Medical Centres Privacy Policy

Who we are

We are Idameneo (No 123) Pty Ltd (ACN 002 968 185), Sidameneo (No. 456) Pty Ltd (ACN 089 995 817) and our related body corporates, together the medical and dental centre division of Limestone Bidco Pty Limited (Healius Medical & Dental Centres, we, us, our).

We manage medical and dental centres in Australia (Centres) on behalf of the health service providers and medical and dental practitioners who operate from them (medical practitioner). We provide the administrative and non-medical services those medical practitioners need to provide you with medical, dental or other health services (medical services). Normally, those medical practitioners are not our employees and, in providing medical services and doing other things, are independent contractors.

In our Centres, all patient records are our property (and not the property of either the patient or the medical practitioners). This assists, if the need arises, other medical practitioners in the Centre to continue to manage your needs and provide continuity of care.

We understand the importance to our patients of maintaining privacy in relation to the personal information we collect, use, disclose, hold or otherwise handle in connection with managing our Centres. This Privacy Policy sets out how we comply with our obligations under the Privacy Act 1988(Cth) and other relevant State and Territory legislation in handling your personal information.

By attending a Centre, you consent to your personal information being collected, used, disclosed, stored and otherwise handled in accordance with this Policy and other relevant arrangements between us. A current version of our Privacy Policy will be available on our websites and at our Centres. We may change our Privacy Policy from time to time by publishing changes to it on our websites. You should check our websites periodically to ensure you are aware of our current Privacy Policy.

What personal information do we collect and hold?

Personal information is information or an opinion about an identified or reasonably identifiable person, whether or not true and whether recorded in a material form or not. Within this Privacy Policy unless indicated otherwise, references to personal information also include sensitive information such as information or an opinion about your health, or health services provided to you.

We will only collect personal information from you where reasonably necessary for purposes directly related to our functions or activities. We will only collect as much personal information as we and medical practitioners operating from our Centres need to provide you with services (including medical services) and to allow us to obtain payment for those services. The types of personal information we may collect and hold about you include:

Identity Billing and administration Medical
Name Medicare Number Medical history
Address Health insurance membership number Clinical notes
Date of Birth Credit card number Credit card number
Gender/Sex Treatment plan
Email address Prescribed medications
Telephone number Referral details
Healthcare identifiers Disease status
Details of next of kin Clinical Digital Images

We may also collect personal information from you when you use and access our websites (including any information contained in an online enquiry or a request for an appointment, device type and ID, IP address, pages you visited, time and date of visit and geo-location information).

If you do not provide us with all the personal information we request, medical practitioners operating from our Centres may not be able to provide medical services to you.

How do we collect and hold personal information?

We collect personal information about you in several ways, including from:

When you attend one of our Centres to obtain services from the medical practitioners operating from those Centres, we create a unique digital medical record for you. Every time a medical, dental or health service is provided for you at one of our Centres, new information is added to your medical record.

When you visit our websites, a small data file called a “cookie” is stored on your computer or mobile device by our server. We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.

Why do we collect, hold use and disclose your personal information?

1. Health Services

We collect, use, disclose and handle personal information about you for the purpose of delivering, or facilitating the delivery of medical, dental and health services, including to:

2. Ordinary course operation of our business

We use and handle your personal information as is reasonably incidental to our ordinary course operations, including where necessary to manage our administration, store data, conduct systems maintenance and penetration testing, and manage accounts and payment for the services provided to you. Subject to compliance with applicable Australian law, these incidental operations shall include our use and, where necessary, disclosure of your personal information:

3. Teaching and research

We may use de-identified information (derived from your personal information) for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our Centres.

We may use your personal information to provide third parties (such as universities, government organisations and pharmaceutical companies) with aggregated, de-identified health information about our patients. These third parties may use the bulk de-identified information they receive from us for their business purposes.

Should you, at any time, wish to withdraw your consent for your personal information to be part of a de-identified information database, please notify our Privacy Officer using the contact details below providing your full name, date of birth and address. Withdrawing this consent will not affect the relationship between you and your medical practitioner, nor will it hinder your ability to access services at a Centre.

If third parties undertaking research request identified data (ie. personal information) from our medical records, we will only provide such identified data if:

4. Other handling

We may also access, use or disclose your personal information:

Do we transfer personal information overseas?

We will use best endeavours to ensure your personal information is only stored and accessible from within Australia. However, we may disclose your personal information, or enable it to be accessed by:

We will take reasonable steps to ensure that these recipients do not breach the requirements of the Privacy Act 1988 (Cth) and other State and Territory privacy legislation that may be applicable. However, when you provide your personal information to us, you consent to the disclosure of that information outside of Australia in the circumstances described above, and acknowledge that we are not required to ensure overseas recipients handle that personal information in compliance with Australian privacy law.

Security and storage of personal information

We may hold your personal information in either electronic or hard copy form. We take reasonable steps, and implement reasonable safeguards, to protect your personal information that we hold from misuse, interference and loss, as well as unauthorised access, modification and disclosure. We ensure that we and the medical practitioners handle all patient information securely and in accordance with this Privacy Policy and professional duties of confidentiality.

We and medical practitioners operating in our Centres are subject to a range of obligations relating to the periods for which health information and records must be retained. We must generally retain health information about an individual until at least:

Following such retention periods, if we no longer require personal information for a purpose permitted by Australian law, we will take reasonable steps to securely destroy or de-identify such personal information.

Accessing and correcting your personal information

You (or your parent, guardian, attorney, authorised representative or responsible person) may request (i) details of what personal information we hold about you; or (ii) access to, or that corrections be made to, the personal information we hold about you, by contacting the Privacy Officer (details below). If you do so, please specify your identity and the details and format of the information which you are seeking access to, or correction of (including the element of inaccuracy or incompleteness, and information required to correct your information). We will respond to your request within a reasonable time, which will be no longer than 45 days in NSW and Victoria, and 14 days in the ACT.

There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request, and informing you of how you can complain about our refusal.

There is no fee for requesting access to your personal information or for us to make corrections to the same. However, we may charge a reasonable fee for our costs involved in collating and providing you with access to any personal information, in accordance with applicable law. That fee is payable before access is given.

Making a complaint

If you have any concerns or would like to make a complaint about how we handle your personal information, please contact the Privacy Officer (details below). Please include your name, email address and/or telephone number and clearly describe your concerns or complaint.

We will endeavour to respond to your complaint within a reasonable time after it is made. If you are unhappy with our response, we will provide you with information about further steps you can take.

How to contact us

You can contact our Privacy Officer in the following ways

Email Medcentres.privacyofficer@healius.com.au
Telephone (02) 9432 9495
Post Attention: Privacy Officer
Level 2, Bldg A, 207 Pacific Highway
St Leonards, NSW 2065

Privacy Policy Last Updated: 24 November 2020