AutoMed Systems is committed to providing quality services to Clinics and their Patients and this policy outlines our ongoing obligations in respect of how we manage Personal Information and Health Information. We make a clear distinction between Clinics and Patients. Clinics are defined as a physical medical centre, the staff of the medical centre and their Personal Information. Patients are defined as any user of the Clinic’s services.
AutoMed do not create or maintain Patient accounts and make use of a revolutionary real-time interface to validate patient data in real-time against the Practice Management Software of the Clinic. The Clinic is the sole custodian of the Patient’s data. AutoMed only collect and obtain Patient data for the purpose of providing its services to the Clinic.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au.
2 PURPOSE OF OUR POLICY
2.1 AutoMed Systems Pty Ltd ABN 69 614 929 476 provides Online Appointment booking services, Reminders, Recall and Result notification, Bulk Communications and associated technologies to Clinics (AutoMed).
2.3 Providing the system and services that we offer; and
2.4 The normal day-to-day operations of our business.
3 WHAT IS PERSONAL INFORMATION AND WHY DO WE COLLECT IT?
3.1 Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, date of birth, addresses, email addresses, phone and facsimile numbers.
3.2 This Personal Information is obtained in many ways including interviews, correspondence, by telephone, by email, via our website www.automedsystems,com.au, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties.
3.3 We collect a Clinic’s Personal Information for the primary purpose of providing our services to the Clinic, including product information and marketing. We may also use a Clinic’s Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. Clinics may unsubscribe from our mailing/marketing lists at any time by emailing us at email@example.com.
3.4 We collect a Patient’s Personal Information for the sole purpose of providing our services to the Clinic. Patients can unsubscribe from services by contacting the Clinic.
3.5 When we collect Personal Information we will, where appropriate and where possible, explain why we are collecting the information and how we plan to use it.
4 WHAT IS HEALTH INFORMATION AND WHY DO WE COLLECT IT?
4.1 Health Information includes any information collected about your health or disability, and any information collected in relation to a health service you have received. It includes such things as;
· notes of your symptoms or diagnosis and the treatment given to you
· your specialist reports and test results
· your appointment and billing details
· your prescriptions and other pharmaceutical purchases
· your dental records
· your genetic information
· your healthcare identifier when it is collected by a health service provider
· any other information about your race, sexuality or religion, when collected by a health service provider.
Examples of Health Information AutoMed may obtain can relate to appointment types requested, appointment reminders, recalls due, confirmation that test results (unidentified) have been reviewed and billing details (for AutoMed payment options only)
4.2 Health Information is obtained for the sole purpose of providing our services to the Clinic. Extremely limited Health Information is accessed to facilitate automated notifications to Patients. No analysis, special processing or aggregation of Health Information is done under any circumstance.
5 WHO AND WHAT THIS POLICY APPLIES TO
5.4 If, at any time, a Clinic or Patient provides Personal Information or other information about someone other than himself or herself, the individual warrants that:
5.4.1 With respect to Personal Information about a child, they are that child’s “responsible person” as defined in the Privacy Act (namely a parent or guardian); and/or
5.4.2 They have that person’s consent to provide such information for the purpose specified.
6 THE INFORMATION WE COLLECT
6.1 In the course of business, it is necessary for us to collect Personal Information. We only do this on behalf of Clinics and their Patients and this information allows us to identify who a Patient is, in relation to a Clinic for the purposes of our business providing our services to Clinics. Without limitation, the type of information we may collect is:
6.1.1 Health Information. We may collect information about appointment type requested, appointment reminders, recalls due, confirmation that test results (unidentified) have been reviewed and billing details (for AutoMed payment options only) and other information about a Patient defined as “health information” in the Privacy Act;
6.1.2 All information is only ever used for the intended purpose it was supplied/collected for as per ISO 27001.
6.1.3 Information is never shared with any 3rd parties under any circumstances.
6.1.4 Personal Information. We may collect and/or obtain personal details such as a Patient’s name, location, date of birth, nationality, family details and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is and to provide our core services to Clinics such as new patient registration;
6.1.5 Contact Information. We may collect information such as a Patient or Clinic Employee’s email address, telephone, residential, business and postal address and other information that allows us to contact the Clinic, or the Patient on behalf of the Clinic;
6.1.6 Financial Information. We may collect financial information related to a Patient or Clinic such as any bank or credit card details used to transact with us and other information that allows us to transact with the Patient or Clinic and/or provide them with our services;
6.1.7 Statistical Information. We may collect transactional statistics from a Clinic for the sole purpose of reporting to the Clinic. No statistical data is shared or made available to 3rd parties;
6.1.8 We may collect any personal correspondence that a Clinic or Patient sends us, or that is sent to us by others about the Patient’s or Clinic’s activities.
6.2 We may also collect non-Personal Information about a Clinic or Patient such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is collected the Australian Privacy Principles do not apply. This data is typically used for proactive system monitoring and network security.
7 HOW CLINIC INFORMATION IS COLLECTED
7.1 Most information will be collected in association with a Clinic’s use of AutoMed, an enquiry about AutoMed or generally dealing with us. However, we may also receive Personal Information from sources such as advertising, a Clinic’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. Information is likely to be collected as follows:
7.1.1 Registrations/Subscriptions. When a Clinic registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
7.1.2 Accounts/Memberships. When a Clinic submits their details to open an account and/or become a member with us;
7.1.3 Supply. When a Clinic supplies us with goods or services;
7.1.4 Contact. When a Clinic contacts us in any way;
7.1.5 Access. When a Clinic accesses us physically we may require them to provide us with details for us to permit them such access. When a Clinic accesses us through the internet we may collect information using cookies (if relevant – a Clinic can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
7.1.6 Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
7.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that a Clinic is always aware of when their Personal Information is being collected.
7.3 Where we obtain Personal Information without a Clinic’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the Clinic that we hold such information, in accordance with the Australian Privacy Principles.
8 HOW PATIENT INFORMATION IS COLLECTED
8.1 Patient data is obtained from the Clinic’s Practise Management Software for the sole purpose of providing the core services to the Clinic.
8.2 Patient data is only used for processing automated notifications and reminders.
8.3 A Patient’s identity is validated in real-time against the data in the Clinic’s Practice Management Software when a Patient uses the AutoMed Mobile App or Online Appointments.
8.4 AutoMed does not create Patient accounts and Patients are not able to register with AutoMed – AutoMed uses a revolutionary real-time validation system which does not require patient registration in AutoMed.
9 WHEN CLINIC PERSONAL INFORMATION IS USED & DISCLOSED
9.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
9.3 We will not disclose or sell an individual’s Personal Information to third parties under any circumstances.
9.4 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
9.4.1 The provision of goods and services between a Clinic and us;
9.4.2 Verifying a Clinic’s identity;
9.4.3 Communicating with a Clinic about their relationship with us and our goods and services;
9.4.4 Our own marketing and promotions to customers and prospects;
9.4.5 Competitions, surveys and questionnaires;
9.4.6 Investigating any complaints about or made by a Clinic, or if we have reason to suspect that a Clinic is in breach of any of our terms and conditions or that a Clinic is or has been otherwise engaged in any unlawful activity; and/or
9.4.7 As required or permitted by any law (including the Privacy Act).
9.5 There are some circumstances in which we must disclose a Clinic’s information:
9.5.1 Where we reasonably believe that a Clinic may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
9.5.2 As required by any law (including the Privacy Act); and/or
9.5.3 In order to sell our business (in that we may need to transfer Personal Information to a new owner).
9.7 AutoMed fully owns and controls its mail servers which are hosted in Australia which is used to rely email communication to Clinics.
10 WHEN PATIENT PERSONAL INFORMATION IS USED & DISCLOSED
10.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
10.3 Patient data is not recorded in AutoMed when a patient books an appointment online. All data is passed through in real-time to the clinic for real-time validation.
10.4 We will not disclose or sell a Patient’s Personal Information to third parties under any circumstances.
10.5 Information is used to enable us to provide our core services to Clinics.
10.6 Patient Information is not shared between Clinics under any circumstances.
10.7 AutoMed fully owns and controls its mail servers which are hosted in Australia which is used to rely email communication to Patients.
10.8 AutoMed use a SIM based SMS/MMS interface to send SMS/MMS messages to Patients; SMS/MMS data is thus not handed to 3rd parties.
11 OPTING “IN” OR “OUT”
11.1 AutoMed provides Opt IN/OUT functionality on all communication portals between Clinics and their Patients, allowing Patients to Opt IN/OUT to services provided by the Clinic.
12 THE SAFETY & SECURITY OF PERSONAL INFORMATION
12.1 We take all reasonable precautions to protect Patients’ and Clinics’ Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
12.2 AutoMed uses SSL/TLS encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
12.3 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
12.4 If an individual suspect any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately on firstname.lastname@example.org .
12.5 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
13 HOW TO ACCESS AND/OR UPDATE INFORMATION
13.1 Clinics can update their data via the AutoMed Dashboard.
13.2 AutoMed do not create or manage Patient accounts, as AutoMed is a real-time system. The Clinic is the sole custodian of the Patient data and the Patient will have to contact the Clinic to update their data.
13.3 Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and all the information is available in real-time on the AutoMed Dashboard.
13.4 Requests by Patients will be forwarded to the relevant Clinic.
13.5 It is a Clinic’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
14 COMPLAINTS AND DISPUTES
14.1 If a Patient or Clinic has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
14.2 If we become aware of any unauthorised access to a Patient’s or Clinic’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
15 CONTACTING INDIVIDUALS
15.1 From time to time, we may send a Clinic important notices, such as changes to our terms, conditions and policies. Because this information is important to the Clinic’s interaction with us, they may not opt out of receiving these communications.
15.2 AutoMed does not market to Patients.
16 CONTACTING US
16.1 All correspondence with regards to privacy should be addressed to:
The Administration Manager
AutoMed Systems Pty Ltd
W5 85 Triholm Ave, Laverton, VIC 3028
17 ADDITIONS TO THIS POLICY