Application of the Policy
Capitol is subject to the Privacy Act 1988 (Cth) (Privacy Act) and handles the personal information (including health information) that it collects and holds in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. In addition to the federal Privacy Act, Capitol must also comply with certain State and Territory legislation.
This Policy explains how we manage personal information and also describes the sorts of information we hold and why, as well as how that information is collected, held, used, disclosed and disposed of. We are committed to protecting the privacy rights of all stakeholders.
What is personal or sensitive information?
Personal information is information or an opinion about an individual who is identified or capable of identification from the information, whether that information or opinion is true or not.
De-identified information is not personal information and involves the removal or alteration of other information that could potentially be used to re-identify an individual.
Dealing with us anonymously
Where it is lawful and practicable to do so, individuals may deal with us anonymously or by using a pseudonym (e.g. when inquiring about services generally). However if individuals wish to make a booking with our service, the service will require the provision of personal identifying information.
Visitors to our website do not disclose information unless they provide such information through the enquiry form. When individuals visit our website anonymously, non-personal information may be collected including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalised content to individuals while they are at this site.
What personal information is collected and held?
The information collected may include an individual's:
name, address (postal and email) and telephone numbers;
gender, date of birth, marital status, occupation, religion, country of birth, indigenous status, next of kin;
medical history and other health information we are provided with or collect in the course of providing our services;
payment information such as credit card details, health fund and health insurance cover details, workers compensation or other insurance claim details, Medicare details, concession card details;
other information needed to provide services.
Capitol may also collect personal information about:
patients in the course of providing diagnostic imaging services to patients;
healthcare professionals in the course of referring patients for diagnostic imaging services to Capitol or engaging healthcare professionals to assist to provide diagnostic imaging services to patients;
third parties providing a service to Capitol;
the shareholders of Capitol Health Limited; and
employees and contractors of Capitol.
Why do we collect, use and disclose personal information?
If an individual is to receive or has received a service from Capitol, we will collect, use or disclose their personal information:
to provide you, or your patient, with our products and services including diagnostic imaging services and other healthcare products and services;
to enable your treating healthcare professionals to provide you with healthcare services;
to invoice and process any fees payable in relation to the products and services rendered;
to manage our relationship with you (including if you are a healthcare professional, patient, service provider, shareholder or employee) including billing and to contact you for follow up purposes;
to verify and update personal information held by us;
to recruit personnel;
to review, develop and improve our existing and new products and services;
for quality assurance and insurance purposes;
for commercial or business purposes relating to the running or management of our business;
to comply with legal or regulatory obligations; and
for other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent.
If you do not provide personal information requested of you to Capitol, we may be unable to provide you with the products and services you request of us.
If you provide your email address, telephone and/or mobile phone number, you also consent to Capitol using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.
How do we collect personal information?
We will collect personal information from individuals directly where it is reasonably practical to do so. This often takes place in the ordinary course of delivery of a service such as when a person attends a Capitol facility for treatment, completes documents in order to receive that treatment, provides information over the telephone or applies for a job with us.
Other circumstances where we may collect information from third parties:
from an individual’s health service provider including specialists;
from a health professional who has treated the individual;
from an individual’s health insurer or other insurer;
from an individual’s family;
other sources where necessary to provide our services; and
to assess job applicants (e.g. police checks).
Trans-border data flows
Our websites may be hosted by servers outside Australia and we may also use technical support services that are based off shore. This means that technically speaking, individuals’ personal information may travel electronically from Australia to another country and back to Australia. When sending information offshore, we ensure all providers we engage can and will observe the requirements of the Australian Privacy Principles.
Storing personal information
We may store personal information in different ways, including in paper and electronic form. The security of personal and information is important to us and we take all reasonable steps to protect it from misuse or loss and from unauthorised access, modification or disclosure. We ensure compliance with the Notifiable Data Breaches Scheme established under the Privacy Act 1988 (Cth).
Some of the ways we do this include:
requiring our staff and contractors to maintain confidentiality and observe privacy laws to ensure compliance with the APPs;
implementing document storage security;
imposing security measures for access to computer systems; and
only allowing access to personal information where the individual seeking access to their own information has satisfied identification requirements.
Personal information is retained for the period of time determined by law and is disposed in a secure manner.
Keeping personal information accurate and up to date
We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information depends largely on the quality of the information provided to us. We therefore suggest that individuals:
let us know if there are any errors in personal information; and
keep us up to date with changes to personal information (e.g. their name and address)
Individuals may do this by mail, email or directly on the website (see Contact Us).
Accessing personal information
Individuals have a right to access their personal information and can contact us to request access. We may charge a nominal fee for providing access to personal information. In the event that copies of records are requested and approved, we may elect to charge for our reasonable costs involved in providing access. We will endeavour to advise individuals in advance if a charge will be imposed, and the likely amount of the charge. Individuals will be invited to consider other forms of access to minimise cost.
We will disclose individual’s personal information to an individual’s authorised representatives only where written authority has been provided or where evidence has been provided that nominated individuals can act on an individual’s behalf. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent or have legal authority to do so.
Individuals who believe that we have breached their privacy rights in any way or wish to discuss any issues about our Policy, should contact us on the details below so that we can try to satisfy any questions and correct any errors on our part.
However, if you are unhappy with our response, you have the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney, NSW 2001
Please contact us if you would like to seek access to or request that we correct the personal information we hold about you:
By mail: Capitol Health Privacy officer, PO Box 551, East Melbourne, VIC 8002
By telephone: (03) 9348 3333
By email: firstname.lastname@example.org
If individuals would like more information about privacy in general, please refer to the Office of the Australian Information Commissioner's website www.oaic.gov.au.