On 12 March 2014, the 13 Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles. The 13 Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, amends the Privacy Act 1988 and include:
- APP 1 — open and transparent management of personal information
- APP 2 — anonymity and pseudonymity
- APP 3 — collection of solicited personal information
- APP 4 — dealing with unsolicited personal information
- APP 5 — notification of the collection of personal information
- APP 6 — use or disclosure of personal information
- APP 7 — direct marketing
- APP 8 — cross-border disclosure of personal information
- APP 9 — adoption, use or disclosure of government related identifiers
- APP 10 — quality of personal information
- APP 11 — security of personal information
- APP 12 — access to personal information
- APP 13 — correction of personal information
Scancare Management and staff are committed to implementing implement practices, procedures and systems that will ensure compliance with the Australian Privacy Principles (APP’s).
‘Personal information’ is any information or an opinion about you where your identity is apparent or can reasonably be ascertained.
‘Health information’ is all identifying “personal information” collected to provide a health service.
In the Australian Privacy Principles (APP’s) ‘Health information’ comes under the definition of ‘sensitive information’.
‘Consent’ means ‘expressed consent or implied consent’. The four key elements of consent are:
- the customer is adequately informed before giving their consent;
- the customer gives consent voluntarily;
- the consent is current and specific ; and
- the customer has the capacity to understand and communicate their consent.
Note: willingly provided information is usually sufficient to imply consent to collection of information; however, Scancare makes a point of seeking written customer consent before downloading health care patients’ personal health information.
‘Expressed consent’ is given explicitly, either orally or in writing.
‘Implied consent’ arises where consent may reasonably be inferred in the circumstances from the contract between the customer and Scancare.
‘Solicited’ and ‘Unsolicited’ Personal Information
All personal information received by an APP entity is either solicited or unsolicited personal information. Section 6(1) defines ‘solicit’ but does not define ‘unsolicited’. Therefore, personal information received by an entity that does not fall within the definition of ‘solicited’ is ‘unsolicited’ personal information.
3. Privacy of Personal Information
APP 1 - Open and Transparent Management of Personal Information
APP 2 - Anonymity and Pseudonymity
Health care patients have the right to be dealt with anonymously or by using a pseudonym, provided that this is lawful and practicable. It may be impracticable for Scancare to deal with customer data where the patient has not identified themselves. However, in the medical context this is not likely to be practical or possible:
- for Medicare and insurance rebate purposes; and
- where a health care patient complains about any aspect of health care/service delivery, which for the purposes of further investigation the Scancare customer would need to know the details of the health care patient involved in the complaint and other details which would enable customer to identify the health care and other service providers involved.
APP 3 - Collection of Solicited Personal Information
Scancare is a provider of software to health care facilities and it is necessary for Scancare to download patient health care information which has been collected by Scancare customers for us to provide software that meets customer requirements. Patient health care records/data downloads is associated with simulating the customer’s operating systems and enables Scancare to customise software to address the customer-specific issues encountered when using Scancare software.
We will only ask customers for such information where we believe it is necessary for us to know that information to deal with software issues customers encounter. Further, we will only download customer’s health care records where some specified requirements are met, including in particular:
- with the customer’s consent; or
- when collection is required, authorised or permitted by law or law enforcement purposes; or
- the information is received, through an appropriate disclosure by another organisation such as another health service provider with customer’s consent.
We will ensure that health care facilities/customers providing patients personal health care information are informed about and understand the purpose of Scancare downloading the information and that personal information will not be disclosed to another party.
We will ensure that customers providing patients personal health care information understand the consequences, if any, of providing incomplete or inaccurate information
1. What happens if you do not Provide Health Information
If health care facilities/customers do not provide Scancare with accurate or complete information when we requested, we may not be able to provide a proper level of software support.
2. The Kinds of Personal Information Collected and Held
The types of health care information downloaded by Scancare generally includes:
a) patients’ names, date of birth, address, email address, telephone number, ethnicity, demographics, next of kin, emergency contact details;
b) Medicare, DVA and/or Health Fund details (as applicable);
c) reason for attendance/symptoms;
d) medical history;
e) private health insurance information
f) examination and test results
h) treatment and care information; and
i) admission and registration information.
3. How we Obtain your Information
Scancare downloads health care facilities patient data for which access is authorised by customers.
APP 4 - Dealing with Unsolicited Personal Information
Unsolicited personal information is personal information received by Scancare where Scancare has taken no active steps to collect the information. APP 4 outlines the steps that Scancare must take, and will take, if it receives unsolicited personal information.
In some instances, Scancare may have difficulty deciding whether personal information it receives falls within the terms of Scancare’s request and is therefore solicited personal information. Where it is unclear whether the information is solicited or unsolicited personal information, Scancare will err on the side of caution and treat the personal information as unsolicited personal information.
1. Other Types of Personal Information Held
Other information collected and held by Scancare includes job applications and personnel files and referrer information. All data collected is considered personal information and will only be used for the purpose for which it was collected, or with prior consent from the customer will be managed in accordance with the Australian Privacy Principles (APP’s).
APP 5 - Notification of the Collection of Personal Information
personal information, or as soon as practicable afterwards. This applies to all personal information ‘collected’ about an individual, either directly from the individual or from a third party.
APP 6 - How Scancare Uses and Discloses your Information
As a provider of health services software, Scancare will use the data for improving software services to customers in accordance with the generally accepted health software industry practice.
Scancare will ensure that customer provided patient data will only be used for the purpose it was downloaded, or that would reasonably be expected by the customer providing the information.
Scancare does not disclose customer provided patient data to any third party. We will only disclose customer provided patient data without consent where such disclosure is required by law, or for law enforcement.
We will keep records of any such use and disclosure.
Information may be disclosed to a responsible person (as described under the Act).
When Information can be Disclosed Without your Consent
We will only disclose customer provided patient data to a third party with customer consent.
APP 7 - Direct Marketing
Scancare will not use customer provided patient data for marketing purposes.
APP 8 - Cross-border Disclosure of Personal Information
Scancare will not disclose customer provided patient data to other parties interstate or outside Australia.
APP 9 - Adoption, Use or Disclosure of Government Related Identifiers
As required by Australian Privacy Principles (APP 9), Scancare will not use Medicare or Veterans Affairs numbers or other identifiers assigned by a Commonwealth or State Government agency to identify personal information.
APP 10 - Quality of Personal Information
Scancare will take all reasonable steps to ensure that personal information kept, used or disclosed by Scancare is accurate, complete, and as up to date as practicable.
APP 11 - Security of Personal Information
All reasonable steps are taken to protect personal information collected from misuse or loss, such as computer password access, access restrictions to work areas, office and building security systems, and adequate computer system virus protections and fire wall, and electronic back-up of electronic data
How Scancare Holds your Personal Information
Scancare takes all necessary and reasonable steps to ensure that not use customer provided patient data is accurate, complete, up to date and secure.
The storage, use and where necessary, transfer of personal health information will be undertaken in a secure manner that protects customer and health care patient privacy.
After use, customer supplied patient data is erased/destroyed/removed from Scancare‘s database.
APP 12 - Access to Personal Information
Scancare does not give not give third party access to customer provided patient data.
APP 13 - Correction of Personal Information
Scancare does not engage in the correction of customer provided patient data.
1. Updating Personal Information
Customer provided patient data is periodically downloaded by Scancare to ensure that the data held and used in software solutions is current customer data.
4. Privacy Complaints and How Scancare would Deal with your Complaint
Customers should feel free to discuss any concerns, questions or complaints about issues related to the privacy of personal information with Scancare.
Scancare is committed to improving software services and welcomes any comments or complaints that our customers may wish to offer in relation to the services we provide. Such feedback helps us to identify the things that we do well or need to improve. We recognise that, handled well, a complaint provides us an opportunity to strengthen our relationships with our customers. It provides us the opportunity to understand their circumstances and to explore ways to improve our software and service to them in the future. We will respond to your concerns quickly and keep you informed of our actions and progress.
Scancare Privacy Officer
PO Box 180, Varsity Lakes QLD 4227 Australia
Telephone: +617 5562 2661
Under the Privacy Act 1988 (Privacy Act) you can make a complaint to the Office of Australian Information Commissioner (OAIC) about the handling of your personal information.
For details please visit http://www.oaic.gov.au/privacy/privacy-complaints.
5. Policy approval
This policy was approved by Scancare’s Director of Operations Manager, Michael Stanton on 23 June 2017.
compliance | safety | productivity
Contact us for more information