Introduction to privacy
Primary Health Care is committed to the right to privacy and the protection of personal information in accordance with new privacy laws.

About the Primary Health Care privacy policy
This privacy policy ("Policy") outlines how we manage personal information. It also describes the sorts of information we hold and why, as well as how that information is collected, held, used and disclosed. Depending on the Primary Health Care organization with which an individual deals, further information may apply in addition to the matters discussed in this Policy.

We encourage readers to check our website regularly for any updates (see 'Further information' below).

Whose personal information do we collect?
Individuals from whom we collect personal information include:

• our customers
• our patients
• health professionals
• business contacts
• employees and contractors

Dealing with us anonymously
Where it is lawful and practicable to do so, individuals may deal with us anonymously (e.g. when enquiring about our products and services generally).

Collecting personal information
If an individual is acquiring or has acquired a product or service from Primary Health Care, we will collect and hold their personal information to:

• provide the required services
• administer and manage those services, including charging, billing and collecting debts
• inform the individual of the ways the services provided could be improved
• conduct appropriate checks for credit worthiness
• research and develop our services
• gain an understanding of the individual's service needs so we may provide them with better service and maintain and develop our business systems and infrastructure, including testing and upgrading these systems

What personal information do we collect?

The information collected may include an individual's:

• name
• date of birth
• occupation
• current and previous address (postal and email)
• telephone number
• financial details
• tax file number
• health information and
• other information that we consider necessary

How do we collect personal information?

We will, if reasonable and practicable to do so, collect personal information directly from the individual concerned. This may take place when the individual fills out documents such as an application form or an administrative form or when the individual gives us personal information in person, over the telephone or through our websites.

In certain circumstances, we will collect personal information from third parties. For example, we may need to collect personal information from:

• a credit reporting agency
• an individual's financial advisers
• an individual's representatives (e.g. authorised representatives or legal advisers)
• an individual's employer
• an individual's health service provider
• an individual's treating health professional
• publicly available sources of information or
• any other organisation identified below (see 'Disclosing personal information' below)

Collecting sensitive information

Unless we have consent, we will not collect information that reveals an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a political trade union, details of their health, disability, sexual orientation or criminal record.

This is subject to some exceptions including if the collection is required by law or the information is necessary to provide a health service.

Consequences of not providing personal information

Failing to provide Primary Health Care with certain personal information means that, potentially, we may not be able to provide the relevant service to the individual concerned.

Disclosing personal information

In line with modern business practices and to meet individuals' specific needs, we may disclose personal information to the organisations described below.

Where personal information is disclosed, we will seek to ensure that the information is held, used and disclosed consistently with the National Privacy Principles contained in the Act, any relevant Health Privacy Principles under state legislation (e.g. those contained in the Health Records Act 2001 (Vic) or the privacy provisions contained in Part 2 of the Health Records (Privacy and Access) Act 1997 (ACT)) and other applicable privacy laws and codes.

The relevant organisations include:

• outsourced service providers who manage the services we provide (e.g. mailing services, billing and debt recovery functions and marketing services)
• credit reporting agencies
• our advisers (including our accountants, auditors and lawyers)
• government and regulatory authorities and other organisations, as required or authorised by law
• organisations involved in marketing our products and services
• organisations jointly participating in, or assisting us to manage, a promotion, event, seminar or competition
• organisations involved in a transfer or sale or our assets or business
• organisations involved in managing our corporate risk and
• our related companies
• Also, we may need to disclose an individual's personal information to their representatives (e.g. their authorised personal representatives or their legal advisers)

Transborder data flows

Because we operate throughout Australia and overseas, some disclosures (see 'Disclosing personal information' above) may occur outside the state or territory in which an individual is resident.

Using government identifiers

In certain circumstances we are required to collect government identifiers such as tax file numbers, Medicare numbers, pension numbers or Veteran's Affairs numbers. We do not use or disclose this information other than when required or authorised by law.

Marketing our products and services

We will seek consent to use or disclose personal information for the purposes of informing individuals about Primary Health Care products and services that may be of interest and suit their requirements and promotions or other opportunities in which they may be interested.

We assume we have consent to use service providers to assist us with marketing (e.g. mailing services or advertising agencies) unless we are told otherwise (see 'Contacting us' below).

Storing personal information

We store personal information in different ways, including in paper and electronic form. The security of personal information is important to us and we take reasonable steps to protect it from misuse or loss and from unauthorised access, modification or disclosure. Some of the ways we do this include:

• requiring our staff to maintain confidentiality
• implementing document storage security policies
• imposing security measures for access to our computer systems (see 'Privacy on the internet' below)
• providing a discrete environment for confidential discussions
• only allowing access to personal information where the individual seeking access has satisfied our identification requirements and
• ensuring there is access control into our buildings

Privacy on the Internet

We take care to ensure that the personal information given to us on our websites is protected. Our websites have electronic security systems, including firewalls and data encryption. Depending on the Primary Health Care organisation with which an individual deals, user identifiers, passwords and other access codes for our staff and third parties may be used to control access to personal information.

Also individuals may access external websites by clicking on links we have provided on our websites. These external websites are not subject to our privacy standards. Individuals need to review those websites to ascertain how the relevant organisation manages personal information.

Cookies

Primary Health Care uses cookies only in those areas that require session management to improve your experience on this web site. The only cookies that are used are in the 'Results for GPs' and administration areas. Users are required to log in to these areas for authentication. The cookies are memory resident in your computer and the Primary Health Care web server uses them to manage the current session only. The cookie is removed from your computer's memory when you log out.

Keeping personal information accurate and up to date

We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information largely depends on the quality of the information provided to us. We therefore suggest that individuals:

• Let us know if there are any errors in their personal information and
• Keep us up to date with changes to their personal information (e.g. their name and address)
• Individuals may do this by mail or email (see 'Contacting us' below)

Accessing personal information

Individuals have a right to access their personal information, subject to some exceptions allowed by law.

Individuals can contact us to obtain a form to request access (see 'Contacting us' below). We may charge a fee for collating and providing access to personal information.

Complaints

Individuals who believe that we have breached their privacy rights in any way or wish to discuss any issues about our privacy policy should contact our Group Compliance Manager (see 'Contacting us' below).

We will try to satisfy any questions and correct any errors on our part.

If we do not satisfactorily answer an individual's concerns, they have the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:

Office of Privacy Commissioner
GPO Box 5218
Sydney NSW 1042

Contacting us

Individuals may ask any questions about privacy and the way we manage personal information or obtain a form requesting access to personal information by:

Writing to our Group Compliance Manager at
Level 7, 5 Queens Road, Melbourne, Victoria 3004

Further Information

For further information about Primary Health Care and how we operate, please refer to our website wwwprimaryhealthcare.com.au. If you would like more information about privacy in general, please refer to the Privacy Commissioner's website: www.privacy.gov.au .