Privacy Policy

Policy Statement

Timboon & District Healthcare Service (ABN 44 836 142 460) is a Victorian Public Health Service established under the Health Services Act 1988 (Vic) that manages a range of health services. We are also a registered provider of residential aged care services under the Aged Care Act 1997 (Cth).

Timboon & District Healthcare Service (TDHS) recognises the importance of your privacy and understands that the security of your personal information is important to you. This Information Privacy Policy (Policy) explains how TDHS manages the information that we collect, store, use and disclose and how to contact us if you have any further queries about our handling of your information.

By providing your information to us, you consent (to the extent that we require your consent under privacy laws to do these things) to TDHS collecting, holding, using and disclosing your information in accordance with this Policy.

Policy Details

Background

TDHS is required to ensure that its handling of information of patients, employees, healthcare professionals, contractors, volunteers, students and visitors is in accordance with the relevant legislation, including the

  • Privacy and Data Protection Act 2014 (Vic) (PDP Act);
  • Privacy Act 1988 (Cth) (Privacy Act);
  • Health Records Act 2001 (Vic) (Health Records Act);
  • Health Services Act 1988 (Vic) (Health Services Act);
  • Aged Care Act 1997 (Cth) (Aged Care Act);
  • Mental Health and Wellbeing Act 2022 (Vic) (Mental Health Act);
  • Freedom of Information Act 1982 (Vic) (FOI Act),
  • Family Violence Protection Act 2008 (Vic) (FVP Act);
  • Child Wellbeing and Safety Act 2005 (Vic) (CWS Act);
  • Public Records Act 1973 (Vic) (PRA Act).

Together, the Relevant Legislation.

Commonly used Terms relevant to Information Privacy

Personal Information:

  • Personal information is defined in the PDP Act as information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Health Records Act applies.

Sensitive Information:

  • Sensitive information includes information about an individual’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership or a professional or trade association, sexual preferences and criminal history

Health Information:

  • Where TDHS collects your health information, the collection or handling of that information is subject to the Health Records Act and Health Services Act, including if you are an employee of TDHS.

In this Policy, references to information may include personal, sensitive and health information unless indicated otherwise.

Why does TDHS collect your information?

In the course of our business, TDHS may collect information about you to perform our functions and activities as a health service and residential aged care service provider.

What type of information do we collect?

The types of information and documents containing your information we collect will vary depending on the nature of our interaction with you and may include:

  • Identifying and contact information (such as name, date of birth, address, email address and telephone phone number);
  • Next of kin or preferred contact person;
  • Your medical history, information about your health condition, treatment, images of diagnostic scans, test results, immunisation history statements and COVID-19 vaccination certificates, both past and present;
  • Parenting orders, powers of attorney, medical treatment decision maker nominations and advanced care directives;
  • Records of communication including complaints, requests and queries;
  • Photographs;
  • Credit card and payment details;
  • Criminal histories and clearances, including through police record checks and working with children checks;
  • Ethnic background;
  • Lifestyle history and family history;
  • Qualifications, education, professional registrations and employment history;
  • Commonwealth and Victorian government identifiers (such as Medicare numbers, individual healthcare identifiers, pension or Veterans’ Affairs numbers and drivers license numbers);
  • Private health insurer membership details;
  • Responses provided by you to surveys issued by us or by third party service providers on our behalf;
  • Referrals to us from other health services or health service providers;
  • Closed-circuit television (CCTV) footage in public areas.

Who do we collect information from?

TDHS may collect information about you from a range of sources including:

  • Patients, next-of-kin, carers, family members and guardians in the course of, or in anticipation of, providing health services to patients;
  • Healthcare professionals;
  • Job applicants, past and present board members, employees and contractors of TDHS;
  • Volunteers and students assisting TDHS in the provision of health services;
  • Victorian Government agencies, authorities and departments;
  • Commonwealth Government agencies, authorities and departments, such as Services Australia that maintains the national register where your vaccinations are recorded;
  • Victoria Police;
  • Visitors to our premises;
  • Third parties providing services to TDHS;

How does TDHS collect information?

TDHS will only collect information about you by lawful and fair means and not in an unreasonably intrusive manner

Depending on the nature of your interaction with TDHS, we may collect your information in a number of ways including directly from you, through our website, admission forms, correspondence (written and verbal) or from CCTV cameras in operation. We may also collect your information from a range of sources such as those listed in the section above.

If you are a patient, TDHS typically collects your information directly from you. If you do not have the capacity to provide information to us, we may collect your information from another party including your emergency contact or next-of-kin/guardian/carer and first responders (including police and paramedics). We may also collect your personal information from third parties such as your general practitioner (GP), external specialist clinicians, other treating health service providers, your aged care or other care facility, or from health service providers who partner with us to provide health services.

If you are a healthcare professional, TDHS typically collects your information directly from you or from your patient.

If you are a contractor of TDHS, we typically collect your information directly from you or from third parties such as a nursing agency or recruitment agency.

If you are a student, we typically collect your information directly from you or from your educational institution.

If you are a volunteer or a visitor, we typically collect your information directly from you.

If you are a third-party service provider, we typically collect your information directly from you or the organisation who employs or engages you.

If you are an employee, we typically collect your information from you and government agencies that hold information required to be collected by us for your commencement or ongoing employment such as mandatory vaccinations, police checks and working with children checks.

If you are have applied for a position with TDHS, we typically collect your information directly from you or from a third party recruitment agency engaged by us for the recruitment process. We do not contact your nominated referees or collect any confidential external information without your prior consent.

For what purposes does TDHS collect, hold, use and disclose your information?

TDHS collects, holds, uses and discloses information for a range of purposes including the
following:

  • To provide you, or your patient, with health services including hospital, diagnostic imaging, outpatient and residential aged care services;
  • To fulfil our clinical obligations;
  • To invoice and process any fees payable in relation to services rendered;
  • To manage our relationship with you and to contact you for follow up purposes, including to send you reminders and information about upcoming appointments/admissions;
  • To verify and update personal information held by us;
  • To perform business functions as an employer;
  • To recruit personnel;
  • To assess or manage risk of family violence;
  • To engage third party service providers;
  • To review, develop and improve our services including by asking patients to participate in a patient survey and quality improvement activities;
  • To undertake quality assurance, audits (clinical and non-clinical), accreditation, service planning, risk assessment and management and claims investigation and management;
  • To train and educate our staff and students;
  • To assist with administration, planning, financial or management purposes;
  • To comply with legal or regulatory obligations;
  • For other purposes required or authorised by or under law, including purposes for which
    you have provided your consent.
  • To provide updates to past patients about events, campaigns and fundraising activities.

Our range of services and our functions and activities may change from time to time.

If you provide your email address, telephone and/or mobile phone number, TDHS will use your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of these purposes.

To whom may TDHS disclose your information?

TDHS may disclose your information to other persons or organisations including to:

  • Healthcare providers including:
    o Healthcare providers who provide healthcare services to and at TDHS sites;
    o Your referring/treating healthcare providers; and
    o Healthcare providers we may refer you to for further healthcare services (including allied professionals, diagnostic imaging service providers and pathology service providers);
  • Victoria Police to lessen a serious threat to you or others if we reasonably consider that
    disclosure is necessary or warranted;
  • Other agencies to meet our obligations under the Family Violence Sharing Scheme;
  • Child Information Sharing Scheme;
  • The organisation that is funding the provision of our services to you such as government organisations (including Medicare Australia, TAC, WorkCover and Department of Veterans’ Affairs) and private health insurers;
  • Other persons or organisations engaged by TDHS to assist us in carrying out the above purposes such as telehealth platform providers, data storage providers, IT support providers, auditors, insurers, recruitment agencies and professional advisors;
  • Regulatory authorities and Commonwealth and Victorian government agencies such as Medicare Australia, Department of Veterans’ Affairs, the Inspector-General of Aged Care, WorkCover and TAC;
  • Courts, tribunals, safety and quality bodies and law enforcement agencies (such as providing CCTV recordings to Victoria Police);
  • Third parties for the purposes of reviewing the quality of services delivered and service improvement (de-identified);
  • Governmental departments or agencies to disclose certain information where we are required to do so by law about patients who have specific conditions, or to maintain a health or disease register where we are required to do so by law; and
  • Your family and/or emergency contact or next-of-kin/guardian/carer (unless you have requested that we do not do so).
  • To the operator of an ambulance service such as Ambulance Victoria, including to determine if a fee is payable to the ambulance service operator by a person transported to TDHS in an emergency

What happens if you don’t provide TDHS with your information?

If you do not provide information requested of you to TDHS, we may be unable to provide you with the services you request of us or otherwise employ you, work with or transact with you.

How does TDHS hold your information and manage the data quality and security of your
information?

TDHS stores information in hardcopy format on our premises and electronically on our servers, as well as through third parties who provide services to us, both in hardcopy format (for example off-site archives) and electronically (for example through cloud-based information storage systems). Some clinical services may involve the direct collection, storage and use of information by a third-party service provider, for example to monitor the functionality of implantable devices such as pacemakers.

To the extent required by the Relevant Legislation, TDHS will take reasonable steps to:

  • Make sure that your information that we collect, hold, use and disclose is accurate, complete and up to date;
  • Protect your information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;

Information held by TDHS which is no longer required is destroyed or de-identified in a secure manner, subject to the requirements of the Relevant Legislation.

Does TDHS transfer information outside of Victoria?

TDHS may disclose your information outside of Victoria and/or overseas. For example, TDHS may use service providers who are located outside of Victoria and/or overseas and may disclose your information to such service providers to the extent necessary for those service providers to deliver services to TDHS and/or to you. Suppliers are contractually required by TDHS to manage your information to a standard that reflects our obligations to you under the Relevant Legislation. Some suppliers have publicly available privacy policies that assist us to confirm how information disclosed by us to the supplier is handled.

How can you access or correct your information held by TDHS?

You have the right to request access to your information held by TDHS.

The most common requests for access to information received by TDHS (as a Victorian Public Health Service) are requests for copies of medical records. The FOI Act prescribes the process for requesting copies of medical records.

To information on how to make an FOI request to TDHS please visit our website: https://www.timboonhealthcare.com.au/freedom-of-information/

If our record of your information is incorrect in any way, you can request for it to be corrected

How TDHS handles complaints

If you have any concerns or complaints about the manner in which your information has been collected or handled by TDHS, please advise us of your concern or complaint through the Contact Us page of the website, send it our feedback team at feedback.tdhs@swarh.vic.gov.au or mail to Timboon & District Healthcare Service, 21 Hospital Road, Timboon 3268. Your concern or complaint will be considered or investigated and we will respond to your complaint as soon as practicable.

If you remain dissatisfied with our response and your concern or complaint relates to your health information, you may contact the Health Complaints Commissioner (HCC). The HCC responds to complaints about health services and the handling of health information in Victoria. Their service is free, confidential and impartial.

To lodge a complaint with the HCC you can:

  • Fill out a complaint form online at http://hcc.vic.gov.au;
  • Phone 1300 582 113 between 9am and 5pm, Monday to Friday to discuss your complaint;

If you wish to make a complaint about how we have handled your personal or sensitive information in the context of mental health and wellbeing services provided at TDHS, you may contact the Mental Health Complaints Commissioner (MHCC).

To lodge a complaint with the MHCC you can:

  • Fill out a complaint from online at www.mhwc.vic.gov.au;
  • Phone 1800 246 054 to discuss your complaint;
  • Email help@mhwc.vic.gov.au;

If you wish to raise your concern or complaint about how we have handled your personal or sensitive information with an external body, you may contact the Office of the Victorian Information Commissioner (OVIC). OVIC responds to complaints about the handling of information by Victorian public sector organisations. Their service is free, confidential and impartial.

For information about how to lodge a complaint with OVIC please visit the OVIC website: Privacy Complaints – Office of the Victorian Information Commissioner (ovic.vic.gov.au).

Further information

Further information about the application of the PDP Act and the FOI Act can be found at the website of the Office of the Victorian Information Commissioner at www.ovic.vic.gov.au.

Further information about the application of the Health Records Act and Health Services Act can be found at the website of the Health Complaints Commissioner (Victoria) at www.hcc.vic.gov.au.

Further information about the application of the Mental Health Act can be found at the website of the Mental Health and Wellbeing Commission (Victoria) at www.mhwc.vic.gov.au.

Changes to our Information Privacy Policy

This Policy is effective from August 2024. As this Policy is updated from time to time, to obtain a copy of the latest version at any time, please visit our website at https://www.timboonhealthcare.com.au/