PRIVACY POLICY
1. Objectives.
The objectives of this privacy policy is to provide a detailed insight into how We manage the personal, confidential and sensitive information of our clients.
Compliance with the Australian Privacy Principles:
(a) This policy complies with the Privacy Act 1988.
(a) Personal information is defined as information that can be used independently or collaboratively with other information to identify, contact or locate an individual.
(b) Personal information that may be collected can include: names, addresses, contact phone numbers/email addresses, date of birth, workplace identification cards and any government issued forms of identification including a signature, the individual’s photograph, health or medical testing, records or assessment information and responses to questionnaires.
(c) We may collect this personal information either directly from the client, or any organisation where the client provided consent to disclose necessary information to We if required, and other relevant parties, in order to deliver the product or service purchased by our customers.
(d) All personal information is stored in a secured manner. All Our staff are provided with individual password protected computer logins that may only be accessed from authorised machines. A back up of all files is perfomed frequently so information is not misplaced.
(e) We will only use collected personal information if it is reasonably necessary for, or directly related to one or more of the services we provide. When information is temporarily provided to companies that provide services for us, such as our affiliates and contractors in offshore locations, we ensure that all the aforementioned protcols are being observed and followed.
(f) We do not supply personal information to other organisations unless:
(i) You give consent,
(ii) the disclosure is required by law or
(iii) it is necessary for Us to supply Our services to You.
(g) If an individual wishes to access their information we will release the information digitally with the individual’s signed consent. Given most data we collect is medical or health based, usually our procedure is to release information to a nominated health practitioner, or General Practitioner of the individual, so the data can be interpreted and explained by an appropriately qualified professional. Note in circumstances where the service is conducted for a third party such as a potential employer, current employer or insurance company who has also paid for the service, consent in the first instance must be gained from this party in order for us to release the information.
(h) All data is stored or hosted electronically on digital servers within Australia with no offshore replication of data.
(i) We may assist to access and amend collected personal information if and when required.
Anonymity and Pseudonymity:
We may allow anonymous communication or interaction on a case by case basis, however only where this is lawful as personal information may often be required in order to complete a process or service. Especially in circumstances where you need to be accurately identified.
Availability of Policy:
This privacy policy is clearly visiable and available to be printed out at our website at: www.vitalsignrx.com
Collection of Personal Information.
Sensitive Information:
We may only collect and use sensitive information if;
(j) There is client consent that the information requested is reasonably necessary for or directly related to one or more of the functions, activities or services of the company to be completed,
(k) If a permitted health situation exists in relation to collected information,
(l) If requested under Australian law or court/tribunal order,
(m) Consent by a guardian may be required in some situations.
Means of Collection:
Personal information may be collected by any of the following means;
(n) Filling out an application form,
(o)
Contacting Us through our website
(p) Completing online forms and registrations,
(q) Telephone conversations,
(r) Video call conversation,
(s) Mobile phone text messages,
(t) Email/Fax communications,
(u) Contacting an individual’s treating health professional,
(v) Personal Contact.
Dealing with Unsolicited Person Information:
(w)
In such cases that We obtain personal information which is not solicited or required for completion of the service requested, We have the right to delete or destroy or
(x) If We determine that We could not have collected the information, We will first contact the person who sent it to You and arrange to return it. If that is not possible or practicable, We will destroy the material after a reasonable time has passed for the sender to respond.
(y) If the information is the type We could have collected, such as a patient’s medical records (individuals may have medical files transferred to Our practice), then We will deal with the information as You would any other, according to other relevant Privacy Principles.
Notification of the Collection of Personal Information:
(z) We do engage human resources or organizations overseas to help run Our organisation for the same purposes that We collect Your information. We take steps to ensure they are familiar with the APP. For a full list of these countries please call Us for an updated list.
(aa) While overseas resources may have access to some of Your data, no information is stored or located offshore.
(bb) We will usually disclose Your information to potential employers who You have given consent for Us to disclose information in relation to employment matters.
Contact us:
(cc) Please forward any further queries, concerns or complaints about privacy directly to Us.
(dd) These can be forwarded on to:
Email: support@vitalsignrx.com
Phone: (02) 9821 3612
Address: 8 Speed St, Liverpool, NSW, 2170.
We will review these matters and respond within 30 days of receipt, via email.
Dealing with Personal Information.
Use or Disclosure of Personal Information:
Any personal information collected or obtained by Us will not be disclosed other than the primary purpose unless;
(ee) Where We hold personal information about a patient or individual that was collected for a particular purpose (the primary purpose), We must not use or disclose the information for another purpose (the secondary purpose) unless:
(i) the patient or individual has consented to the use or disclosure of the information; or
(ii) the patient or individual would reasonably expect You to use or disclose the information for the secondary purpose
Usually We collect data and information to assist with employment related activities with individual’s potential or current employers, however We may also obtain informed consent to collect information for a holistic approach to patient care, general health, and research.
(ff) It is requested under Australian law where we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body If We use or disclose personal information in relation to disclosure to a law enforcement body, we will make a written note of the use or disclosure.
(gg) It is in the public interest
Direct Marketing:
With the consent of the clients, We may use personal information collected to advertise, market and identify specific products and services believed to be of value or benefit to them. Proposals about Our products and services may be periodically offered through emails, phone calls and other forms of social media. Where upfront consent is not practical, an option to be excluded from sales and marketing offers is always available by contacting Us directly.
Interaction with Other Legislation:
This principle does not apply in the event that any of the following applies:
(hh) The “Do Not Call Register Act 2006”
(ii) The “Spam Act 2003”
(jj) Any other act of the Commonwealth, or Norfolk Island enactment, prescribed by the regulations
Adoption, use or disclosure of government related identifiers:
We will not adopt, use or disclose Commonwealth government identifiers, such as a Medicare or Veterans Affairs number, except for the purposes for which it has specifically been assigned. We may use or disclose a patient’s or individuals Medicare number to verify their identity, and in Your interactions with organizations such as Medicare.
Integrity of Personal Information.
Quality of Personal Information:
We ensure that the information collected from clients is of the highest quality and integrity being accurate, up to date and complete. In any case of uncertainty of held information, verification of information can be initialized. Sometimes We may request information via different mediums or duplicate times in order to verify the integrity of the data.
We also may request consent multiple times to ensure integrity of the same.
Security of Personal Information:
We are committed and dedicated to securing and protecting Your personal and sensitive information. Appropriate technical and administrative procedures are implemented to protect personal information from;
(kk) Unauthorized access
(ll) Misuse
(mm) Interference
(nn) Modification
(oo) Disclosure
(pp) Loss
We limits access to personal information to Individuals with a business need consistent with the reason the information was provided. We keep and store personal information only as long as is required under Australian Business Law and relevant health information management guidelines and medical record management laws, which vary under the circumstance from but not limited to:
(qq) 7 years since date of last service;
(rr) Up to the age of 25 years in the case of children since last service;
(ss) Up to 30 years in the cases of Asbestos or other regulatory medical where this timeframe of record management is required.
All paper records are disposed of in dedicated document storage/disposal bins and managed to the relevant standards for document destruction. A certificate of conformance to the standard can be provided upon request from Our preferred document destruction company.
All hard drives or other electronic storage mediums no longer in use are backed up then secured for destruction by our nominated hard drive destruction company. A certificate of compliance can be supplied upon request.
Access to, and Correction of, Personal Information.
Access:
We may grant access to the individual’s personal information subject to the applicable privacy laws. Access to personal information may be provided within a reasonable time period after the request is made (usually 30 days). We will not charge for such a request, however a collection of reasonable costs is possible in providing the access.
Access to personal information may be limited under the following circumstances;
Exception to Access:
(tt) When medical or health assessments are conducted and paid for on behalf of a third party, consent needs to be requested and gained from the requesting entity by the individual in the first instance, in order to release the relevant report to the individual. In the case where request is granted by the requesting third party, release of the report will usually be facilitated via the Treating Doctor or General Practitioner of the individual in order to interpret and explain the data.
(uu) Access would pose a serious threat to the life, health or safety of any individual or to public health
(vv) Giving access would have an unreasonable impact on the privacy of other individuals
(ww) The request for access is frivolous or vexatious
(xx) The information requested relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings
(yy) Access would be unlawful
(zz) Access would prejudice security functions or related enforcement activity
(aaa)
Access would reveal evaluative information for any commercially sensitive
(bbb) Denying access is required or authorized by or under and Australian Law or a court/tribunal order.
Refusal to Give Access:
If We refuses to grant access due to the aforementioned reasons, written notice will be given to the individual requesting the information. This will indicate the ground and laws for the refusal.
Correction of Personal Information:
If the existing personal information obtained by Us is considered inaccurate, out of date, incomplete, irrelevant or misleading, the correction of this information can be requested by the individual. Correction of the personal information will be completed within a reasonable period after the request is made (usually 30 days).
Refusal to Correct Information:
If We refuse to grant such correction to the personal information deemed incorrect, written notice will be given to the requesting individual indicating the reasons, ground and laws, if any, for the refusal.
Any complaints or queries can be delivered through the “Contact Us” section of this policy outlined in the above pages.