1. STATEMENT
Medix Health Services Australia Pty Ltd (”Medix”) provides personal case management services (“Medix Services”) to individuals in Australia (“Eligible Persons”). As a result Medix acquires personal data and information about Eligible Persons including information about their physical and mental health and conditions.
Medix recognises the importance and sensitivity of that personal information and is committed to dealing with it in line with the Eligible Persons’ expectations and in accordance with Medix’ legal obligations under the Privacy Act 1998 (Cth) (“the Privacy Act”).
The purpose of this document is to set out, for Eligible Persons:
(a) The kinds of personal information that Medix collects and holds;
(b) How Medix collects and holds personal information;
(c) The purposes for which Medix collects, holds, uses and discloses personal information;
(d) How a Eligible Person may access personal information about the Eligible Person that is held by Medix;
(e) How the Eligible Person may complain about a breach of the Australian Privacy Principals; and
(f) Whether Medix is likely to disclose personal information to overseas recipients and that destination.
If there are any queries in relation to the Privacy protections and this privacy policy the Data Protection Compliance Manager of Medix is responsible for ensuring that Compliance. Any questions or concerns can be directed to Moran Katz morank@medix-global.com.
2. DEFINITIONS
Within this policy “Personal Information / Data” is information or an opinion about an identified individual or an individual who is reasonably identifiable:
(g) Whether the information or opinion is true or not;
(h) Whether the information or opinion is recorded in material form or not.
“Medical Information” forms part of Personal Data and comprises information about an individual’s physical or mental health or condition, including and without limitation:
(a) The reasons for seeing a health professional;
(b) Tests and procedures undertaken, the results of such tests and procedures, clinical findings and diagnoses;
(c) The options for care and treatment suggested by a or various health professionals;
(d) Decisions made about care and treatment and;
“Sensitive Information” as defined under the Privacy Act includes:-
(a) Health information;
(b) Genetic information;
(c) Biometric information or biometric templates.
“Dealing with” Personal Information or Data means its collection, obtaining, holding, organising, using, disclosing, manipulating or destroying.
3. THE TYPES OF PERSONAL INFORMATION THAT MEDIX COLLECTS AND HOLDS
Medix collects and holds personal information as defined as Personal Information within this Policy. It includes:
(a) name, contact details, date of birth and gender;
(b) information about your interactions with Medix including complaints;
(c) Personal Information which is required to provide the Medix Services, including Sensitive Information. Medix only collects and holds Sensitive Information with the Eligible Person’s (or their legal guardian’s) consent or in other limited situations allowed by law;
4. HOW DOES MEDIX COLLECT AND HOLD PERSONAL INFORMATION?
Medix collects Personal Information directly from the Eligible Person or, if the Eligible Person is a minor, from the Eligible Person and the Eligible Person’s legal guardian.
Medix also collects Personal Information from medical services providers and other providers of medical and non-medical services, with the Eligible Person’s or their legal guardian’s prior consent.
Medix holds Personal Information using the following formats:
- Hardcopy of Medical summaries
- Optical Media (CDs and DVDs) of Medical Imaging
- Electronic copies of Medical summaries
- Electronic copies of Medical Imaging
- Electronic copies of Call Recordings
Medix is ISO-27001 compliant.
5. THE PURPOSES FOR WHICH MEDIX HOLDS, USES AND DISCLOSES PERSONAL INFORMATION
Medix collects, holds, uses and discloses Personal Information in the provision of the Medix Services.
Examples of the disclosure regarding the Eligible Person’s Personal and Medical Information include:
(a) To doctors and other members of the Medix Group team providing the Medix Services (provided that such disclosure is only for the purpose of enabling them to provide the Medix Services and the recipients are bound by an obligation of confidentiality);
(b) To specialist doctors, who may be situated in any part of the world, to assist in providing the Medix Services, provided that such disclosure is only for the purpose of enabling them to provide the Medix Services;
(c) To third party health care providers if Medix wishes to retrieve medical information from them which is necessary for the provision of the Medix Services;
(d) To the insurance company with whom the Eligible Person (or their family member or guardian) has the policy of insurance in connection with which the Medix Services are provided if the Eligible Person makes a complaint about Medix or the Medix Services, and only for the purpose of the insurance company responding to or investigating such complaint and its resolution. Deidentified information may also be provided by Medix to the insurance company for quality control purposes and general data reporting;
(e) Where disclosure is expressly requested or permitted by the Eligible Person or their guardian; or
(f) Where disclosure is required by law or Regulations or by any court or any relevant regulatory body.
6. ACCESS TO PERSONAL INFORMATION
An Eligible Person has a right at any time to request in writing access to a copy of any personal data which Medix holds about them only when adequate proof of identity is being provided. If after accessing such information an Eligible Person believes any of the personal data which Medix holds is incorrect the Eligible Person can ask to have the inaccurate data amended.
Eligible Persons may send any inquiry or request to:
The Data Protection Compliance Manager
Medix Australia Pty Limited
morank@medix-global.com
7. COMPLAINTS
If an Eligible Person is dissatisfied with Medix and their privacy they may contact:
The Data Protection Compliance Manager
Medix Australia Pty Limited
morank@medix-global.com
Alternatively, the Eligible Person may complain to the Office of the Information Commissioner at:
Office of the Australian Information Commissioner
GPO BOX 5218
Sydney NSW 2001
enquires@oaic.gov.au
8. OVERSEAS DISCLOSURE AND STORAGE OF DATA
All Personal Data of Eligible Persons held by Medix shall be stored securely and access should be restricted only to those who are authorised to use it for the purposes of providing the Medix Services.
It is likely that Medix will disclose Personal Data of Eligible Persons to overseas recipients as the Medix Services require. Those potential recipients are:
a) Medix’s related entity offices in Hong Kong, Singapore and London; and
b) Doctors accredited by Medix, as complying with their high medical standards and information management requirements.
As each of these potential recipients is either related to or accredited by Medix, Medix is familiar with their privacy policies and has taken reasonable steps to ensure that the overseas recipient does not breach Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
9. RETENTION / DESTRUCTION OF PERSONAL DATA
Subject to the following paragraph, Medix aims only to retain Personal Data for as long as it is necessary for the purposes for which it was obtained and therefore to return, destroy or erase from Medix’ systems personal data when it is no longer required.
All Personal Data relating to an Eligible Person held by Medix shall be returned to the Eligible Person or destroyed after a period of 10 years from the day on which Medix stops providing the Medix Services to that Eligible Person, or such longer period as is reasonably required.
10. UPDATES TO THIS POLICY
This Privacy Policy may be updated by Medix from time to time if:
a) the Medix business changes in a manner not covered by this Policy;
b) Privacy Principles or legislation in Australia changes; or
c) there are significant changes to how we handle or store data (eg. due to technological advances)