HealthConnex Privacy Statement
This privacy statement has been issued by DCA eHealth Solutions Pty Ltd (trading as HealthConnex Holdings),DCA Direct Health Pty Ltd (trading as HealthConnex), Argus Connecting Care Pty Ltd, Communicare eHealth Solutions Pty Ltd and KCS Solutions Pty Ltd (collectively, the HealthConnex Group). It sets out how we handle personal information in accordance with the requirements of the Privacy Act and other laws which protect the privacy of individuals.
This Statement is effective as of July 1 2014. From time to time, we may need to change this Statement. If we do so, we will post the updated version on our website (http://healthconnex.com.au/general/privacy
) and it will apply to the personal information then held by us.
1. Patients and clients of our “customers”
If you are a patient or client of a health service provider, community care provider or other organisation receiving products or services from us (our “customer”), this section applies to you.
We may have access to your personal information, including health information, in the course of providing products or services to our customers, including health records management, secure communications, health practice management and technology products and services. We access and handle such information in order to provide those products and services (e.g. by providing technical support) and as required by law. We do not use that information to send unsolicited direct marketing to patients and clients of our customers.
From time to time, we engage third party contractors to provide support services in relation to particular products and services. Whenever a third party contractor requires access to personal information in order to provide a particular service, we contractually oblige them to protect the confidentiality of such information.
Some of the contractors described above may be located in other countries such as the United States, Canada and the United Kingdom.
We take the privacy and confidentiality of patient/client information very seriously, and have implemented a range of measures to protect that information including, depending on the circumstances:
- allowing customers to host their data on their own systems for certain products
- employing facilities that allow encrypted secure messaging of sensitive data
- for some of our products, obtaining certification to securely access the Personally Controlled eHealth Record System (PCEHR)
- strict monitoring and access controls regulating which staff can access particular information, and
- ·network and premises security.
Please contact your health service provider, community care provider or other organisation if you have any questions about the information they hold about you, or that we hold securely on their behalf.
2. Our “customers” and other health professionals
This section of this Privacy Statement applies to our customers, prospective customers and other health professionals.
The kinds of information we collect and hold
Depending on the particular circumstances, we may collect and hold a range of different information about our customers, prospective customers and other health professionals, including name, date of birth, contact details (including address, email address, phone number, fax number or mobile telephone number), occupation and driver's licence number. We may also collect usernames or passwords, remote desk top connection details, financial information, such as credit card or bank account numbers, and information about how they use our products and services.
How we collect and hold personal information
We may collect personal information of our customers, prospective customers and other health professionals in a number of ways, including:
- directly from you (such as where you provide information to us when you visit our websites, complete an application form or enter an agreement for one of our services, or contact us with a query or request)
- from our related entities or your representatives
- when legally authorised or required to do so
- from the third parties we list in the section of this Statement with the heading “When we disclose your personal information”
- publicly available sources of information,
- professional registers
- our records of how you use our products or services.
If you choose not to provide certain information about you, we may not be able to provide you with the services you require, or the level of service on which we pride ourselves.
We may store personal information in hard copy or electronic format, in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers. We take reasonable steps to maintain the security of personal information and to protect it from unauthorised use and disclosure.
How we use personal information
We may use the personal information of our customers, prospective customers and other health professionals for a range of different purposes, including:
- to provide and support our products and services, including health records management, secure communications, health practice management and technology services
- to provide information about those products and services and provide better customer service
- to facilitate healthcare providers locating your secure messaging address for sending clinical information
- to administer and manage the products and services we provide, to charge and bill for them, and to collect any amounts owing
- where appropriate, to verify your identity, or to conduct appropriate checks for credit-worthiness and for fraud
- to assist you with enquiries
- to gain an understanding of your needs, to perform research and analysis, and to improve or develop our products and services
- to monitor network use, quality and performance, and to operate, maintain, develop, test and upgrade our systems and infrastructure
- as authorised or required by law.
If you are a customer or prospective customer, we may also use your personal information so that we (and other Telstra group entities and Telstra dealers) can promote and market our products, services and special offers that we think will be of interest to you on an ongoing basis, unless you opt out or we are subject to legal restrictions. Depending on the particular circumstances, we may disclose information about you, including your name, contact details (including practice address, email address, dedicated Argus email address, phone number, fax number or mobile telephone number), occupation and provider number. This marketing may be carried out in a variety of ways (including by direct marketing by mail, telephone or electronic message or by customising on-line content and display advertising on our websites) and may continue for a period after you cease acquiring any products or services from us. In order to opt-out of this type of marketing, please follow the steps in the marketing communication or call 1800 913 914 We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes.
When we disclose personal information
We may exchange personal information of our customers, prospective customers and other health professionals with third parties who provide services to us, including organisations and contractors that assist us with the purposes for which we use that personal information. These services include:
Some of the third party contractors described above may be located in other countries such as the United States, Canada and the United Kingdom. These service providers are contractually obliged to protect the confidentiality of such information.
- customer enquiries
- installation, maintenance and repair services
- information technology and network services
- mailing operations
- billing and debt-recovery functions
- market research, marketing and telemarketing services.
We may also exchange personal information of our customers, prospective customers and other health professionals where appropriate:
- with our related entities
- with law enforcement and national security agencies, and other government and regulatory authorities
- with third parties who assist us to manage or develop our business and corporate strategies and functions, including our corporate risk or funding functions
- for the purposes of facilitating or implementing a transfer/sale of all or part of our assets or business.
3. Your rights/further information
How to access or correct your personal information or make a privacy complaint
If you wish to access any of your personal information that we hold or would like to correct any errors in that information, please contact us using the contact details set out in the “How to contact us” section of this Statement, so that we can consider and respond to your request. If you are a patient or client of a health provider or community care provider and require access to personal information that we store on behalf of your provider, you should approach your provider directly in the first instance. We may apply an administrative charge for providing access to your personal information in response to a request.
You may also use these contact details to notify us of any privacy complaint you have against us, including if you think that we have failed to comply with the Australian Privacy Principles or any binding APP code that has been registered under the Privacy Act 1988 (Cth). While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, you may also be able to lodge a complaint with a relevant regulator such as the Australian Information Commissioner (www.oaic.gov.au or 1300 363 992).
How to contact us
If you have any questions in relation to this Statement or our management of your personal information, please let us know by contacting us on 1800 913 914 between 9am and 5pm Monday to Friday or writing to us at "privacy at healthconnex.com.au".