Pretium Pty Ltd (Pretium) is an organisation that provides health and disease management services; observational and clinical research studies and assigns teams of general and specialist nurses, allied health professionals and study coordinators to programs to improve the care, health and wellbeing of Australians.
What is personal information?
Pretium seeks to balance the public interest in the proposed research or health or disease management service activity against the public interest in the protection of privacy. Properly informed management of health services delivered to individuals and the community are necessary for individuals to receive the best possible health and medical care. The conduct of research relevant to public health and health service management is important for providing information to help the community make decisions that impact on the health of individuals and the community. These activities are carried out in a way that complies with the Australian Privacy Principles and minimises the intrusion on an individual’s privacy and prevents embarrassment, loss of dignity or discrimination.
In the case of research, this balance is optimally achieved by obtaining the consent of participants prior to using identifiable data for research purposes. Where obtaining individual consent is impracticable, de-identified information may be used for research purposes. De-identified information is information which by itself does not identify the individual to which it relates.
In the case of health or disease management services, identification of patients is an important part of delivering optimal care to those patients eligible for the service. For example, delivering Chronic Disease Management services requires the identification of patients who are eligible for health care assessments and allied health services. If the information about an individual was collected and is used to provide care, it falls within the guidelines for use of information laid out in the Australian Privacy Principles. CDM services often require database searches to identify appropriate patients. To ease the burden on GPs or specialists, medical centres or practices can delegate information-gathering tasks (e.g. patient assessment, identification of
patient needs and making arrangements for services) to nurses (including practice nurses), Aboriginal health workers or other health professionals(1). Pretium staff respect individual patient’s rights to privacy and support this important objective of delivering Chronic Disease Management to suitable patients. Once suitable patients have been identified and recalled, patient consent can be obtained for the provision of further CDM services.
At no time will Pretium collect identifiable information unless an individual has consented to its collection.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website. If we need to collect sensitive information (such as your ethnic background), we will not collect that information unless we have first obtained your consent.
The Australian Privacy Principles (APPs) outline privacy standards that the non-government health sector must follow(2) - Pretium complies with these Principles. The Principles specify that a health organisation can only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose, which is within the individual’s reasonable expectations or for use and disclosure for which the individual has given consent(3). For example, information collected during patient assessments, from a pathologist or other health care provider, is collected for the purpose of managing the patient’s health care or disease. A Pretium nurse performing a review of patients to create a disease-specific register to support improved health management within a Chronic Disease Management activity would be a directly related purpose for which original information was obtained and so complies with the Australian Privacy Principles.
We have summarised the Australian Privacy Principles and our obligations, as they relate to health and personal information below(2):
1. We do not collect personal information unless the information is necessary for one or more of its functions or activities, eg to deliver a health service.
2. We do not use or disclose personal information about an individual for a purpose other than the primary purpose of collection unless: (a) the secondary purpose is related to the primary purpose of collection and are within the individual’s reasonable expectations, or (b) the individual has consented to the use or disclosure.
3. We take reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date.
4. We take reasonable steps to protect personal information.
6. If we hold information about an individual, we provide the individual with access to the information on request. Or if access is denied or is considered incorrect, we will provide the persons with valid reasons for denial of access or refusal to correct personal information.
7. We use our own identifier of an individual and not another identifier like your Medicare or Veterans Affairs number.
8. Individuals have the option of not identifying themselves, or of using a pseudonym, when dealing with us, wherever it is lawful and practicable.
9. We do not disclose your personal information to overseas recipients. In the event that we would like or are required to do so, we will obtain your consent.
10. We do not collect ‘sensitive information’ without the individual’s consent, unless the collection is required by law or falls within some specified limited circumstances.
When might an individual’s personal information be used or disclosed?
• For the purpose you, the patient, were advised of at the time of collection of your information by us;
• As required for delivery of the health service to you;
• As required for the ordinary operation of our services (for example to refer you to a medical specialist or other health service provider, or to receive advice from that provider);
• As required for the conduct of quality assurance and research and training;
• Advising patients of centre-based activities, billing, liaising with government offices and insurance companies regarding Medicare and other entitlements;
• As required under compulsion of law; or as may be required by our insurers
• Where there is a serious and imminent threat to an individual’s life, health, or safety; or a serious threat to public health or public safety.
To whom may we disclose an individual’s information:
We may disclose your personal information to:
• Our employees, medical professionals, other health care professionals and allied health practitioners who provide medical services to you at your medical centre or related bodies;
• Suppliers and other third parties with whom we have commercial relationships, for participation in health care programs that may be of interest, and related purposes;
• Any organisation or person for any authorised purpose with your consent; and
• Other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We may combine or share any information that we collect from an individual with information collected by any of our related bodies corporate (within Australia) for the purpose of improving care and access to health care programs.
How can an individual access and correct their personal information?
An individual may request access to any personal information we hold about them at any time by contacting us. Where we hold information that an individual is entitled to access, we will try to provide suitable means of accessing it (for example, by mailing it to you). We may charge a fee to cover our administrative and other reasonable costs in providing the information and, if so, the fees will be as advised from time to time. We will not charge for simply making the request and will not charge for making any corrections to personal information. There may be instances where we cannot grant access to the personal information we hold; however, we will only do so in accordance with our rights and obligations under the Privacy Act. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will provide written reasons for any refusal.
If an individual believes that personal information held about you is incorrect, incomplete or inaccurate, then individuals may send us a written request to amend it, including the basis on which amendment is requested. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that the individual disagrees with it.
What is the process for complaining about a breach of privacy?
If an individual believes that their privacy has been breached, the individual should contact us in accordance with the arrangements set out below and provide details of the incident so that we can investigate it. Our procedure for investigating and dealing with privacy breaches is for the incident or complaint to be dealt with in the first instance by the particular medical centre or other location at which you received our services. If the issue cannot be resolved at this level, it will be escalated to the relevant manager for review and resolution.
We take reasonable steps to ensure personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information communicated to us online. We also cannot guarantee that the information supplied will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which is transmitted to us online is transmitted at an individual’s own risk.
Level 14, 3 Spring St
Sydney NSW 2000
We will treat requests or complaints confidentially. We will contact individuals within a reasonable time after receipt of a complaint to discuss concerns and outline options regarding how they may be resolved. We will aim to ensure that concerns or a complaint is resolved in a timely and appropriate manner.
1 Care Planning in General Practice, Inner North West Melbourne Medicare Local, November 2013
2 Guidelines under Section 95A of the Privacy Act 1988, NHMRC, November 2014
3 Australian Medical Association Privacy Resource Handbook, Canberra 2002