Vityl Men’s Health is a division My Direct Doctor Pty Ltd (MDD) is required to comply with the Privacy Act 1988 (Cth) (Privacy Act). In doing so, MDD handles the personal information that it collects and holds in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. We also hold and handle your health information in compliance with applicable State and Territory based health records laws.
We are committed to the highest level of protection for your personal and health information in accordance with these privacy laws.
What is personal information?
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether that information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is a type of personal information that is afforded a higher level of protection by privacy laws. It includes health, genetic and biometric information as well as information about race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs, sexual orientation or practices and criminal record.
References in this policy to personal information include sensitive information.
What personal information do we collect and hold?
The information we collect will depend on who the person is and why they are using our services. By way of an example, some of the personal information we may collect can include a persons:
- name, address (postal and email) and telephone numbers
- date of birth
- marital status
- occupation and employment details
- country of birth
- indigenous status
- next of kin and other relatives
- payment information such as credit card details
- health fund and health insurance cover details
- workers compensation or other insurance claim details
- Medicare details
- concession card details
- medical history and other health information we are provided with or we collect in the course of providing our services
- other details an individual provides us
- practice details if the individual is a general practitioner; and
- other information we need to provide our services including personal photos, videos, transcripts and notes of your medical conditions.
In certain circumstances, we are required by Australian law to collect some of this information, such as Medicare details.
How do we collect personal information?
We will collect personal information directly from the person concerned where it is reasonably practicable to do so. This is normally collected with the person completes a form or provides us with information over electronic means.
However, depending on the circumstances, we may also collect personal information from third parties such as:
- a responsible person or representative (e.g. guardian)
- an individual’s health service provider including specialists
- a health professional who has treated the individual
- an individual’s health insurer or other insurer
- an individual’s family
- job referees
- other sources where necessary to provide our services (e.g. pathology labs) or to assess job applicants (e.g .police checks).
When we collect sensitive information about someone, either directly or from a third party, we do soe with the persons consent (which may be implied or express, depending on the circumstances).
For what purposes do we use and disclose personal information?
We use the personal information we collect and hold to:
- assess and understand the health and other needs of people to provide them with the appropriate services and advice
- ensure continuity of care and provide ongoing treatment options
- make contact and to respond to enquiries, to follow up, in an emergency, and for
- authorisation in relation to any services
- enable the provision of education and training to our staff, contractors and the health profession
- effectively administer, manage, monitor and improve our services
- assist with our funding, planning, evaluation and complaint-handling
- communicate by various means about our services, events, offers and options
- facilitate charging, billing, processing health insurance claims and collecting debts
- assess job applications
- verify an individual’s identity
- ensure the health and safety of our staff and individuals who use our services or work with us
- comply with quality assurance or clinical audit activities
- undertake accreditation activities
- provide health insurance funding
- respond to feedback
- address liability indemnity arrangements and reporting
- prepare the defence for anticipated or existing legal proceedings
- undertake research and the compilation or analysis of statistics relevant to public health and safety
- conduct patient experience surveys with the aim of evaluating and improving services; and
- comply with our and our contractors legal and regulatory obligations.
We may also use personal information in circumstances where we are required or authorised by Australian law to do so or where we otherwise have consent of the individual or their representative.
How to opt out of direct marketing?
We do from time to time use your personal information for direct marketing of our or our contractors and partners services. All direct marketing communications will include the option for you to opt out of receiving direct marketing communication. You can opt out at any time.
To whom do we disclose personal information?
We may disclose an individual’s personal information to the following third parties for the above purposes to:
- other health service providers involved in or associated with your treatment or diagnostic services
- private health insurers (some of which are located overseas) and other insurers
- students of the health profession undertaking clinical placements
- a responsible person (e.g. parent, guardian, spouse) when the individual is incapable or cannot communicate, unless the individual has requested otherwise
- close family members, in accordance with the recognised customs of medical practice
- our insurers and legal representatives
- service providers engaged to provide services to our hospitals and other facilities including manufacturers and suppliers of medical devices, providers of pathology and radiology services, some of whom may be located overseas or interstate;
- researchers (some of whom might be overseas);
- auditors and quality control staff and contractors; and
- companies within our corporate group.
What trans-border disclosures do we make?
We operate and communicate with organisations throughout Australia and overseas.
We may therefore disclose personal information outside the State or Territory in which you resides and also in some circumstances to related entities and other contractors who are located overseas. Countries where overseas recipients are located include Czech Republic, the United Arab Emirates, Philippines, India and New Zealand.
How do we manage privacy preferences and capacity?
Whether a child has the capacity to make their own privacy decisions is assessed by us on a case-by-case basis having regard to matters such as their age and circumstances.
For children who lack capacity to make privacy decisions for themselves, we will refer or deal with requests for access, consents and notices in relation to personal information by reference to the parent and/ or guardian or other responsible persons authorised by applicable laws and will treat consent given by them as consent given on behalf of a child or the individual who lacks capacity.
How do we store and secure personal information?
We store personal and health information in both paper and electronic form. The security of personal and health information is very important to us and we take reasonable steps to protect it from misuse, interference and loss and from unauthorised access, modification or disclosure.
Some of the ways we do this include:
- requiring our staff and contractors to maintain confidentiality
- implementing document storage security
- imposing security measures for access to our computer systems
- providing a discreet and secure environment for confidential discussions; and
- allowing access to personal and health information only where the individual seeking access to their own information has satisfied our identification requirements
Personal and health information is retained for the period of time determined by applicable Australian laws after which it is de-identified or disposed of in a secure manner.
How do we keep personal information accurate and up-to-date?
We take all reasonable steps to ensure that the personal information we collect is
accurate, complete and up-to-date, and also when we use or disclose it, that it is relevant.
We will also take reasonable steps to correct the personal information we hold if we are satisfied that it is inaccurate, incomplete and out of date, irrelevant or misleading, or if an individual asks us to correct their personal information for these reasons. A request to correct personal information can be made at any time by contacting us on the details below. However, the accuracy of that information depends largely on the quality of the information provided to us. We therefore suggest that individuals:
- let us know if there are any errors in their personal information; and
- keep us up-to-date with changes to their personal information (e.g. their name and address).
There may be circumstances in which we may have to refuse a request for correction. If this happens, we will notify the individual in writing of our reasons for the refusal and explain how they can complain if they are not satisfied.
How can personal information we hold be accessed?
Individuals have a right to access the personal information that we hold about them by contacting their customer care consultant or the Privacy Officer at our office.
If individuals request access to their personal information, we will need to verify their identity and may ask them to complete a request for access form. We will then grant the request within a reasonable period. However, we may refuse a request for access to some or all of the personal information in certain circumstances allowed by the Privacy Act or other applicable laws.
If we refuse a request for access, we will give written notice of our decision, including our reasons and how to complain if the individual is not satisfied with the decision.
We may charge a fee for collating and providing access to personal and health information.
We will disclose the personal information we give access to, to the individual’s authorised representative or legal adviser where we have been given written authority to do so.
How can complaints be made to us?
Individuals who have any questions about privacy, this policy or the way we manage personal information or who believe that we have breached their privacy rights should request contact with a supervisor with their question or complaint.
If the supervisor is not able to respond to the individual’s question or complaint to their satisfaction, the individual may contact our Privacy Officer on the details below.
Complaints should be in writing and addressed to:
The Privacy Officer
My Direct Doctor
4 High Street
Strathfield NSW Email: AUCompliance@mydirectdoctor.com.au
We will endeavour to acknowledge receipt of a written complaint within 7 days and provide a written response to the complaint within a reasonable timeframe. It may be necessary to request further information from the complainant before the matter can be resolved. Any such request will be made in writing.
If the individual is not satisfied that MDD has resolved their complaint, they have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). If they wish to make a complaint or to find out any more information about their privacy rights the OAIC can be contacted as follows: Website: www.oaic.gov.au Telephone number: 1300 363 992
In writing: Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001
Individuals may also make a complaint regarding the handling of their health information to the statutory health complaints authority in their State or Territory.
How can we be contacted?
Individuals should first contact their customer care consultant.
Contact details can be obtained from our office by phoning 02 9037 3700