Who we are
- Optimum Patient Care Australia PTY Limited (OPC Australia), or referred to as ‘Company’, ‘we’, ‘our’, or ‘us’, supports GPs, healthcare commissioners, and researchers to improve healthcare provisions to patients and to improve patient outcomes, through quality improvement programmes and research.
- In order to provide good quality services, we need to collect and process personal information from service users, employees and contractors, suppliers, businesses and collaborators. We are committed to the secure, lawful and best-practice handling of personal information. No matter how it is collected, recorded and used, personal information must be handled securely and not disclosed unlawfully, to ensure compliance with data protection and privacy legislation – the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APP Principles).
Collection of Personal Information
What is personal information?
- Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information is recorded in a material form or not.
Types of personal information collected and why
- The types of personal information that we collect will vary depending on the relationship between the Company and third-party. Please note that we collect only the information that it needs for a particular function, and only holds it for as long as it remains necessary for the purposes for which it was collected. We only disclose an individual’s personal information (including sensitive information) for the purposes for which the individual gave it to us for or for directly related purposes the individual would expect or if the individual agrees.
- We may use personal information to:
- conduct evaluations of our products, materials, programs and services;
- assist users in conducting or participating in pilot programs;
- invite individuals to participate in research or to inform individuals of educational programs;
- promote educational activities including events and conferences;
- contact individuals for feedback on products, materials, programs and services; and
- assist us to perform our corporate, regulatory and contractual obligations.
Who do we collect personal information from?
- We collect information about individuals when they use or request a service, complete a survey, questionnaire or enrolment form, apply for employment with us, or communicate with us by email, telephone, in writing or in person. We also collect information about individuals when they provide a service to us.
- We may collect information about a supplier or a service provider that we consider necessary to manage the relationship with such entity, such as, the nature of the products and services offered, quotes provided and credit or payment details.
- We may obtain personal information from a third party, such as an OPC coordinator, general practice manager, health professional, individual’s family member or friend. We may collect personal information from the public domain, for example, from professional registration boards.
Information Collected by Our Website
- When a user visits our website, our web server may request that the user’s browser create a cookie on his/her computer. A cookie is a small piece of information sent by the server of a website to the user’s browser by other sites.
- Our website cookies do not contain personal information about users. However, cookies can identify a user’s browser. The cookies transferred by our website are used for such things as capturing information about a user’s web browser, controlling a pop-up window or enabling login access to password-protected areas of the website. The cookies have an expiration date set 24 months from the most recent website visit date.
- We use a third-party service, Google Analytics, to collect information regarding visitor activity to the website. This is not used to identify the user as an individual but is collated into aggregate results or classifications. We do not make an attempt to find out the identities of the visitors to our website.
- Third parties may also use their own cookies to collect non-personal information about user’s activities on our website. This information, which may be combined with information acquired from third parties, may be used to provide the user with educational material the user might be interested in based on the content viewed. The cookies placed by third parties are subject to the privacy policies of these third parties and we have no control over these cookies.
- If the users do not wish to receive any cookies, they may set their browser to refuse them. Please note that some features of our website may not work if cookies are disabled.
- We do not allow advertising on its website.
Personal Information Collected on Social Media
- We have a number of social media pages, including Facebook and Twitter and comments posted on these are open to the public.
- We may collect personal information from published social media posts that we have uploaded to those platforms.
De-identified Health Information
- As part of our services, we support general practices and health professionals to undertake clinical audit and quality improvement activities that require them to collect health information about individuals which has been de-identified and disclose it to us for quality assurance purposes.
- GPs providing de-identified data are fully informed of what the data will be used for and give us written consent for the data to be used for research purposes and quality improvement. De-identified data may also be used in evaluation studies and reports.
- Only de-identified health information is provided by practices to us. An individual cannot be identified from the data provided.
- Data provided to us is first encrypted and then transmitted via a secure protocol.
- All data held in our quality improvement database and our research database (OPC Research Database Australia – OPCRDA), is de-identified information and is not personal information.
Images and Photos
- We will seek an individual’s consent prior to taking a photo/image or using it. In some cases that consent may be implied, for example, the taking of photos at functions to be used in publications.
- If the photo/image contains sensitive information about a person e.g. information relating to their health, we will obtain the individual’s consent to take the photo/image and specify what it will be used for.
- This consent should be informed and freely given and signed by the individual whose information is to be collected and disclosed.
- Child protection legislation requires that where the photo/image is that of a child, the child’s parent or guardian must give permission. Where the person under 18 years is sufficiently mature to consent on their own behalf, that person’s consent should also be obtained.
- Under the Privacy Act, consent can be revoked at any time. If this occurs we will take all reasonable steps to stop using the image/photo from the time the consent is withdrawn.
Storage of Personal Information
- We hold personal information on databases, electronic and hard copy files.
- We make sure that any personal information we hold is as safe as possible at any stage, both while it is processed and when it is stored. The steps we take to protect the security of personal information include:
- Assessing regularly the risk of misuse, loss, interference, modification, unauthorized access or disclosure of such information;
- Putting measures in place to address the above risks, for example, keeping an audit trail of change of details and regularly ensuring that staff only access the records when needed;
- Conducting regular internal audits to assess compliance with these measures.
- We have archiving policies and procedures which provide for the secure, permanent destruction of records of personal information when no longer required.
- Please note that we hold de-identified information in the OPC Australia Quality Improvement Database and the OPC Research Database Australia (OPCRDA). The information held in these databases is not personal information.
Security and Protection of Personal Information
- We take preservation and protection of an individual’s identity very seriously and it is a key responsibility and right of all our staff, customers and partners.
- We maintain the confidentiality and security of personal information by restricting access to only those staff and service providers with a legitimate need to access it.
- We are committed to doing all in our power to keep information secure. Security measures are in place to prevent the misuse, unauthorised access, modification or disclosure of personal information.
- Our staff also regularly undertake privacy training and the Company conducts routine audits to ensure compliance with privacy and data security policies.
Disclosure of Personal Information
- Personal information held by us is only disclosed in accordance with the Privacy Act and APP Principles.
- Where we provide or administer education or participation activities, we may disclose personal information to relevant institutions for the purposes of monitoring the participation, and to professional associations for the purpose of recording continuing professional development.
- In some cases, information on the education or participation activity status of health professionals within a practice may be provided to a practice manager of that practice.
- From time to time, information may be disclosed to our stakeholders. Such information will be de-identified and remain confidential.
- Third parties must undertake not to disclose to any person or entity any confidential information without prior approval in writing from us unless the confidential information is required by law to be disclosed or a court or government department.
- We may disclose an individual’s information to contractors to whom we outsource certain functions or which provide services to us. We will take all reasonable measures with contractors to ensure they comply with the privacy standards set out in the Privacy Act and any relevant state and territory legislation.
- We may also disclose an individual’s information to our research partners and/or data linkage authorities where this is approved by the relevant Human Research Ethics Committee.
- We may also disclose personal information in circumstances where it has statutory obligations or is otherwise required to do so by law, a court or a government department (including the Department of Health).
- We do not supply, sell or rent the personal information it collects to unrelated third parties for the purpose of marketing those third parties’ products or services.
Overseas Disclosure of Personal Information
- We do not disclose any personal information to overseas entities.
Individual Rights – Access and Correction of Personal Information
- Under the Privacy Act, individuals have the right to access the personal information we hold about them. There are some limited exceptions to this set out in the Privacy Act.
- If individuals make an access request, we will ask them to verify their identity and to specify what information they require. We may ask the reason for such request so we can assist the individual most effectively. However, individuals are under no obligation to provide a reason if they do not wish to.
- Individuals have a right to request that we correct information held that the individual considers to be inaccurate, incomplete or not up-to-date. If we make a correction and have disclosed the incorrect information to others, individuals can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
- Individuals have a right to request access to their personal information held by us and/or request correction of that personal information by contacting us.
- We take privacy breaches seriously. The Company has procedures to help investigate and resolve a breach, potential breach or complaint as quickly as possible including appropriate notification and escalation processes.
- The individual will be notified of the process for dealing with the breach or potential breach. The complaint will be thoroughly investigated and a response provided within 30 days.
Dissemination and Training
Dissemination: This document will be made available to staff and contractors via Smartsheet and NAS drive or on request from the HR Department. This may also be in the form of a global notice sent to staff and contractors notifying them of the release of this document.
This policy will also be made available to service users and the public on the Company’s website(s).
Training: Training on this document will be provided during the induction of staff and contractors or as required by their training needs. Additional and/or regular training will be provided as necessary, based on training requirements to ensure continued awareness and compliance with this document.
Failure of employees and contractors to comply with this policy may lead to disciplinary and/or legal action where appropriate. Compliance with this document will be monitored by our senior management or appropriate delegate. This may include regular and/or ad hoc compliance checks and audits where appropriate or warranted. This document is to be reviewed annually or sooner where necessary.
- Email: email@example.com
- Phone: 0738 488 634
- Post: Optimum Patient Care Australia PTY Limited
Unit 4a, 12 Abercrombie St
Rocklea, Brisbane, QLD 4109