- The kind of personal information we collect and hold
- How we collect and hold your personal information
- The purposes for which we collect, hold, use and disclose personal information.
- Overseas and interstate disclosure
- The processes available to access and seek correction of personal information
- Contact us
1.1 Personal information is any information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable
1.2 Health information means personal information that is ANY information or an opinion about the physical or mental health or a disability (at any time) of an individual, including but not limited to health services provided, or to be provided.
2. The kind of information we collect and hold:
2.1 Who we collect information from
Claims Pharmacy may collect information about:
- individuals who are the subject of our service,
- the legal representatives, treating practitioners and other service providers of individuals who are the subject of our service,
- individuals who are assisting someone who is the subject of our service, such as interpreters or carers,
- our clients who make enquiries or referrals to use our service,
- the representatives, service providers or contractors retained by our clients,
- individuals who provide services to Claims Pharmacy, including our specialists and contractors,
- our employees or individuals who apply for employment with us,
- visitors to our website.
2.2 Identification and anonymity
In certain circumstances we may need to verify your identity. If, however, the circumstances of your interaction with us does not require us to verify your identity, and where lawful and feasible, you can elect to remain anonymous or to identify yourself through a pseudonym.
We may record the name and contact details of individuals who approach us for information, and other details as necessary to verify their identity and whether they are authorised to access the requested information.
We will only assign or identify individuals using unique identifiers if it reasonably necessary for us to perform any of our functions effectively.
2.3 The kind of information that we collect and hold
We will only collect what information is allowed by law, and that is reasonably necessary for, or directly related to, our ability to perform one or more of our key functions or activities. We will take all reasonable steps to ensure that the information we collect, hold, use or disclose is accurate, up to date, complete and relevant.
Depending on the individual circumstances, the kind of personal information that we collect and hold, use or disclose may include your name and contact details, including your address, phone numbers, company name and position title, and email address. We may also collect information about your date of birth and gender, information about your private health insurance and Medicare details, and details about your lifestyle activities. We may also collect sensitive information including information about your health and your medical history, including your prescriptions and medications, your genetic information, your racial or ethnic origins and language(s) spoken, your religious beliefs or affiliations, your philosophical beliefs, your sexual activity or orientation, your educational and employment history, your membership of any professional or trade associations, membership of any trade unions, and any criminal records you might have.
We will only collect your sensitive and health information if:
- we believe it is specifically relevant and reasonably necessary for the delivery of our service.
- it is relevant and does not intrude unreasonably or unnecessarily into your personal affairs, and
- you have consented (directly to us or a third party) for that information to be provided to us, and
- the collection of that information is allowed by law or a court/tribunal order, or where a permitted general situation or permitted health situation exists as defined by the Privacy Act.
If we are not provided with the necessary personal information, including sensitive and health information, in an accurate, up-to-date or complete form, we may not be able to provide the services requested.
If you visit our website we may collect information about your visit including the date and time of the visit, internet address, ISP, the pages of our website that you access, and the website that referred you to us. This is used only for the purpose of allowing us to understand how to improve our services.
We may also collect any personal information you submit to us via our website or other electronic means in any forms, registration requests or queries.
3. How we collect and hold your personal information:
3.1 How we collect your information
Where possible, reasonable and practical to do so, we will collect your personal, sensitive and health information directly from you, in person, electronically, in writing, over the phone, through text messages, by facsimile or by email.
We may also collect your personal, sensitive or health information from third parties who are permitted to share your information with us for the purposes of providing our services, including from:
- Your representatives
- The person or organisation who referred you to our service
- Other third parties who have been asked to provide your information to us
- Your treating healthcare providers
- Government and law enforcement agencies
- Public registries and publically available records
- Regulatory and licensing bodies
- Online searches and social media
We will only collect information through lawful and fair means, and only what information is authorised or required by law or a court/tribunal order. Unless otherwise permitted or required by law or court/tribunal order, we will only collect sensitive and health information about you which you have consented (directly or to a third party) to be provided to us.
If we receive unsolicited information, we will make all reasonable attempts to determine whether we are authorised to have received that information. If it is determined that we are not authorised, where it is lawful and reasonable to do so, we will take all reasonable steps as soon as practicable to permanently and securely destroy the information. If it is determined we are not authorised to that information, we will also take all reasonable and practicable steps to notify the parties involved.
Unless otherwise authorised or required by law, upon request, we will take what steps are reasonable in the circumstances, to enable individuals to ascertain whether we hold health information relating to them, the nature of that information and the purposes for which it will be used, and their entitlement to request access to the information.
3.2 How we hold your information and the security of your information
We have stringent privacy control measures to ensure the protection of your information and we take all reasonable steps to ensure personal, sensitive and health information is protected from misuse, interference and loss, or from unauthorised access, modification or disclosure.
We may hold information in both hardcopy and electronic forms and have multiple means by which we safeguard this information including:
- Limiting access of personal and sensitive information to authorised parties. The degree of staff access to information is restricted according to the level of their need for performing their duties. Internal access to private and confidential data is also documented by our system, including details of the person, and the date and time of access.
- Electronic records are securely stored on our protected network and are password protected and encrypted. We employ up to date and password protected security systems to prevent any unauthorised computer or electronic access. We take all reasonable steps to ensure the secure electronic transmission of data, including appropriate encryption and password protection.
- Hard copies of any personal or sensitive information are stored in a secure area with restricted access, either on our premises or in secured external storage.
- All staff are subject to confidentiality agreements in relation to personal information.
- Where information we hold is no longer accurate or no longer needed, and where we are not required under law or court/tribunal order to retain that information, we will take all reasonable steps to permanently de-identify or destroy that information. We will take all reasonable and practical steps to ensure that sensitive and health information is not retained for longer than necessary and are disposed of securely and appropriately.
4. The purposes for which we collect, hold, use and disclose personal information.
4.1 Why we collect your information
We collect, hold and use personal information to enable us to provide our services and manage our business. We will only request appropriate information that we believe to be reasonably necessary for us to perform our key functions and activities. We collect personal information to enable us to process, manage and deliver your medical prescriptions, to process your prescriptions through our pharmacy formulary, and where necessary to allow our specialists to provide a comprehensive and accurate opinion. The sensitive and health information that we collect may be disclosed in medication management reports that we provide to our referring clients.
We use your personal information to allow us to:
- Provide our product or service to you and to the parties that referred you to us
- Carry out our functions as a provider of pharmacy and medicolegal services.
- Contact you, or provide information to you about our services
- Access and obtain medical records and history from treating healthcare providers
- Analyse, manage and improve our services and products
- Manage our relationship with our clients, employees, contractors and providers.
- Manage complaints and queries
- Comply with our legal and regulatory obligations
- Conduct searches to collect additional information for regulatory and prudential purposes.
- Other purposes as required or authorised under law for purposes for which you have provided your explicit or implied consent
4.2 Use and Disclosure of information
In the course of undertaking our key functions and activities, it may be necessary for us to use or disclose your personal, sensitive and health information to other parties including the organisation who referred you to our services, to the pharmacists, medical providers and specialists that we engage to provide services, as well as to other third parties and subcontractors that provide services to us.
We will only use or disclose your personal, sensitive and health information for the primary purpose for which it was collected, or a directly related secondary purpose you would reasonably expect. Where we need to use or disclose your personal information for a secondary purpose, unless otherwise required or permitted by law, we will only do so with your consent.
Prior to the use or disclosure of your information, we will take all reasonable steps to ensure that the information is relevant, accurate, complete, up-to-date, and not misleading. Except for the circumstances outlined above, or unless otherwise required or authorised by law or to comply with a court/tribunal order, we will not use or disclose your personal information to a third party without your prior consent unless it is in a de-identified form that will be unable to be identified at any stage as your personal information.
Unless required by a law or enforcement body, or unless required to fulfil our obligations to an agency or state authority, or when necessary to verify an individual’s identify, we will not use or disclose any government related identifiers of an individual.
We will not include your health information in any health records linkage system unless you have expressly consented to that information being so included. We will only include your health information or disclose your identifier for the purpose of a health records linkage system if you have expressly consented to this.
Any information that we may share in aggregate form to any third party as part of any review process to analyse, manage or improve our services, will be de-identified and in a form that will be unable to be identified at any stage as your personal information.
4.3 Direct marketing
In some circumstances, if you are a client and have expressed an interest, and have provided to us your contact information, we may on occasion send you emails with information about our products or services that may be relevant or of interest to you. If you do not wish to receive these offers or information, you can let us know by calling us on (02) 9279 4477 during business hours, contacting our Privacy Officer at the details outlined below, or by return email, to unsubscribe from our mailing list.
Other than as outlined above, we will not collect, use or disclose your personal information for the purposes of direct marketing.
5. Overseas or cross border disclosure of information
The countries in which these overseas recipients may be located will vary depending on the individual circumstances, but may include New Zealand.
We will not transfer or disclose information outside of Australia or New Zealand without prior authorisation.
6. The processes available to access and seek correction of personal information
Our products and services are provided to our referring clients. If you were referred to our service by another organisation, we recommend that you approach that organisation directly with requests for access to, or revision of, your personal information.
6.1 Access to personal information
You may request access to the personal information we hold about you by contacting our Privacy Officer in writing at the details below.
Please provide as much detail as possible regarding the information requested and the form in which you wish the information to be provided. We may need to verify your identity and we may also charge you a reasonable administration fee for the provision of the information. We will endeavour to respond to your request in a reasonable period, usually within 30 days.
In some circumstances, we may withhold access to your personal information for the following reasons:
- giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
- giving access would have an unreasonable impact on the privacy of other individuals
- the request for access is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings
- giving access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations
- giving access would be unlawful
- denying access is required or authorised by or under an Australian law or a court/tribunal order
- if we suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body
- giving access would reveal evaluative information in connection with a commercially sensitive decision-making process
If access is refused, we will provide you a written notice with the reasons for the refusal and the mechanisms available to complain about the refusal if you are not satisfied with our decision.
6.2 Correction of Personal information
We endeavour take all reasonable steps to ensure that your personal information is accurate, up to date, complete, relevant and not misleading and if you believe any of your personal information is incorrect or out of date, you may seek correction of your information by contacting our Privacy Officer at the details below. We will endeavour to respond to your request in a reasonable period, usually within 30 days.
If we are unable to correct your personal information as requested, we will provide you a written notice with the reasons for the refusal and the mechanisms available to complain about the refusal if you are not satisfied with our decision.
If we are unable to make the correction, and at your request, we will take such steps as are reasonable in the circumstances to associate with the information, a statement that you believe the information is inaccurate, out-of-date, irrelevant or misleading and details of the amendment sought.
7. Contact Us
If you would like to complain about a breach of the Australian Privacy Principles or the Health Privacy Principles, you may contact our Privacy Officer at the details above. We endeavour to respond to your complaint or concerns in a reasonable timeframe, usually within 30 days.
If you are not satisfied with the outcome of your queries with us, you may refer the matter to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, or by calling 1300 363 992. Or you can also refer the matter to the NSW Privacy Commissioner by visiting http://www.ipc.nsw.gov.au.