Who We Are
We are Direct Health Solutions Pty LTD ABN 16 737 156 052 (DHS).
DHS is committed to protecting employee personal information (Personal Information) and complying with our obligations under the Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles (APP) and other State and Territory laws governing the use of Personal Information (collectively, Privacy Laws) which regulate how Personal Information is handled from collection to use and disclosure, storage, access and disposal, including the Health Records and Information Privacy Act 2002 (“HRIP Act”).
Personal Information generally means any kind of information in any form about a person that identifies that person and includes sensitive information such as health information.
About The Policy
This Policy explains how DHS manages the Personal Information that we collect, use and disclose, and how an employee can contact DHS if they:
- Have any questions about our management of their Personal Information; or
- Would like to access or correct the Personal Information we hold about them; or
- Would like to lodge a complaint with us regarding our compliance with Privacy Laws.
As an organisation, our principal concern is and always will be the health of our consumers to whom we provide services. A high level of trust and confidentiality is required to ensure the confidence of the consumers we service. Callers to a DHS health service can be assured that their privacy will be protected when accessing a DHS health service; that their information will be collected and updated in accordance with law, and that subject to some limited exceptions, an employee can access their information for review.
Where DHS is providing health/medical, injury and absence recording services for organisations which are subject to an approved privacy code, DHS is required under contract to comply with the terms and conditions imposed by any approved privacy code.
Collection, Use & Disclosure
DHS recognises that the information we collect may be of a highly sensitive nature and so we have adopted the highest privacy compliance standards relevant to DHS to ensure health/medical information and Personal Information is protected.
DHS may collect Personal Information about an employee for the purpose of providing health/medical, injury and absence recording and data services to their employer. Personal Information collected may include:
- Contact number
- Previous and current medical history status
- The name of any health service provider to whom DHS refers the employee
DHS only collects information necessary to deliver health assessment, health advice services, and absence and injury recording services. We encourage employees to look after their own health and ask them to provide us with accurate and complete information. DHS may collect Personal Information:
- Provided directly by the employee or their employer
- Provided on the employee’s behalf and with their consent
How We Use An Employee’s Personal Information
Personal Information collected by DHS may be used or disclosed:
- For the purpose that the employee was advised by their employer or for the purpose advised at the time of collection of the information by us
- As expressly permitted under any agreement with the employee
- As required for delivery of the relevant service to the employee
- As required for the ordinary operation of our services (i.e. to send the employee further requested information)
- As required under law
- Where there is a serious and imminent threat to an employee’s life, health, or safety
- A serious threat to public health or public safety
DHS will retain an employee’s Personal Information in accordance with any record keeping laws.
Releasing Personal Information About The Employee
In some circumstances DHS may be required by law to release an employee’s Personal Information. For example we are required to comply with a subpoena to produce medical records before a court.
Given the sensitive nature of the Personal Information collected by DHS to provide its health services, extra precautions are taken to ensure the security of that information. DHS uses a multi-level security system which includes firewall security, network security, server security, user security, and physical security to hold an employee’s Personal Information.
How To Protect An Employee’s Personal Information
Information about an employee is also located within the DHS password-protected computer system and is available to healthcare professionals. DHS maintains strict policies regarding who has the authority to access an employee’s Personal Information. All our personnel are bound by a formal code of conduct to maintain the confidentiality of an employee’s Personal Information.
We educate and monitor our personnel to ensure Personal Information is handled confidentially and with respect and care. DHS requires its personnel to observe obligations of confidentiality in the course of their employment.
How An Employee Can Access Their Personal Information
Employees have a right under the Privacy Act 1988 to request access to their Personal Information held by DHS and if it is inaccurate to request correction. Please note, however, that under the legislation, in special circumstances, access to Personal Information may be declined or restricted by DHS (for example, where providing access would pose a serious threat to the life or health of the employee or another person). If DHS does decline an employee’s request to access or correct their Personal Information, then DHS will provide them with reasons for such denial.
DHS will respond to an employee’s request for access to their Personal Information within 14 days of receipt of the request. DHS may impose a reasonable fee for providing access to Personal Information. The employee will be advised of the fee at the time they are given access to their Personal Information.
If An Employee Has Concerns Over the Way DHS Has Collected, Used or Disclosed Their Personal Information
If an employee has any concerns or queries about the manner in which their Personal Information has been handled, please contact our Privacy Officer whose contact details are provided below.
If an employee wishes to make a formal complaint, they need to provide their complaint in writing to our Privacy Officer. We will consider their complaint promptly and contact them to seek to resolve the matter.
Generally, we will contact the employee to acknowledge receipt of their complaint and let them know who is managing their query within 5 business days. We will attend promptly to the employee’s complaint and will aim to respond to their concerns or otherwise keep them informed of our progress within 30 days.
If we have not responded to the employee within a reasonable time or if their complaint is not resolved to their satisfaction, they are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.
An employee can contact our Privacy Officer at:
Direct Health Solutions
Level 11, 50 Berry Street, North Sydney 2060