Information Handling Policy

1. Introduction

1.1 About Bupa Medical

In this document, ‘we’, ‘us’, ‘our’ and ‘Bupa Medical’ refers to Bupa Medical Pty Ltd (ABN 85 601 714 738) and its related entities and bodies corporate. Bupa Medical Services is part of the Bupa Australia and New Zealand Group of companies.

Bupa Medical is a provider of medical services in general practice (the ‘Services’).

1.2 Protecting your privacy

Your privacy and maintaining the confidentiality of your personal information is important to Bupa Medical. This document sets out how we handle your personal information, including the collection, storage, use and disclosure of your personal information, and how you can access and change your information, provide us with feedback or make a complaint.

This policy will apply to customers whose personal information is collected in the course of receiving Services from us.

When handling personal information, Bupa Medical complies with all relevant privacy legislation, including:

  • the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) ("Privacy Act")
  • health records legislation, including the Health Records Act 2001 (Vic), Health Records and Information Privacy Act 2002 (NSW), Health Records (Privacy and Access) Act 1997 (ACT); and
  • marketing legislation, including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

Definitions

In this policy, the following terms have the following meanings:

Personal information: has the same meaning that it has under the Privacy Act, namely information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified or reasonably identifiable individual.

Privacy Act: means the Privacy Act 1988 (Cth).

Sensitive information: is a sub-set of personal information and includes health information and otherwise has the same meaning that it has under the Privacy Act.

Services: means any medical services and related services provided by us, including administration and booking.

2. Collection of your personal information

2.1 What kinds of personal information does Bupa Medical collect?

We collect any personal and health information that we require to provide Services to you, which may include:

  • your name, address, telephone and email contact details;
  • your Medicare details;
  • your gender, date of birth and marital status;
  • health information, including your current and past medical history and the results of any medical tests provided as part of, or in the course of, the Services.

In addition, where a customer provides us with information about another person, or where another person is designated to act on behalf of a customer, we may hold that person’s information.

2.2 How does Bupa Medical collect personal information?

We may collect personal information from you in a range of ways, including:

  • when you make a booking for Services, including by using our website;
  • when you contact us in person, by phone, via mail, email or online (or when we contact you through any means);
  • when we provide Services to you directly, for example, when you attend our medical centre or fill out any forms.

We will always try to collect your personal information directly from you. However, sometimes we will need to collect your information from other persons or organisations.

This includes when we collect your personal information in the following circumstances:

  • with your consent, when we collect information from other healthcare professionals who have treated you (for example, on referral from a specialist);
  • in an emergency, where we collect information from your emergency contact;
  • where you have nominated someone to act on your behalf.

If you provide us with information about another person, you must ensure you have that person’s permission before doing so and must inform them that they have a right to access their information and that they can refer to this document for information on how we will handle their personal information.

If you have private health insurance with Bupa, with your permission, Bupa Medical may collect information about the claims you have made on your Bupa health insurance membership. This is entirely optional and if you give your permission, this information will be used by you Bupa Medical GP to get a better understanding of your medical history and health status.

2.4 If you do not provide us with your personal information

If you do not provide us with the personal information we reasonably request, we may be unable to provide you with the Services that you are requesting.

3. Use and disclosure of your personal information

We use your personal information to provide, manage and administer the Services to you and to operate an efficient and sustainable business. This includes using your information in order to:

  • book your appointments;
  • provide you with Services;
  • process your payments;
  • contact you in relation to any matter relating to the Services, for example by sending you booking confirmations and appointment reminders;
  • answer your enquiries and deliver customer service to you;
  • conduct quality assurance, risk management and compliance activities;
  • carry out internal functions, including administration, training, accounting, audit and information technology;
  • resolve complaints;
  • conduct customer surveys;
  • vconduct market research and analysis;
  • comply with laws and regulations.

3.2 Who does Bupa Medical disclose your personal information to?

To provide, manage and administer our Services to you and to operate an efficient and sustainable business, Bupa Medical may disclose your information to third parties, including:

  • anyone engaged by us or acting on our behalf in relation to the provision of the Services or in operating our business. This includes sub-contractors, service providers and suppliers, all of whom are required to handle your personal information in accordance with privacy requirements;
  • to our related bodies corporate (this does not apply to your health information, except with your consent) so that they may contact you in relation to any products or services offered by them (see also section 3.3, ‘Direct marketing, below);
  • to healthcare providers to facilitate the provision of our Services to you. For example, specialists and diagnostic services providers, where you have provided your consent;
  • any Commonwealth, State or Territory government and regulatory bodies, including the Department of Human Services (Medicare), the Department of Health and local health departments;
  • any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives;
  • lawyers, auditors and other advisors appointed by us or acting on our behalf;
  • where we need to disclose information to enforce our legal rights;
  • where disclosure is required or permitted by law, including compulsory notices from courts of law (such as subpoenas), tribunals or government agencies.

Bupa Medical is part of the Bupa Australia and New Zealand group, which has operations across Australia and in the course of conducting our business and providing our Services to you, we may handle your personal information in any State or Territory in which we operate.

3.3 Direct marketing

From time to time, we or our related bodies corporate may contact you to provide you with information about other products and services offered by us, our related entities and our business partners that may be of benefit to you and your family.

This may includes information about products or services made available by us, or by other companies within the Bupa Australia and New Zealand Group.

We may also share your personal information (not including your health information, unless you have given your consent) on a confidential basis with our related bodies corporate so that they can offer you products and services and fulfil offers to you.

When you become our customer, you consent to us and our related bodies corporate using your personal information for direct marketing purposes (for an indefinite period) by post, email, phone or SMS, unless you contact us to withdraw your consent.

If you do not wish to receive marketing material from us or our related bodies corporate, you can contact us at any time to let us know. Our contact details are at the end of this policy.

If you request not to receive direct marketing from us, please note that we will still contact you in relation to our on-going relationship with you. For example, we will still contact you in relation to any appointments, results or billing matters.

3.4 Does Bupa Medical send personal information overseas?

From time to time, in the course of providing Services to you, there may be occasions where we use service providers who are located outside of Australia. Where we may need to disclose your information to a party located overseas, we will tell you where that party is located.

3.5 How does Bupa Medical store personal information and for how long?

We will take all reasonable steps to ensure that your personal information is stored securely and is handled confidentially at all times. This includes a range of systems and communication security measures, as well as the secure storage of hard copy documents.

In addition, access to your personal information will be restricted to those properly authorised to have access. We keep your personal information for as long as we need it to provide you with the Services and to comply with any legal requirements.

If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information except in limited circumstances permitted by law.

4. Accessing and Correcting your Personal Information

4.1 Can I access my personal information?

You can ask us for access to the information that we hold about you at any time. Simply contact us (our contact details are listed below) to make your request.

We will always endeavour to meet your request for access within a reasonable time and in any case we will respond to your request within 45 days. However in some circumstances, we may be unable to give you access to certain information, including where we no longer hold or use the information.

If we are unable to give you access to the information you have requested, we will give you written reasons for this decision when we respond to your request and how you may complain. We may charge you a fee for access to some types of information.

4.2 Correcting your personal information

To enable us to provide you with the best possible service, it is important that the information we hold about you is accurate. We will take reasonable steps to ensure your personal information is accurate, complete and up-to-date at the time of collecting, using or disclosing it.

It is your responsibility to notify us when your details change. In addition, if you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us. We will respond to your request within a reasonable period and take reasonable steps to amend your records.

5. Your privacy online

5.1 Online data collection and use

When you access our website, anonymous technical information may be collected about user activities on the website. This may include information such as the type of browser used to access the website and the pages visited.

This information is used by Bupa Medical to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to personal identification details.

For more information, please refer to the website terms and conditions on bupa.com.au/medical/GP.

5.2 Cookies

A “cookie” is a small text file placed on your computer by a web server when you access a website. Cookies are frequently used on websites. Cookies in themselves do not identify the individual user, just the computer used. We use cookies to collect data to help us determine which pages are most popular, peak usage times and other information that helps us make our websites easier and more efficient for you to use. When you visit our websites we may set a cookie on your machine so that when you next visit our websites it links to your personal information that is stored on our system.

You can choose if and how a cookie will be accepted by configuring your preferences and options in your browser. For example, you can set your browser to notify you when you receive a cookie or to reject cookies. However, if you decide not to display cookies, then you may not be able to gain access to all the content and facilities of this website.

6. Contacting Bupa Medical

If you have any questions, feedback about this policy or how your information is handled by Bupa Medical, or would like to make a complaint about how we have handled your personal information, you can contact us at any time. You can find all of our contact details at bupa.com.au/medical/contact.

If you are not happy with our response, or if you have a complaint that you do not feel has been resolved, you are able to seek advice from the Office of the Australian Information Commissioner by calling 1300 363 992 or visiting oaic.gov.au.