1. Introduction 

1.1 Purpose

The purpose of the Scancare Privacy Policy is to outline how Scancare and staff comply with their confidentiality and privacy obligations. Scancare is required, by law, to comply with relevant state Acts relating to the handling and management of health records as well as the Federal Privacy Act 1988 which incorporates the 13 Australian Privacy Principles (APP’s).

1.2  Legislation

On 12 March 2014, the 13 Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles. The 13 Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, amends the Privacy Act 1988 and include:

• APP 1 — open and transparent management of personal information
• APP 2 — anonymity and pseudonymity
• APP 3 — collection of solicited personal information
• APP 4 — dealing with unsolicited personal information
• APP 5 — notification of the collection of personal information
• APP 6 — use or disclosure of personal information
• APP 7 — direct marketing
• APP 8 — cross-border disclosure of personal information
• APP 9 — adoption, use or disclosure of government related identifiers
• APP 10 — quality of personal information
• APP 11 — security of personal information
• APP 12 — access to personal information
• APP 13 — correction of personal information

Scancare Management and staff are committed to implementing implement practices, procedures and systems that will ensure compliance with the Australian Privacy Principles (APP’s).

2. Definitions

Personal Information

‘Personal information’ is any information or an opinion about you where your identity is apparent or can reasonably be ascertained.

Health Information

‘Health information’ is all identifying “personal information” collected to provide a health service.

In the Australian Privacy Principles (APP’s) ‘Health information’ comes under the definition of ‘sensitive information’.

Consent

‘Consent’ means ‘expressed consent or implied consent’. The four key elements of consent are:

• the customer is adequately informed before giving their consent;
• the customer gives consent voluntarily;
• the consent is current and specific ; and
• the customer has the capacity to understand and communicate their consent.

Note: willingly provided information is usually sufficient to imply consent to collection of information; however, Scancare makes a point of seeking written customer consent before downloading health care patients’ personal health information.

Expressed Consent

‘Expressed consent’ is given explicitly, either orally or in writing.

Implied Consent

‘Implied consent’ arises where consent may reasonably be inferred in the circumstances from the contract between the customer and Scancare.

‘Solicited’ and ‘Unsolicited’ Personal Information

All personal information received by an APP entity is either solicited or unsolicited personal information. Section 6(1) defines ‘solicit’ but does not define ‘unsolicited’. Therefore, personal information received by an entity that does not fall within the definition of ‘solicited’ is ‘unsolicited’ personal information.

3. Privacy of Personal Information 

APP 1 - Open and Transparent Management of Personal Information

Scancare makes this Privacy Policy statement available to customers to inform them of our policies on management and protection of patients’ personal health care information, before downloading such data. Upon request, staff at Scancare will let customers know, generally, what sort of patients personal health care information needs to be downloaded, for what purposes, and how we collect and hold that information. Scancare does not disclose this information to third parties and destroys it when no longer required.

This Privacy Policy will be made available to customers upon request.

APP 2 - Anonymity and Pseudonymity

Health care patients have the right to be dealt with anonymously or by using a pseudonym, provided that this is lawful and practicable. It may be impracticable for Scancare to deal with customer data where the patient has not identified themselves. However, in the medical context this is not likely to be practical or possible:

• for Medicare and insurance rebate purposes; and
• where a health care patient complains about any aspect of health care/service delivery, which for the purposes of further investigation the Scancare customer would need to know the details of the health care patient involved in the complaint and other details which would enable customer to identify the health care and other service providers involved.

APP 3 - Collection of Solicited Personal Information

Scancare is a provider of software to health care facilities and it is necessary for Scancare to download patient health care information which has been collected by Scancare customers for us to provide software that meets customer requirements. Patient health care records/data downloads is associated with simulating the customer’s operating systems and enables Scancare to customise software to address the customer-specific issues encountered when using Scancare software.

We will only ask customers for such information where we believe it is necessary for us to know that information to deal with software issues customers encounter. Further, we will only download customer’s health care records where some specified requirements are met, including in particular:

1. with the customer’s consent; or
2. when collection is required, authorised or permitted by law or law enforcement purposes; or
3. the information is received, through an appropriate disclosure by another organisation such as another health service provider with customer’s consent.

We will ensure that health care facilities/customers providing patients personal health care information are informed about and understand the purpose of Scancare downloading the information and that personal information will not be disclosed to another party.

We will ensure that customers providing patients personal health care information understand the consequences, if any, of providing incomplete or inaccurate information

1. What happens if you do not Provide Health Information 

If health care facilities/customers do not provide Scancare with accurate or complete information when we requested, we may not be able to provide a proper level of software support.

2. The Kinds of Personal Information Collected and Held 

The types of health care information downloaded by Scancare generally includes:

a) patients’ names, date of birth, address, email address, telephone number, ethnicity, demographics, next of kin, emergency contact details;

b) Medicare, DVA and/or Health Fund details (as applicable);

c) reason for attendance/symptoms;

d) medical history;

e) private health insurance information

f) examination and test results

g) diagnosis

h) treatment and care information; and

i) admission and registration information.

3. How we Obtain your Information 

Scancare downloads health care facilities patient data for which access is authorised by customers.

APP 4 - Dealing with Unsolicited Personal Information

Unsolicited personal information is personal information received by Scancare where Scancare has taken no active steps to collect the information. APP 4 outlines the steps that Scancare must take, and will take, if it receives unsolicited personal information.

In some instances, Scancare may have difficulty deciding whether personal information it receives falls within the terms of Scancare’s request and is therefore solicited personal information. Where it is unclear whether the information is solicited or unsolicited personal information, Scancare will err on the side of caution and treat the personal information as unsolicited personal information.

1. Other Types of Personal Information Held

Other information collected and held by Scancare includes job applications and personnel files and referrer information. All data collected is considered personal information and will only be used for the purpose for which it was collected, or with prior consent from the customer will be managed in accordance with the Australian Privacy Principles (APP’s).

APP 5 - Notification of the Collection of Personal Information

Scancare will take all reasonable steps to ensure health care facilities/customers have access to this Privacy Policy at or before the time of downloading their patients’ health care data/records/

personal information, or as soon as practicable afterwards. This applies to all personal information ‘collected’ about an individual, either directly from the individual or from a third party.

APP 6 - How Scancare Uses and Discloses your Information

As a provider of health services software, Scancare will use the data for improving software services to customers in accordance with the generally accepted health software industry practice.

Scancare will ensure that customer provided patient data will only be used for the purpose it was downloaded, or that would reasonably be expected by the customer providing the information.

Scancare does not disclose customer provided patient data to any third party. We will only disclose customer provided patient data without consent where such disclosure is required by law, or for law enforcement.

We will keep records of any such use and disclosure.

Information may be disclosed to a responsible person (as described under the Act).

When Information can be Disclosed Without your Consent

We will only disclose customer provided patient data to a third party with customer consent.

APP 7 - Direct Marketing

Scancare will not use customer provided patient data for marketing purposes.

APP 8 - Cross-border Disclosure of Personal Information

Scancare will not disclose customer provided patient data to other parties interstate or outside Australia.

APP 9 - Adoption, Use or Disclosure of Government Related Identifiers

As required by Australian Privacy Principles (APP 9), Scancare will not use Medicare or Veterans Affairs numbers or other identifiers assigned by a Commonwealth or State Government agency to identify personal information.

APP 10 - Quality of Personal Information

Scancare will take all reasonable steps to ensure that personal information kept, used or disclosed by Scancare is accurate, complete, and as up to date as practicable.

APP 11 - Security of Personal Information

All reasonable steps are taken to protect personal information collected from misuse or loss, such as computer password access, access restrictions to work areas, office and building security systems, and adequate computer system virus protections and fire wall, and electronic back-up of electronic data

How Scancare Holds your Personal Information

Scancare takes all necessary and reasonable steps to ensure that not use customer provided patient data is accurate, complete, up to date and secure.

The storage, use and where necessary, transfer of personal health information will be undertaken in a secure manner that protects customer and health care patient privacy.

After use, customer supplied patient data is erased/destroyed/removed from Scancare‘s database.

APP 12 - Access to Personal Information

Scancare does not give not give third party access to customer provided patient data.

APP 13 - Correction of Personal Information

Scancare does not engage in the correction of customer provided patient data.

1. Updating Personal Information

Customer provided patient data is periodically downloaded by Scancare to ensure that the data held and used in software solutions is current customer data.

4. Privacy Complaints and How Scancare would Deal with your Complaint

Customers should feel free to discuss any concerns, questions or complaints about issues related to the privacy of personal information with Scancare.

Scancare is committed to improving software services and welcomes any comments or complaints that our customers may wish to offer in relation to the services we provide. Such feedback helps us to identify the things that we do well or need to improve. We recognise that, handled well, a complaint provides us an opportunity to strengthen our relationships with our customers. It provides us the opportunity to understand their circumstances and to explore ways to improve our software and service to them in the future. We will respond to your concerns quickly and keep you informed of our actions and progress.

Complaints or queries with respect to this Privacy Policy may be lodged electronically via the Scancare website, or you may contact:

Scancare Privacy Officer

PO Box 180, Varsity Lakes QLD 4227 Australia
Telephone: +617 5562 2661
Email: scancare@scancare.com.au

Under the Privacy Act 1988 (Privacy Act) you can make a complaint to the Office of Australian Information Commissioner (OAIC) about the handling of your personal information.

For details please visit http://www.oaic.gov.au/privacy/privacy-complaints.

5. Policy approval

This policy was approved by Scancare’s Director of Operations Manager, Michael Stanton on 23 June 2017.