Why do we collect and use personal information?
We collect and use personal information in order to provide our services including, without limitation, Residential Medication Management Review (RMMR), Home Medicine Reviews (HMRs) Thrive Services for individual clients and Quality Use of Medicines (QUM) Activities for aged care providers (Services), to analyse your data and results (where applicable) for evaluation, research and marketing purposes, and to assist in improving our services.
Our Services are performed with the objective of optimising medication therapy, maximising the clinical efficacy of treatment, minimising the risk of adverse and sub-optimal treatment outcomes and enhancing the quality of life of the individuals who use or in respect of whom we provide our Services.
Without limiting the general purposes specified above, we may collect and use your personal information in order to:
- provide personalised care through RMMR, HMR, the Thrive Service (including the provision or procurement from our third party service providers of DNA testing and related services) and other Services;
- assist with improving our services to optimise your health outcomes and those of the aged care community generally and to assist researchers improve medication safety for others. Specifically, from time to time, information may be published in reports, presentations and scientific papers. Where applicable, personal information will be ‘coded’ to ensure individuals are not readily identifiable and will be analysed at an aggregate level (group);
- facilitate our administrative processes including, without limitation, making appropriate Medicare claims and collecting payments from you.
- provide you with news, information and material in relation to our Services and general promotional material which we believe may be useful to you;
- to monitor who is accessing our website or using our Services; and
- to profile the type of people using our website or our Services;
or as otherwise permitted by law.
We are required by a number of laws to collect personal information including the National Health Act 1953 (Cth) and the Human Services (Medicare) Act 1973 (Cth).
We may also collect and use personal information about healthcare professionals, such as doctors and nurses in order to process referrals, provide information that can be used to improve patient care and to facilitate our Services.
Finally, We may collect and use personal information about our contractors, service providers and suppliers and from job applicants in order for us to operate our business.
We may also collect and use your personal information if you send us a message via the “contact us” facility on our website in order to respond to you.
If you do not provide us with your personal information, we may not be able to provide you with our Services, engage in business with you or respond to your enquiries.
What types of personal information do we collect?
If we provide Services to you or relating to you, we collect your personal information (directly or indirectly) which may include, but is not limited to, your name, date of birth, contact details, Medicare details, details of the location where aged care services are supplied and relevant health information including genetic information and other health information such as medical history, results of investigations, and information about current prescriptions and medication regimens.
In the case of doctors, we collect personal information which may include, but is not limited to, your name, contact details, and provider number.
In the case of nurses and other healthcare professionals, we may collect personal information which may include, but is not limited to, your name, contact details and details about any courses or education programmes completed with us.
In the case of our clients, contractors, service providers, suppliers or job applicants, we may collect personal information which may include, but is not limited to, your name, contact details and other personal information we require in order to do business with you, such as professional qualifications and banking information.
How do we collect personal information?
If we provide Services to you or relating to you, we may collect your personal information (including, without limitation, health information) directly from you or, where permitted by law, from your aged care provider, your healthcare team and, in appropriate circumstances, from an authorised representative of your family .
To the extent permitted by law, the personal information may be collected from your electronic health record (or other health records), doctors’ referrals, test results (including DNA test results), comprehensive medical assessments (CMAs), faxes, and verbal communications from external service providers operating in the aged care facility or your home.
If you are a healthcare professional, our client, a contractor, service provider, supplier or job applicant, we will ordinarily collect personal information directly from you. However, in some circumstances where permitted by law we may conduct searches of publically available information and/or conduct background checks (we will advise you if this is required).
To whom do we disclose personal information?
If we provide Services to you or relating to you, we may share the personal information that we collect about you with:
- an authorised representative of your family, unless there is a specific request by you not to do so except if we are required to do so by law;
- your healthcare professional(s) so that it can be used in your medical care;
- an authorised representative of the aged care home or home care provider so that it can be used in your routine clinical care by that provider;
- our appointed third party service providers to the extent that they need that information in order to perform their duties (such as relevant testing services); and
- other parties to whom we may be generally or specifically authorised to release information (for example your authorised representative).
Non-clinical information, such as your Medicare details, will be used for administrative purposes such as claiming payment for the services provided to you.
If you are a healthcare practitioner, we may disclose your personal information in relation to our Services if required to do so as part of authentication or audit activities relating to those Services.
If you are one of our clients, contractors, service provider, suppliers or job applicants, we may disclose your personal information where such disclosure is required to give effect to an element of our business relationship with you.
Your information is stored on secure servers that are protected in controlled facilities. Where your information is transferred to a cloud service provider overseas, for the limited purpose of managing and storing this information, we will ensure that the contract with that provider binds them to not use or disclose that information other than as required by law and that we maintain effective control over the information.
We will not otherwise disclose your personal information unless permitted or required by law.
How can you access or seek correction of the personal information we hold about you?
Requests for details of the personal information we hold about you and requests for modifications to this information should be directed by email to our IT data privacy team via the “contact us” facility on our website or the contact details below.
In order for us to respond to your request(s), you will need to provide us with your full name, address and a description of the personal information you wish to access as well as information about the specific issues that require attention.
A fee will not apply to making a request for access to, or a request to update, Your personal information.
In some circumstances, we may refuse to provide you with access to or correct your personal information including, but not limited, where (as applicable): (a) giving access would have an unreasonable impact on the privacy of others; (b) the information relates to existing or anticipated legal proceedings and the information would not be discoverable in those proceedings, or is subject to legal professional privilege or client legal privilege; (c) giving access would be unlawful; (d) denying access is otherwise required or authorised by law; (e) in circumstances where providing access would pose a serious threat to the life or health of any person; or (f) the request for access is frivolous or vexatious.
If we refuse to provide you with access to or correct your personal information, we will provide you with an explanation in writing.
In some circumstances where we correct a record, we may still be required by law to retain the original record.
Can you opt out of direct marketing communications?
Yes. We will only use your personal information for direct marketing purposes with your express consent (and will not use your health information or other sensitive information for such purposes). All direct marketing communications will include a way for you to opt out of further such communications. You can opt out at any time. In cases of doubt or if you are experiencing issues, please contact us via firstname.lastname@example.org.
Complaints in relation to handling of personal information
Please contact our IT data privacy team by email via the “contact us” facility on our website or the contact details below, if you wish to take issue with any aspect of our handling of personal information, or if there is concern that we have breached an obligation under the Australian Privacy Principles.
Our IT data privacy team will consider your complaint and determine whether it requires further investigation or escalation to our legal advisers. We will notify you of the outcome of any investigation and determination in relation your complaint.
If you are not satisfied with our response, you may wish contact the Office of the Australian Information Commissioner via www.oaic.gov.au.
Our contact details
Steve Knight, IT Manager
PO Box 562, Collins Street West, VIC 8007
1800-WARDMM (1800 927 366)