1. How we handle your personal information
Our Sage is required to comply with the Australian Privacy Principles (APPs) under the Privacy Act. The APPs regulate how we may collect, use, disclose and store personal information and how individuals may access and correct personal information which we hold about them.
2. Your personal and health information
Personal information under the Privacy Act is defined as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not
Our Sage collects personal information, such as your name, address, phone number, email address, date of birth, gender and emergency contact information. Our Sage also collects financial information such as credit card details.
Our Sage collects ‘health information’ as defined under the Privacy Act, including information about your health or disability (at any time), your medical records (including for example your clinical history, diagnoses, medications, results of tests/procedures and other circumstances), billing information, Medicare number and genetic information and could be held in any form, including paper, electronic and visual information.
3. What happens if we can’t collect your personal information?
If you do not provide us with your personal information, we may not be able to provide or provide to the same standard the services requested by you and/or your diagnosis and treatment may be inaccurate or incomplete.
4. How do we collect your personal information?
Our Sage collects and uses your personal information with your consent and will obtain that information from you directly, unless it is unreasonable or impractical to do so, for the purpose of providing you with the health care services you seek.
Your personal information is collected by Our Sage from you in the following ways:
- by independent health practitioners conducting Telehealth consultations and recorded on patient medical records that belong to Our Sage; and
- through our website and mobile applications as entered by you.
There may be occasions when Our Sage needs to obtain personal information and health information about you indirectly from a third party. For example, Our Sage may collect personal information indirectly in the following ways:
- from diagnostic test results; or
- from the ‘My Health Record’ system.
5. What information does Our Sage collect?
We collect information from you that is necessary for healthcare practitioners to render medical services. This includes the personal information and health information referred to above, and may include collecting information about your health history, family history, your ethnic background or your lifestyle to assist with the diagnosis and treatment of your condition.
6. For what purposes do we collect, hold, use and disclose your personal information?
We collect, hold, use and disclose your personal information for the following purposes:
- to enable the health care practitioners who provide Telehealth consultations through Our Sage to provide medical services and treatment to you;
- to enable the health care practitioners and other allied health professionals within our facilities to input information into your ‘My Health Record’ as required;
- for administrative and billing purposes;
- to comply with any legal or regulatory obligations;
- to send appointment reminders (including by SMS or email);
- for inclusion in a recall register to be advised of follow up visits;
- to provide notifications (including by mail, telephone call, SMS or email) from time to time, of the health care and clinical services that you or a dependent can access at our medical centre;
- to process and respond to any complaint made by you;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of Our Sage, its contractors or service providers; and
- to meet obligations of notification to our medical defence organisations or insurers.
We will only use your personal and health information for the purposes described above, unless one of the following applies:
- The other purpose is directly related to the purpose for which you have given us the information and you would reasonably expect that we would use or disclose the information for that purpose, including but not limited to:
- storage of the data by a contractor engaged to provide storage services to Our Sage, including a cloud storage service provider. Our agreements with such contractors require that they keep your personal information confidential, and that they only use or disclose your personal information for the purposes of providing those goods or services to us.
- You have consented for us to use your information for another purpose;
- Our Sage is required or authorised by law to disclose your information for another purpose (for example, to prevent a threat to the life, health or safety of any individual); or
- We reasonably believe that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
7. Document automation technologies
The privacy of your personal and health information is of the utmost importance to Our Sage. Our Sage utilises a secure medical records software system which meets all the relevant legal requirements and standards. The word processing application of the medical records software system uses algorithms that will only import personal and health information that is necessary for the particular application such as referrals and medical certificates.
The medical records software system has the appropriate level of security authentication protocols and all necessary unique user access credentials are in place to ensure security integrity.
8. How can you access your data?
On request, you may have access to your personal information held by Our Sage. You will need to complete a request for access form which you can request via the “Contact Us” form on the Our Sage website at www.oursage.com.au. Please note that you may have access to your personal information held by Our Sage, except in circumstances where access may be denied under the Privacy Act or other law. Examples of these circumstances are:
- where providing access will pose an unreasonable impact on the privacy of another individual; or
- where your request for access is frivolous or vexatious; or
- where the information relates to existing or anticipated legal proceedings between Our Sage and you, and the information would not be accessible by the process of discovery in those legal proceedings; or
- where providing access would be unlawful, would pose a threat to the life or health of an individual, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law.
Our Sage will endeavour to acknowledge a request for access to personal information and provide the information requested within 30 days.
If access is provided to you as the result of a request, you will be charged a fee for costs incurred in providing access to that information.
If access is denied, Our Sage will provide you with reasons for its decision.
9. Quality and correction of your health information
Our Sage takes reasonable steps to ensure the personal information we collect, store and disclose from you is accurate, up-to-date and complete.
If you believe that personal information of a clinical or medical nature that Our Sage holds about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you may submit a request via the “Contact Us” form on the Our Sage website at www.oursage.com.au.
If your non clinical or medical type personal information such as name, address or contact phone numbers are incorrect or out–of-date or incomplete it is important that you correct that information as soon as possible through the mobile application or by submitting a request via the “Contact Us” form on the Our Sage website at www.oursage.com.au.
If you request that your information be corrected and we do not agree that it is incorrect, we may refuse to update that information. In such a scenario, we will provide written notice of our refusal to do so within 30 days and upon your request, will place a statement of what you allege is correct where your personal information is kept and accessed.
10. Do we disclose your personal information to anyone overseas?
11. Direct marketing materials
From time to time, we may send you direct marketing communications such as by mail, SMS or email, in accordance with the Spam Act 2003 (Cth). If your preference is to opt-out of receiving marketing communications from us, you may unsubscribe in the manner described in the particular communication you have received. Alternatively, you can opt out of receiving our communications by submitting a request via the “Contact Us” form on the Our Sage website at www.oursage.com.au.
Our Sage takes reasonable steps, and implements reasonable safeguards, to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. All patient information is handled securely and in accordance with professional duties of confidentiality. We will destroy or permanently de-identify any of your information once it is no longer required for the purpose for which it was collected provided we are not otherwise required by law to retain that information.
Our Sage is subject to a range of rules relating to the periods for which it must retain certain health information and records. As the owner of medical records and a health service provider, Our Sage must generally retain health information about an individual:
- for 7 years from the last occasion on which we provided a health service to the individual – if we collected the information when the individual was 18 years old; or
- until the individual turns 25 – if we collected the information when the individual was less than 18 years old.
13. Website data
We are committed to protecting the privacy of visitors to our website. Information collected via our website is voluntarily provided by you.
Our Sage is not responsible for the content or privacy policies employed by any website linked to ours.
We endeavour to take all reasonable steps to protect your personal data including use of encryption technology. However, the internet is inherently insecure and therefore we cannot guarantee the security of transmission of information you communicate to us online. Accordingly, any information which you transmit to us online is transmitted at your own risk.
14. What is the process for complaining about a breach of privacy?
If you have any complaints or questions about this policy or with regard to our collection, use or management of your personal information, please contact:
Wycombe Telehealth Pty Ltd
PO Box 536
North Sydney NSW 2059
We will endeavour to respond to your complaint within a reasonable period. If you are unhappy with our response, you may refer your complaint to the Office of the Australian Information Commissioner: www.oaic.gov.au.
15. Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.