1. Policy Statement
Unified Healthcare Group Pty Ltd (UHG) complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APP’s) and all relevant state-based health records and information privacy legislation.
2. What personal and sensitive information we collect
2.1 What is personal information?
Personal information is information or an opinion about someone we can identify or who we can reasonably identify from the information we have, whether it is true or not and whether it is recorded or not. It includes ‘sensitive information’ such as your information about your health (including in your health or medical record) as well as information about your racial or ethnic origin, political opinions, membership of political, professional or trade associations, or trade unions, religious beliefs, sexual orientation or practices and criminal record.
2.2 The kinds of personal information we collect
The personal information we collect about you depends on who you are and your interaction with us. As a provider of health solutions products and services, UHG may collect the following types of personal and sensitive information about you:
3. How we collect personal and sensitive information
We collect personal and sensitive information in many ways including when you:
4. Why we collect personal and sensitive information
UHG collects your personal and sensitive information to provide our services to you and/or provide information and services to our clients. UHG will only collect information that is necessary for these purposes.
5. Who we collect personal and sensitive information from
Where practicable, we will collect your personal information directly from you.
However, we may also need to collect information about you from others such as companies employing you, insurance companies, insurance brokers and financial planners, private medical insurers, financial institutions, medical or health service providers and other similar organisations that are permitted to share your personal information with us for the purposes of providing our services.
If we collect information about you from someone else we will, whenever possible, make you aware of this.
6. How we use and disclose personal and sensitive information
6.1 Uses of personal information
UHG will use your personal and sensitive information to provide you with services and products that:
UHG will also use your personal and sensitive information:
6.2 Disclosures of personal information
UHG will disclose your personal and sensitive information to third parties where:
6.3 Overseas disclosures of personal information
UHG will disclose your personal and sensitive information overseas only if required for the purposes of providing you with the services and products that:
7. Your online activity
The UHG website may contain links to other websites. These are provided as a convenience to you and not as an endorsement by UHG of the contents of other websites.
Most browsers are initially set up to accept cookies. Though most cookies expire after a certain period of time, you can choose to delete a cookie file at any time. You can do so by resetting your browser to refuse all cookies or to indicate when a cookie is sent. However, some UHG features or services may not function properly without cookies.
8. Information Security
UHG has an Information Security Policy, that provides the organisational commitment to protect your information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
To deliver on the commitments of the Information Security Policy, UHG has implemented an Information Security Management System to meet the requirements of a Certifiable International Standard. Based on the standard, a layered set of controls have been implemented covering people, processes, technology and facility within a continuous improvement environment.
8.1 How long do we keep health records for
In the case of information that forms part of a health or medical record, your information will be held for at least seven years from the last time a health service was provided, in accordance with the Health Records Act. If someone under the age of 18 used the health service, the information will be held at least until that person has turned 25.
UHG destroys or de-identify personal information we no longer need or are required to keep for any business or legal purpose, wherever possible.
9. Access and Correction
You are entitled to access the personal information UHG holds about you.
The procedure for requesting access is as follows:
9.1.2 Can my request be refused?
In some circumstances, UHG may not be in a position to provide you access.
If access is refused to some or all of the information, our reasons will be provided to you in writing with details of the complaint mechanisms available to you if you are not satisfied with our decision.
If UHG has collected your personal information on behalf of a third party, we recommend that you approach the third party directly for access to your information.
If your details change, or you believe that your personal information is inaccurate, out-of-date, incomplete, irrelevant or misleading, you can request correction by contacting the Privacy Officer on the details below.
If UHG is satisfied that your information needs correcting or if you make a request, UHG will take reasonable steps to amend that information. UHG will need to verify your identity first.
9.3 Can my request be refused?
If we refuse to correct all or part of your information, reasons will be provided in writing with details of the complaint mechanisms available to you if you are not satisfied with our decision.
If UHG does not make the correction and, if you request, UHG will take reasonable steps to associate with the record of that personal information a statement that you believe the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, as applicable.
10. How we manage a Privacy Breach
As required by the Privacy Amendment (Notifiable Data Breaches) Act 2017, UHG has developed a data breach response plan that sets out the steps that UHG will follow when it becomes aware or suspects that a data breach has occurred.
The UHG Privacy Officer must be notified of the breach or potential in the first instance. Where it is considered that a data breach is likely to result in serious harm to any of the individuals whose information is involved we will notify those individuals who are at risk of serious harm and will prepare a statement for the Privacy Commissioner in an appropriate form.
10.1 What is a Data Breach?
A data breach is when personal information held by UHG is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference.
11. Complaints resolution
UHG has a designated Privacy Officer. If at any time you have a privacy related issue or wish to make a complaint, please contact our Privacy Officer on the details below.
11.1 The complaints procedure
You should put any complaint you have in writing and give as much detail as you can about the nature of your complaint and the information affected.
The Privacy Officer will manage the investigation of your complaint or concern and communicate with relevant parties. UHG will respond to you within a reasonable period, which will generally be within 30 days of receiving your complaint.
11.2 External review
If you are not satisfied with our resolution of your complaint, you can contact the Privacy Commissioner’s Office on 1300 363 992 or go to their website at www.oaic.gov.au to enquire about your privacy rights or to lodge a complaint about how we have handled your personal information. The Privacy Commissioner has the power to investigate the matter and make a determination.
12. UHG Contact Details
For all privacy related inquiries and complaints and for access and information requests, please contact the Privacy Officer on the following details:
Address: 205 Chapel Street, Prahran, VIC 3181
Telephone: 03 9692 7777
13. Changes to this policy
UHG may amend and update this policy from time to time to reflect changes to our practices and procedures, systems or obligations. Any amendments to this policy will be notified by posting an amended version on our website, and the changes will take effect at that time.
This policy was last updated on August 14, 2018.