Who we are
We are Idameneo (No. 123) Pty Ltd (ACN 002 968 185), the operator of the eye clinic division of the Healius Group (Crystal Eye & Laser).
We manage our eye clinics on behalf of the medical practitioners who operate from them. We do not provide medical services directly to patients. This is done by the medical practitioners we provide services to. We provide all the non-medical services our medical practitioners need to provide you with medical services. Normally, our medical practitioners are not our employees and, when providing medical services and doing other things, are independent contractors.
As part of the arrangements in our medical centres, all patient records are the property of Crystal Eye & Laser (and not the property of either the patient or the health service provider). This requirement assists other health service providers in the medical centre in continuing the management of a patient’s needs if the need arises.
In managing our practices, we collect, use and disclose personal information. We understand the importance to our patients of maintaining privacy in relation to the personal information we hold.
What personal information do we collect and hold?
Personal information is information or an opinion about an identified person, or someone who is reasonably identifiable, whether or not the information or opinion is true and whether the information or opinion is recorded in a material form or not.
The types of personal information we may collect and hold about you include:
Billing and administration
· Date of Birth
· Email address
· Telephone number
· Healthcare identifiers
· Next of kin
· Medicare Number
· Insurance membership number
· Credit card number
· Medical history
· Clinical notes
· Test results
· Treatment plan
· Prescribed medications
· Referral details
· Disease status
How do we collect and hold personal information?
We collect personal information about you in several ways, including information collected:
- by an employee of Crystal Eye & Laser, such as a receptionist or nurse;
- by independent health service providers at Crystal Eye & Laser and recorded on patient records;
- from external health providers which is provided to a Crystal Eye & Laser centre and placed on the record of the patient;
- through websites in the form of online enquiries or requests for appointments;
- from someone who has responsibility for you (your parent, carer or guardian); and
- from you directly.
We take reasonable steps to protect patient medical records from misuse, interference and loss and also from unauthorised access, modification and disclosure.
Why do we need your personal information and what do we do with it?
1. Patient care
We collect, maintain, use and disclose personal information about you in order to assist our medical practitioners to provide you with appropriate care, treatment and services.
Your personal information is used by us and our medical practitioners:
- to provide you with medical care and services;
- to provide you and/or your doctor with information that may assist you in managing and improving your health; and
- as a medical history for you that allows our medical practitioners to provide you with better care as it assists with identifying changes to your health over time.
2. Operating our business
We use your personal information as necessary to manage our administration, including storage of data, and management of accounts and payment for the services provided to you. Specifically, we will use and, where necessary, disclose your personal information to:
- obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
- disclose your personal information to our insurers or those of our medical practitioners if the circumstances require;
- manage and store your personal information in a secure fashion, including management and storage by third parties such as cloud service providers with contractual relationships with Crystal Eye & Laser or associated entities; and
- other entities within the Healius corporate group for administrative and information management purposes. This includes the disclosure of personal information for storage and archiving purposes. Any such disclosures are subject to strict conditions relating to confidentiality and data security.
We may use your personal information to communicate with you, including to:
- give you important information (including by SMS or email) about the products and services offered by our practices;
- respond to your online enquiries or process requests for appointments;
- advertise to you particular products and services that may be of interest to you; and
- send you appointment reminders (including by SMS or email) in relation to obtaining services from our practices. This enables us to contact you, for example, to make follow-up appointments to discuss test results, or to remind you that you, or a dependant, are due for a consultation or test.
3. Teaching and research
We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our practices. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.
We may use your personal information to provide third parties (such as universities, government organisations and pharmaceutical companies) with de-identified health information. Before any health information is provided to a third party it is de-identified, that is, the name and address of the patient and any other information that could otherwise allow an individual to be identified, is removed from the health information. That de-identified information is then aggregated with the de-identified health information in respect of other patients. The third party uses the bulk de-identified information it receives from Crystal Eye & Laser for the business purposes of the third party.
4. Other disclosure
We may be required by law to disclose your personal information without your consent.
Storage of your personal information
We take reasonable steps, and implement reasonable safeguards, to ensure the protection of the personal information that we hold. All patient information is handled securely and in accordance with professional duties of confidentiality.
Crystal Eye & Laser is subject to a range of rules relating to the periods for which health information and records must be retained. We must generally retain health information about an individual:
- for 7 years from the last occasion on which we provided a health service to the individual – if we collected the information when the individual was 18 years old or older; or
- until the individual turns 25 – if we collected the information when the individual was less than 18 years old.
What happens if we do not collect your personal information?
If you do not provide us with all the personal information we request, our medical practitioners may not be able to provide services to you. We only collect as much personal information from you as our medical practitioners need to provide you with services and to allow us to obtain payment on their behalf for those services.
Do we transfer personal information overseas?
We may disclose your personal information to wholly owned subsidiaries of our parent company, Healius Ltd, or to third parties which are based in India, Malaysia and the Philippines. These companies provide limited data-entry and clerical services to us. We take reasonable steps to ensure that these companies do not breach the requirements of the Privacy Act 1988 (Cth).
Can you access your personal information we hold?
You may request access to the personal information we hold about you. You can also request that corrections be made to it. We will respond to your request within a reasonable time.
There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.
There is no fee for requesting access to your personal information or for us to make corrections. However, we will charge a fee for our costs involved in collating and providing you with access to any personal information. That fee is payable before access is given.
What to do if you would like to make a complaint about a breach of the Australian Privacy Principles
If you have any concerns about how we handle your personal information or you wish to make a complaint on the basis that we have breached the Australian Privacy Principles prescribed by the Privacy Act 1988 (Cth), please contact us. If you would like to make a complaint, you will need to send us a written complaint (see details below).
We will endeavour to respond to your complaint within a reasonable time after it is made.
How to contact us
You can contact our Privacy Officer in the following ways:
(02) 9432 9523
Level 6, 203 Pacific Highway
ST LEONARDS NSW 2065
Attention: Privacy Officer