Healthdirect Australia Ltd (ABN 28 118 291 044) and its contractors provide a range of Australia-wide health and health related services to members of the Australian public and a range of jurisdiction-specific health advice and information services, health alert services, and health administration services. The services that we provide are wholly or jointly funded by the Australian Government and several state and territory governments.
- our provision of health services and information to members of the public via telephone and video (telehealth services) and our websites and other applications and interactive facilities or services accessed through our websites and applications (online services).
- our management of personal information in our corporate functions, such as when we engage with contractors, representatives of service providers and stakeholders, job applicants and other people.
What are our privacy obligations?
We handle your personal information in accordance with the Privacy Act 1988 (Cth) and where relevant, any State or Territory privacy laws that apply.
What kinds of personal information do we collect?
If you use our telehealth services, we may collect your name, age, gender, date of birth, contact details (such as your address, email address and phone number), information about your illnesses, symptoms you have experienced, or any existing disabilities.
Only where relevant, we may also collect information about your ethnic background, sexual practices, details relating to your pregnancy (such as your estimated due date, child’s name and birthdate) and other health services you are receiving or are to be provided in the future.
If you ask for a record of your call to be uploaded to the My Health Record (MHR) system, we may collect and store your healthcare recipient identifier (HRI) which is linked to your Medicare number. If you do not ask for upload to the MHR system, your HRI will not be collected or held.
For telehealth services, we may ask for the phone number at your location so that we can help direct emergency services to you, if needed.
If someone calls on your behalf, we may also collect their name and contact details. Unless requested not to, we capture audio and video recordings which may contain the personal information described above.
When you use our services, you can choose to deal with us anonymously, or by providing a pseudonym. If you wish to do this when contacting one of our services via a telephone or video call, please advise the call operator assisting you.
Providing your personal information enables us to remember you over time. For example, if you identify yourself on a call, we can provide you with a contact record reference number which allows you, and other authorised persons, to retrieve information about that call at a later date.
Online services and notifications
We may collect your personal information if you transmit personal information to us through our online services. When you use our online services, we may use your IP address to verify your location and that you are accessing the services from within Australia as well as other personal information for the purposes of identification and support.
If you choose to create a profile, our website will remember your preferences when you return to use our website or move across our websites, and to provide you with curated information.
If you create a personal profile for our online services, we may also collect additional information relevant to your circumstances and the services you are using, such as your name, contact details, details relating to your pregnancy (such as your estimated due date, information about your ovulation cycle and child’s name and birthdate). We will store this information which you can access via your personal profile using a password you create.
We will only record your email address if you send us an email, register to receive information or notifications from us, provide us with your email address when requested or create a personal profile.
You can unsubscribe from our information and notification services at any time by following the prompts on our online services, selecting the unsubscribe function in your personal profile or selecting unsubscribe in an email we have sent to you. You can also delete your personal profile at any time.
No attempt will be made to identify anonymous users (including users logging on using a pseudonym) or their browsing activities except where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider’s log files.
Personal information in our corporate functions
In the ordinary course of business, we may collect your personal information. This includes your name and business contact information such as your role title, work email address, office address, work telephone and fax numbers. We primarily use this information to communicate with you or the organisation that you represent.
Where you have applied for a role with us, we may collect your name and contact information, your cover letter and resume and may conduct background checks with your consent. Some of this information may be sensitive information under the Privacy Act.
Direct and indirect sources of personal information
We usually collect personal information directly from you — for instance, when you use our services, or when you send us an email, letter or complete an online or paper form.
At times, we will collect personal information about you indirectly, that is, from a third party, such as a healthcare service provider or residential care facility who is managing your care or from your family member who contacts us on your behalf.
How do we use and disclose personal information?
Telehealth and online services
Healthdirect Australia uses and discloses personal information for the following purposes:
- Providing healthcare services to you;
- Assisting Commonwealth, State or Territory health services or departments of health to provide you with health services or to address issues you may raise with them;
- Matching service delivery data with health information for service improvement;
- Compilation and analysis of statistics relevant to public health and safety; and
- Complying with its legal obligations.
Healthdirect Australia uses audio recordings of all consultations (via telephone or video call) to help ensure that the advice it gives meets the highest standards of safety and quality and is equal to best international practice.
Healthdirect Australia will share relevant information with health services and/or Government bodies in the event of a national or jurisdictional health disaster in order that an appropriate health response can be provided.
Healthdirect Australia may use your personal information to make a follow up call to you for feedback on your satisfaction with the services you have received.
Healthdirect Australia may consult regarding your case with another health service provider with your consent and possibly while you are still on the line.
Where a patient permits or has authorised another person to conduct their affairs (such as a spouse or guardian), is unconscious, incapacitated or a minor, Healthdirect Australia deals on their behalf with the person responsible for their welfare.
Healthdirect may disclose your personal information to IT service providers in Australia and overseas for the purpose of providing the services. Healthdirect uses IT service providers in Australia and in the United States.
There may be other disclosures where:
- you would reasonably expect the disclosure to occur;
- you have requested disclosure (including, but not limited to, upload of a record to the MHR system);
- Healthdirect Australia is authorised or compelled by law to disclose;
it will prevent or lessen a serious threat to someone’s life, health or safety or a threat to public health or safety;
- it is required for public health surveillance where symptoms are mapped geographically to see if patterns arise as an early warning system identifying epidemics;
- it is necessary as part of the establishment or defence of a legal claim;
- it is requested by an enforcement agency, such as the police;
- it is a necessary part of an investigation following a complaint or incident; or
- we transition our services to another provider, in which case personal information may be transferred to them for continuity.
Healthdirect Australia will not sell or rent personal information to anyone without your express consent.
Our online services may have links to other websites that are not controlled or owned by us (third-party websites). We recommend that you review the privacy policies of those websites. We are not responsible for your use of or any consequence of your use of third-party websites.
A “cookie” is a small text file supplied by Healthdirect Australia and stored by the web browser software on your computer when you access online services. (An explanation of cookies can be found at the website of the Australian Information Commissioner at www.oaic.gov.au.)
We also use non-identifiable traffic data to improve our services and for statistical purposes.
We use Google Analytics to anonymously track how users interact with online services including where they came from, what they did on the platform and what transactions have occurred. Web traffic information collected via Google Analytics may be transmitted to Google’s servers worldwide.
How do we protect your personal information?
We have systems and procedures in place to protect your personal information from misuse and loss, and from unauthorised access, modification, or disclosure.
Our websites have been tested to expected Government standards, however, there are inherent risks in transmitting information across the internet. We recommend that you take steps to protect yourself, such as regularly updating passwords and not sharing passwords across multiple websites.
We also take steps to ensure that our records of your information remain accurate, complete, and up to date, including by verifying the information with you each time you use our services or from other sources.
Records relating to our provision of telehealth and online services are retained for up to 25 years and in accordance with health records legislation. After this period, if the information is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify it.
How to access or correct your personal information
You have a right to request access to and/or correction of the personal information that we hold about you.
Before we give you access, or change your personal information, we may need to confirm your identity. If you provided information anonymously, it will not be possible to give you a copy of the information.
We will not charge you for making an access request, but we may ask you to pay a reasonable fee for the work involved in providing you with this information and for associated costs such as photocopying. You will be notified of any costs before your request is processed.
If we refuse to provide you with access to your record or to update your record in the way you request, we will provide you with written reasons.
If we refuse to correct or update your information, we will make a note on your record that you are of the opinion that the information is inaccurate, incomplete or out of date.
Click here to access the Healthdirect Personal Records Access or Change Request Form.
What if I have a complaint?
If you have a privacy complaint or concern relating to the way that we have handled your personal information, please contact Healthdirect Australia as detailed below. We will investigate your complaint or concern and respond to you within 10 working days.
If you feel we have not adequately resolved your complaint or concern, you may contact the Australian Information Commissioner at www.oaic.gov.au.
How to contact us
You can contact our Privacy Officer as follows:
PO Box K411
Haymarket NSW 1240
Last reviewed: July 2021
Last reviewed: July 2021