CONSULTMED PRIVACY POLICY

Effective from: 12th May 2021

Consultmed is a user-friendly and integrated referral management platform that connects primary health care providers (e.g. GPs, physiotherapists) directly to secondary health care providers (e.g. specialists and hospital networks). It is a web-based platform that is accessible at www.consultmed.com.au or www.consultmed.co (“Platform”).

This Privacy Policy sets outs out how ConsultX Pty Ltd trading as Consultmed (“Consultmed”, “we”, “us” or “our”) collects, uses, stores, shares and discloses personal and health information via the Platform.

Please read this policy carefully. By accessing and using our Platform, products and services, you agree to and consent to the collection, use, storage and disclosure of personal and health information by us as set out below.

          1.      Who this applies to

In this Privacy Policy, “you” means:

                 (a)       Primary health care providers using the Platform to refer patients, which includes without limitation any                                          medical, nursing or allied healthcare providers or professionals registered by the Australian Health                                                    Practitioner Regulation Agency (“Referrers”)

                 (b)       Specialists, hospitals and other secondary health care providers that receive referrals for patients from                                            primary health care providers via the Platform (“Receivers”); and/or

                 (c)       Patients who are referred via the Platform (“Patients”).

          2.    Openness and transparency

We are committed to protecting the privacy of all personal and health information that may be collected by us.

We respect and uphold our obligations under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Privacy Act”) as well as all other legislation or regulation that applies to the collection, use, storage or disclosure of health information.

We apply best practice processes to comply with our legal obligations and undertake to deal with inquiries and complaints from individuals about compliance in accordance with those obligations.

          3.      Personal information

We collect personal information from Referrers and Receivers who use the Platform.

Personal information” is information or an opinion about an individual whose identity is apparent, or can be reasonably ascertained, from that information or opinion (whether true or not, and whether recorded in a material form or not).

The type of personal information we collect includes, without limitation, the following:

                 (a)       full name;

                 (b)       work email address;

                 (c)       telephone number;

                 (d)       work address;

                 (e)       details of any specialist practice, qualifications and industry body memberships relevant to the Referrer or                                      Receiver;

                 (f)        Medicare provider number;

                 (g)       AHPRA registration number;

                 (h)       details of the products and services we have provided to you or that you have enquired about, including any                                additional information necessary to deliver those products and services and respond to your enquiries;

                 (i)         any additional information relating to you that you provide to us directly through our website or indirectly                                      through your use of our website or online presence or through other websites or accounts from which you                                      permit us to collect information;

                 (j)         information you provide to us through customer surveys;

                 (k)        billing information; and/or

                 (l)         any other personal information that may be required in order to facilitate your dealings with us.

          4.      Health Information

We collect the health information of Patients who are referred via the Platform.

Health information” means:

                 (a)         information or an opinion about:

                                  a.         the health, including an illness, disability or injury, (at any time) of an individual;

                                  b.         an individual’s expressed wishes about the future provision of health services to him or her;

                                  c.         a health service provided, or to be provided, to an individual;

                                  d.         that is also personal information;

                 (b)         other personal information collected to provide, or in providing a health service to an individual. This                                                includes personal details such as a patient’s name, address, admission and discharge dates, billing                                                information and Medicare number; and/or

                 (c)         genetic information about an individual in a form that is, or could be, predictive of the health of that                                                  individual or a genetic relative of the individual.

The types of health information we collect in relation to Patients are:

                 (a)         full name;

                 (b)         date of birth;

                 (c)         Medicare number;

                 (d)         health fund details;

                 (e)         medical history and details of any current illness, injury or condition of the Patient;

                 (f)          health services to be provided;

                 (g)         primary and secondary diagnoses;

                 (h)         primary reason for referral to secondary care providers ‘Receivers’;

                 (i)          social and background history;

                 (j)          list of current medications;

                 (k)         other specific health information that a Receiver requires from the Referrer in order to accept a referral;                                           and/or

                 (l)         other information that the Referrer, Receiver or Patient deems relevant.

Where applicable, Consultmed complies with the Health Insurance Act 1973 (Cth) and Health Insurance Regulations 1975 (Cth) by collecting all information required to make any referral made via the Platform legally valid and able to be billed via Medicare.

          5.      Collection

          5.1     Personal Information

We will collect personal information only by full and fair means and not in an unreasonably intrusive way. Generally, we collect personal information directly from Referrers and Receivers, and only to the extent necessary to provide our products and services, to carry out our administrative functions, and as required by law.

We may also collect personal information from you when you fill in an application form, communicate with us, visit our website, provide us with feedback, complete online surveys or participate in competitions.

          5.2     Health information

We will collect health information on the registration of a new Patient for referral via the Platform.

          6.      What do we do with personal and health information?

          6.1     Referrers and Receivers

We use and disclose the personal information of Referrers and Receivers for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):

                 (a)         providing our website, products and services to you;

                 (b)         verifying your identity and place of work;

                 (c)         verifying your qualifications and registration with AHPRA;

                 (d)         verifying your medical provider number;

                 (e)         administering, protecting, improving or optimising our website, products and services law (including                                                performing data analytics, conducting research and for advertising and marketing purposes);

                 (f)          billing users for our products and services;

                 (g)         informing you about our website, products, services, rewards, surveys, contests, or other promotional                                                activities or events sponsored or managed by us or our business partners;

                 (h)         responding to any inquiries or comments that you submit to us;

                 (i)          any other purpose you have consented to; and

                 (j)          any use which is required or authorised by law.

We may disclose the personal information of Referrers and Receivers to:

                 (a)         other Referrers or Receivers who are providing or receiving a referral in respect of a Patient;

                 (b)         third-parties we ordinarily engage from time to time to perform functions on our behalf for the above                                              purposes;

                 (c)         any person or entity to whom you have consented to us disclosing your personal information to;

                 (d)         our external business advisors, auditors, lawyers, insurers and financiers where necessary; and

                 (e)         any person or entity to whom we are required or authorised to disclose your personal information to in                                            accordance with the law.

We do not sell or share personal information with third party marketers.

          6.2    Patients

We will disclose the health information of a Patient only as directed by the Referrer or Receiver providing health services to that Patient, in accordance with the express consent of that Patient, or as required to do so in accordance with the law.

          7.      Access, management and storage

Subject to some exceptions provided by law, you may request access to your personal information or health information in our customer account database, or seek correction of it by contacting us, your Referrer or Receiver.

If you believe that we hold personal information about you that is not accurate, complete or up-to-date then you may request that your personal or health information be amended (see clause 13 for our contact details). We will respond to your request to correct your personal or health information within a reasonable timeframe.

Where applicable, in accordance with our obligations under the Health Records and Information Privacy Act 2002 (NSW), Health Practitioner Regulation (NSW), Health Records Act 2001 (VIC), Health Records (Privacy and Access) Act 1997 (ACT) and the Privacy Act 1988 (Cth), we are obliged to retain health information for a period of:

                 (a)         for adults – seven (7) years from the date of last entry

                 (b)         for children – until they reach the age of 25 years

If we no longer need personal or health information for any of the purposes set out in this Privacy Policy, or as otherwise required by law, we will take such steps as are reasonable in the circumstances to destroy such information or to de-identify it.

          8.      Direct marketing

          8.1     Referrers and Receivers

Where we have your expressed or implied consent, or where we are otherwise permitted by law, we may use your personal information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.

At any time you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your personal information, as detailed above, will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing (see clause 13 for our contact details).

          8.2     Patients

No health information will be used to market directly to Patients. As discussed below, all health information is stored securely in an anonymised format, and Consultmed staff and service providers will not have access to such information except in very limited, exceptional circumstances.

          9.        Referrer and Receivers obligations

This clause applies to Referrers and Receivers who use our services.

In providing or receiving the health information of a Patient via the Platform, you warrant that you have sought all required consents from the Patient to do so and that you have otherwise fully complied with the Privacy Act and all other relevant legislation and regulations pertaining to the collection, storage, use and disclosure of health information.

You agree to indemnify us for any liability, costs and expenses (including our reasonable legal costs) which we incur as a result of a breach by you of your privacy obligations.

We disclaim any liability whatsoever for information collected or shared outside the Platform.

          10.      Mandatory data breach notifications

In the circumstances where Consultmed suffers a data breach that contains personal or health information, we will take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the Privacy Act and any other laws that apply to the type of information the subject of the data breach.

This means we will immediately make an objective assessment of whether a breach of personal information is likely to result in serious harm to individuals, and if this is the case, endeavour to notify the affected individual(s) and the Australian Information Commissioner.

You will be notified of any data breach affecting your health information.

          11.     Our Platform

When transmitting personal information via the Platform, you must keep in mind that the transmission of information over the internet is not always completely secure or error-free. Other than liability that cannot lawfully be excluded, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.

The Platform may use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but if you do so, you may not be able to fully experience the interactive features of the Consultmed website.

          12.     Security

We have implemented best practice processes to protect personal information and health information from unintended disclosure, misuse and loss. This includes a number of physical, administrative, personnel and technical measures, including by:

                 (a)         storing all our cloud information in Australia in HIPAA-complaint and Government endorsed servers;

                 (b)         storing all health information in an anonymised and encrypted format;

                 (c)         restricting the external transmission of personal and health information;

                 (d)         adopting measures to protect our computer systems and networks for storing, processing and transmitting                                  personal and health information;

                 (e)         adopting procedural and personnel measures for limiting access to personal information by our staff and                                      contractors;

                 (f)          restricting our staff and service providers from accessing health information, except in exceptional                                                    circumstances and with the oversight of senior management;

                 (g)         regularly reviewing and updating our information collection, storage and usage practices;

                 (h)         using password protection, multifactor authentication procedures and physical access restrictions to limit                                      unauthorised access;

                 (i)          complying with laws applicable to the collection, use, transmission and storage of personal and health                                            information; and

                 (j)         regularly testing our systems and networks and assessing security risks.

We may hold your personal or health information in either electronic or (in rare circumstances) hard copy. We take reasonable steps to protect all personal and health information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

However, we cannot guarantee the security of any personal or health information transmitted over the internet and therefore you disclose information to us at your own risk. To the maximum extent permitted under law, we are not liable for any unauthorised access, modification or disclosure, or misuse of personal or health information.

          13.      Contact information

If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us at hello@consultmed.co.

          14.      Changes to our policies

We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice and amendments will be effective immediately upon publishing of the amended Privacy Policy on our Platform.