privacy statement

masthead_contactus
Aim of this policy
This policy outlines how Marie Stopes International Australia manages personal information. It also describes the sorts of information we hold and why, as well as how that information is collected, held, used and disclosed. We encourage readers to check our website regularly for any updates (see 'Further information' below).

Position statement

Marie Stopes International Australia is committed to maintaining the confidentiality and security of personal information we hold and to the protection of that information in accordance with the law.

 

Scope

Whose personal information do we collect?

Individuals from whom we collect personal information include but may not be limited to:

  • Our clients;
  • Health professionals;
  • Business contacts;
  • Employees and prospective employees; and
  • Contractors and service providers.

Dealing with us anonymously:

Where it is lawful and practicable to do so, individuals may deal with us anonymously (e.g. when enquiring about our products and services generally).

 

Collecting personal information:

If an individual is acquiring or has acquired a product or service from Marie Stopes International Australia , we may collect and hold their personal information to:

  • Provide the required services;
  • Administer and manage those services, including charging, billing and collecting debts;
  • Inform the individual of the ways the services provided could be improved;
  • Research and develop our services;
  • Gain an understanding of the individual's service needs so we may provide them with better service; and
  • Maintain and develop our business systems and infrastructure, including testing and upgrading these systems

What personal information do we collect?

The information collected may include an individual's:

  • Name
  • Date of birth
  • Occupation
  • Current and previous address (postal and email)
  • Telephone number
  • Medicare number
  • Health information (past and current)
  • Other information that we consider necessary

 

How do we collect personal information?

We will, if reasonable and practicable to do so, collect personal information directly from the individual concerned. This may take place when the individual fills out documents such as an administrative form or when the individual gives us personal information in person, over the telephone or through our websites.

 

In certain circumstances, we will collect personal information from third parties. For example, we may need to collect personal information from:

  • An individual's representatives (e.g. authorised representatives or legal advisers)
  • An individual's health service provider
  • An individual's treating health professional
  • Any other organisation identified below (see 'Disclosing personal information' below).

We will only collect information about you from third parties if it is not reasonable or practical to collect this information from you directly. Moreover, Marie Stopes International Australia  will take all reasonable steps to ensure that these parties abide by their responsibilities under the Privacy Act 1988 (Cth) (Act).

Similarly, all staff having access to confidential information are subject to confidentiality obligations.

 

Collecting sensitive information:

Unless we have consent, we will not collect information that reveals an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, details of their health, disability, sexual orientation or criminal record.

This is subject to some exceptions including if:

  • The collection is required by law or
  • The information is necessary to provide a health service

Consequences of not providing personal information:

Failing to provide Marie Stopes International Australia  with certain personal information can mean that, potentially, we may not be able to provide the relevant service to the individual concerned.

 

Disclosing personal information:

In line with modern business practices and to meet individuals' specific needs, we may wish to disclose some personal information to the organisations described below.

Where personal information is disclosed, we will seek to ensure that the information is held, used and disclosed consistently with the National Privacy Principles contained in the Act, any relevant Health Privacy Principles under state legislation (e.g. those contained in the Health Records Act 2001 (Vic) or the privacy provisions contained in Part 2 of the Health Records (Privacy and Access) Act 1997 (ACT)) and other applicable privacy laws and codes.

The relevant organisations include:

  • Outsourced service providers who manage the services we provide (e.g. mailing services, billing and debt recovery functions and marketing services);
  • Our advisers (including our accountants, auditors and lawyers);
  • Government and regulatory authorities and other organisations, as required or authorised by law;
  • Organisations involved in marketing our products and services;
  • Organisations jointly participating in, or assisting us to manage a promotion, event, seminar or competition;
  • Organisations involved in a transfer or sale or our assets or business;
  • Organisations involved in managing our corporate risk and
  • Our related companies.

If you do not wish to have your personal information provided to a third party please notify us prior to or at the same time as you provide your personal information to us (or at any time thereafter by contacting our privacy officer at the contact details below) and we will consider your request.

So as to provide you with the best possible care and advice, Marie Stopes International Australia  may  wish to share your personal details with certain third parties in the course of providing health care information and services to you or as may be required or permitted by law, including:

  • Your doctor
  • Specialists and consultants who may provide treatment to you
  • Community support providers
  • Your insurers, lawyers, the health department, Medicare, pathology
  • In certain emergencies where there is a serious threat to life
  • Other purposes as consented by you.

If further treatment is considered necessary after you become a client of Marie Stopes International Australia , then your information may also be disclosed to other members of our team providing health services to you.

 

Clients under the age of 16:
Marie Stopes International Australia  recognises the sensitivity of health care provided to clients under the age of 16. Marie Stopes International Australia  uses prescribed standards in the health care industry to assess whether the young person is aware of the implications of the particular service provided.

Where Marie Stopes International Australia  is satisfied that the young person is competent to make decisions, having regard to the young person’s maturity and his or her understanding of the relevant circumstances as well as the type and sensitivity of the information to be disclosed, then Marie Stopes International Australia  will observe any decisions made by that young person concerning his or her privacy.

 

Trans-border data flows:

Because we operate throughout Australia and overseas, some disclosures (see 'Disclosing personal information' above) may occur outside the state or territory in which an individual is resident.

 

Using government identifier:

In certain circumstances we are required to collect government identifiers, such as Medicare numbers. We do not use or disclose this information other than when required or authorised by law.

 

Marketing our products and services:

We will seek consent to use or disclose personal information for the purposes of informing individuals about Marie Stopes International Australia  products and services that may be of interest and suit their requirements.

 

Storing personal information:

It is the policy of Marie Stopes International Australia  to store all individual client information for a minimum period of 7 years since the last time of contact.

We store personal information in different ways, including in paper and electronic form. The security of personal information is important to us and we take reasonable steps to protect it from misuse or loss and from unauthorised access, modification or disclosure. Some of the ways we do this include:

  • Requiring our staff to maintain confidentiality;
  • Implementing document storage security policies;
  • Imposing security measures for access to our computer systems (see 'Privacy on the Internet' below);
  • Providing a discrete environment for confidential discussions;
  • Only allowing access to personal information where the individual seeking access has satisfied our identification requirements and
  • Ensuring there is access control into our buildings.

 

Privacy on the internet:

We take care to ensure that the personal information given to us on our websites is protected. Our websites have electronic security systems, including firewalls.

Also individuals may access external websites by clicking on links we have provided on our websites. These external websites are not subject to our privacy standards. Individuals need to review those websites to ascertain how the relevant organisation manages personal information.  These sites are not monitored or controlled by MSIA and therefore we cannot take responsibility for their content, claims of offer or privacy practices

 

Keeping personal information accurate and up to date:

We take all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information largely depends on the quality of the information provided to us. We therefore suggest that individuals:

  • let us know if there are any errors in their personal information; and
  • keep us up to date with changes to their personal information (e.g. their name and address).

Individuals may do this by mail or email (see 'Contacting us' below).

 

Accessing personal information:

Individuals have a right to access their personal information, subject to some exceptions allowed by law.

Individuals can contact us to obtain a form to request access (see 'Contacting us' below).

 

Privacy and Our Supporters

If you become a supporter of Marie Stopes International Australia , or join or subscribe to our e-newsletters, we usually collect the following kinds of personal information: Name and contact information - telephone, fax, email or address.

We will use this personal information to provide emails and mail outs with respect to supporter services, Marie Stopes International Australia  and its entities promotional events and information about Marie Stopes International Australia 's activities.

Marie Stopes International Australia  and its entities, will not share your information and does not make its supporter databases available to any other organisations.

 

Privacy and Making a Donation / purchase

If you make a donation to Marie Stopes International Australia , as well as your name and contact details, we may also collect the following information in regard to your donation: amount you donated, method of payment, and the payment history of any other donations.

Supporter and donors can request access, at any time, to personal information held about them. You can also delete your details from our records at any time.

To access or change your contact details at any time, please find our contact details here.

Privacy and Applying for a Job at Marie Stopes International Australia

If you supply your CV or make an application for a job online, we will hold onto your CV for 6 months, after which time it will be destroyed. We do not forward CV’s on to third parties. You may request to have your CV destroyed before the 6 month destroy period, at any time.

 

Health Privacy Principles

In addition to the National Privacy Principles, there are specific Health Privacy Principles in Victoria, New South Wales and the ACT that deal with the collection, use and disclosure of health information.

Our 'national' Health Privacy Principles are as follows:

 

Collection

We will only collect health information that is relevant to us, accurate, up to date and not excessive or overly intrusive.  We will do so in a lawful manner and for a purpose which is lawful and necessary for our functions and activities, provided that, where practicable, we will first obtain the consent of the individual concerned.  In some cases consent may not be obtained, including where:

  • the collection is required, authorised or permitted by law
  • the information is necessary to provide a health service and the individual is incapable of giving consent due to age, disability, mental disorder etc and there is no authorised representative available to provide consent
  • the collection is for a secondary purpose directly related to the primary purpose and the individual would reasonably expect us to collect the information for the secondary purpose
  • we have reason to suspect that unlawful activity has been, or is being engaged in and we collect the information as a necessary part of investigation of the matter or in reporting concerns to the relevant persons or authorities (and if it relates to a health service provider e.g. Community Services, it is not a breach of confidence)
  • the information is collected about a deceased or missing person or a person involved in an accident who is unable to consent and the health information is collected for the purposes of identifying the individual and contacting family members unless this is against expressed wishes of the individual before they died, went missing or became incapable of providing consent
  • the collection is necessary for research in the public interest and it is not practicable to seek the individual’s consent and is conducted in accordance with any relevant guidelines
  • we believe the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety and welfare or a serious threat to public health, public safety or public welfare and the information is collected in accordance with any relevant guidelines
  • the collection is by or on behalf of a law enforcement agency and we reasonably believe that the collection is lawful and necessary for the law enforcement function
  • the collection is necessary for the establishment, exercise or defence of a legal or equitable claim

 

Where health information is required to be collected by someone as part of their employment for the management, funding or quality of health services we provide, that person is allowed access to the information only for those purposes, unless these principles say otherwise.

Unless it is impracticable to do so, we will only seek health information from the individual concerned.  Where appropriate, we will advise any third party of our Health Privacy Principles.

We will endeavour to inform individuals from whom health information is sought:

  • the purpose for which the information is collected
  • where it is not obvious, which persons will have access to the health information collected
  • the consequences (if any) if the information sought is not provided
  • the fact that the individual can seek access to the information, correct the information, and how they may contact us

 

 

Use and Disclosure

We will only use or disclose health information for the primary purpose for which it was collected, or for a directly related secondary purpose which the individual would reasonably expect.  If there is any doubt about this expectation then we will endeavour to seek consent from the person for the use of their health information.  In appropriate cases confidentiality agreements will be entered into between us and other parties where there is use of personal or health information.  We may use or disclose health information for a secondary purpose, in other instances, including where:

  • the use or disclosure is required or authorised by law
  • the use or disclosure by us is necessary to provide a health service and the individual is incapable of giving consent due to age, disability, mental disorder etc and there is no authorised representative available to provide consent
  • the use or disclosure is necessary for training or research in the public interest when it will be published in a non-identifiable format and it is not practicable to seek the individual's consent and in the case of disclosure, we reasonably believe the recipient will not disclose the information
  • we believe the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual's life, health or safety and welfare or a serious threat to public health, public safety or public welfare and is in accordance with any relevant guidelines
  • we have reason to suspect that unlawful activity has been or is being engaged in and uses or discloses the health information to investigate the matter or to report concerns to relevant persons or authorities

 

Data security and retention

We will take reasonable steps to protect health information from misuse, loss, unauthorised access, unauthorised modification, and unauthorised disclosure.

We will only transfer, delete or destroy health information if permitted to do so by law, and when we do so we will make a note of the person whose health information has been transferred (and to whom it was transferred), deleted or destroyed, and when that occurred.

We will take reasonable steps to de-identify any health information if it is no longer needed for the purpose for which it was collected or used.

Usually, we will only destroy or delete health information the day the individual turns 25 (if they were under 18 when the information was collected) or, in the case of adults, seven years after we last provided a health service.

 

Openness

This document constitutes our policy on the management of our health information.  In addition to this document being available on our website, we will make this document available to anyone who reasonably requests a copy.

On request by any person, and provided we are not prohibited by law from doing so, we will take reasonable steps to inform that person generally what health information we hold about that individual, for what purpose, and how we collect, hold, use and disclose that information, and how it may be accessed.

 

Access and correction

If we hold health information about an individual, we will provide the individual with access to the information on request by the individual in accordance with our health privacy principles, unless a lawful exemption applies, including where:

  • providing access would pose a serious threat to the life or health of any person and refusing access is in accordance with any relevant guidelines
  • providing access would have an unreasonable impact on the privacy of other individuals and refusing access is in accordance with any guidelines
  • the information relates to existing legal proceedings between us and the individual and the information would not be accessible by the process of discovery in those proceedings or is subject to legal professional privilege or client legal privilege
  • providing access would reveal the intentions of us in relation to negotiations, other than about the provision of a health service, with the individual in such a way as to expose the organisation unreasonably to disadvantage
  • the information is subject to confidentiality under law
  • providing access would be unlawful
  • denying access is required or authorised by or under law
  • providing access would be likely to prejudice an investigation of possible unlawful activity
  • providing access would be likely to prejudice a law enforcement function by or on behalf of a law enforcement agency
  • a law enforcement agency performing a lawful security function asks us
  • not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia
  • the request for access is of a kind that has been made unsuccessfully on at least one previous occasion and there are no reasonable grounds for making the request again
  • the individual has already been provided with access to the health information and is making an unreasonable, repeated request for access to the same information in the same way.

 

Where providing access would reveal evaluative information generated within our organisation in connection with a commercially sensitive decision-making process, we may give the individual an explanation for the commercially sensitive decision rather than access to the information.

If an individual establishes that we hold information about them that is incorrect in some way, we will take reasonable steps to correct the information, or if we do not consider a correction to be warranted, we will attach a statement of the individual's concerns to the information held.

If we accept the need to amend the health record but:

  • we consider it likely that leaving incorrect information on a health record, even if corrected, could cause harm to the individual or result in incorrect health care treatment or assistance being provided; or
  • the form in which the record is held makes correction impossible; or
  • the corrections required are sufficiently complex or numerous for a real possibility of confusion or error to arise in relation to interpreting or reading the record if it were to be so amended;

 

we will place the incorrect information on a record which is not generally available to the individual's treating practitioner or treating team, and to which access is restricted, and take such steps as are reasonable in the circumstances to ensure that only the corrected copy is generally available to the practitioner or treating team.

 

Identifiers and anonymity

We will only assign identifiers (i.e. numbers or codes) to individuals if the assignment of identifiers is reasonably necessary to enable us to carry out any of our functions efficiently.

We will only adopt as our own identifier of an individual an identifier of an individual that has been assigned by a public sector organisation (or by their agent or contractor) if:

  • the individual has consented to the adoption of the same identifier; or
  • the use or disclosure of the identifier is required or authorised by or under law.

 

We will only use or disclose an identifier assigned to an individual by a public sector organisation (or by their agent or contractor) if:

  • the use or disclosure is required for the purpose for which it was assigned or for a lawful secondary purpose; or
  • the individual has consented to the use or disclosure; or
  • the disclosure is to the public sector organisation which assigned the identifier to enable the public sector organisation to identify the individual for its own purposes.

 

If the use or disclosure of an identifier assigned to an individual by a public sector organisation is necessary for us to fulfil our obligations to, or requirements of, the public sector organisation, we may either:

  • adopt as our own identifier of an individual an identifier of the individual that has been assigned by the public sector organisation; or
  • use or disclose an identifier of the individual that has been assigned by the public sector organisation.

 

Notwithstanding the above, whenever it is lawful and practicable, individuals to whom we provide health services may seek to remain anonymous, however this is not our usual practice.


Transborder data flows

We will only transfer information about an individual to someone (other than the individual or us) who is outside of the state or territory in which we provide the service to the individual if one or more of the following applies:

  • we reasonably believe the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of information that are substantially similar to these Health Privacy Principles
  • the individual consents to the transfer
  • the transfer is necessary for the performance of a contract between the individual and us, or for the implementation of pre-contractual measures taken in response to the individual’s request
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between us and a third party
  • all of the following apply:
  • the transfer is for the benefit of the individual
  •  it is impracticable to obtain the consent of the individual to that transfer
  • if it were practicable to obtain that consent, the individual would be likely to give it.
  • we have taken reasonable steps to ensure that the information which we have transferred will not be held, used or disclosed by the recipient of the information inconsistently with these Health Privacy Principles
  • the transfer is otherwise permitted by law.

 

Transfer/closure of a health service provider

If our practice or business is to be sold or otherwise transferred and we will not be providing health services in the new practice or business, or if our practice or business is closed down, we have certain legal obligations in relation to health information which we will comply with.  Further information about those obligations is available upon request.  In addition, from time to time we may have relationships with numerous clinical service providers and businesses.  In the event these businesses cease to operate or operate as partners in health services with us, we will expect to be notified of business organisation closures or transfers.

 

Providing health information to other health service providers

If an individual requests us to make health information relating to them held by us to another health service provider, or authorises another health service provider to request us to make health information relating to the individual held by us available to the requesting health service provider, we will, on payment of a lawful fee, and subject to the law, provide a copy or written summary of that health information to that other health service provider.  We will only link health information in a system across more than one organisation if the individual concerned has consented.

 

 

Complaints:

Individuals who believe that we have breached their privacy rights in any way or wish to discuss any issues about our privacy policy should contact our Privacy Officer (see 'Contacting us' below).

 

We will try to satisfy any questions and correct any errors on our part:

If we do not satisfactorily answer an individual's concerns, they have the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:

Office of the Privacy Commissioner
GPO Box 5218
Sydney NSW 1042

 

Contacting us:

Individuals may ask any questions about privacy and the way we manage personal information or obtain a form requesting access to personal information by writing to our Privacy Officer at GPO Box 1635, Melbourne, Victoria 3001 or visit our Contact Us page.

 

Further information

For further information about Marie Stopes International Australia  and how we operate, please refer to our website www.mariestopes.org.au

If you would like more information about privacy in general, please refer to the Privacy Commissioner's website: www.privacy.gov.au

 

Legislation and Standards

Privacy Act 1988 (Commonwealth)

Health Records Act 2001 (Vic)

Health Records (Privacy and Access) Act 1997 (ACT)

Health Records and Information Privacy Act 2002 (NSW)

National Privacy Principles

Health Privacy Principles Vic

Health Privacy Principles ACT

Health Privacy Principles NSW