Medical-Objects Legal Obligations
Medical-Objects is committed to ensuring the privacy and confidentiality of your personal information. Medical-Objects must comply with both the Australian Privacy Act 1988 (Commonwealth) (“the Act”), the Australian Privacy Principles (“APPs”) and with the New Zealand Privacy Act 1993 and any other applicable privacy laws that govern how private sector Health Service providers handle your personal information (inclusive of sensitive information and Health Information)
Personal Information as defined by the Australian Privacy Act 1988 (Cth) is ‘information or an opinion, about an identified individual, or an individual who is reasonably identifiable. Whether true or not, and whether recorded in a material form or not’.
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details, employment details and commentary or opinion about a person.
Sensitive information is racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record that is also personal information or health information about an individual.
‘Health Information’ is information or opinion about the health or disability (at any time) of an individual, an individual’s expressed wishes about future provision of Health Services to him or her or a Health Service provided or to be provided to an individual that is also personal information. It also includes other personal information collected to provide a Health Service (e.g. name, address) and information about donation of body parts, organs or body substances and genetic information.
A ‘Health Service’ as defined by the Australian Privacy Act ‘a Health Service includes any activity that involves: assessing, recording, maintaining or improving a person’s health; or diagnosing or treating a person’s illness or disability; or dispensing a prescription drug or medicinal preparation by a pharmacist’.
The Privacy Act applies to all private sector organisations that deliver these types of services, including all small Health Services that hold health information.
1. What kind of Personal Information we collect and hold.
2. How we collect your Personal Information.
3. How we hold your Personal Information.
4. Purposes for which we collect, use, hold, and disclose Personal Information.
5. Access and Correction of Personal Information.
6. Registering a complaint about Personal Information handling.
7. Anonymity and Pseudonym.
8. Transborder disclosure of Personal Information.
9. Contact our Privacy Officer.
1. What kind of Personal Information we collect and hold
Medical-Objects will only collect the information necessary to deliver our Health Service. Medical-Objects will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
Medical-Objects role as a Health Service is related to providing medical software and secure messaging services to the healthcare industry. For Medical-Objects to provide medical software products and services we need to manage and hold personal information (including sensitive) and health information to facilitate the provision of these services.
The types of personal (including sensitive) information and health information we collect and hold may include but not limited to:
- Contact details such as name, address, date of births, provider number, email, phone, mobile and fax number.
- Personal Details such as date of birth, sex, primary language, addresses, phone numbers, email addresses, nationality, race, religion.
- Health information such as medical record, results or tests.
- Support calls/emails, complaints, feedback and enquires.
Medical-Objects may collect personal information from job applicants for the primary purpose of interviewing, evaluating or employing job applicants. Personal Information may include but not limited to Resumes, Superannuation, banking and educational details. Medical-Objects may also store information provided by job applicants who were unsuccessful for the purposes of future recruitment.
Our Website and Personal Information
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise Medical-Objects pages, or register with Medical-Objects site or services, a cookie helps Medical-Objects to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Medical-Objects Website, the information you previously provided can be retrieved, so you can easily use the Medical-Objects features that you customised.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Medical-Objects services or Web sites you visit.
We may provide links to third party websites. We are not responsible for the content or privacy practices employed by third party websites that are linked from our website.
Medical-Objects keeps track of the websites and pages our customers visit within the Medical-Objects domain, this is to determine what Medical-Objects services are the most popular. This data is used to deliver customised content and advertising within Medical-Objects domain to customers whose behaviour indicates that they are interested in a particular subject area.
2. How we collect your Personal Information
Medical-Objects have a number of methods available for collection of personal information including but not limited to; request forms, mail, email, feedback forms, phone calls, website forms, fax, secure messaging, and medical software.
We usually collect Personal Information directly from you or an authorised representative. We may also collect personal information from trusted third parties, or publicly available resources for the purpose of taking reasonable steps to ensure our information is up to date, complete and relevant.
Personal information that is collected from a trusted third party is checked against our own internal records first that are used for the same purpose. We will notify the owner of the personal information where practically possible as to the third party we obtain the information from.
3. How we hold your Personal Information
Medical-Objects will take reasonable steps to ensure that your personal information which we may collect, use or disclose is accurate, complete and up-to-date.
Medical-objects will take reasonable steps to make sure that personal information we collect from the above sources are protected and held in a secure environment. All personal information is safeguarded and stored on our secure servers or secured file storage areas.
Information security is one of the utmost important aspects of Medical-Objects. Medical-Objects takes every step possible to ensure confidentiality, integrity and security of the system and information.
Some of the security measures we use to protect against unauthorised access to our systems and data are: Software and Hardware Firewalls, Virus scanning tools, in transit data encryption, Training and security updates, Network monitoring and logging tools, Public and private key encryption, User access policies.
4. Purposes for which we collect, hold, use, and disclose personal information
Medical-Objects only uses your personal information for:
a. The purpose you have given the information for;
b. To provide you with our software products or services and to identify and inform you about other software products or services that may be of interest to you;
c. For a provider directory, so other health providers can communicate with you via our secure messaging service. The provider directory is provided to our customers by using our integrated software or other required formats like csv, excel, REST, Web API or database.
d. For our administrative purposes, such as staff training, accounting, billing, product and service evaluation and improvement and to administer our relationship with you;
e. To facilitate help-desk operations that include diagnostics, monitoring, troubleshooting, and to proactively identify and resolve issues.
f. To facilitate your participation in our newsletters, social media and monitor activity on our websites;
g.If required by or authorised under law or by an enforcement body;
h. or where there is a serious threat to an individual’s life or to public health or safety, or where there is reason to suspect unlawful activity has been engaged in;
i. To publish or display customer reviews with consent from you or an authorised representative. Reviews can be published via social media, newsletters, websites, and marketing material.
j. In the event of an eligible data breach Medical-Objects will notify the OAIC or OPC and the individuals affected as soon as possible.
k. Medical-Objects has various strategic relationships with healthcare partners that provide complementary healthcare services, personal information may be disclosed to such partners to provide health services. When personal information is disclosed, we will take reasonable steps to ensure that appropriate security and restrictions are in place to protect your personal information and that it will only be used for authorised purposes.
5. Access and Correction of Personal Information
Medical-Objects allows you to access and correct personal information it holds about you as required by law. If you have any enquiries about how Medical-Objects handles your personal information, or would like to request access to or to correct that information, please contact our Privacy Officer. (see contact details below in Section 9)
6. Registering a complaint about Personal Information handling
If you have a complaint in relation to the collection and handling of your personal information, please contact our Privacy Officer via the details provided below in section 9. We will review all complaints received and the Privacy Officer will respond to the complainant.
Where practical, you may deal with us on an anonymous basis or by using a pseudonym. In some instances, because of the services we provide, if you do not provide us with your Personal Information we may not be able to provide you with the requested medical products or services.
8. Transborder disclosure of Personal Information
We may store, process or back-up your personal information on servers that are located overseas (including through third party service providers).
Information collected and/or processed through Social Media platforms, Xero and Google Enterprise mail will be stored on servers based in the USA.
Our software cloud providers are not involved in the handling, use, or processing of your personal information. Medical-Objects remains in control, at all times of the handling, use, or processing of the personal information and therefore poses minimal risk in breaching the Australian Privacy Principles and the New Zealand Privacy Act.
In the event that the processing or use of your personal information involves the disclosure of any information outside Australia or New Zealand, you acknowledge that by providing us with your personal information, you consent to such overseas disclosure. By consenting to such disclosure, you acknowledge and accept that:
Medical-Objects will not be accountable under the Australian Privacy Act 1988 or New Zealand Privacy Act 1993 for any breach of your privacy by the overseas recipient; and you will not be able to seek redress under the Australian Privacy Act 1988 or New Zealand Privacy Act 1993 for any breach of your privacy by the overseas recipient.
9. Contact our Privacy Officer
Mail to: Privacy Officer, Medical-Objects, PO BOX 5048, Maroochydore B.C. QLD, 4558, Australia or firstname.lastname@example.org