taken.
Any previous reactions to mediation.
A list of your allergies.
Details of your current level of physical activity.
Your weight and height.
Various systematic questions about your current health (for example, hearing problems, breathing problems etc.).
Whether you consent to a range of surgical matters (for example, when and where the surgery or procedure will take place, what the surgery or procedure is for and consent for the surgery and surgery-related processes such as blood transfusions and use of anaesthetic).
Other information that we determine to be relevant to the services that we, your hospital or health care provider is providing to you.
Your account number with various bodies including Medicare, private health funds, Department of Veterans Affairs, Work Cover, TAC, Centre Link and other such bodies who are involved in your payment and health care.
We will collect Personal Information of health care providers in order to provide our services to them, including the following:
Name and contact details.
Doctor provider number.
Payment and bank account details.
Use of Personal Information
Provide you with the services that we offer.
Book your surgery or medical procedure.
Allow your health care provider to assess your medical information and plan the health care that will be required for your medical procedure.
Provide your Personal Information, consent and payment to your hospital or health care provider.
Facilitate payments, and where relevant, rebates to your hospital or health care provider, including coordinating with health fund insurers, government bodies, hospitals and doctors.
Allowing for general follow-up regarding your health care.
Provide information to your referring doctor regarding your booking, procedure and follow up care.
Assist with or avert a medical emergency.
To facilitate the delivery of health care advice by your health care provider.
Business purposes, such as accreditation.
Once your Personal Information is no longer required for any authorised use or disclosure, your Personal Information will be destroyed or permanently de-identified subject to relevant retention requirements under any applicable health legislation. De-identification means deleting any identifying information contained in the medical record, including name, address, postcode, age and medical condition.
Disclosure of Personal Information
Your Personal Information will be made available to third parties in order to provide our services to you, including:
Hospitals (which includes the hospital administrator and staff) and your other health care providers.
Health care bodies, including Medicare, private health funds, Department of Veterans Affairs, Work Cover, TAC, Centre Link and other such bodies who are involved in your payment and health care.
You consent to the release of your Personal Information to such third parties for the purpose of provision of health care services. Once your Personal Information has been disclosed to any of the above third parties, the use, storage, and disclosure by them of your Personal Information will be governed by such third parties’ respective privacy policies and terms of engagement.
Our employees and service providers who operate our data centre will also be granted access to our system which may result in them having access to your Personal Information. They are bound by an agreement to maintain the confidentiality of all information to which they are granted access.
Your Personal Information may also be used or disclosed to experts or lawyers, insurers or medical defence organisations to report adverse incidents or for the defence of legal proceedings.
We may disclose Personal Information if we believe in good faith that the law requires its disclosure, including for mandatory reporting purposes or pursuant to subpoena or court order.
Whilst our website operates in a secure environment and is professionally hosted, when using our website you should be aware that no data transmission over the internet can be guaranteed as totally secure. Although we strive to protect your Personal Information, we do not warrant the security of any information transmitted over the internet. Any information transmitted to us over the internet is done so at your own risk.
Automatic data collection
Our web server gathers your IP address to assist with the diagnosis of problems or support issues with our website and services.
Cookies and Applets
Cookies allow us to increase your security by storing your session ID, and are a way of monitoring single user access. This aggregate, non-personal information is collated and provided to us to assist in analysing the usage of the website.
Storage of Personal Information
We will take reasonable steps to protect all Personal Information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We hold Personal Information in electronic form stored in a secure data centre. Our website is SSL encrypted and will include an authentication process to help maintain the security of your Personal Information. We have additional backup servers to maintain your personal information. We appreciate the importance of your Personal Information and will endeavour to keep it safe.
Security of Personal Information
In additional to our technology we also have manual processes to assist in protecting the security of your Personal Information. We regularly review and audit our security processes to ensure ongoing security of all Personal Information that we hold.
In the circumstance that we identify a data breach or unauthorised access to your Personal Information, we will provide a statement to the Office of the Australian Information Commissioner and also notify the affected persons.
Access, correction and complaints
At any time, you may request access to Personal Information we hold about you subject to provision of sufficient identification by you and payment of our reasonable administrative costs. We may refuse to provide access if the law allows us to do so, in which case we will provide reasons for our decision as required by law.
In the case that any of your Personal Information is incorrect, we ask that you update your information by writing to the Privacy Officer (details given below). You may write to our Privacy Officer to request that your Personal Information is not used for the purposes of direct marketing or provided to third parties for direct marketing.
APFI’s Privacy Officer
APFI Privacy Officer, PO Box 571, North Melbourne, VIC, 3051.
Phone: 1300 273 400
For more information about privacy issues in Australia and protecting your privacy, visit the Australian Federal Privacy Commissioner's website; http://www.privacy.gov.au/.