The purpose of this policy is to set out how the GenesisCare group of companies in Australia (GenesisCare, we, us) collect and manage personal information (including but not limited to patient health information).
This policy describes our approach to collecting and managing personal information of all individuals that interact with GenesisCare, other than GenesisCare’s staff. Prospective, current and former GenesisCare staff should instead refer to the Privacy Notice for Staff (Australia).
2. What is our approach to handling personal information?
GenesisCare is committed to treating any personal information it collects and handles with respect, and to ensuring that it complies with relevant privacy laws, including the Privacy Act 1988 (Cth), and health records legislation.
3. What information do we collect about you?
This will depend on the nature of our relationship with you.
If you are a patient, the personal information we collect about you may include your name, contact details, date of birth, personal demographics information (including gender, race, heritage/ethnic origin, and marital status), Medicare details, concession/pension information (including DVA number if applicable), ambulance membership number, health insurance details, billing/account details, occupation and employment information, medical history information, diagnosis information, test results, family medical history, lifestyle information relevant to your health, next of kin and emergency contact information, guardian or legal representative information, other information that may be relevant to your diagnoses, treatment or healthcare and any other information you share with us.
We may also collect information about your interactions with us, including your responses to patient surveys relating to service improvement.
We may take photographs or audio-visual recordings of you in a clinical context in connection with your treatment or healthcare.
We will only collect information about your health, or other sensitive personal information about you (including photographs or audio-visual recordings of you), if we have your consent or if we are otherwise permitted or required by law to do so.
3.2 Healthcare professionals
If you are a referring clinician or other healthcare professional, the personal information we collect about you may include your name, contact information, professional details (including qualifications, accreditation and registration information), information regarding your interactions or work with us and any other information you choose to share with us.
We may also collect personal information about other members of the public, including visitors, families, and those who contact us via our website and other avenues.
The types of personal information we collect about you may include your name, contact information, identification information (for verification), relationship to a patient (if applicable), and any other information you choose to share with us.
4. How do we collect your information?
Where practicable, we will collect your personal information directly from you. We may sometimes also collect information from third parties, including your family members, referring clinicians, other healthcare professionals, service provider organisations and government departments or national record repositories. We will only collect health information from a third party if you have consented or where we are otherwise permitted by law to do so, such as in a medical emergency. We may also operate video surveillance systems at our facilities for the purposes of protecting the safety of our staff, patients and visitors.
4.2 Healthcare professionals
We will only collect your personal information directly from you.
Where practicable, we will collect your personal information directly from you. We may sometimes collect your personal information from another person, organisation or agency, where it is unreasonable or impracticable for us to collect it directly from you. We may also operate video surveillance systems at our facilities for the purposes of maintaining the safety of our staff, patients and visitors.
5. Why do we collect your information?
We collect and use your personal information for the following purposes (as applicable):
- Providing healthcare services to patients;
- Performing activities reasonably incidental to our ordinary course operations, such as:
- administration functions, including scheduling appointments and billing, safety and security purposes; and
- education, training, quality assurance and other analytical activities to evaluate and improve our patient management processes, patient outcomes, and broader healthcare and healthcare delivery;
- Dealing with enquiries, complaints and legal proceedings;
- Complying with legal obligations, including in relation to statutory and public health reporting requirements;
- Corresponding with clinicians and other healthcare professionals about clinical updates, events and other news which may be of interest to them or their practice;
- Sharing information with you about our products and services which may be of interest to you (you will always be given the option to opt-out of any marketing communications that we send); and
- Other purposes with your consent or approval from a registered Human Research Ethics Committee (if applicable), or as otherwise required or authorised by law.
5.2. Medical research and product development
We may use and disclose patient information for medical research and product development. For example, this may include the development of new diagnostic tools and products, treatment methods and pathways. In this case:
- We will only use or disclose your information in identifiable form if we have your consent or approval from a registered Human Research Ethics Committee;
- We may use or disclosure your information in de-identified form without further notice and without your consent. In this case your identity will not be apparent from the information in question.
We require that all researchers who have access to your information follow strict ethical guidelines.
6. Who do we share your information with?
We may need to disclose your information to others for one or more of the purposes described above.
For example, depending on the circumstances, we may need to disclose your information to:
- Clinicians and other healthcare professionals, such as GPs, pathologists, radiologists, medical and surgical specialists, pharmacists and allied health professionals, involved in your care;
- Government agencies and public hospitals, where we provide care to you under a contract with that agency or hospital and are required to provide the information under the relevant contract;
- Private hospitals and other private healthcare providers, where we provide health services to you (or they provide health services to you) under a contract between GenesisCare and that provider and are required to provide the information under the relevant contract;
- Courts and other public authorities, where we are required to do so by law (for example, if we are issued with a subpoena to produce medical records in relation to court proceedings);
- Our lawyers, insurers (including Medical Defence Organisations) and medical experts who help us to deal with enquiries, complaints and legal proceedings;
- External service providers and advisors who help us run our business, including software vendors and service providers who help run our IT systems;
- GenesisCare group entities;
- People legally responsible for your healthcare decisions, including your attorneys, guardians or other personal representatives (although we will not do this if you tell us not to);
- Researchers involved in medical research or product development; and
- Other people with your consent, such as your insurers, lawyers and close family, or as otherwise required or authorised by law.
7. We may disclose your information overseas
GenesisCare is part of a global organisation and we (or third parties acting on our behalf) may transfer personal information within the GenesisCare group of companies, including to its related companies located in Spain, the United Kingdom and the United States. We may disclose personal information to global suppliers that we engage for the provision of services to the GenesisCare group of companies and those suppliers may be located outside Australia.
Australian patient information will only be disclosed overseas for very limited purposes, such as where it is necessary to provide or facilitate the delivery of health services to the patient, and will remain stored in Australia.
8. How do we hold and protect your personal information?
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of third-party service providers who provide data storage, hosting and cloud computing services. In all cases we implement a range of measures to protect the security of that personal information.
9. What happens if you withhold information from us?
If you do not provide your personal information to us when requested, we may be unable to carry out the purposes described above. For example, it may cause us to be non-compliant with our legal obligations or unable to carry out our core activities (such as providing you with healthcare and treatment). The impact will depend on the nature of your relationship with us, your location and the type of personal information you wish to withhold. We will tell you about the implications of your decision if it becomes relevant.
10. How can you access or correct your information?
You may request access to any personal information we hold about you by contacting our Privacy Officer using the contact details set out below.
Please also let us know if your personal details change (for example, your name or contact details), or if you notice errors or discrepancies in information we hold about you. You may do this at your next appointment with us (if you are a patient) or by contacting our Privacy Officer using the contact details set out below.
We may ask you to verify your identity when you make an access or correction request. There may also be circumstances in which we will not be able to comply with your request. In these cases, we will provide reasons for why we cannot comply and will explain what other options may be available to you.
11. Interacting with ‘My Health Record’
If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if you have set access permissions to allow this. When requested to do so, we may upload your health information to the My Health Record system.
If you do not want us to access your information stored in your My Health Record, or to upload any information to it, you can modify access controls within the My Health Record system or opt out of the My Health Record program.
12. Interacting with our websites
We use four types of cookies:
- Strictly necessary cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
- Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
- Functional cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
- Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
We may use Google Analytics and Adobe Experience Manager to analyse usage of our websites from time to time. For more information about how these companies and their services collect and processes data, please see: www.google.com/policies/privacy/partners/ and www.adobe.com/privacy/experience-cloud.html.
You may accept or decline most types of cookies by adjusting the settings in your web browser. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites.
Our websites may include links to other websites that are run by third parties. We are not responsible for how those third parties may collect, use and share your information. Please carefully review any privacy statements published on third-party websites before you interact with those websites.
13. Do you have a question or complaint?
We may need to verify your identity and ask for further information, in order to investigate and respond to your question or complaint. We will aim to respond to you within a reasonable time (generally between 5 and 20 business days).
If we are unable to satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). Contact details for the OAIC can be found at the OAIC’s website: https://www.oaic.gov.au.
14. Contact us
Buildings 1 & 11, The Mill
41-43 Bourke Road
Alexandria, NSW, 2015
1800 325 100
15. This policy may change
Details correct as at April 2023.