Privacy Policy
1. Introduction and Purpose
The purpose of this policy is to set out how HeartHealth Holdco Pty Ltd and its subsidiaries known as the Advara HeartCare group (Advara HeartCare, we, us) collects and manages your personal information (including but not limited to patient health information).
The Advara HeartCare group includes CardioNexus Imaging Pty Ltd and TickerCardiology.
Advara HeartCare is committed to ensuring the privacy and confidentiality of personal information it collects. Advara HeartCare must comply with the Privacy Act 1988 (Cth) as applicable and with other applicable privacy laws that govern organisations like Advara HeartCare.
2. Personal information we may collect about you
Patients
If you are a patient, the personal information we collect about you may include: information about your medical history, test results, family medical history, ethnic background, Medicare, health fund and insurance details, billing/account details, current lifestyle, next of kin, emergency contact and other information that may be relevant to your diagnoses, treatment or healthcare. We may also collect information about your interactions with us, including your responses to patient surveys relating to service improvement. We may take photographs or audio-visual recordings of you in a clinical context in connection with your treatment or healthcare. We will only collect information about your health, or other sensitive information about you (including taking photographs or audio-visual recordings of you), if we have your consent to do so or if it is otherwise permitted by law.
Referring clinicians and other healthcare professionals
If you are a referring clinician or other healthcare professional who is involved in treating our patients, the personal information we collect about you may include your name, contact details, professional details (including qualifications) and information regarding your interactions or work with us.
Customers
We collect personal information about customers of other products or services we provide such as TickerCardiology who are natural persons (such as self-employed persons), and the representatives or contact persons of our customers who are legal entities. The types of personal information we collect may include name, contact information, bank account details and in limited circumstances identification information. We may also collect information about your interactions with us, including your responses to surveys relating to service improvement.
Service providers
We collect personal information about our service providers who are natural persons (such as self-employed persons), and the representatives or contact persons of our service providers who are legal entities. The types of personal information we collect may include name, contact information, bank account details and in limited circumstances identification information.
Others
We may also collect personal information about other members of the public, including a patient’s next of kin or other family and support persons, visitors and medical professionals. The types of personal information we may collect about these individuals includes their name, contact details, identification information, and any relationship they may have to a patient or our business.
3. How we collect your personal information
Where practicable, we will collect your personal information directly from you but we may sometimes also collect information from third parties, including family members, referring clinicians and other healthcare professionals and service provider organisations. We will only collect health information from a third party if you have consented or where we are otherwise permitted by law to do so, such as in a medical emergency. We may also operate video surveillance systems at our facilities for the purposes of maintaining the safety of our staff, patients and other persons visiting our premises. This may (though not always) involve the collection of some personal information.
4. Why we collect and how we use your personal information
Patients
We collect and use personal information for the following purposes:
• Providing our healthcare services;
• Performing administration activities, such as scheduling appointments and billing, and other activities incidental to our services;
• Performing education, training, quality assurance and other analytical activities to evaluate and improve our patient management processes, patient outcomes, and broader healthcare and healthcare delivery;
• Dealing with enquiries, complaints and legal proceedings;
• Complying with our legal obligations, including in relation to statutory and public health reporting requirements, such as mandatory reporting of child abuse or the notification of diagnosis of certain communicable diseases; and
• Other purposes with your consent or required or authorised by law.
Others
How we use your personal information will depend on why you are dealing or engaging with us and in what capacity.
We may use your information for the following purposes:
• Administering our relationship with you;
• Sending marketing and other communications such as clinical updates, information about our services, events, and other news relevant to you or our relationship;
• Performing activities that are ancillary to our operations and relationship with you, such as administration functions, and education, training, quality assurance and other analytical activities;
• Dealing with enquiries, complaints and legal proceedings;
• Complying with our legal obligations and other compliance and reporting requirements;
• Dealing with enquiries, complaints and legal proceedings; and
• Other purposes with your consent or required or authorised by law.
5. Research and product development
In addition to the above, we may also use your information in de-identified form for the purposes of research and product development activities. For example, this may include the development of new diagnostic tools and products, treatment methods and pathways. As we only use de-identified information for these purposes, you will not be identified as part of any of these activities.
Occasionally we may receive requests from external researchers who wish to conduct research using information in identifiable form. Any such researchers must follow strict ethical guidelines, including by asking for your consent to be part of their research. We will not share any identifiable information for research purposes without your consent.
6. When we share your information
We may need to disclose your information for one or more of the purposes described above. For example, depending on the circumstances including why you are dealing or engaging with us, we may need to disclose your information to:
• Referring clinicians and other healthcare professionals, such as pathologists, radiologists, allied health professionals, pharmacists, in relation to the provision of healthcare services to you;
• Government agencies, where we provide health services to you under a contract with that agency and are required to provide the information under the relevant contract;
• Private hospitals and other private healthcare providers, where we provide health services to you under a contract with that provider and are required to provide the information under the relevant contract;
• Your close relatives, close friends, and personal representatives who are legally responsible for your healthcare decisions (though we will not do this if you tell us not to);
• Your lawyers and insurance companies that have been authorised by you to obtain personal information from us;
• Government authorities where we are required to do so by law or in response to an order issued by a court or tribunal, such as where we are required to produce records in relation to court proceedings;
• Medical defence organisations, insurers, medical experts or lawyers who work for us and help us to deal with enquiries, complaints and legal proceedings;
• External service providers and advisors who help us run our business, including software vendors and service providers who help run our IT systems; and
• Within the Advara HeartCare group.
In some cases, the people we disclose your information to may be based overseas, including in the European Union, the United Kingdom and the United States of America.
7. My Health Records
If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if the access permissions you have set allow this.
If you do not want us to access personal information stored in your My Health Record, you may opt out or choose to modify access controls within the My Health Record system.
8. How we hold and protect personal information
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of service providers who provide data storage, hosting and cloud computing services. The security of personal information is important to us. In all cases we take reasonable steps to protect this information from misuse, interference and loss, and from unauthorised access, modification or disclosure. . Please note that any information that you send to us by electronic means may not be secure in transit unless it is encrypted. We are not responsible for the security of your information before it comes into our possession.
9. How you can access or seek correction of your personal information
You may request access to any personal information we hold about you by contacting our Privacy Officer using the contact details set out below.
Please also let us know if your personal details change (for example, your name or contact details), or if you notice errors or discrepancies in information we hold about you. You may do this at your next appointment with us or by contacting our Privacy Officer using the contact details set out below. We will take reasonable steps to correct the personal information we hold if we are satisfied it is inaccurate, incomplete, out of date, irrelevant or misleading.
We may ask you to verify your identity when you make an access or correction request. There may also be circumstances in which we will not be able to comply with your request. In these cases, we will provide reasons for why we can’t comply and will explain what other options may be available to you.
If we grant access to your personal information, we will try to provide it in the form you request. If that is not possible, we will provide a different way to access the information or discuss how access can be given through alternative means. We may charge a fee for collating and providing access to personal information in accordance with applicable laws.
If you have provided us with written signed authority (in the required form), we can give your authorised representative or lawyer access to your personal information.
10. Our websites
If you visit any of our websites, we may record various technical information such as your IP address, browser type, domain names, access times and referring website addresses. We use this information to run our websites and for analytical purposes.
Our websites may use cookies to help identify and interact more effectively with the access device you are using. A cookie is a text file that is placed on a user’s device by a web page server. Cookies cannot be used to run programs or deliver viruses to your device. The cookies we use help us to maintain the continuity of your browsing sessions and remember your details and preferences for when you return.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites.
Our websites may include links to other websites that are run by third parties. We are not responsible for how those third parties may collect, use and share your information. Our third party partners may also use cookies. Please carefully review any privacy statements and cookie policies published on the third party websites you visit.
We may use third party services such as Google Analytics to analyse usage of our websites from time to time.
11. What you should do if you have any privacy issues and complaints
If you have comments or concerns relating to this Privacy Policy or wish to make a complaint about our handling of your personal information, please contact our Privacy Officer using the contact details set out below.
We may need to verify your identity and ask for further information, in order to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time, and generally within 5 business days.
If we are unable to satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). Contact details for the OAIC can be found at the OAIC’s website: https://www.oaic.gov.au.
12. Our contact details
You may contact our Privacy Officer in relation to any matters covered by this Privacy Policy using the following contact details:
Attention: Advara HeartCare Privacy Officer
3/245 Given Terrace
Paddington QLD 4064
privacy@advaraheartcare.com
13. Changes to this privacy policy
We may review and update this Privacy Policy from time-to-time. A copy of the latest version of this Privacy Policy is always available at www.advaraheartcare.com.
Details correct as of November 2024