Privacy Policy


Direct Health Solutions (DHS) Privacy Policy

Direct Health Solutions is required to comply with the Privacy and Personal Information Act 1998 (“PPIP Act”) and the Health Records and Information Privacy Act 2002 (“HRIP Act”). The National Privacy Principles form the core of the private sector provisions of the Privacy Act 1988, which set out the minimum standards for privacy, under which DHS operates.

The purpose of this document is to outline how Direct Health Solutions complies with its confidentiality and privacy obligations. Direct Health Solutions will make this Privacy Policy available to anyone who asks for it. 

As an organisation, Direct Health Solutions’ principal concern is and always will be the health of our consumers to whom we provide services.  A high level of trust and confidentiality is required to ensure the confidence of the consumers we service.  Callers to a Direct Health Solutions health service can be assured that their privacy will be protected when accessing a Direct Health Solutions health service; that their information will be collected and updated in accordance with law, and that subject to some limited exceptions, they can access their information for review.

Where Direct Health Solutions is providing health and absence recording services for organisations which are subject to an approved privacy code, Direct Health Solutions is required under contract to comply with the terms and conditions imposed by any approved privacy code.

Collection, Use & Disclosure

What information does Direct Health Solutions collect about me?

Direct Health Solutions recognises that the information we collect may be of a highly sensitive nature and so we have adopted the highest privacy compliance standards relevant to Direct Health Solutions to ensure health information and personal information (Personal Information) is protected.

Direct Health Solutions may collect Personal Information about you for the purpose of providing health and absence recording and data services to your employer.  Personal Information collected may include:

-Your name
- Your telephone number
- The start date and time of absence
- The estimated or actual return date of absence
- The reason for the absence
- Products or drugs used or proposed to be used by you
- Your previous and current medical history
- Your Age
- The name of any health service provider to whom Direct Health Solutions refers you
 


Why is my information collected?

Direct Health Solutions only collects information necessary to deliver health advice services and absence recording and data services. To help look after your own health we ask that you provide us with accurate and complete information.  Direct Health Solutions may collect information:

-Provided directly by you
-Provided on your behalf with your consent

How we use your Personal Information

Personal Information collected by Direct Health Solutions may be used or disclosed:

- For the purpose  that you were advised by your employer or for the purpose advised at the time of collection of the information by us
- As expressly permitted under any agreement with you
- As required for delivery of the relevant service to you
- As required for the ordinary operation of our services (i.e. to send you further requested information)
- As required under law
- Where there is a serious and imminent threat to an individual’s life, health, or safety 
- A serious threat to public health or public safety

Direct Health Solutions will retain your Personal Information in accordance with any record keeping laws.

Will anyone else receive information about me?

In some circumstances we may be required by law to release your Personal Information.  For example we are required to comply with a subpoena to produce medical records before a court.

Security

Given the sensitive nature of the Personal Information collected by Direct Health Solutions to provide its health services, extra precautions are taken to ensure the security of that information.  Direct Health Solutions uses a multi-level security system which includes firewall security, network security, server security, user security, and physical security to hold your Personal Information.

How do I protect my information?

Information about you is also located within Direct Health Solutions password-protected computer system and is available to healthcare professionals.

We maintain strict policies regarding who has the authority to access your Personal Information. All our personnel are bound by a formal code of conduct to maintain the confidentiality of your Personal Information.

We educate and monitor our personnel to ensure Personal Information is handled confidentially and with respect and care.

Direct Health Solutions requires its employees to observe obligations of confidentiality in the course of their employment. 

Calls with you may be monitored or recorded for quality assurance or monitoring purposes.  If you do not wish for your call to a Direct Health Solutions health service to be monitored or recorded you are able to discontinue the call at any time or advise the operator that you do not want your call recorded or monitored and Direct Health Solutions will respect your request and act accordingly.

How can I access my Personal Information?

You have a right under the Privacy Act 1988 to request access to your Personal Information held by Direct Health Solutions and if it is inaccurate to request correction.

Please note, however, that under the legislation, in special circumstances, access to your Personal Information may be declined or restricted by Direct Health Solutions (for example, where providing access would pose a serious threat to the life or health of you or another person).  If Direct Health Solutions does decline your request to access or correct your Personal Information, then Direct Health Solutions will provide you with reasons for such denial.

Direct Health Solutions will respond to your request for access to your Personal Information within 14 days of receipt of the request.  Direct Health Solutions may impose a reasonable fee for providing access to your Personal Information.  You will be advised of the fee at the time you are given access to your Personal Information.

Health Privacy Principles

The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act (HRIP Act). They are legal obligations describing what organisations must do when they collect, hold, use and disclose health information.

 Collection


1. Lawful – when DHS collects your health information, the information must be collected for a lawful purpose. It must also be directly related to the organisation’s activities and necessary for that purpose.

2. Relevant – DHS must ensure that your health information is relevant, accurate, up to date and not excessive. The collection should not unreasonably intrude into your personal affairs.

3. Direct – your health information must be collected directly from you, unless it is unreasonable or impracticable for the organisation to do so.

4. Open – you must be told why your health information is being collected, what will be done with it, and who else might see it. You must also be told how you can see and correct your health information, and any consequences if you decide not to provide it.

Even if an organisation collects health information about you from someone else, they must still take reasonable steps to ensure that you are aware of the above points.


Storage


5. Secure – your health information must be stored securely, not kept any longer than necessary, and disposed of appropriately. It should be protected from unauthorised access, use or disclosure.

 


Access & Accuracy


6. Transparent – the organisation must provide you with details about what health information they are storing about you, why they are storing it and what rights you have to access it.

7. Accessible – the organisation must allow you to access your health information without unreasonable delay or expense.

8. Correct –the organisation must allow you to update, correct or amend your health information where necessary.

9. Accurate – the organisation must make sure that your health information is relevant and accurate before using it.

Use


10. Limited – the organisation can only use your health information for the purpose for which it was collected, or a directly related purpose that you would expect. Otherwise they can only use it with your consent.


Disclosure


11. Limited - the organisation can only disclose your health information for the purpose for which it was collected, or a directly related purpose that you would expect. Otherwise they can only disclose it with your consent.


Identifiers & Anonymity


12. Not identified – an organisation can only give you an identification number if it is reasonably necessary to carry out their functions efficiently.

13. Anonymous – you are entitled to receive health services anonymously, where this is lawful and practicable.


Transferrals & Linkage


14. Controlled – your health information can only be transferred outside New South Wales in accordance with HPP 14.

15. Authorised – your health information can only be included in a system to link health records across more than one organisation if you expressly consent to this.

 

 

What to do if I have a privacy complaint?

If you wish to:

- Complain to Direct Health Solutions about a breach of privacy
- Access your Personal Information held by Direct Health Solutions
- Correct any information held by Direct Health Solutions about you
- Find out more about how Direct Health Solutions deals with personal information

You can contact:
Privacy Officer
Direct Health Solutions PTY Ltd
3/11 Rangers Road, Cremorne, NSW 2090

 

 

 


Direct Health Solutions (DHS) Privacy Policy

Direct Health Solutions is required to comply with the Privacy and Personal Information Act 1998 (“PPIP Act”) and the Health Records and Information Privacy Act 2002 (“HRIP Act”). The National Privacy Principles form the core of the private sector provisions of the Privacy Act 1988, which set out the minimum standards for privacy, under which DHS operates.

The purpose of this document is to outline how Direct Health Solutions complies with its confidentiality and privacy obligations. Direct Health Solutions will make this Privacy Policy available to anyone who asks for it. 

As an organisation, Direct Health Solutions’ principal concern is and always will be the health of our consumers to whom we provide services.  A high level of trust and confidentiality is required to ensure the confidence of the consumers we service.  Callers to a Direct Health Solutions health service can be assured that their privacy will be protected when accessing a Direct Health Solutions health service; that their information will be collected and updated in accordance with law, and that subject to some limited exceptions, they can access their information for review.

Where Direct Health Solutions is providing health and absence recording services for organisations which are subject to an approved privacy code, Direct Health Solutions is required under contract to comply with the terms and conditions imposed by any approved privacy code.

Collection, Use & Disclosure

What information does Direct Health Solutions collect about me?

Direct Health Solutions recognises that the information we collect may be of a highly sensitive nature and so we have adopted the highest privacy compliance standards relevant to Direct Health Solutions to ensure health information and personal information (Personal Information) is protected.

Direct Health Solutions may collect Personal Information about you for the purpose of providing health and absence recording and data services to your employer.  Personal Information collected may include:

-Your name
- Your telephone number
- The start date and time of absence
- The estimated or actual return date of absence
- The reason for the absence
- Products or drugs used or proposed to be used by you
- Your previous and current medical history
- Your Age
- The name of any health service provider to whom Direct Health Solutions refers you
 


Why is my information collected?

Direct Health Solutions only collects information necessary to deliver health advice services and absence recording and data services. To help look after your own health we ask that you provide us with accurate and complete information.  Direct Health Solutions may collect information:

-Provided directly by you
-Provided on your behalf with your consent


How we use your Personal Information

Personal Information collected by Direct Health Solutions may be used or disclosed:

- For the purpose  that you were advised by your employer or for the purpose advised at the time of collection of the information by us
- As expressly permitted under any agreement with you
- As required for delivery of the relevant service to you
- As required for the ordinary operation of our services (i.e. to send you further requested information)
- As required under law
- Where there is a serious and imminent threat to an individual’s life, health, or safety 
- A serious threat to public health or public safety

Direct Health Solutions will retain your Personal Information in accordance with any record keeping laws.

Will anyone else receive information about me?

In some circumstances we may be required by law to release your Personal Information.  For example we are required to comply with a subpoena to produce medical records before a court.

Security

Given the sensitive nature of the Personal Information collected by Direct Health Solutions to provide its health services, extra precautions are taken to ensure the security of that information.  Direct Health Solutions uses a multi-level security system which includes firewall security, network security, server security, user security, and physical security to hold your Personal Information.

How do I protect my information?

Information about you is also located within Direct Health Solutions password-protected computer system and is available to healthcare professionals.

We maintain strict policies regarding who has the authority to access your Personal Information. All our personnel are bound by a formal code of conduct to maintain the confidentiality of your Personal Information.

We educate and monitor our personnel to ensure Personal Information is handled confidentially and with respect and care.

Direct Health Solutions requires its employees to observe obligations of confidentiality in the course of their employment. 

Calls with you may be monitored or recorded for quality assurance or monitoring purposes.  If you do not wish for your call to a Direct Health Solutions health service to be monitored or recorded you are able to discontinue the call at any time or advise the operator that you do not want your call recorded or monitored and Direct Health Solutions will respect your request and act accordingly.

How can I access my Personal Information?

You have a right under the Privacy Act 1988 to request access to your Personal Information held by Direct Health Solutions and if it is inaccurate to request correction.

Please note, however, that under the legislation, in special circumstances, access to your Personal Information may be declined or restricted by Direct Health Solutions (for example, where providing access would pose a serious threat to the life or health of you or another person).  If Direct Health Solutions does decline your request to access or correct your Personal Information, then Direct Health Solutions will provide you with reasons for such denial.

Direct Health Solutions will respond to your request for access to your Personal Information within 14 days of receipt of the request.  Direct Health Solutions may impose a reasonable fee for providing access to your Personal Information.  You will be advised of the fee at the time you are given access to your Personal Information.

Health Privacy Principles

The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act (HRIP Act). They are legal obligations describing what organisations must do when they collect, hold, use and disclose health information.

 Collection


1. Lawful – when DHS collects your health information, the information must be collected for a lawful purpose. It must also be directly related to the organisation’s activities and necessary for that purpose.

2. Relevant – DHS must ensure that your health information is relevant, accurate, up to date and not excessive. The collection should not unreasonably intrude into your personal affairs.

3. Direct – your health information must be collected directly from you, unless it is unreasonable or impracticable for the organisation to do so.

4. Open – you must be told why your health information is being collected, what will be done with it, and who else might see it. You must also be told how you can see and correct your health information, and any consequences if you decide not to provide it.

Even if an organisation collects health information about you from someone else, they must still take reasonable steps to ensure that you are aware of the above points.


Storage


5. Secure – your health information must be stored securely, not kept any longer than necessary, and disposed of appropriately. It should be protected from unauthorised access, use or disclosure.



Access & Accuracy


6. Transparent – the organisation must provide you with details about what health information they are storing about you, why they are storing it and what rights you have to access it.

7. Accessible – the organisation must allow you to access your health information without unreasonable delay or expense.

8. Correct –the organisation must allow you to update, correct or amend your health information where necessary.

9. Accurate – the organisation must make sure that your health information is relevant and accurate before using it.

Use


10. Limited – the organisation can only use your health information for the purpose for which it was collected, or a directly related purpose that you would expect. Otherwise they can only use it with your consent.


Disclosure


11. Limited - the organisation can only disclose your health information for the purpose for which it was collected, or a directly related purpose that you would expect. Otherwise they can only disclose it with your consent.


Identifiers & Anonymity


12. Not identified – an organisation can only give you an identification number if it is reasonably necessary to carry out their functions efficiently.

13. Anonymous – you are entitled to receive health services anonymously, where this is lawful and practicable.


Transferrals & Linkage


14. Controlled – your health information can only be transferred outside New South Wales in accordance with HPP 14.

15. Authorised – your health information can only be included in a system to link health records across more than one organisation if you expressly consent to this.

What to do if I have a privacy complaint?

If you wish to:

- Complain to Direct Health Solutions about a breach of privacy
- Access your Personal Information held by Direct Health Solutions
- Correct any information held by Direct Health Solutions about you
- Find out more about how Direct Health Solutions deals with personal information

You can contact:
Privacy Officer
Direct Health Solutions PTY Ltd
3/11 Rangers Road, Cremorne, NSW 2090