Who are we?
We are Medibank Health Solutions, a group of companies located in Australia and New Zealand that are subsidiaries of Medibank Private Limited ABN 47 080890 259 (Medibank). A current list of these companies is set out at the end of this policy. References to 'us', 'we' or 'our' refers to these listed companies. Together with Medibank, Australian Health Management Group Pty Ltd ABN 96 003 683 298 (ahm), ahm Health Insurance (a business of Medibank) and, where the context requires, other Medibank subsidiaries, we form the Medibank Group Companies.
We are engaged in the provision of various health-related services including medical services, travel and occupational health medicine, immigration visa medicals, allied health and telephonic and online health care services. Full details of our products and services offered can be found at www.medibankhealth.com.au.
Who does this policy apply to?
- All individuals whose personal information is collected, used or disclosed in the course of receiving health-related services from Medibank Health Solutions
- All individuals whose personal information is collected by us in the course of our functions and activities such as service providers, contractors and prospective employees.
Protecting your privacy
We are committed to protecting the privacy of your personal information and complying with the Privacy Act 1988 (Cth), State and Territory laws governing the use of personal information and the Privacy Act 1993 (New Zealand) (collectively the Privacy Acts), which regulate how personal information is handled, from its collection, to use and disclosure, storage, access and disposal.
‘Personal information’ generally means any kind of information in any form about a person that identifies that person and includes sensitive information such as health information.
When handling your health information, in addition to our obligations under the Privacy Acts, we must also comply with privacy legislation controlling the management of clinical and health information, including the Health Records Act 2001 (Vic) in Victoria, Health Records (Privacy and Access) Act 1997 (ACT) in the Australian Capital Territory, the Health Records and Information Privacy Act 2002 (NSW) in New South Wales, and the Health Information Privacy Code 1994 in New Zealand (collectively referred to as the Health Privacy Laws).
- how we manage the personal information that we collect, use and disclose; and
- how to contact us if you:
- have any questions about our management of your personal information;
- would like to access or correct the personal information we hold about you; or
- would like to lodge a complaint with us regarding our compliance with Privacy Acts and Health Privacy Laws.
What kind of personal information do we collect?
The types of personal information we may collect include:
- identifying information such as name, date of birth, employment details;
- contact information such as home address, home and mobile phone numbers and email address;
- government-issued identifiers including Medicare numbers;
- health information including current and past medical history, and any new health information;
- for some services, other sensitive information relevant to the provision of our services, including racial/ethnic origins, and sexual preferences and practices;
- financial information, such as bank account and credit card details; and
- information about your lifestyle and lifestyle interests (for example, sporting interests).
You generally have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, on many occasions we will not be able to do this. For example, we will need your name and other details in order to conduct your health assessments.
If you do not provide to us or authorise us to collect the personal information we request, we may be unable to provide you with our services.
How do we collect and hold personal information?
We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
We may collect your personal information from:
- you or a person authorised by or responsible for you;
- a government agency, employer, private health insurer, educational institution or service provider (including health service provider) or adviser who has dealt with you (or their authorised representatives;
- an organisation or agency on whose behalf we are providing you with our services; and
- where applicable, another Medibank Group Company with which you have an existing relationship.
Where we collect your personal information from a third party, we will take reasonable steps to ensure that you are made aware of this and in some cases we may require your further consent to do so.
Medibank Health Solutions takes all reasonable steps to protect your personal information from misuse, loss, or unauthorised access, modification or disclosure. We store your information securely and have a range of security controls in place to ensure that your information and documents are protected. All of our staff are trained on privacy and access to personal information is restricted to individuals properly authorised to do so.
We also take steps to make sure that the personal information that we collect, use and disclose is accurate, complete, up to date and relevant. We keep your personal information for only as long as it is required in order to provide you our services and to comply with our legal obligations. When it is no longer needed for these purposes, we take reasonable steps to destroy or permanently de-identify this personal information.
Why do we collect, use and disclose your personal information?
We collect your personal information to enable us to provide you with our products and services, to help us improve those products and services and to provide you with information about other products and services offered by other Medibank Group Companies. We may also be required by law to collect some personal information.
Where you provide personal information to us as a service provider, contractor or prospective employee, we collect your personal information to enable us to fulfil the purpose and related purposes for which you provided the information
We may use your personal information for these purposes, including to:
- provide you with health-related services including medical services, travel and occupational health medicine, immigration visa medicals, allied health and telephonic and online health care services;
- manage our relationship with you and contact you for follow-up purposes;
- help us improve our services, products, and operational processes and systems (including, for example, by customer satisfaction surveys);
- assess your suitability for, and contact you about, other products and services offered by or through us or Medibank Group Companies;
- undertake research, reporting and/or evaluation of our services (using de-identified information where possible);
- provide training and development for our staff (using de-identified information where possible);
- manage and resolve any legal, clinical or commercial complaints or issues;
- perform other functions and activities relating to our business and
- comply with our legal obligations.
In doing so, we may disclose your personal information to persons or organisations in Australia and overseas, including:
- health service providers;
- our agents and service providers, including technology providers;
- your employer or their authorised representatives;
- persons authorised by or responsible for you, including your agents, advisers and educational institutions;
- payment systems operators and financial institutions;
- any organisation or agency to whom you have consented or requested for your information to be disclosed;
- the organisation or agency on whose behalf we are providing you with our services; and
- other parties to whom we are authorised or required by law to disclose information.
How we communicate with you
From time to time, we may also collect and use your personal information so that we and other Medibank Group Companies can promote and offer our services to you and keep you informed of special offers, including by direct mail, SMS and MMS messages, by phone and email.
You can choose not to receive these communications by calling the Medibank Health Solutions business line(s) you are obtaining services from (e.g. Travel Doctor, Workplace Health), sending a request through the business line’s website, or responding to the unsubscribe message in any marketing email you receive.
Do we disclose your personal information overseas?
We may need to disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business. Most of these overseas organisations are service-providers or related entities which provide support and assistance to us in delivering our products and services to you.
Where we do, we take reasonable steps to ensure that your information is given the same type of protection as it is afforded within Australia. This may be through satisfying ourselves that the overseas organisation has controls in place to comply with Australian privacy laws, ensuring that the overseas organisation is located in a country which we believe has a similar privacy regime to Australia or through contractually or otherwise mandating the adequate management of the information.
On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not take the above steps in relation to the management of your information.
Please see the Appendix at the end of this policy which outlines the main countries to which personal information may be disclosed.
You can access or correct your personal information. How do you contact us to do so?
Medibank Health Solutions will generally provide you with access to your personal information if practicable (although an administration fee may be charged), and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
In some circumstances, for example where prescribed in the Health Privacy Laws, we may not permit access to your personal information, or may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision, seek alternatives and take any further legally required steps.
If you would like to access or correct personal information we hold about you, please contact the Medibank Health Solutions Privacy Officer whose detailed are provided below.
Do you have any concerns over the way we have collected, used or disclosed your personal information?
If you have any concerns or queries about the manner in which your personal information has been handled, please contact the Medibank Health Solutions Privacy Officer whose contact details are provided below.
If you wish to make a formal complaint, please provide your complaint in writing to the Medibank Health Solutions Privacy Officer. We will consider your complaint promptly and contact you to seek to resolve the matter.
Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within three business days. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.
If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
Medibank Health Solutiions Privacy Officer contact details:
Medibank Health Solutions Privacy Officer
Medibank Health Solutions
PO Box 712
Osbourne Park DC, WA, 6916
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.
Medibank Health Solutions companies
- Medibank Health Solutions Pty Limited (ABN 99 078 934 791) (formerly Health Services Australia Pty Ltd).
- Integrated Care Services Pty Limited (ABN 71 059 950 695).
- The Travel Doctor TMVC Pty Ltd (ABN 93 003 457 289).
- Medibank Health Solutions Telehealth Pty Ltd (ABN 40 069 396 792).
- Medibank Health Solutions New Zealand Ltd (which also provides services in New Zealand).
- Fitness2Live Pty Limited (ABN 94 138 752 815)
Appendix: Countries to which personal information may be disclosed
Listed below are the countries to which we may disclose personal information in the course of our functions and activities. This list does not include countries where you may have specifically instructed us to send your information or expressly consented to us sending your information.
Please see the Do we disclose your personal information overseas? section for information on the steps we take to ensure the adequate protection and appropriate management of this information.
- New Zealand
- United States
We may also send personal information to the below countries where we have provided Workplace Health or Travel Doctor health-related services.
- South Africa
- United Kingdom
This list is updated from time to time. You can visit our website at any time to view the latest version.