Step Right Health Pty Ltd (ABN 74649591408) is a private health service provider.
By providing your information to us, you consent (to the extent that we require your consent under privacy laws to do these things) to Step Right Health collecting, holding, using and disclosing your information in accordance with this Policy.
Step Right Health is required to ensure that its handling of information of patients, employees, healthcare professionals, contractors, volunteers, students and visitors is in accordance with the relevant legislation, including the:
- Privacy and Data Protection Act 2014 (Vic) (PDP Act);
- Privacy Act 1988 (Cth) (Privacy Act);
- Health Records Act 2001 (Vic) (Health Records Act);
- Health Services Act 1988 (Vic) (Health Services Act);
- Aged Care Act 1997 (Cth) (Aged Care Act);
- Mental Health Act 2014 (Vic) (Mental Health Act);
- Freedom of Information Act 1982 (Vic) (FOI Act),
- Family Violence Protection Act 2008 (Vic) (FVP Act);
- Child Wellbeing and Safety Act 2005 (Vic) (CWS Act);
- Public Records Act 1973 (Vic) (PRA Act).
- Together, the Relevant Legislation.
Commonly used Terms relevant to Information Privacy
Personal information is defined in the PDP Act as information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Health Records Act applies.
Sensitive information includes information about an individual’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership or a professional or trade association, sexual preferences and criminal history.
Where Step Right Health collects your health information, the collection or handling of that information is subject to the Health Records Act and Health Services Act, including if you are an employee of Step Right Health.
In this Policy, references to information may include personal, sensitive and health information unless indicated otherwise.
Why does Step Right Health collect your information?
In the course of our business, Step Right Health may collect information about you to perform our functions and activities as a health service provider.
What type of information do we collect?
The types of information and documents containing your information we collect will vary depending on the nature of our interaction with you and may include:
- Identifying and contact information (such as name, date of birth, address, email address and telephone phone number);
- Next of kin or preferred contact person;
- Your medical history, information about your health condition, treatment, images of diagnostic scans, test results, immunisation history statements and COVID-19 vaccination certificates, both past and present;
- Parenting orders, powers of attorney, medical treatment decision maker nominations and advanced care directives;
- Records of communication including complaints, requests and queries;
- Credit card and payment details;
- Criminal histories and clearances, including through police record checks and working with children checks;
- ethnic background;
- Lifestyle history and family history;
- Qualifications, education, professional registrations and employment history;
- Commonwealth and Victorian government identifiers (such as Medicare numbers, individual healthcare identifiers, pension or Veterans’ Affairs numbers and drivers licence numbers);
- Private health insurer membership details;
- Responses provided by you to surveys issued by us or by third party service providers on our behalf;
- Referrals to us from other health services or health service providers; and
- Closed-circuit television (CCTV) footage in public areas.
Who do we collect information from?
Step Right Health may collect information about you from a range of sources including:
- Patients, next-of-kin, carers, family members, guardians, educational institutes in the course of, or in anticipation of, providing health services to patients;
- Healthcare professionals;
- Job applicants, past and present board members, employees and contractors of Step Right Health;
- Volunteers and students assisting Step Right Health in the provision of health services;
- Victorian Government agencies, authorities and departments;
- Commonwealth Government agencies, authorities and departments, such as Services Australia that maintains the national register where your vaccinations are recorded;
- Victoria Police;
- Visitors to our premises; and
- Third parties providing services to Step Right Health.
How does Step Right Health collect information?
Step Right Health will only collect information about you by lawful and fair means and not in an unreasonably intrusive manner.
Depending on the nature of your interaction with Step Right Health, we may collect your information in a number of ways including directly from you, through our website, admission forms, correspondence (written and verbal), from CCTV cameras in operation, at offices and clinics. We may also collect your information from a range of sources such as those listed in the section above.
- If you are a patient, Step Right Health typically collects your information directly from you. If you do not have the capacity to provide information to us, we may collect your information from another party including your emergency contact or next-of-kin/guardian/carer/educator and first responders (including police and paramedics). We may also collect your personal information from third parties such as your general practitioner (GP), external specialist clinicians, other treating health service providers, your aged care or other care facility, or from health service providers who partner with us to provide health services.
- If you are a healthcare professional, Step Right Health typically collects your information directly from you or from your patient.
- If you are a contractor of Step Right Health, we typically collect your information directly from you or from third parties such as a recruitment agency.
- If you are a student, we typically collect your information directly from you or from your educational institution.
- If you are a volunteer or a visitor, we typically collect your information directly from you.
- If you are a third-party service provider, we typically collect your information directly from you or the organisation who employs or engages you.
- If you are an employee, we typically collect your information from you and government agencies that hold information required to be collected by us for your commencement or ongoing employment such as mandatory vaccinations, police checks and working with children checks.
- If you are have applied for a position with Step Right Health, we typically collect your information directly from you or from a third party recruitment agency engaged by us for the recruitment process. We do not contact your nominated referees or collect any confidential external information without your prior consent.
For what purposes does Step Right Health collect, hold, use and disclose your information?
Step Right Health collects, holds, uses and discloses information for a range of purposes including the following:
- To provide you, or your patient, with health services;
- To fulfil our clinical obligations;
- To invoice and process any fees payable in relation to services rendered;
- To manage our relationship with you and to contact you for follow up purposes, including to send you reminders and information about upcoming appointments/admissions;
- To verify and update personal information held by us;
- To perform business functions as an employer;
- To recruit personnel;
- To assess or manage risk of family violence;
- To engage third party service providers;
- To review, develop and improve our services including by asking patients to participate in a patient survey and quality improvement activities;
- To undertake quality assurance, audits (clinical and non-clinical), accreditation, service planning, risk assessment and management and claims investigation and management;
- To train and educate our staff and students;
- To assist with administration, planning, financial or management purposes;
- To recruit participants for clinical trials and research;
- To comply with legal or regulatory obligations; and
- For other purposes required or authorised by or under law, including purposes for which you have provided your consent.
Our range of services and our functions and activities may change from time to time.
If you provide your email address, telephone and/or mobile phone number, Step Right Health will use your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of these purposes.
To whom may Step Right Health disclose your information?
Step Right Health may disclose your information to other persons or organisations including to:
- Healthcare providers including:
- Healthcare providers who provide healthcare services to and at Step Right sites;
- Your referring/treating healthcare providers; and
- Healthcare providers we may refer you to for further healthcare services (including allied professionals, diagnostic imaging service providers and pathology service providers);.
- Victoria Police to lessen a serious threat to you or others if we reasonably consider that disclosure is necessary or warranted;
- Other agencies to meet our obligations under the Family Violence Sharing Scheme and Child Information Sharing Scheme;
- The organisation that is funding the provision of our services to you such as government organisations (including Medicare Australia, TAC, WorkCover and Department of Veterans’ Affairs) and private health insurers;
- Other persons or organisations engaged by Step Right Health to assist us in carrying out the above purposes such as telehealth platform providers, data storage providers, IT support providers, auditors, insurers, recruitment agencies and professional advisors;
- Regulatory authorities and Commonwealth and Victorian government agencies such as Medicare Australia, Department of Veterans’ Affairs, WorkCover and TAC;
- Courts, tribunals, safety and quality bodies and law enforcement agencies (such as providing CCTV recordings to Victoria Police);
- Third parties for the purposes of reviewing the quality of services delivered and service improvement (de-identified);
- Governmental departments or agencies to disclose certain information where we are required to do so by law about patients who have specific conditions, or to maintain a health or disease register where we are required to do so by law; and
- Your family and/or emergency contact or next-of-kin/guardian/carer (unless you have requested that we do not do so).
What happens if you don’t provide Step Right Health with your information?
If you do not provide information requested of you to Step Right Health, we may be unable to provide you with the services you request of us or otherwise employ you, work with or transact with you.
How does Step Right Health hold your information and manage the data quality and security of your information?
Step Right Health stores information in hardcopy format in secure lockable storages and electronically on our servers, as well as through third parties who provide services to us, both in hardcopy format (for example off-site archives) and electronically (for example through cloud-based information storage systems). Some clinical services may involve the direct collection, storage and use of information by a third-party service provider, for example to monitor the functionality of alternative communication devices.
To the extent required by the Relevant Legislation, Step Right Health will take reasonable steps to:
- make sure that your information that we collect, hold, use and disclose is accurate, complete and up to date; and
- protect your information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.
Information held by Step Right Health which is no longer required is destroyed or de-identified in a secure manner, subject to the requirements of the Relevant Legislation.
Does Step Right Health transfer information outside of Victoria?
Step Right Health may disclose your information outside of Victoria and/or overseas. For example, Step Right Health may use service providers who are located outside of Victoria and/or overseas and may disclose your information to such service providers to the extent necessary for those service providers to deliver services to Step Right Health and/or to you. Suppliers are required by Step Right Health to manage your information to a standard that reflects our obligations to you under the Relevant Legislation. Some suppliers have publically available privacy policies that assist us to confirm how information disclosed by us to the supplier is handled.
Website, News and Communications
How can you access or correct your information held by Step Right Health?
You have the right to request access to your information held by Step Right Health.
The most common requests for access to information received by Step Right Health are requests for copies of medical records. The FOI Act prescribes the process for requesting copies of medical records.
Please contact us at email@example.com or at 0466346687 if you would like to access your information held by us.
If our record of your information is incorrect in any way, you can request for it to be corrected.
How Step Right Health handles complaints
If you have any concerns or complaints about the manner in which your information has been collected or handled by Step Right Health, please advise us of your concern or complaint through the Contact Us page of the website, send it our feedback team at firstname.lastname@example.org or mail to level 1, 2-8 Lake Street, Caroline Springs, VIC 3023. Your concern or complaint will be considered or investigated and we will respond to your complaint as soon as practicable.
If you remain dissatisfied with our response and your concern or complaint relates to your health information, you may contact the Health Complaints Commissioner (HCC). The HCC responds to complaints about health services and the handling of health information in Victoria. Their service is free, confidential and impartial.
To lodge a complaint with the HCC:
Fill out a complaint form online at http://hcc.vic.gov.au; or
Phone 1300 582 113 between 9am and 5pm, Monday to Friday to discuss your complaint.
If you wish to raise your concern or complaint about how we have handled your personal or sensitive information with an external body, you may contact the Office of the Victorian Information Commissioner (OVIC). OVIC responds to complaints about the handling of information by Victorian public sector organisations. Their service is free, confidential and impartial.
For information about how to lodge a complaint with OVIC please visit the OVIC website: Privacy Complaints – Office of the Victorian Information Commissioner (ovic.vic.gov.au).
Further information about the application of the PDP Act and the FOI Act can be found at the website of the Office of the Victorian Information Commissioner at www.ovic.vic.gov.au.
Further information about the application of the Health Records Act and Health Services Act can be found at the website of the Health Complaints Commissioner (Victoria) at www.hcc.vic.gov.au.
This Policy is effective from September 2023. As this Policy is updated from time to time, to obtain a copy of the latest version at any time, please visit our website at www.steprighthealth.com.au