WA Primary Health Alliance (WAPHA) is committed to ensuring that your personal and health information is handled in accordance with Australian privacy laws. All WAPHA employees are bound by the legal requirements of the Australian Privacy Principles from the Privacy Act 1988 (Cth).
We understand that you may have concerns about your privacy and confidentiality while online. We take care to ensure that the personal information you give us is protected. For example, our websites have electronic security systems in place, including the use of firewalls and data encryption.
On occasion, we will ask you to provide personal information, which we use for internal purposes. Your information will assist us with various activities including targeted service commissioning as well as health planning and policy development to help improve your local health systems. Should you choose not to provide personal information requested, we may not be able to accurately provide the services you require.
As custodians of your data, we take this role seriously and take precautionary measures to ensure that your information is stored in compliance with the Australian Privacy Principles.
'Personal information'- means information or an opinion, whether true or not, or recorded in any form or not, about an individual whose identity is apparent, or can reasonably be ascertained. References to 'personal information' includes sensitive information and health information.
'Sensitive information'- is personal information about an individual's racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, orientation, practices or criminal record.
'Health information'- includes information about an individual's physical or psychological status, health services provided to the individual, or an individual's expressed wishes about the future provision of health services.
'Privacy law'- refers to legislation that applies to WAPHA’s collection and use of personal information. WAPHA is required to comply with the Privacy Act 1988 (Cth) and is bound by the Australian Privacy Principles ('APPs) set out in that Act.
‘Identifier’ of an individual as a number, letter or symbol, or a combination thereof, that is used to identify or verify the identity of the individual, but does not include the individual’s name. For instance, an identifier of an individual may include a Medicare number or Hospital/Medical Record Number.
‘De-identified’ “information is de-identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable”. De-identified information is no longer considered personal information under the Privacy Act 1988 and can be shared.
Anonymisation and confidentialisation are sometimes used interchangeably with de-identification.
- De-identification is the removal of identifying information from a dataset, and this data could potentially be re-identified e.g. if the identifying information is kept (as a key) and recombined with the de-identified dataset.
- Anonymisation is the permanent removal of identifying information, with no retention of the identifying information separately.
- Confidentialisation is a less commonly used term, the National Statistical Service uses it to mean a process that involves both de-identifying data and then taking the additional step of assessing and managing the risk of indirect identification occurring in the de- identified dataset
COLLECTION OF YOUR PERSONAL AND HEALTH DATA
WAPHA will collect personal information from you or, if required; by funding contract reporting, or from your health professional in a lawful and fair means and not in an unreasonably intrusive way. WAPHA shall collect, hold and use personal data about an individual only as permitted or required by applicable laws. WAPHA may be required by its funding bodies to collect personal data pertaining to the delivery of contracted programs for reporting purposes. This population level data is collected under agreement with providers and is de-identified. This data is generally related to age, ethnicity, social situation and diagnosis subject to treatment.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The information WAPHA collects depends on our relationship with the individual, the nature of the function we are performing and the services we are commissioning.
- In the case of health service providers, we usually collect names, addresses, phone numbers and other contact details, information about professional qualifications, information about the services offered or provided and provider numbers.
- From prospective and current employees and contractors we usually collect names, work addresses, phone numbers and other contact details, and information about work history and performance, qualifications, services offered or provided and other relevant details.
- From stakeholders and other members of our community, we only collect information to the extent necessary for the particular circumstances.
- Information may also be collected from volunteers who sit on committees and who support and assist WAPHA. Only information required for that purpose and information willing to be provided will be collected.
Where it is practicable to do so, we will allow people to deal with us anonymously or using a pseudonym. However, this is not the preferred method for patients/clients/consumers, health professionals or our employees, contractors and service providers.
When you use and access Primary Health Exchange (www.phexchange.wapha.org.au) we collect the following information:
- your email address and additional demographic information as provided by you on the registration form. Please note that you are able to browse any publicly accessible sections of this website completely anonymously without signing up.
- Engagement information such as the content you create as part of your interactions with this website. These can include responses to surveys, comments on discussion forums, or any of the other engagement opportunities available here.
- Information about your usage of the site, such as pages visited, documents downloaded, etc.
SECURITY OF INFORMATION COLLECTED
WAPHA shall take all legally required and commercially reasonable measures, proportional to the associated risk, to protect personal data from loss, misuse, unauthorised access or disclosure, alteration and destruction.
Where practicable, WAPHA shall collect population data in a de-identified state, or act immediately to reduce data to a de-identified state if unable to do so prior to receipt, ensuring no on-site backups are created of the pre-de-identified data. Pursuant to its records retention policies and procedures, WAPHA shall not keep personal data for longer than necessary or permitted by law.
Information will be held in a variety of ways, including in paper and electronic format, on secure databases that are only accessible by relevant employees. WAPHA may also hold photographic and video images taken of you with consent on secure systems. WAPHA takes all reasonable steps to obtain written permission to take and use photographs and video images.
WAPHA may use communication tools hosted overseas to enable us to communicate with key stakeholders within and outside of our region. In these instances, essential contact information (such as name, organisation and email address) may be stored overseas (US only). We will only use this information for sending you relevant communications and every effort is taken to minimise the amount of information we might store overseas and keep it secure.
USE OF YOUR PERSONAL AND HEALTH DATA
WAPHA shall take all legally required and commercially reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete and, where necessary, appropriately updated. In addition, WAPHA shall collect, hold and use personal data only for specific, legitimate business purposes and in a manner consistent with the purposes for which it was collected. The data may be used directly or indirectly for:
- compliance with legislative, regulatory and/or funding requirements;
- conduct of quality assurance, improvement, clinical audit and research activities in respect of the medical and allied health industry;
- engagement of service providers to provide health services;
- execution of risk and probity checks in respect of contract management;
- oversight and undertake performance management of service providers;
- provide information about WAPHA products and services;
- perform administrative operations; including accounting, payroll, risk management, record keeping, archiving, systems development and testing;
- conduct internal marketing or client satisfaction research;
- develop, establish and administer alliances and other arrangements with other organisations in relation to the promotion and use of related products and services;
- develop and identify products and services that may interest WAPHA stakeholders;
- promote the activities of WAPHA, its service providers and other partners; and
- advise WAPHA stakeholders about products and services that may be of interest to them.
DISCLOSURE OF YOUR INFORMATION
WAPHA will disclose your information to the following types of parties:
- to parties nominated by you in the case of an emergency;
- external payment systems operators where appropriate;
- Commonwealth and State government agencies and other funders;
- where WAPHA is authorised or required by law to comply with a request for your personal or sensitive data, e.g. in response to a subpoena or warrant if your information is required by evidence.
If at any point, you do not wish for us to collect, use or disclose information about you, please inform us and we will discuss the implications of this with you. The non-collection of personal data may result in limited access to WAPHA services and programs.
OUR WEBSITE AND COOKIES
We may collect personal information about you when you use and access our website. Our website can be found at www.wapha.org.au.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may use or disclose personal data (other than sensitive information) for direct marketing if:
- we have collected the information from you;
- you have consented to, or would reasonably expect us to, use or disclose the information for that purpose; and
- we have provided you with a simple means by which you may easily request not to receive direct marketing communications from us and you have not made such a request to us.
In this regard, you may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).
If personal data is sensitive, we will not use or disclose the information for direct marketing without your consent.
DISCLOSURE TO OVERSEAS RECIPIENTS
From time to time, circumstances may arise where there may be a need for us to disclose personal data to an overseas recipient. This may occur in a range of circumstances, for example where data is being stored and accessed by way of cloud computing or where we correspond with an international company or organisation.
Before disclosing personal information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient also complies with the APPs in relation to that information, unless the APPs do not require us to do so.
We will not be required to take the steps described in the paragraph above if:
- we reasonably believe that:
- the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
- there are mechanisms that could be taken to enforce the law or binding scheme; or
- both of the following apply:
- we expressly inform the individual about whom the information relates that if they consent to the disclosure of the information, we will not be required to take the steps described above; and
- after being so informed, the individual consents to the disclosure; or
- the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
- the APPs otherwise allow us to refrain from taking the steps described above.
SOLICITED AND UNSOLICITED PERSONAL INFORMATION
WAPHA will not collect personal information unless the information is reasonably necessary for, or directly related to, one of WAPHA’s functions or activities as listed previously. If WAPHA receives personal information and did not solicit the information, WAPHA will determine whether or not the information could have been collected under Australian Privacy Principles, if the information had been solicited. If WAPHA determines the information could not have been collected and the information is not contained in a Commonwealth record, WAPHA will destroy copies of the information received or ensure the information is de-identified.
AMENDMENTS AND CONTACT DETAILS
WAPHA shall maintain procedures to give individuals reasonable access to their personal data and, as appropriate, the ability to correct, delete or update inaccurate or incomplete information. Any individual who wishes to gain access to their personal information stored with WAPHA must make the request in writing to firstname.lastname@example.org. Requests will be acknowledged within seven days, and the intent is to provide information approved requests within 30 days from original request date.
Subject to the APPs, WAPHA may deny individuals access to their personal information in the following situations:
- the information relates to existing or anticipated legal proceedings between the individual about who the information relates and ourselves, and would not be accessible by the process of discovery in those proceedings;
- access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- granting access would be unlawful; and
- denying access would be likely to prejudice the taking of appropriate action in relation to the matter.
If we refuse to give access to personal information in accordance with the APPs, we will provide a written notice setting out:
- the reasons for denying access to personal information (except where it would be unreasonable to provide the reasons);
- the mechanisms available to complain about the refusal; and
- any other matters prescribed by the regulations.
Generally, we will not charge fees for giving you access to your personal information. However, we reserve the right to charge reasonable fees where requests for personal information contain complications or are resource intensive.
Any individual who wishes to correct their personal information stored with WAPHA must make the request in writing to email@example.com. Requests will be acknowledged within seven days, and the data updated within 14 days from original request date. For requests to amend information uploaded to Primary Health Exchange, please email firstname.lastname@example.org.
Any individual who wishes to raise a privacy complaint may do so via the WAPHA website contact form, by telephone, via email email@example.com or in person. This complaint will be handled in accordance with the WAPHA Complaints and Incident Management policy.
If an individual believes their complaint has not been appropriately handled by WAPHA, they should contact the Office of the Australian Information Commissioner, 1300 363 992 (local call charge) or via www.oaic.gov.au.
If you require a printed copy of this policy please contact WAPHA by phone on 08 6272 4900 or email firstname.lastname@example.org and WAPHA will provide a copy of this policy free of charge.
If you need an interpreter to understand our privacy collection notice, please call TIS National, the Translating and Interpreting Service, on 131 450.