Human Care Solutions Pty Ltd
ACN 626 255 632
Human Care Solutions Pty Ltd (ACN 626 255 632) (“HCS”, “we”, “us” or “our”) is committed to ensuring the privacy and confidentiality of your Personal Information.
OUR LEGAL OBLIGATIONS
HCS is obliged to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Act) and other applicable State and Territory based privacy laws that govern how private sector health service providers like HCS handle your Personal Information.
The APPs (which are contained in the Act) regulate the collection, use, management and disclosure of Personal Information and how you may access and correct Personal Information, which HCS holds about you.
“Arro Application” means a health based mobile application connecting patients directly with healthcare providers, which amongst other things allow patients to receive specific, engaging and timely guidance during the time the patient is in the healthcare provider’s care.
“Health Information” is a subset of Personal Information and means:
- information or an opinion about:
- the health, including an illness, disability or injury, (at any time) of an individual;
- an individual's expressed wishes about the future provision of health services to him or her; or
- a health service provided or to be provided to an individual, that is also Personal Information;
- other Personal Information collected to provide, or in providing, a health service to an individual; and
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
“Personal Information” means information or an opinion about an identified individual or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
“Primary Purpose” means the operation of the Arro Application for the benefit of patients and health service providers. Any use or disclosure of the Personal Information for another purpose is known as the “Secondary Purpose”. Examples of Secondary Purposes are set out in Section 4.e.i.
“Sensitive Information” is a subset of Personal Information and includes:
- Health Information about an individual;
- genetic information about an individual that is not other Health Information;
- biometric information used for biometric verification or identification;
- biometric templates; and
- information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations; or
- sexual orientation or practices.
Personal Information which is ‘Sensitive Information’ attracts a higher privacy standard under the Act and applicable State and Territory legislation and is subject to additional mechanisms for your protection.
COLLECTION AND USE OF PERSONAL INFORMATION
Who do we collect information from?
- patients’ relatives or next-of-kin;
- responsible persons (including caregivers and nominated support persons);
- health service providers (including referring doctors, Accredited Health Professionals, contracted health professionals, medical trainees and medical representatives attending our facilities);
- government instrumentalities (including Department of Veterans’ Affairs, WorkCover, Police and Courts);
- employees, contractors, suppliers, and service providers engaged by HCS; and
- other individuals engaged by or providing services to HCS.
In order to provide you with the health care services that you have requested (including assessment for or information in relation to the provision of health care services), your health service provider will need to collect and use your Personal Information and provide the Personal Information to HCS by utilising the Arro Application. The completeness and accuracy of the information you provide to your health service provider is a matter between you and your health service provider, but if you provide incomplete or inaccurate information to us, we may not be able to engage with you as required to meet the relevant Primary Purpose.
Health service providers and other individuals
In order to enable HCS to engage with you (in your capacity as a representative of a health service provider using the Arro Application) for the relevant Primary Purpose, HCS may need to collect and use your Personal Information. If you provide incomplete or inaccurate information to us or withhold Personal Information from us, we may not be able to engage with you as required to meet that Primary Purpose.
What information do we collect and hold?
HCS collects Personal Information from you that is reasonably necessary for health service providers to provide you with health care services and for HCS’s administrative and internal business purposes.
The Personal Information collected may include the following:
- name, address and contact information;
- marital status;
- country of birth;
- Health Information, including medical history, family history and other health information we are provided with or we collect in the course of providing the health care services;
- health fund and health insurance details;
- payment information such as credit card details;
- Medicare details;
- concession card details
- health treatment plans;
- messages sent and received through the Arro Application;
- information on your use of the Arro Application; and
- other information we need, and your health service provider needs, to provide health care services.
Health service providers and other individuals
We collect Personal Information from you that is reasonably necessary to engage with you for the Primary Purpose.
How do we collect Personal Information?
Your health service provider will usually collect your Personal Information (including Health Information) directly from you, and input that Personal Information into the Arro Application. Sometimes, you may input Personal Information directly into the Arro Application yourself. HCS will also collect Personal Information about your use of the Arro Application. Your health service provider may need to collect information about you from a third party (such as a relative or another health service provider). This is a matter between you and your health service provider.
Health service providers and other individuals
HCS will usually collect your Personal Information directly from you. Sometimes we may need to collect information about you from a third party; however, we will only do this where it is not reasonable or practical for us to collect this information directly from you.
How do we hold your Personal Information?
HCS may hold the Personal Information we collect from you in various forms, including:
- storage through the Arro Application; and
- data management software or systems in accordance with usual business practices.
How do we use your Personal Information?
HCS only uses your Personal Information for the Primary Purpose for which you have given the information to your health service provider, unless one of the following applies:
- the Secondary Purpose is related (or for Sensitive Information, directly related) to the Primary Purpose for which you have given us the information and you would reasonably expect, or we have told you, that your information is usually disclosed for another purpose or to other individuals, organisations or agencies (see related Secondary Purposes set out below);
- you have consented for us to use your information for another purpose;
- we are required or authorised by Australian law or a court/tribunal order to disclose your information for another purpose (see related Secondary Purposes set out below);
- a “permitted general situation” or “permitted health situation” exists, as those term are defined in the Act;
- the disclosure of your information by HCS will prevent or lessen a serious and/or imminent threat to somebody's life, health or safety or to public health or public safety; or
- the disclosure of your information by HCS is reasonably necessary for one or more enforcement related activities conducted by an enforcement body (for example, the Police).
HCS may use or disclose your Personal Information as specified above via electronic processes, where available or relevant.
The following is a list of examples of related Secondary Purposes for which HCS may use your Personal Information. This list is not an exhaustive list.
- Use among health service providers to provide your treatment
Modern health care practices mean that your treatment will be provided by a team of health service providers working together. Your health service providers may consult with health service providers and medical experts located remotely in relation to your diagnosis or treatment, including by sending Health Information and clinical images electronically. Your health service providers may also refer you to other health service providers for further treatment during and following your admission (for example, to a physiotherapist or outpatient or community health services). We may disclose your Personal Information, following the instruction of your health service provider, to the relevant remotely located provider to the extent required for any such referral (including disclosing that information electronically).
- Assessment for provision of health care services
HCS may collect your Personal Information for the purpose of assessing your suitability for the use of the Arro Application. Where Personal Information is collected and you do not utilise the Arro Application, your Personal Information may be stored for a limited period of time before destruction.
- Other health service providers
If in the future you are being treated by a medical practitioner or health care facility that needs to have access to the health record of your treatment from the Arro Application (including but not limited to any medical practitioner that is referred by your health service provider), we will generally require your consent to that medical practitioner or health care facility with access to your Personal Information through the Arro Application. Your health service provider may obtain that consent for us and inform us that you have consented.
However, we may provide information about your health records to another medical practitioner or health facility without your consent in the event of an emergency where your life or health is at risk and you are not able to provide consent or as approved or authorised by law.
- Responsible persons (including caregivers and nominated support persons);
Responsible persons (including a spouse or partner, parent, child, other relatives, close personal friends, guardians, or a person exercising your power of attorney under an enduring power of attorney or who you have appointed your enduring guardian) may be able to access information about your condition from the Arro Application, unless you tell us that you do not wish us to disclose your Personal Information to any such person.
Other non-patient-specific examples:
- Contractors under agreement
We may also use your Personal Information where necessary for:
- activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
- the purpose of complying with any applicable laws – for example, in response to a subpoena or compulsory reporting to State or Federal authorities (for example, for specified law enforcement or public health and safety circumstances);
- the purpose of sending you standard reminders, for example for appointments and follow-up care, by the Arro Application, text message or email to the number or address which you have provided to us; and
- we may anonymise or aggregate the Personal Information that we collect for the purpose of carrying out customer, service, health outcome and other business analytics.
You hereby consent to HCS disclosing your Sensitive Information (including Health Information), to your health service provider, or third parties engaged by, or acting on behalf of, your health service provider (which includes, but is not limited to, your health service providers’ insurers, lawyers and accountants) for the purpose of your health service provider participating in legal proceedings between you and your health service provider (including, without limitation, defending medical negligence claims).
HCS may use or disclose your Personal Information (other than Sensitive Information) for direct marketing if:
- we collected the information from you;
- you would reasonably expect HCS to use or disclose the information for direct marketing;
- we provided you with a simple way to opt out of receiving direct marketing; and
- you have not made such an opt out request to HCS.
We may also use or disclose your Personal Information (other than Sensitive Information) for direct marketing if:
- we collected the information from you and you would not reasonably expect HCS to use or disclose the information for direct marketing, or we collected the information from someone other than you;
- either you have consented to the use or disclosure of the information for direct marketing, or it is impracticable to obtain that consent;
- we provided you with a simple way to opt out of receiving direct marketing; and
- in each direct marketing communication with you:
- we include a prominent statement that you can request to opt out;
- we otherwise draw your attention to the fact that you can request to opt out; or
- you have not made such a request to HCS.
We will only use or disclose your Sensitive Information for the purpose of direct marketing if you have consented to the use or disclosure of that information for direct marketing.
If the Personal Information that we used to send you direct marketing material was collected from a third party, you can ask HCS to identify that third party unless it is unreasonable or impracticable.
Opting out of direct marketing]
You can request not to receive direct marketing communications from HCS. If we use or disclose your Personal Information for the purpose of facilitating direct marketing by other organisations, you may request that we do not use or disclose your information for this purpose.
We will give effect to your request not to receive direct marketing from HCS or an entity facilitated by HCS free of charge within a reasonable time.
ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
HCS takes reasonable steps to ensure that records of your Personal Information are accurate, complete and up-to-date by updating its records whenever changes to information come to our attention.
You have the right to request access to and correction of any of our records containing your Personal Information. To request access to or correction of your Personal Information please contact HCS’s Privacy Officer (please refer to the Contact Information below). We will respond to your request within a reasonable period of time. Where reasonable and practicable, HCS will give you access to the information requested.
HCS will allow access or make the requested changes unless there is a reason under the Act or other relevant law to refuse such access or refuse to make the requested changes. We may refuse your request if it:
- poses a serious threat to life, health or safety;
- would have an unreasonable impact on the privacy of others;
- is frivolous or vexatious;
- relates to existing or anticipated legal proceedings between HCS and yourself;
- would reveal HCS’s intentions in relation to negotiations or prejudice any negotiations with yourself;
- would be unlawful;
- is required or authorised by law or court/tribunal order;
- would be likely to prejudice the taking of appropriate action in relation to suspected unlawful activity or serious misconduct in relation to our functions;
- would be likely to prejudice one or more enforcement related activities; or
- relates to commercially sensitive decision making processes.
If we refuse to provide you with access to the information requested, or to correct your Personal Information, we will tell you in writing why your request was refused and how you can complain about the refusal.
If we do correct your Personal Information and we have previously disclosed your Personal Information to a third party, upon your request, we will notify that third party of the correction where practicable.
HCS may require you to provide some form of identification to verify that you are the person to whom the requested information relates.
We reserve the right to recover reasonable costs associated with supplying your Personal Information to you.
DISCLOSURE OF PERSONAL INFORMATION
We will not sell, license, trade or rent your Personal Information, without your prior consent, except as otherwise set out herein.
We may disclose your Personal Information for purposes which are within reasonable expectations or where permitted by law. For example, we may share Personal Information with third parties engaged to assist us in providing the Arro Application to health care service providers to you or to carry out one or more of the purposes of collection and use described above.
Examples of organisations that we may disclose your Personal Information to include:
- health service providers;
- our financing and warranty providers;
- our external advisers (auditors and lawyers);
- government organisations; and
- government bodies such as the Australian Taxation Office, Australian Securities and Investments Commission, Australian Prudential Regulatory Authority, the Police or courts.
HCS reserves the right to disclose Personal Information to a third party if a law, regulation, search warrant, subpoena or court order legally requires or authorises us to do so.
We also reserve the right to disclose and/or transfer Personal Information to a third party in the event of a proposed acquisition, initial public offering or other form of capital raising, disposal or financing of all or any portion of the business assets, or a division thereof, in order for you to continue to receive the same products and services from the third party. You would receive notification of any such change.
KNOWLEDGE AND CONSENT
HCS collects your Personal Information from you in varying ways, as a normal part of making the Arro Application available to you. While providing such information is voluntary, without the information our ability to provide the service you have requested may be limited. Typically, we will not specifically seek your consent to use or disclose your Personal Information, where such use or disclosure is within the terms of this policy. However any use or disclosure of information in any other way will only occur once we have gained your specific consent to do so.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you wish to withdraw your consent at any time, this must be done in writing by emailing us at firstname.lastname@example.org. However, in the first instance you may wish to contact our Privacy Officer by phone, mail or email to discuss your needs or concerns (please refer to the Contact Information below).
Should you choose to withdraw consent for HCS to access, use or disclose your Personal Information, you may be limiting or even preventing our ability to provide you with the Arro Application.
ANONYMITY AND PSEUDONYMITY
You have the option of dealing with HCS anonymously or by using a pseudonym. We note that this may limit the services that we can provide to you if it is impracticable for us to deal with you in such an unidentified manner. HCS may refuse to deal with you anonymously or by using a pseudonym if it is impracticable to do so, or where required or authorised by an Australian law or a court/tribunal order to do so.
HCS takes all reasonable steps to ensure that all unsolicited information is destroyed or de-identified.
HOW WE PROTECT YOUR PERSONAL INFORMATION
We take all commercially reasonable steps to ensure that Personal Information collected from you is protected against misuse, interference, loss, unauthorised access, modification or disclosure. This protection applies in relation to information stored in both electronic and hard copy form.
Access to your Personal Information is restricted to those employees or representatives of HCS who have a legitimate need to use such information in delivering the products and services you have requested from us. These employees or representatives are contractually obliged to maintain confidentiality. In addition, HCS employs generally accepted information security techniques, such as document storage security, security measures for access to our computer systems, firewalls, encryption and access control procedures, to protect your Personal Information.
Your health service provider will also have access to your Personal Information, and may store that information outside of the Arro Application. The steps your health service provider takes to ensure that Personal Information collected from you and stored in a manner not utilising the Arro Application is protected against misuse, interference, loss, unauthorised access, modification or disclosure is a matter for your health service provider.
We cannot guarantee that Personal Information will be protected against unauthorised access or misuse and we do not accept any liability for the improper actions of unauthorised third parties.
We will destroy or permanently de-identify any of your Personal Information which is in our possession or control and which is no longer needed for the purpose for which it was collected, provided HCS is not required under an Australian law or court/tribunal or otherwise to retain the information.
ADDITIONAL INFORMATION ABOUT OUR WEBSITE
In general, you can visit our websites without telling us who you are or providing us with Personal Information. However, we collect internet protocol (IP) addresses of all visitors as well as information such as page requests, referral sources, browser type, operating system and time spent on our sites. We collect this information to monitor and improve our sites.
When you visit our website, we place a text file called a “cookie” in the browser directory of your computer’s hard drive. A cookie is a small piece of information that a website can store on your web browser and later retrieve. The cookie cannot be read by any website other than the one that set up the cookies. Some browsers can be set to reject all cookies. If you choose to modify your browser in this manner, your experience on this website may be affected.
Links to Third Party Sites
HCS is not responsible for how such third parties collect, use or disclose your Personal Information, so it is important to familiarise yourself with their privacy policies before providing them with your Personal Information.
RETENTION OF YOUR PERSONAL INFORMATION
HCS retains your Personal Information for as long as necessary to fulfil the purpose(s) for which it was collected and to comply with applicable laws.
If you have a question, complaint, or wish to access, correct or delete your Personal Information from our records please contact HCS as follows:
HCS Privacy Officer
Phone: 0405 060 302
Mail: GPO Box 2268, Brisbane QLD 4001
HCS will handle all such requests in accordance with the Act.
AUSTRALIAN PRIVACY COMMISSIONER
If you are not satisfied with the way in which we handle your enquiry or complaint, you can contact the Office of the Australian Information Commissioner by any of the following methods:
Phone: 1300 363 922 (calling from inside Australia)
Phone: + 61 2 9284 9749 (calling from outside Australia)
TTY: 133 677 then ask for 1300 363 922
Fax: +61 2 9284 9666
Mail: GPO Box 5218, Sydney NSW 2001