A number of terms are used in this policy which have specific meanings as defined in the Privacy Act.
Personal information means “information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”
Some personal information is also classified as ‘sensitive information’. Sensitive information includes any personal information concerning a person’s race or ethnicity, their religious, political or philosophical beliefs or affiliations, sexual preferences, biometric information used for biometric verification or identification, biometric templates and health information including genetic information. Sensitive information is afforded a higher degree of privacy protection and is subject to additional standards under the Privacy Act in relation to its handling.
Health information is a subset of personal information (that is also considered to be sensitive information), and means information or an opinion about:
- the health or a disability (at any time) of an individual;
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided, or to be provided, to an individual;
- other personal information collected to provide, or in providing, a health service;
- other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
- Eligible Data Breach has the meaning set out in the Privacy Act and generally means when there has been or is likely to be unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and a reasonable person would conclude that the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates and no remedial action has been taken.
Information collected by TWH
TWH collects personal information about individuals including patients, their relatives, employees, job applicants, contractors, vendors and suppliers, health professionals, and students.
TWH will only collect and hold personal information that is reasonably necessary for the performance of its services or obligations as an employer or accreditor of health practitioners. As a patient, we may collect information about your health history, family history, lifestyle, cultural or ethnic background and test results to assist in providing health care to you.
If you are employed by TWH or if you have applied for a position at one of our facilities, we will often collect information about your work history, contact details, referees and any other information that you might submit in your job application.
We collect similar background information about contractors, vendors, suppliers and health professionals who provide services to TWH and also about students and volunteers that attend at our facilities. Where required, information from police checks, working with children checks and pre-employment medical screenings may also be collected.
TWH usually collects your personal information directly from you and with your consent. We will only collect your personal information from someone else if we have your consent, or if it is authorised or required by law, or if it is unreasonable or impracticable for us to collect that information from you, for example, where your life is at risk and you are unable to respond and we need your personal information in order to provide emergency treatment.
Use and Disclosure
TWH will only use or disclose your personal information for the primary purposes for which it was collected or for directly related secondary purposes which you would reasonably expect (or about which we have told you) or as permitted or required by law. If there is any doubt about this expectation then we will obtain your consent before using or disclosing your personal information for a secondary purpose. Apart from the uses listed in this policy or otherwise permitted under the Privacy Act, using or disclosing your personal information will only be done with your consent.
Sections 1-5 below identify the purposes for which we collect your personal information and sets out how we may use or disclose your personal information.
1: Provision of TWH services
Personal information, including sensitive information, is collected by us for the primary purpose of ensuring patients and clients receive quality services whilst under our care. Accordingly, this information may need to be shared with other relevant people. Where necessary, your personal information, including your health information, may be collected from or disclosed to other health care providers, such as your general practitioner, home service provider or district health nurse or another hospital that may be involved in your ongoing care and/or services.
In addition, aspects of your personal information we collect may be used or disclosed for other purposes, including:
- Contractors and other health professionals: Some of the services provided within or by our facilities may be outsourced or provided by a contractor (e.g. pathology services). We may provide your personal information to them in order to assist in your care. Further, if you require certain medical devices or a prosthesis for your treatment, we may disclose your personal information to suppliers or manufacturers of those devices. We require all such health professionals and contractors to handle your personal information in accordance with the Privacy Act and this policy.
- Relatives, guardian or legal representative: Unless you have advised us not to disclose your health information, we may provide information about your condition to your next of kin, nominated relative, guardian or appointed legal representative.
- Quality assurance: From time to time, we may need to collect, use or disclose aspects of your personal information to monitor the standard of health services provided, through processes such as accreditation and evaluation, clinical audits, risk and claims management, education, and quality assurance activities, including monitoring clinical outcomes. This may include obtaining information from other health service providers.
- Patient satisfaction: To ensure we are delivering our services to meet our patients’ needs, we monitor patient satisfaction. As a result, we, or someone we authorise, may contact you in the future to request your feedback on our services.
- Health service management: To aid the functioning of the health service, personal information of TWH patients may be used or disclosed to your health fund, Medicare and also to insurers, lawyers and your doctor for claims management. This may include providing your information to other advisers in the ordinary course of managing our business, to support administrative functions incidental to providing the health services.
- Billing: For billing and invoicing purposes, we may share relevant aspects of your personal information with third parties such as your other health care providers, Medicare, your private health insurance fund or external collection or account management agencies.
- Data required by law: We have legal obligations to provide information to various entities, for example if your medical record is subpoenaed or for compulsory reporting to State and Federal authorities. We may also provide your personal and health information to government agencies where we are providing health services under contracts with Government as required under those contracts. More information regarding these obligations is available on request.
- Research: From time to time TWH may conduct research with the aim of improving patient outcomes, public health and safety and teaching and otherwise as set out in the Privacy Act. TWH may use your health information for this purpose, which generally includes information contained in existing patient data, medical records and diagnoses by private specialists you have seen in the past. Only authorised persons will have access to your information. We will not disclose your identity to unauthorised persons.
TWH collects, uses and discloses personal information about its staff in order to perform its obligations as an employer and as required by law. However, the handling of past and current employee records are exempt from the Privacy Act where there is a direct relationship between TWH and the past/current employee. TWH will retain your employee records confidentially and in accordance with the Fair Work Act 2009, which sets out your entitlements in relation to these documents.
3. Students, job applicants
We also collect personal information of job applicants, students and volunteers for the primary purpose of assessing their suitability for employment or undertaking work experience or clinical placement or providing other relevant assistance, as the case may be. Other purposes for which we may use personal information about those individuals include to contact them, for insurance purposes and to satisfy our legal obligations. We may store information provided by unsuccessful job applicants to send job alerts for future recruitment, where they have consented to this.
4. Health professionals, contractors and suppliers
TWH collects personal information about contractors, suppliers and health professionals that provide services to TWH for the primary purpose of engaging their services or expertise and for other purposes where legally required.
5. TWH’s website
When you visit our website, we do not attempt to identify you and we do not store your personal information. We will only collect and store your personal information if you choose to provide this to us via an online form or by email, for example through our general enquiry or contacts page.
We note that our Internet Service Provider makes a record of your visit to our website and logs the following information for statistical purposes:
- Your server address;
- Your top level domain name (for example, .com, .gov, .au, .org);
- The date and time of your visit;
- The pages and documents you accessed;
- The type of browser you are using.
This information is only used to evaluate the effectiveness of our website and, in the event of an investigation, a law enforcement agency or other government agency may exercise its authority to inspect the logs maintained by our Internet Service Provider.
Our website uses temporary cookies for security purposes. The cookies do not identify you as an individual user, but identifies your ISP and browser type. This means we do not store any personal information from visitors to our website.
TWH takes reasonable steps to ensure that the personal information that we collect and hold is accurate, complete and up-to-date. We maintain and update the personal information we hold as necessary or when you have advised us that your personal information has changed.
- Data storage and security
- TWH securely stores your information in a range of mediums including electronic systems, electronic instrumentation, paper files and images.
- We take steps to protect the personal information we hold against interference, misuse, loss and unauthorised access, modification or disclosure. TWH has data protection and security measures including administrative, physical and technical access restrictions, with only authorised people able to access relevant data.
- Usually, we will store your personal information within Australia. We may enter into arrangements with third parties to store data we collect or to access data to provide services and such data may include personal information, outside of Australia. Before doing so, we will take reasonable steps to ensure that the overseas recipient will handle your personal information in a manner that will not breach the APPs.
When your personal information is no longer required, as appropriate it will be destroyed, deleted or de-identified securely in line with our retention and destruction policy and document disposal schedules which comply with government regulatory controls.
Notification of Eligible Data Breaches
TWH is committed to ensuring the security of personal information that it holds. In the event that there is an Eligible Data Breach, we will, as soon as practicable, take reasonable steps to notify those individuals whose personal information is involved or take such other steps as are required by law.
The notification will include:
(a) the identity and contact details of the TWH entity;
(b) a description of the data breach;
(c) the kinds of information concerned; and
(d) recommendations about the steps individuals should take in response to the data breach.
We will also notify the Office of the Australian Information Commissioner of the Eligible Data Breach as and when required by law.
Requests for Access and/or Correction
You have the right to access and/or correct personal information that we hold about you, subject to the limits in the Privacy Act. If you wish to access or correct your personal information, you should make your request in writing to TWH.
Requests for access and correction can be made by post or facsimile.
Fees and charges
While we do not charge an application fee for making a request for access or correction, you may be charged administration, photocopying or counter fees.
Response to your application
We will respond to your request for access or correction within a reasonable period. We will provide access or make the correction requested unless otherwise required or where we are permitted by law to withhold the information or not make the correction. We will notify you of the basis of any denial of access or correction to your personal information.
Where we allow access, the relevant officer will arrange to give you access to your personal information in the manner you have requested, if it is reasonable or appropriate, and practicable to do so.
If we agree that the personal information requires correction, the relevant officer will make the alterations or notation. If we do not believe a correction is necessary, you may insert an addendum (noting your comments) into the record.
How to make a complaint
If you have any concerns about your privacy or wish to make a complaint about a privacy breach, please contact TWH.
Your complaint should be in writing and you should provide us with sufficient details together with any supporting material regarding your complaint and your contact details for follow up purposes.
On receipt of your complaint, we will take steps to investigate the issue and will notify you of the outcome. The relevant officer may contact you by telephone or arrange to meet with you. Alternatively, we may respond in writing depending on the complexity and the nature of the matters in dispute. We will endeavour to respond to your complaint within a reasonable period.
If you are not satisfied with our response, you can contact us to discuss your concerns further or complain to the Office of the Australian Information Commissioner (Cth): see www.oaic.gov.au