SYDNEY MEDICAL SERVICE CO-OPERATIVE LIMITED – PRIVACY POLICY SMS is strongly committed to protecting the privacy of individuals who have dealings with SMS. SMS is bound by the provisions of the Privacy Act (Cth) 1988 (the Act) and the Australian Privacy Principles (the APPs) established under the Act. SMS is also governed by a number of state specific privacy laws. This policy sets out, in an open and transparent way, how SMS will collect personal information and how it will manage, use and disclose that information. Definitions Personal information is defined by the Act. Generally personal information means information or an opinion about an individual which can be used to reasonably identify the individual (whether the information or opinion is true or not, or whether the information or opinion is recorded in a material form or not). Personal information also includes: (a) Sensitive information includes information such as an individual’s race or ethnic origin, political opinions, religion, sexual preferences or practices, criminal record or health information about an individual; and (b) Health information includes information or an opinion about an individual’s health or disability at any time, expressed wishes regarding future health services, health services provided or to be provided, information collected while providing a health service or collected in connection with the donation or intended donation of body parts and substances. For the purposes of this policy, references to personal information shall include references to sensitive information and health information (as appropriate). What personal information does SMS collect? SMS may collect and manage the following personal information (without limitation) about an individual:
- name, address, telephone number
- age or date of birth
- Medicare number, Veteran Affairs numbers, Health Care card number, health fund details or pension number
- billing information
- medical information including but not limited to treatment, previous medical history and current medical information (including the identity of treating medical practitioners and medical reports prepared in relation an individual), details of any medication or treatments used by an individual, notes made by any medical practitioner who has attended a patient in connection with SMS’ business or any other medical information which constitute health information for the purposes of the Act
- sensitive information which SMS believes is necessary to ensure the proper medical treatment of an individual or as required for the proper operation of SMS’ business (eg. to discharge any legal obligations)
- any other personal information provided by an individual or on behalf of an individual who has the proper authority to disclose that personal information to SMS (eg. a treating medical practitioner who provides information in relation to the treatment of an individual with the consent of an individual)
If SMS cannot collect personal information about an individual, it may not be possible for SMS to provide any services to the individual (eg. medical treatment) or the service provided may not be complete. How does SMS collect personal information? In most cases, SMS will collect personal information directly from an individual. SMS may collect personal information from an individual:
- providing the information directly to a representative of SMS (eg. to SMS telephone operators or by the completion of forms)
- in the course of a medical attendance by a medical practitioner
- information supplied by email or through the use of the SMS website
In some circumstances, it may be necessary to collect personal information from a third party (such as a relative or health service provider). SMS will only collect personal information from a third party:
- where an individual has consented
- where it is not reasonably or practicable to collect the information from an individual (eg. where an individual is not in a position to provide the information which is necessary to medical treatment)
- where the information is necessary for the proper medical treatment of an individual
Why does SMS collect, hold, use and disclose personal information? SMS collects personal information which is necessary for its functions and activities and in particular, for the medical treatment of an individual. SMS collects, holds, uses and discloses an individual’s personal information for the following reasons and purposes:
- to provide medical treatment to an individual
- for the purpose of reporting to an individual’s normal treating general practitioner or any other health professional or facility as required for ongoing treatment of an individual
- for billing purposes
- to respond to any matters raised by individuals (such as a complaint regarding services received)
- for administrative purposes which are necessary for the proper conduct of SMS’ business such as ensuring that SMS’ records are up to date
- to comply with any laws, rules and regulations
- to report health survey evidence and statistics to associated medical bodies
- to conduct internal reviews of staff policies and management processes
- to ensure propriety with practice emergency response procedures
An individual’s personal information will not be shared, sold or disclosed by SMS other than as described in this policy or as permitted under the Act. How does SMS use personal information? SMS may use or disclose an individual’s personal information where use or disclosure is:
- for the primary purpose for which it was collected (eg. the provision of medical treatment)
- for a purpose which is directly related to the purpose for which the information is collected which would have been within the reasonable expectations of the individual at the time
- with the consent of an individual
- required or authorized by law
- necessary to prevent or lessen a serious and imminent threat to somebody’s life or health
To whom may SMS disclose personal information? SMS may disclose an individual’s personal information to:
- an individual treating general practitioner (whom is a member of SMS) including health information relating to medical treatment provided by a medical practitioner of SMS
- other medical professionals and allied health practitioners who do or may be required in the future to provide medical treatment to an individual (eg. where an individual is to be referred for other treatment or testing) where it is reasonably expected by an individual that the personal information will be disclosed except in the case of an emergency where an individual’s life may be at risk
- any organization or person for a purpose with express consent of the individual except in the case of an emergency where an individual’s life may be at risk
- SMS employees and contractors, professional advisers (such as accountants or lawyers) as is required for the purposes of operating the SMS business. Contractors to whom SMS may provide personal information include, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers and electronic network administrators
- an individual’s employer or prospective employers, their authorize representatives and insurer in the case of a compulsory work-related consultation or service
- private health agencies for the purposes of complying with reporting and assessment standards for locum medical practitioners
- Commonwealth bodies to which patient bulk-billing claims are referred and for record auditing purposes
- associated medical bodies to report health survey evidence and statistics
SMS will only disclose an individual’s personal information overseas if the individual has given consent and if SMS believes that the overseas recipient is likely to protect the privacy of the personal information. How can an individual access and correct personal information? Individuals have a right to access their personal information held by SMS and can submit a request for access by notice in writing (in letter form) to the Chief Executive Officer of SMS as directed in this policy. SMS may provide access in a number of ways and will try to provide it by convenient means of access (eg. by email, fax or post). SMS may charge a reasonable fee for processing a request for access to and provision of personal information which will be notified to the individual. SMS may only refuse a request for access to personal information if it is permitted by the Act to refuse. Refusal, in accordance with the Act, is limited to circumstances where access would pose a serious threat to the life or health of any individual, where it may have an unreasonable impact on the privacy of others, where it is frivolous or vexatious or where refusal is otherwise required or permitted by law. An individual who believes that the personal information held by SMS is incorrect, the individual may send a notice in writing to SMS requesting an amendment to the personal information (including the grounds upon which the individual believes the information is incorrect and should be amended). SMS will consider all requests for amendment and will either make the correction, where appropriate, or add a note to the information with the details of the request for amendment. How does SMS ensure the quality and security of personal information? SMS will take reasonable steps to ensure the personal information (including medical data and plans kept in its records and written by an individual’s regular general practitioner) which it collects, uses or discloses is accurate, complete and up to date. SMS will take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification or disclosure. SMS uses technology and processes such as access control procedures, network firewalls, encryption and physical security to protect personal information. Despite the measures of SMS, SMS cannot provide assurances regarding information transmitted to SMS via unencrypted email or via the website because SMS cannot control the security of the transmission online. The SMS website may contain links to other websites operated by third parties. SMS does not make any representations or warranties about the privacy practices of the operators of those third party websites. SMS will destroy or permanently de-identify personal information which is no longer needed. How can an individual contact SMS about personal information or make a complaint? If an individual has a question or comment regarding this policy, a complaint about a breach of privacy or a request for access, the individual should contact SMS in writing as indicated below: Mr. Adel Badawy, Chief Executive Officer, Sydney Medical Service Co-operative Ltd SMS will treat any request or complaint confidentially. A representative of SMS will make contact with the individual within a reasonable time of receiving a request or complaint and no later than 30 days of receipt. Currency This policy was last updated in May 2014. SMS may change the policy from time to time and any updated version will be posted on the SMS website. !