Australia's Intelligent STI Check - Fast, Convenient and Discreet
What is personal information?
What personal information do we collect and hold?
We may collect the following types of personal information in respect of an individual:
- name, address and telephone number;
- age or date of birth;
- Medicare number, Veterans' Affairs number, Individual Healthcare Identifier (IHI) (note where personal information is provided by a health care provider, we may also collect that agent's Healthcare Provider Identifier – Individual (HPI-1) or Healthcare Provider Identifier – Organisation (HPI-O)), Health Care Card number, health fund details or pension number;
- current drugs or treatments used;
- information relevant to the individual's medical care, including but not limited to previous and current medical history and family medical history (where clinically relevant);
- ethnic background;
- profession, occupation or job title;
- the name of any health service provider or medical specialist to whom the individual is referred, copies of any letters of referrals and copies of any reports back; and
- any additional information relating to the individual provided to us directly through our representatives, medical or allied health professionals providing services at or from our Centres, Clinics or Call Centres, or otherwise.
We may also collect some information that is not personal information because it does not identify an individual. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
How do we collect personal information?
We collect personal information directly from individuals (unless it is unreasonable or impracticable to do so) or the relevant individual has consented to our collection of their personal information from their health care provider. When collecting personal information from individuals, we may collect it in ways including:
- by an individual completing one of our registration or patient information forms;
- as disclosed by an individual during the course of a consultation at our Centres, Clinics or Call Centres or
- through an individual's access and use of our website. We may also collect personal information from third parties including:
We may also collect personal information from third parties including:
- information provided on an individual's behalf with that individual's consent;
- from a health service provider who refers an individual to medical practitioners or allied health professionals providing services at or from our Centres, Clinics or Call Centres;
- from health service providers to whom an individual is referred;
- from an individual's employer or prospective employer; or
- from third party bodies such as law enforcement agencies and other government entities.
What happens if we can't collect personal information?
If an individual or a third party (as applicable) does not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide the requested services to the individual, either to the same standard or at all; or
- the individual's diagnosis and treatment may be inaccurate or incomplete.
For what purposes do we collect, hold, use and disclose personal information?
We collect, hold, use and disclose personal information for the following purposes:
- to provide medical and pathology services and treatment to an individual, and to enable an individual to be attended by medical practitioners or other allied health professionals at our Centres, Clinics or Call Centres;
- for administrative and billing purposes;
- to update our records and keep an individual's contact details up to date;
- to process and respond to any complaint made by an individual;
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulatory authority;
- for the purposes of data research and analysis including conducting clinical trials and proactive screenings and for the purpose of sending direct marketing communications in relation to these, and to our contractors who may use it for the same purposes. We will only collect, use or disclose an individual's personal information for research purposes with that individual's consent and will only directly market these services to an individual with that individual's consent;
- for inclusion in a recall register to be advised of follow up visits and medical updates;
- for the purpose of reporting back to an individual's employer or prospective employer, their authorised representatives and their insurer in the case of a work-related consultation or service;
- to answer enquiries and provide information or advice about existing and new products or services and all matters relevant to the services we provide to an individual;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of the SCS Group, its contractors or service providers; and
- to meet obligations of notification to our medical defence organisations or insurers.
To whom may we disclose personal information?
We may disclose an individual's personal information to:
- our employees, our medical professionals and allied health practitioners who provide medical services to that individual at our Centres and Clinics, related bodies corporate, contractors or service providers for the purposes of operation of our business, fulfilling requests by that individual, and to otherwise provide products and services to that individual including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
- suppliers and other third parties that we use in the ordinary operation of our business, such as for marketing, data processing and associated printing and mailing;
- that individual's employer or prospective employer, their authorised representatives and their insurer in the case of a work-related consultation or service; and
- any organisation or person for any authorised purpose with that individual's express consent.
We may combine or share any information that we collect from an individual with information collected by any of our related bodies corporate (within Australia).
My Health Record and Electronic Transfer of Prescriptions
If an individual has registered for a My Health Record (previously known as the Personally Controlled Electronic Health Record) through the Commonwealth Department of Health and provided us with access to their My Health Record, we may also collect, use or disclose that individual's personal information through the My Health Record system for the purpose of participating in the My Health Record system.
Some of our Clinics and Centres use electronic transfer of prescriptions (eTP) to exchange prescription information between our prescribing software and pharmacy dispensing systems. We may also use or disclose an individual's personal information through an eTP service.
Direct marketing materials
We may send an individual direct marketing communications and information about our products and services that we consider may be of interest to them. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006. If, in an individual's dealings with us, that individual indicates a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time an individual may opt-out of receiving marketing communications from us by contacting us or by using opt-out facilities provided in the marketing communications and we will then ensure that the individual's name is removed from our mailing list.
How can an individual access and correct their personal information?
An individual has a right under the Act to access and correct their personal information. An individual may request access to any personal information we hold about them at any time by contacting us using the contact details set out below. Where we hold information that an individual is entitled to access, we will try to provide that individual with suitable means of accessing it (for example, by mailing or emailing it to the individual). We may charge an individual a fee to cover our administrative and other reasonable costs in providing the information to them and, if so, the fees will be as advised from time to time. We will not charge for simply making the request and will not charge for making any corrections to an individual's personal information.
There may be instances where we cannot grant an individual access to the personal information we hold; however, we will only do so in accordance with our rights and obligations under the Act. For example, we may need torefuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give the individual written reasons for any refusal.
If an individual believes that personal information we hold about them is incorrect, incomplete or inaccurate, then that individual may send us a written request for us to amend it, including the basis on which the individual is requesting the amendment. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that the individual disagrees with it.
What is the process for complaining about a breach of privacy?
If an individual has cause to believe their privacy has been breached, we encourage them to contact us in accordance with the arrangements set out below and provide details of the incident so that we can investigate it.
Our procedure for investigating and dealing with privacy breaches is for the incident or complaint to be dealt with in the first instance by the particular Centre, Clinic or Call Centre at which the individual bringing thecomplaint received our services. If the issue cannot be resolved at this level, it will be escalated to the relevant Area or State Manager for review and resolution.
Do we disclose personal information to anyone outside Australia?
In relation to medicals and consultations procured or requested by our overseas clients, we may disclose an individual's personal information to these clients in their countries of operation. We do not otherwise disclose personal information to overseas recipients. In the event that we would like or are required to do so, we will obtain the individual's consent.
We take reasonable steps to ensure each individual's personal information is protected from misuse and loss and from unauthorised access, modification or disclosure – including the use of encryption technology, password protection and making sure that all of our systems and data are hosted within a secure environment. We may hold an individual's information in either electronic or hard copy form. When we no longer need an individual's personal information, we will destroy it or retain it in a way that the individual cannot beidentified.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information an individual communicates to us online. We also cannot guarantee that the information an individual supplies will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which an individual transmits to us online is transmitted at their own risk.
Our websites may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing individuals about their own privacy practices.
We can also be contacted by using the following details:
We will treat all requests or complaints confidentially. If an individual makes a complaint, our representative will contact that individual within a reasonable time after receipt of the complaint to discuss the individual's concerns and outline options regarding how they may be resolved. We will aim to ensure that all complaints are resolved in a timely and appropriate manner. After we have completed our enquiries, we will contact the individual who has brought the complaint, usually in writing, to advise the outcome.
If an individual is not satisfied with our response to their complaint, or at any time, that individual may refer their complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au).
In this document, the terms "we", "our", "us" or "SCS Group" mean Sonic Clinical Services Pty Limited Beachhead Holdings Pty Ltd and each of their related bodies corporate.