1.1 Melbourne Primary Care Network trading as North Western Melbourne Primary Health Network (NWMPHN) is committed to protecting the privacy of the Personal Information we collect. This policy outlines:
- The types of Personal Information we collect, use, store and disclose;
- How, why and when we collect, use, store and disclose Personal Information;
- The steps NWMPHN takes to keep the Personal Information it collects secure and the steps NWMPHN takes to destroy or to de-identify Personal Information when required;
- The steps NWMPHN takes to maintain the integrity of the Personal Information it collects;
- How an individual can access, or requestion a correction to, the Personal Information we hold about them; and
- How an individual can lodge a complaint about a suspected breach of privacy laws by NWMPHN.
2.1 This policy applies to Personal Information that NWMPHN collects from its external stakeholders. The policy for the privacy of Personal Information of NWMPHN employees and board members is addressed in the HR Policy Manual.
2.2 NWMPHN requires its employees to comply with this policy in relation to any Personal Information they handle. NWMPHN also uses its best endeavours to ensure that contractors, suppliers and service providers NWMPHN engages from time to time comply with similar obligations with respect to any Personal Information held by NWMPHN to which they may have access, or which may be disclosed to them.
Personal Information refers to information or opinion, in any form, through which an individual can reasonably be identified (regardless of whether the information or opinion is true or not). Examples of Personal Information include an individual’s name, address, telephone number and email address.
For the purposes of this policy, Personal Information also includes:
- Health information – information about the physical, mental or psychological health of an individual; and
- Sensitive information – without limitation, information relating to religion, racial or ethnic origin, gender, sexual preferences and philosophical beliefs, as well as health information.
APPs refers to the Australian Privacy Principles in the Privacy Act 1988.
4.1 The CEO, as delegated by the Board, has responsibility for ensuring the implementation of this policy.
4.2 NWMPHN employees are responsible for adopting procedures and processes to comply with this policy.
5.1 Approach to Personal Information
NWMPHN respects the privacy of the Personal Information it collects and NWMPHN adheres to Australian and Victorian privacy laws, including the Australian Privacy Principles (APPs). Full text of the APPs can be found on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
5.2 Types of Personal Information We Collect
NWMPHN collects Personal Information about individuals in a number of situations, as described in further detail below:
5.2.1 Healthcare Providers
NWMPHN collects Personal Information from healthcare providers (e.g. general practices, mental health care providers, government agencies) and their employees to better understand and improve NWMPHN’s services and to comply with NWMPHN’s obligations owed under various contracts and agreements entered into by NWMPHN.
The type of Personal Information can include:
- Contact Details (telephone numbers, mailing / business address, email address, website address)
- Profession / Role / Health services provided
- Connection with NWMPHN
- Credentials (e.g. professional qualifications, registrations and security checks)
NWMPHN may collect Personal Information about clients being navigated to its commissioned services. NWMPHN collects this information to facilitate commissioning of services and access to these services, in its region, maintain health records and manage service demand, as necessary.
The types of information may include, but is not limited to:
- Contact details (name, address, telephone number, email address)
- Details concerning next of kin and emergency contacts;
- Age, date of birth, gender, marital status
- Driver’s licence number, Medicare number
- Medical history, treatment records, images, photographs, family medical histories
- Referrals to and from other practitioners and their reports
- Ethnic origin
- Bank / credit card details
5.2.3 Our Websites’ Visitors
NWMPHN may collect the following information from visitors to NWMPHN’s websites and online presence, including through the use of ‘cookies’:
- IP address
- internet service provider
- the web page that directed the visitor to our websites
- visitor’s activity on our websites.
The above information is usually anonymous and only collected to ensure that the information we place on NWMPHN’s websites has reached its intended audience. NWMPHN does not use it to identify individuals, however, it may contain details that could identify the website visitor.
If you are concerned about the information NWMPHN collects from a visit to its websites, you may disable cookies in your browser settings. However, this may render parts of NWMPHN’s websites unusable.
NWMPHN websites may contain links to websites controlled by third parties. Other websites may also have links to NWMPHN’s websites. In either case, this policy does not apply to, and NWMPHN is not responsible for, the content, privacy practices or business practices of any website or organisation except itself.
Data for Marketing and Engagement
NWMPHN collects data about your browsing activity on our online platforms. We may also use non-personal information that we collect about you to identify you on third party websites where we have an arrangement in place to serve ads on those third party websites. We may also collect anonymous internet usage data from third parties.
We may collect information on user interactions to display targeted advertisements or content on our online platforms and also on third party websites. We target advertisements and content in order to ensure that you are served advertisements and content that may be relevant or useful to you.
To create user profiles, we may also collate data from other sources across our network including memberships and surveys.
Advertisements or content may be “targeted” to users based on:
- the type of content displayed on a given web page;
- the geographical location of a user (i.e. identified by an IP address);
- specific searches undertaken by a user; or
- the type of user (e.g. general practice vs consumer)
Users can opt out of targeted digital marketing using the opt-out mechanisms offered on the platforms that serve this type of marketing content (e.g. Facebook and Google).
We will not create categories designed to target children (however, this does not prevent us from marketing children’s services to an adult audience).
In undertaking the targeted marketing as described in this policy, we do not use or disclose your Personal Information or the Personal Information of any other individual.
NWMPHN collects member Personal Information directly from its members.
If an individual is a proxy for or a representative from a PHN member, NWMPHN collects the individual’s Personal Information from the individual or the appointing PHN member.
5.2.5 Prospective Employees
NWMPHN may collect personal information from prospective employees regarding their skills, interests, qualifications and experience in order to assess their suitability for potential employment. This includes the contact details of any referees, who may be contacted in relation to an applicant for employment with NWMPHN. It is the responsibility of the job applicant to ensure that the referee consents to be contacted by or on behalf of NWMPHN in connection with the application of the job applicant.
NWMPHN may retain the Personal Information (including details of job applications) made by an unsuccessful job applicant to enable NWMPHN to assess the suitability of the applicant for future jobs.
NWMPHN may also collect Personal Information (including sensitive information and health information) from individuals within NWMPHN’s region:
- to better engage with its community, including through subscription to our newsletters;
- to support referral to commissioned health services; and
- to involve them in community engagement activities (for example, through People Bank).
NWMPHN may also collect Personal Information related to the general public for purposes of population planning, research and analysis.
Information used for population planning, research and analysis will generally be de-identified as soon as it is collected.
5.3 How NWMPHN Collects Personal Information
NWMPHN will only collect information in a lawful and fair manner and in a way that is not unreasonably intrusive.
NWMPHN will collect Personal Information directly, unless it is not reasonable or practicable to do so. However, this may not always be possible.
Additionally, NWMPHN generally only collects Personal Information when it specifically requests that information, except in circumstances where Personal Information is voluntarily disclosed to NWMPHN without NWMPHN asking for such information or otherwise taking active steps to collect the information.
Where NWMPHN collects unsolicited Personal Information, NWMPHN will comply with its statutory obligations to determine whether it could lawfully have collected such information; if it determines it could not have lawfully collected the information, NWMPHN will take reasonable steps to destroy or to de-identify the information as soon as reasonably practicable.
The ways in which NWMPHN may collect Personal Information includes, but is not limited to:
- In person
- Via telephone
- Via online forms or surveys
- In writing
- From third parties to whom an individual has given permission to share his/her Personal Information with NWMPHN
- From NWMPHN’s own records
- From use of NWMPHN’s websites and online presence.
NWMPHN may also collect Personal Information from individuals when NWMPHN is legally required to do so (such as in connection with police checks and Working with Children checks).
When NWMPHN collects Personal Information, NWMPHN will take reasonable steps to ensure that the individual about whom the Personal Information is collected is aware of certain matters relating to the collection of Personal Information.
Where NWMPHN collects Personal Information about an individual from third parties, NWMPHN generally requires the third party to assure us that it has obtained the individual’s consent to share the information or is otherwise authorised to provide that information to NWMPHN.
In accordance with its statutory obligations, NWMPHN will only collect sensitive information with the consent of the individual concerned.
5.4 How NWMPHN Uses Personal Information
NWMPHN will only collect Personal Information needed to undertake its programs, activities and functions.
As a general principle, and in accordance with NWMPHN’s statutory obligations, NWMPHN generally uses Personal Information only for the primary purpose(s) for which the information was collected, or any secondary purpose that is related (in the case of sensitive information, directly related) to the primary purpose for which the individual would reasonably expect NWMPHN to use the collected information, or as otherwise permitted or required by law.
NWMPHN will take reasonable steps to make individuals aware of the purpose(s) for which Personal Information collected from those individuals may be used at or before the time of collection.
NWMPHN will not use Personal Information collected from an individual for an unrelated secondary purpose unless NWMPHN first obtains the individual’s written consent or a statutory exception applies (such as it is impracticable to obtain the consent of the individual and NWMPHN believes that collecting, using or disclosing the information is necessary to lessen a serious threat to the life, health or safety of any individual).
Generally, NWMPHN uses Personal Information for the principal purpose of improving the provision of health services to patients, particularly those at risk of poor health outcomes and improving coordination of care to ensure patients receive the right care at the right time.
5.4.1 Health providers and stakeholders
NWMPHN collects and uses Personal Information regarding employees, volunteers and officers of health providers and stakeholders for the following purposes:
- to pursue collaborative projects and matters of common interest;
- in the course of contracting with them or arranging for the delivery of health services for clients; and
- to distribute information about NWMPHN’s activities by way of direct communications, marketing and publications to improve the health system and the health of NWMPHN’s clients.
Personal Information may be used to personalise interactions with NWMPHN.
NWMPHN collects and uses Personal Information and Health Information for the purpose of:
- providing health services and/or diagnosing conditions; and/or
- managing service demands at clinics or programs.
The following are specific examples of when NWMPHN collects and uses Personal Information:
- to make appointments and send reminder notices;
- to communicate with other health practitioners as part of a multidisciplinary team;
- to maintain client records and other medical registers;
- to notify nominated emergency contacts (including next of kin) of a medical condition;
- to disclose health information to paramedics and health professionals in a medical emergency;
- to use de-identified information to model or to forecast service demand;
- to liaise with a person’s nominated representative or family members where needed; and
- to improve the quality of NWMPHN’s services through quality improvement activities, audits, surveys and program evaluations.
NWMPHN uses Personal Information of members for the purposes including compliance and to administer membership rights and to process membership documents.
NWMPHN may also disclose its membership list to government in order to comply with funding requirements imposed on NWMPHN.
NWMPHN uses its member’s lists to distribute information about its activities and to identify persons interested in a directorship.
5.4.4 Prospective employees and directors
NWMPHN uses Personal Information about prospective employees and directors to consider those individuals for roles with NWMPHN or to become a director of NWMPHN.
5.4.5 Our Websites’ visitors
NWMPHN uses information regarding website visits for the primary purpose of improving its websites and to personalise each individual’s visits to NWMPHN’s websites.
In addition to the purposes outlined above, NWMPHN may use Personal Information about an individual for any one or more of the following purposes:
- to process transactions and to administer accounts;
- to address queries and to resolve complaints;
- to inform community members regarding events and activities of NWMPHN in which they may be able to participate;
- to comply with any obligations under any law or statute that binds NWMPHN, including in relation to mandatory reporting requirements imposed by child safety and other laws;
- to comply with obligations or to enforce rights under a contract into which NWMPHN has entered, including to satisfy obligations owed to Government funding bodies under funding agreements to which NWMPHN is a party;
- to assess and to manage the supply of goods and/or services to NWMPHN by a contractor or a service provider;
- to facilitate use of data repositories and other services controlled by NWMPHN and/or Government departments;
- to facilitate the use of software tools and programs to enable NWMPHN to improve the provision of health services and its activities and functions;
- to complete any other specific purpose for which the information was requested; and
- in order to protect NWMPHN’s legal rights and interests, and to enforce its rights against a third party in the event the third party is engaged or threatens to engage in conduct which is prejudicial or harmful to NWMPHN or to its interests, or its stakeholders and clients.
5.5 How and When NWMPHN Discloses Personal Information
5.5.1 NWMPHN may disclose Personal Information in the following circumstances:
- Where it is required or authorised to do so by law or court or tribunal order (including in order to comply with a mandatory reporting requirement dealing with child safety or similar obligations);
- To contractors, agents or third-party service providers that provide administration or other services in connection with the operation of NWMPHN’s business (e.g. individuals who are authorised to administer the NWMPHN’s computer systems, legal advisers, mailing houses, etc.)
- To health providers and stakeholders in order to pursue collaborative projects and matters of common interest, in the course of contracting with them or arranging for their delivery of health services to clients, and to distribute information about NWMHN’s activities and publications by way of direct communications/marketing to improve the health system and the health of NWMPHN’s clients;
- To NWMPHN’s professional advisers, to facilitate their provision of advice and other services to NWMPHN;
- To NWMPHN’s auditors and insurance companies;
- To marketing providers, to facilitate the provision of marketing of NWMPHN;
- To Government departments and agencies, including for the purpose of NWMPHN complying with its statutory obligations (including in relation to mandatory reporting requirements imposed by child safety and other laws) and obligations owed to Government funding bodies under funding agreements to which NWMPHN is a party; and
- To Government departments and agencies, including for the purpose of facilitating the use by those departments and agencies of information for research and other purposes.
Subject to this policy, NWMPHN will not disclose Personal Information for any purpose other than the purpose for which the information was collected, except to the extent permitted or required by law or unless written authority is obtained from the individual concerned.
NWMPHN may distribute aggregated statistical information for statutory reporting purposes but only in a form that will not identify any person individually.
NWMPHN’s service providers are required to adhere to strict privacy guidelines, including this policy, and not to use or disclose personal information for any unauthorised purpose.
5.5.2 NWMPHN may disclose Personal Information if it is reasonably necessary to do so in order to identify, contact or bring legal action against an individual or an entity whom NWMPHN suspects or is aware is causing harm to, or interference with NWMPHN or its stakeholders or property.
In addition to the targeted marketing which NWMPHN undertakes, NWMPHN may directly market itself and the services NWMPHN provides in order to seek ongoing support and involvement in NWMPHN.
NWMPHN may engage in direct marketing campaigns on the basis that the audience for the direct marketing campaign would reasonably expect NWMPHN to do so, where NWMPHN has collected Personal Information directly from the individuals comprising the audience.
Where NWMPHN has collected Personal Information about an individual from a third party, then NWMPHN will not use that Personal Information to directly market to that individual, unless that individual consents to receiving such communications (the consent may be express or it may be inferred).
In undertaking any direct marketing activities, NWMPHN will comply with other laws relevant to marketing, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth), including the Australian Consumer Law.
All direct marketing communications which NWMPHN sends will include an easy opt-out procedure if at any time the recipient wishes to no longer receive direct marketing communications from NWMPHN.
5.7 Adoption, Use or Disclosure of Government Related Identifiers
NWMPHN will not adopt, use or disclose as its own, identifiers that have been assigned by a Commonwealth or State/Territory agency (i.e. ABNs, Medicare, Department of Veteran Affairs or Tax File Numbers.) The handling of personal and health provider identifiers is regulated by the Healthcare Identifiers Act 2010 (Healthcare Identifiers Act) and Healthcare Identifiers Regulations 2010.
5.8 Anonymity and Pseudonymity
Individuals have the option of not identifying themselves, or using a pseudonym, when dealing with NWMPHN. This does not apply:
- where NWMPHN is required or authorised by or under Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
- where it is impracticable for NWMPHN to deal with individuals who have not identified themselves or who have used a pseudonym.
For example, where an individual requests access to and/or correction of the Personal Information NWMPHN holds about that individual, or wishes to make a complaint to NWMPHN about its handling of Personal Information, NWMPHN reserves the right to verify the identity of the individual before processing the request, in order to protect the privacy of Personal Information collected from unrelated individuals. If NWMPHN is unable to verify the identity of the individual making the request (or lodging a complaint with NWMPHN regarding NWMPHN’s handling of the individual’s Personal Information), then NWMPHN may be unable to satisfy the request or complete the complaints-handling process.
5.9 Cross-border Transfer or Disclosure of Personal Information
In the event NWMPHN engages in cross-border transfer or disclosure of information (such as routing or storing information on cloud servers located in an overseas jurisdiction), NWMPHN will take reasonable steps to ensure that adequate security mechanisms are in place to protect the privacy of Personal Information transferred or disclosed.
For example, NWMPHN will enter into a written contract with the overseas recipient of the Personal Information to ensure that the Personal Information is handled only by the recipient for the purposes of completing the obligations owed to NWMPHN under the contract and that the recipient must take reasonable steps to protect the security and privacy of the information.
5.10 How NWMPHN Stores Personal Information and Keeps it Secure
NWMPHN takes reasonable steps to store Personal Information securely, whether in an electronic or physical form, and takes all reasonable steps to protect Personal Information from misuse, loss, unauthorised access, modification or disclosure.
Personal Information is stored in secure premises or in electronic databases requiring logins and passwords. NWMPHN takes reasonable steps to ensure physical security of its servers as well as the security of its information systems in which Personal Information is held (e.g. information held in the Cloud). NWMPHN ensures that only employees requiring access to Personal Information are allowed access.
NWMPHN ensures that any Sensitive Information is not available to all staff members. To ensure security of information, emails and faxes are received on Telstra fax stream services which has the ability to deliver scanned images to a dedicated email account.
Sensitive Information is also received by CAREinMIND™ services. Incoming referrals are sent via a secure and dedicated e-fax line to our CAREinMINDTM services. To ensure security of these referrals, this fax line is separate from the main business line and is located in the triage room with the Program Coordinators. When staff members are not in the room, it remains locked. Only clinical staff have access to the information coming through on this fax line.
Some Personal Information is kept for a number of years to comply with legal and contractual requirements imposed on NWMPHN. NWMPHN takes reasonable steps to destroy or to de-identify any Personal Information that is no longer needed on a regular basis.
In addition, NWMPHN’s employees and contractors who provide services to NWMPHN or who have access to Personal Information NWMPHN collects and holds are obliged to respect the privacy of such Personal Information. Generally, NWMPHN takes reasonable steps to limit the right of access to Personal Information held by NWMPHN to ensure that employees and contractors only access Personal Information reasonably necessary to facilitate their completion of their duties and obligations owed to NWMPHN.
5.11 Maintaining the Integrity and Currency of Personal Information
NWMPHN is subject to a statutory obligation to take reasonable steps to maintain the integrity and currency of Personal Information held by NWMPHN.
NWMPHN relies on accurate and reliable information to deliver necessary and effective services.
If NWMPHN is satisfied that any of the information it holds about an individual is inaccurate, out-of-date, irrelevant, incomplete or misleading, or a request is made to NWMPHN to correct such information, then NWMPHN will take reasonable steps to ensure the information it holds is accurate, up-to-date, complete, relevant and not misleading.
If NWMPHN discloses Personal Information that is later corrected or updated, then NWMPHN will take reasonable steps (or the individual may request that we take reasonable steps to) notify the entity that received the incorrect information about the correction.
5.12 How an Individual can Access, or Request Corrections to, their Personal Information
Individuals have a statutory right to request access to their Personal Information that is held by NWMPHN and NWMPHN must, subject to the exceptions permitted by law, grant access to the Personal Information it holds about the individual.
There will be no fee associated with an individual lodging a request to NWMPHN to access their personal information. However, NWMPHN reserves the right to charge a reasonable administration free for the provision of access to and/or copies of Personal Information.
NWMPHN will respond to a request for access within a reasonable time after the request is made and NWMPHN will endeavour to give access to the information in the manner requested, unless it is impracticable for NWMPHN to do so.
NWMPHN may refuse access to Personal Information it holds about an individual in circumstances allowed under the APPs, including if it reasonably believes that:
- Providing access would pose a serious threat to the life, health or safety of any person, or to public health or public safety;
- Giving access would have an unreasonable impact on the privacy of others;
- The request for access is frivolous or vexatious; and
- Providing access would be unlawful, or denying access is required or authorised by or under Australian law or court order.
NWMPHN will take all reasonable steps to ensure that Personal Information that is kept, used or disclosed is accurate, complete and up to date as is practicable.
If an individual believes that the information that NWMPHN holds about them is incorrect and wishes for a correction to be made they can contact us by the methods below.
By telephone: 03 9347 1188
By email: firstname.lastname@example.org
By post: PO Box 139 PARKVILLE VICTORIA 3052
You have a right to make a complaint if you believe NWMPHN has breached your privacy.
Please raise your complaint to NWMPHN with sufficient detail to enable us to properly investigate, action and respond to your complaint. NWMPHN will action the complaint and provide a response in accordance with our Feedback and Complaints Process.
If you are not satisfied with our action and response to your complaint, you may refer your complaint to the Office of the Australian Information Commissioner.