Medicity Privacy Policy

1. Policy statement

Medicity (Medicity) - a division of Cabrini Health Limited (ABN 33 370 684 005; ACN 108 515 073) - develops and supplies medical software applications.

Medicity and its related bodies corporate (Medicity, We, Us) are committed to protecting the privacy of the personal information and sensitive information which we collect and hold.

Medicity provides software products (products) across Australia and New Zealand.

Medicity must comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth), and other applicable privacy laws (including the Health Records Act 2001 (Vic)) (privacy laws) which govern the way in which we hold, use and disclose personal information (including your sensitive information).

The purpose of this Privacy Policy is to explain:
(a)          the kinds of information that Medicity may collect about you;

(b)          how Medicity collects and holds personal information;

(c)          the purposes for which Medicity collects, holds, uses and discloses personal information;

(d)          how you can access the personal information Medicity holds about you and seek to correct such information; and

(e)          the way in which you can complain about a breach of your privacy and how Medicity will handle that complaint.

2. Definitions

In this Privacy Policy the following terms have the following meanings:
health information is:

(a)          personal information or an opinion about:
        (i)          the health, including an illness, disability or injury (at any time), of an individual;
        (ii)         an individual's express wishes about the future provision of health services for themselves; or
        (iii)        a health service provided, or to be provided, to an individual;

(b)          other personal information collected to provide, or in providing, a health service to an individual;

(c)          other personal information collected in connection with the donation, or intended donation, by an individual of his or her                body parts, organs or body substances; or

(d)          genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic                relative of the individual.

personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

‍(a)          whether the information or opinion is true ornot; and

(b)          whether the information or opinion is recorded in a material form or not;

sensitive information means:

(c)          personal information or opinion about an individual's:
        (i)           racial or ethnic origins;
        (ii)          political opinions or political associations;
        (iii)         philosophical beliefs or religious beliefs or affiliations;
        (iv)         membership of a professional or trade association or union;
        (v)          sexual preferences or practices; or
        (vi)         criminal record; or

(d)          health information about an individual;

(e)          genetic information about an individual that is not otherwise health information; or

(f)           biometric information that is to be used for the purpose of automated biometric verification or biometric identification                or biometric templates.

3. Collection and use of personal information

3.1  Types of personal information collected by Medicity

The types of personal information we collect from you depend on the circumstances in which the information is collected.

(a)          Customers, clients and research participants:
               Medicity collects information which is necessary to provide its customers and clients with products or services. This                includes collecting personal information such as your name, address and contact details. If you purchase products or                services from Us, Medicity may also collect certain transactional information and financial details to securely process the                purchase. In some cases, if we are assisting in providing a health-related service to your patients, Medicity may collect                the health information of those patients if that is necessary to provide the required products or services.

(b)          Employees, students and contractors:
               Medicity collects information from you which is necessary to properly manage and operate its business. This may                include collecting personal information such as your name, address and contact details, professional experience,                qualifications and past employers, emergency contact, vaccination and health information and any other information                which may be necessary to appropriately conduct our business.

(c)          Job applicants:
               Medicity collects information from you which is necessary to assess and engage job applicants. This includes collecting                personal information such as your name, address and contact details, professional experience, qualifications, references                and past employers, and any other information which is necessary to process your job application.

(d)          Website users:
               When you use a Medicity website, we may collect information about your website usage such as the IP address you are                using, the name of your Internet service provider, your browser version, the website that referred you to us, the pages                you request, the date and time of those requests and the country you are in.

3.2  How we collect personal information

We will usually collect your personal information directly from you, however sometimes we may need to collect information about you from third parties, such as:

(a)          another ICT provider;

(b)          another health service provider;

(c)          past employers and referees; and

(d)          related entities.

We will only collect information from third parties where:

(e)          you have consented to such collection;

(f)          such collection is necessary to enable us to provide you with appropriate ICT services or healthcare equipment and                consumable products;

(g)          such collection is reasonably necessary to enable us to appropriately manage and conduct our business; or

(h)          it is legally permissible for us to do.

Medicity will only collect information which is necessary to provide you with products or services, or to appropriately manage and conduct our business.

3.3 How Medicity uses your personal information

Medicity only uses your personal information for the purpose for which it was collected by Medicity (primary purpose), unless:

(a)          there is another purpose (secondary purpose) and that secondary purpose is directly related to the primary purpose,                and you would reasonably expect, or Medicity has informed you, that your information will be used for that secondary                purpose;

(b)          you have given your consent for your personal information to be used for a secondary purpose; or

(c)          Medicity is required or authorised by law to use your personal information for a secondary purpose (including for                research and quality improvements within Medicity).

For example, Medicity may use your personal information to:

(d)          provide products or services to you;

(e)          provide any related products or ongoing services to you;

(f)           appropriately manage our business, such as assessing insurance requirements, conducting audits, and                undertaking accreditation processes; and

(g)          assist it in running our business, including quality assurance programs, billing, improving its services,                implementing appropriate security measures, conducting research and training personnel; and

(h)          effectively communicate with third parties as required, including telecommunications carriers or your other ICT or                health service providers.

If you have applied for a position with Medicity, we may exchange some or all of your personal information with your referees, police, Centrelink and recruitment consultants for appropriate purposes relating to considering your application (including checking your criminal record where permitted by law).

3.4 Complete and accurate details

Where possible and practicable, you will have the option to deal with Medicity on an anonymous basis or by using a pseudonym. However, if the personal information you provide us is incomplete or inaccurate, or you withhold personal information, we may not be able to provide the products, services, or support to you are seeking, or deal with you effectively.

3.5 CCTV

Medicity uses camera surveillance systems (commonly referred to as CCTV) for the purposes of maintaining safety and security of its customers, clients, personnel, visitors and other attendees. Those CCTV systems may also collect and store personal information and Medicity will comply with all privacy legislation in respect of any such information.

4. Disclosing your personal information

4.1   Disclosure of your personal information

Medicity will confine its disclosure of your personal information to the primary purpose for which that information has been collected, or for a related secondary purpose. This includes when disclosure is necessary to provide products or services to you, assist us in running our organisation, or for security reasons.

We may provide your personal information to: 

(a)          third parties contracted to provide services to Medicity, such as entities contracted to assist in providing ICT services or                delivering products;

(b)          research institutions and sponsors with which Medicity collaborates;

(c)          anyone authorised by you to receive your personal information (your consent may be express or implied); and

(d)          anyone Medicity is required or permitted by law to disclose your personal information to, which may include the police                and the Privacy Commissioner.

4.2  Disclosure to External Service Providers

Where permissible under the privacy laws, we may disclose personal information to external service providers who may use, process and store that information overseas.

5. Data storage, quality and security

5.1  Data quality

Medicity will take reasonable steps to ensure that your personal information which is collected, used or disclosed is accurate, complete and up to date.

5.2 Storage

All personal information held by Medicity is stored securely in either hard copy or electronic form. Personal information that is captured and stored electronically by Medicity staff is stored on our centralised, onsite computer systems or on secure cloud-based servers. Only authorised staff have access to these systems. This access is monitored in accordance with Medicity’s policies and procedures.

5.3 Data security

Medicity strives to ensure the security, integrity and privacy of personal information, and will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Medicity reviews and updates (where necessary) its security measures in light of current technologies.

5.4 Online transfer of information

While Medicity does all it can to protect the privacy of your personal information, no data transfer over the internet is 100% secure. When you share your personal information with Medicity via an online process, it is at your own risk.
There are ways you can help maintain the privacy of your personal information, including:

(a)          always closing your browser when you have finished your user session;

(b)          always ensuring others cannot access your personal information and emails if you use a public computer; and

(c)          never disclosing your user name and password to third parties.

6. Use of cookies

A 'cookie' is a small data file placed on your machine or device which lets Medicity identify and interact more effectively with your computer.

Cookies, which are industry standard and are used by most websites (including those operated by Medicity), can facilitate a website user's ongoing access to and use of a site. They allow Medicity to customise our website to the needs of our users. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. However, cookies may be necessary to provide you with some features of our on-line services via the Medicity website and our websites may not function properly if cookies have been turned off.

7. Links to other sites

Medicity may provide links to third party websites. These linked sites may not be under our control and Medicity is not responsible for the content or privacy practices employed by those websites. Before disclosing your personal information on any other website, we recommend that you carefully read the terms and conditions of use and privacy statement of the relevant website.

8. Accessing and amending your personal information

You have a right to access your personal information which Medicity holds about you. If you make a request to access your personal information, you will need to submit a written enquiry via our contact for demo page.

We will ask you to verify your identity and specify the information you require. A fee may be charged for this service.

You can also request an amendment to any of your personal information if you consider that it contains inaccurate information.

You can contact Medicity about any privacy issues via the same link.

While Medicity aims to meet all requests for access to personal information, in a small number of cases and where permitted to do so by law, Medicity may not give access or may do so only under conditions.

Subject to applicable laws, Medicity may destroy records containing personal information when the record is no longer required by Medicity.

9. Complaints

If you have a complaint about Medicity information handling practices or consider we have breached your privacy, you can lodge a complaint with:

(a)          Medicity using the contact for demo page; or
(b)          the Office of Australian Information Commissioner at 1300 363 992 or enquiries@oaic.gov.au.

Medicity deals with all complaints in a fair and efficient manner.

10. General

Medicity reserves the right to amend this privacy policy at any time by publishing the amended policy on its website.

If you do not consent to Medicity collecting, using or disclosing your personal information, Medicity may be unable to provide its services to you.

11. Review

This Privacy Policy will be reviewed every two years or as needed. It will be reviewed in accordance with Medicity’s document control procedure and process.