1.1 CheckUP is a not-for-profit organisation dedicated to better health for people and communities who need it most. Through our current range of health programs and initiatives, CheckUP has an established footprint in 179 communities across Queensland.
1.2 We provide members with strategic leadership and dynamic sector-wide linkages. We support the work of government and non-government primary health care providers and agencies. We provide government and other stakeholders with an effective channel for comprehensive sector-wide consultation and communication.
1.3 CheckUP is governed by the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (‘the Privacy Act’). The APPs set out the way organisations and government agencies can collect and use, disclose and provide access to personal and sensitive information.
1.4 Personal information is information that identifies or could identify a person, whether it is true or not. It includes, for example, name, age, gender and contact details.
1.5 Sensitive information as defined by the Privacy Act 1988 (as amended) is also personal information but relates to an individual’s opinions, views, racial or ethnic origin, political options or affiliations, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record or health, genetic, biometric information or biometric templates.
- Express – Express Consent is given explicitly, either orally or in writing. This could include a handwritten signature or an oral statement to signify agreement.
- Implied – Implied consent arises where consent may reasonably be assumed from the circumstances and from the conduct of the individual.
2.2 Data Breach
When personal information held by an organisation is lost or subjected to unauthorised access, use, modification, disclosure, or other misuse.
Personal information is disclosed to an external person or entity if:
- That person/entity does not already know the personal information and is not in a position to otherwise find it out; and
- The personal information is provided to the person/entity or placed in a position to enable them to find it out; and
- CheckUP ceases to have control over the external person/entity in relation to who will know the personal information in the future.
2.4 Health Information
Health information is generally information about someone’s health. In particular, it is:
- Personal information or an opinion (e.g. a medical opinion) that is personal information and is about the health or a disability at any time of an individual, about an individual’s expressed wishes about the future provision of health services to him or her (e.g. a desire not to be kept on a life support machine) or about a health service provided, or to be provided, to an individual (e.g. administrative information relating to an admission and discharge dates and fees);
- Other personal information collected to provide, or in providing, a health service;
- Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
- Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
An identifier of an individual is a number, letter or symbol, or a combination of any or all of those things, that is used to identify the individual or to verify their identity. This includes the individual’s name, ABN or anything else prescribed by regulation.
A natural living person
2.7 Personal Information
Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not; and
- Whether the information or opinion is recorded in a material form or not.
Bearing or using a fictitious name.
2.9 Sensitive Information
Information or an opinion:
- About an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association or trade union; sexual preferences or practices; or criminal record, that is also personal information;
- Health information about an individual; or
- Genetic information about an individual that is not otherwise health information;
- Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- Biometric templates
3 COLLECTION AND USE OF PERSONAL INFORMATION
CheckUP may collect personal information about an individual for the following reasons:
- To provide high quality health services for clients
- because an individual has provided it directly to CheckUP, for instance contact details, date of birth, gender and credit card numbers or bank account details;
- to provide a service that they have requested, such as health services or providing details to their professional association for the allocation of continuing professional development points;
- to process their CheckUP membership;
- to provide members with the most appropriate services for their needs;
- because they work for us;
- for purposes directly related to any of the above and any of CheckUP’s services;
- providing follow-up on information regarding CheckUP including responding to comments or questions;
- to meet any requirements of government funding for programs including receiving, collecting, collating statistical information and reporting that may at times include personal or sensitive information;
- to monitor and evaluate existing services and plan for future services.
CheckUP only uses personal and sensitive information for purposes which are directly related to the reason individuals provided us with the information in the first place and where they would reasonably expect us to use their information. We may also use their personal information where required by law or for contract compliance and reporting purposes.
4 HOW WE COLLECT INFORMATION
When possible, at the time personal and/or sensitive information is collected, CheckUP will provide individuals with information indicating why the information is required, what will be done with the information, to whom if anyone the information will be disclosed and the reason for disclosure if disclosure is required.
Whenever possible, CheckUP will collect personal information directly from the individual unless unreasonable or impractical for us to do so.
CheckUP may collect personal information in a variety of ways, including when individuals:
- use CheckUP’s services;
- use CheckUP’s website;
- phone CheckUP;
- write to CheckUP;
- email CheckUP;
- visit CheckUP in person or at events;
- through interviews;
- forms and questionnaires; and
- other evaluations.
When CheckUP collects an individual’s information, or as soon as practicable after, we will take reasonable steps to inform the individual:
- that the information has been received by CheckUP;
- how to contact CheckUP;
- if CheckUP has received their information from another source, the details of the information received and why it was received;
- why CheckUP is collecting the information;
- the consequences (if any) for the individual if they do not provide all or part of the information requested;
- the organisations or types of organisations to which CheckUP may pass the individuals information on to and the reason/s it is being passed to another organisation;
- that the individual can access and seek to correct their information;
- how complaints relating to their information can be made and how they will be handled; and
- whether CheckUP is likely to disclose information to overseas parties and if so, the countries in which those parties are located.
5 DISCLOSURE OF PERSONAL INFORMATION
5.1 Disclosure of personal information to third parties
CheckUP will not disclose an individual’s personal information to another person unless the individual has given consent or if one of the exceptions under the Privacy Act 1988 or other legislation or laws require or allow CheckUP to do so.
Specific rules exist for the disclosure of health information and further information on these can be found in the CheckUP Health Information Management Policy and Procedure.
Where possible, the information that could reasonable identify someone as an individual is first removed.
Except as set out above, CheckUP will not disclose an individual’s information to a third party unless one of the following applies:
- The individual has given their consent for CheckUP to do so;
- The individual would reasonably expect us to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information, it is directly related to the purpose for which it was collected);
- it is otherwise required or authorised by law
- it will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety;
- it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities; or
- it is reasonably necessary for the enforcement of a law conducted by an enforcement body.
5.3 Examples of disclosure:
5.3.1 Ongoing or quality care
Consumers of a health service may require care from other health services or health providers. To ensure quality care CheckUP will disclose necessary and relevant personal information to these other providers as part of the referral process. Consent will be obtained to make such referrals.
5.3.2 Contractual requirements.
To deliver services, CheckUP seeks funding from other organisations to provide the services. This funding is provided with contractual obligations that require CheckUP to report on the use of the funding.
Generally, CheckUP will use de-identified information including number of patients seen on a visit and number of Aboriginal and Torres Strait Islander patients seen on a visit to be used for funding reporting purposes.
However, information required for reporting may at times contain personal information. In this instance, CheckUP will implement processes to inform patients of this requirement and gain their consent, as required under the Privacy Act 1988. Contractual obligations cannot breach the Privacy Act 1988 and all the processes in this policy and under the Act will be followed to ensure privacy of information is maintained as required.
5.3.3 CheckUP Database
CheckUP maintains a database of individual and service provider contact details as outlined in Sections 1.3, 1.4 and 3.1 of this policy. Contact details may be used to send information to providers participating in the Outreach programs, CheckUP electronic newsletters and other promotional materials to members and stakeholders and, also Public Health alerts on behalf of Queensland Health to General Practitioners and Health Services.
5.3.5 Operational reasons
CheckUP may use personal information for management purposes, funding or monitoring of services, which is permitted under the Privacy Act 1988. The information used for these purposes is generally de-identified but when required some personal information may need to be used.
6 DISCLOSURE OF INFORMATION OVERSEAS
CheckUP will not send personal information out of Australia without the consent of the individual. A signed and verified consent form must be obtained if the patient or their legal entity is able to provide consent. Where this is not practicable i.e. the consumer is incapable of giving consent, then the information can be sent if the request is verified.
At times, CheckUP may send un-identifiable data overseas for business or quality purposes, however, all information will have personal data removed.
7 ANONYMITY AND PSEUDONYMITY
It is the individual’s choice to provide information to CheckUP. Wherever it is lawful and practicable, individuals have the option not to identify themselves or to use a fictional name when interacting with us.
An individual can remain anonymous when using some parts of the CheckUP website or sites administered by CheckUP.
It may be necessary for CheckUP to collect an individual’s personal or sensitive information if they would like certain materials or services. If they choose to withhold the information CheckUP requires, we may not be able to provide them the services they have requested. The impact of choosing not to provide necessary information will be explained to the individual.
8 INFORMATION SECURITY
CheckUP takes appropriate steps to protect an individual’s personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during use, storage, collection, processing and transfer, and destruction of the information.
The CheckUP website may contain links to external websites. We recommend that individual’s review the privacy policies of those external websites as CheckUP are not responsible for their privacy practices.
9 HOW TO ACCESS AND CORRECT INFORMATION
CheckUP will take reasonable steps to ensure that all personal information collected, used or disclosed is accurate, up-to-date, complete, relevant, and not misleading.
CheckUP will correct any personal information believed to be incorrect, out-of-date, incomplete, irrelevant or misleading. This may include taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction.
An individual may request to access or correct their personal information at any time by contacting the Privacy Officer. CheckUP will give an individual access to their information unless one of the exceptions under the Privacy Act 1988 applies. For example, if providing access would be unlawful or denying access is authorised by law.
If an individual requests access or to correct their information, CheckUP will respond within a reasonable time (usually within 30 days). If the request is refused, CheckUP will provide a written notice that sets out the reasons for refusal and how to complain about the decision.
10 DIRECT COMMUNICATIONS AND PROMOTIONAL MATERIALS
From time to time, CheckUP may send out promotional materials for marketing purposes.
An individual’s details collected for the purposes of providing a health service will not be used for the purposes of direct marketing communications or promotional materials.
If individuals do not wish to receive these communications, they can notify CheckUP to unsubscribe from that mailing list.
An individual’s information may also be used by CheckUP to provide them with details of other organisation’s services where permitted by the Privacy Act 1988 or where the individuals have consented to the use or disclosure of their personal information for direct communications and promotional materials.
It is CheckUP’s policy that any direct communications or promotional material will include a statement advising that if an individual can request not to receive further material by contacting us using the details provided.
The CheckUP website and sites administered by CheckUP uses software known as ‘cookies’ to record individuals who visit the website and collect some statistical information. CheckUP uses this information to help administer and improve our websites. We do not use this information to personally identify individuals. Information we may collect includes:
- The individual’s server address
- The individual’s domain name
- the date and time or access to the website
- pages accessed and documents downloaded
- the previous site visited
- if the individual has visited the website before
- the type of browser software in use.
A person may set their browser to disable cookies when visiting CheckUP websites. However, some website functions may be unavailable if Cookies are disabled.
12 COMPLAINTS AND ENQUIRIES
V3: Feb 2017
- 156 kB pdf