- 1. Purpose
Zenitas Healthcare (“Zenitas”, “we”, “us”, “our”) is a community-based healthcare provider specialising in the provision of in-home and in-clinic care solutions to enhance the patient/ carerecipient experience via integrated care and helping Australians live longer in their own home and community. We operate in the Primary, Allied Health and Home Care segments of the community-based health care industry. Our businesses include the household brands Dimple, Transform Physio, Leading Nutrition, AlliedCare Group, Modern Medical, Lifecare, Nextt Care, Ontrac, Backfocus Physiotherapy, Beleura Health Solutions, Peninsula Sports Medicine Group, Cityskin Cosmetic Clinic, Comrec, Orion Services and Accommodation & Care Solutions. When individuals receive services or deal with one of these brands, you are dealing with Zenitas Healthcare.
- 2. Application of the Policy
Zenitas is subject to the Privacy Act 1988 (Cth) (Privacy Act) and handles the personal information (including health information) that it collects and holds in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. In addition to the federal Privacy Act, Zenitas must also comply with certain State and Territory legislation.
- 3. Overview
- 4. What is personal or sensitive information?
Personal information is information or an opinion about an individual who is identified or capable of identification from the information, whether that information or opinion is true or not.
De-identified information is not personal information and involves the removal or alteration of other information that could potentially be used to re-identify an individual.
- 5. Dealing with us anonymously
Where it is lawful and practicable to do so, individuals may deal with us anonymously or by using a pseudonym (e.g. when inquiring about services generally). However, if individuals wish to make a booking with our service, the service will require the provision of personal identifying information.
- 6. Our website
Visitors to our website do not disclose information unless they provide such information through the enquiry form. When individuals visit our website anonymously, non-personal information may be collected including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalized content to individuals while they are at this site.
- 7. What personal information is collected and held?
The information collected may include an individual’s:
- name, address (postal and email) and telephone numbers;
- gender, date of birth, marital status, occupation, religion, country of birth, indigenous status, next of kin;
- medical history and other health information we are provided with or collect in the course of providing our services;
- payment information such as credit card details, health fund and health insurance cover details, workers compensation or other insurance claim details, Medicare details, concession card details;
- other information needed to provide services
- 8. Why do we collect, use and disclose personal information?
If an individual is to receive or has received a service from Zenitas, we will collect, use or disclose their personal information to:
- do what is necessary to provide the services where the individual would reasonably expect disclosure;
- ensure continuity of care of individuals treated in Zenitas facilities and provide ongoing treatment options;
- manage, fund, service, monitor, plan, evaluate and handle complaints;
- comply with legal and regulatory requirements;
- undertake accreditation, quality assurance or clinical audits;
- undertake billing and debt recovery;
- address liability indemnity arrangements including reporting to Zenitas;
- prepare the defence for anticipated or existing legal proceedings;
- contact individuals to respond to enquiries, to follow up, in an emergency, for authorisation in relation to any services;
- communicate with individuals about our services or offers from our other integrated care providers;
- assess job applications;
- verify an individual’s identity;
- ensure the health and safety of our staff and individuals who use our services or attend our facilities; and
- provide health insurance funding.
We will disclose individual’s personal information to nominated authorised representatives only where written authority has been provided or where evidence is provided that they can act on an individual’s behalf as a Medical Treatment Decision Maker or Support Person Guardian appointed by VCAT. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent, or have legal authority to do so.
- 9. How do we collect personal information?
We will collect personal information from individuals directly where it is reasonably practical to do so. This often takes place in the ordinary course of delivery of a healthcare service such as when a person attends a Zenitas facility for treatment, completes documents in order to receive that treatment, provides information over the telephone or applies for a job with us.
Other circumstances where we may collect information from third parties:
- where the patient has a Medical Treatment Decision Maker or Support Person;
- from an individual’s health service provider including specialists;
- from a health professional who has treated the individual;
- from an individual’s health insurer or other insurer;
- from an individual’s family;
- other sources where necessary to provide our services; and
- to assess job applicants (e.g. police checks).
- 10. Trans-border data flows
Our websites may be hosted by servers outside Australia and we may also use technical support services that are based off shore. This means that technically speaking, individuals’ personal information may travel electronically from Australia to another country and back to Australia. When sending information offshore, we ensure all providers we engage can and will observe the requirements of the Australian Privacy Principles.
- 11. Storing personal information
We may store personal information in different ways, including in paper and electronic form. The security of personal and information is important to us and we take all reasonable steps to protect it from misuse or loss and from unauthorised access, modification or disclosure. We ensure compliance with the Notifiable Data Breaches Scheme established under the Privacy Act 1988 (Cth).
Some of the ways we do this include:
- requiring our staff and contractors to maintain confidentiality and observe privacy laws to ensure compliance with the APPs;
- implementing document storage security;
- imposing security measures for access to computer systems; and
- only allowing access to personal information where the individual seeking access to their own information has satisfied identification requirements.
Personal information is retained for the period of time determined by law and is disposed in a secure manner.
- 12. Keeping personal information accurate and up to date
We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information depends largely on the quality of the information provided to us. We therefore suggest that individuals:
- let us know if there are any errors in personal information; and
- keep us up to date with changes to personal information (e.g. their name and address).
Individuals may do this by mail, email or via the ‘Contact Us’ section on the website.
- 13. Accessing personal information
Individuals have a right to access their personal information and can contact us to request access. We may charge a nominal fee for providing access to personal information. In the event that copies of records are requested and approved, we may elect to charge for our reasonable costs involved in providing access. We will endeavour to advise individuals in advance if a charge will be imposed, and the likely amount of the charge. Individuals will be invited to consider other forms of access to minimise cost.
We will disclose individual’s personal information to an individual’s authorised representatives only where written authority has been provided or where evidence has been provided that nominated individuals can act on an individual’s behalf. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent, or have legal authority to do so.
- 14. Complaints
Individuals also have the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney, NSW 2001
- 15. Contacting us
Individuals may ask any questions about privacy and the way Zenitas manages personal and health information, complain about the handling of information or obtain a form requesting access to personal information by contacting firstname.lastname@example.org.
- 16. Further information
If individuals would like more information about privacy in general, please refer to the Office of the Australian Information Commissioner’s website.