Privacy Policy
MedLegalMD's Privacy Policy has been formulated in line with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and the Health Privacy Principles contained in the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act). This document details how we collect, maintain, secure, use and disclose your personal, sensitive and health information.
1. Definitions
1.1 Personal information is any information or opinion about an identified individual, or an individual who is reasonably identifiable whether true or not, and whether recorded in a material form or not.
1.2 Health information means personal information that is any information or opinion about the health, including an illness, disability or injury (at any time) of an individual, including but not limited to health services provided, or to be provided.
1.3 Sensitive information is information or an opinion about a person. It may include information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record and includes personal information, health information, genetic information that is not otherwise health information and biometric information. In this policy, unless otherwise stated, reference to personal information includes sensitive information.
2. The information we obtain and how it is collected
2.1 Who is the information about
MedLegalMD may obtain information about:
Individuals who are the subject of our service;
Legal representatives, treating practitioners and other service providers of individuals who are the subject of our service;
Individuals who are assisting individuals who are the subject of our service, such as interpreters or carers;
Clients who make enquiries or referrals to us;
The representatives, service providers or contractors retained by our clients;
Individuals who provide services to MedLegalMD , including our specialists and contractors;
Our employees or individuals who apply for employment with us;
Visitors to our website.
2.2 Identification
The names and contact details of individuals/organizations who approach us for information may be recorded. Other details, as necessary to verify their identity and whether they are authorised to access the requested information may also be recorded. Identity may need to be verified.
2.3 The information that we obtain and retain
Information is collated that is reasonably necessary for, or directly related to, our ability to perform the service for which you have been referred. The information that is collected and retained, used or disclosed may include but is not limited to your name and contact details, including your address, phone numbers, company name and position title, and email address. We may also collect information about your date of birth and gender, information about your private health insurance and Medicare details, and details about your lifestyle activities. Sensitive information may also be collected. If the necessary information in not accurate, up-to-date or complete, we may not be able to provide the services requested.
2.4 How we collect your information
Where possible, reasonable and practical to do so, personal, sensitive and health information will be obtained directly from you, in person, in writing, over the phone, through text messages, by facsimile or by email. Your personal, sensitive or health information may also be provided from third parties who are permitted to share your information with us for the purposes of providing our services, including from:
Your representatives;
The person or organisation who referred you to our service;
Other third parties who have been asked to provide your information to us;
Your treating healthcare providers;
Government and law enforcement agencies.
If unsolicited information is received, all reasonable attempts will be undertaken to determine whether we are authorised to have received that information. If it is determined that we are not authorised, where it is lawful and reasonable to do so, we will take all reasonable steps as soon as practicable to permanently and securely destroy the information. If we are not authorised to have received that information, we will also take all reasonable and practicable steps to notify the parties involved.
Unless otherwise authorised or required by law, upon request, reasonable steps will be undertaken to enable individuals to ascertain whether we hold health information relating to them, the nature of that information, the purposes for which it will be used, and their entitlement to request access to the information.
If you supply personal, sensitive, or health information to us about another individual, you must ensure that the individual is aware that the information has been supplied. You must have informed the individual of how the information will be used, of any consequences if some or all of this information is not collected, as well as the reasons for, and the parties to which the information might be disclosed. You must have their consent for this information to be provided to us. We ask also that they are informed of how they may request access to this information and that you direct them to our Privacy Policy. We will also provide these details to individuals upon request. If we receive personal information from you about an individual, it will be assumed that the appropriate notification and consent, as outlined above, have been obtained.
2.5 Website
Information may be collected about your visit to our website including the date and time of your visit, internet address, ISP, the pages of our website that you access, and the website that referred you to us. This is used only for the purpose of allowing us to understand how to improve our services. We may also collect any personal information you submit to us via our website or other electronic means in any forms, registration requests or queries.
2.6 Use and Disclosure of Information
Personal, sensitive and health information will only be used or disclosed for the primary purpose for which it was collected or directly related to a secondary purpose. Additionally, we may be required by law to comply with a Court or Tribunal Order for the provision of your personal, sensitive and/or health information. We do not collect, use or disclose your personal information for marketing purposes.
3. Protecting and Maintaining Information
3.1 Protecting Information
All reasonable precautions are taken to ensure that personal information is protected from misuse, unauthorized access, modifications or disclosure. Information may be stored in both, or either, hard copy or electronic format. We have in place a range a policies and procedures to ensure protection of your information including;
Signed confidentiality agreements with all employees, contractors, consultants and third party organisations that undertake services for MedLegalMD
External and internal security systems restricting access to stored personal, sensitive and health information; and
Regularly updated security system to prevent unauthorized electronic access. We will take all reasonable steps to securely destroy, permanently erase or permanently de-identify any personal information that is no longer required for any purpose described in this policy or under any applicable laws.
3.2 Updating and Maintaining Information
It is important that we collect and retain information that is accurate, complete and current. We ask that you advise us of any changes to your personal information.
4. Contact Us
If you have any queries or feedback regarding our Privacy Policy, or you need to update your personal information, or if you feel the policy has been breached in any way, please contact our office: Email: ime@medlegalmd.com.au or Post: Se 12, 140 Church Street,Richmond 3121,Victoria
5. Complaints
Complaints about a breach of the Australian Privacy Principles or the Health Privacy Principles should be directed to the office details above. We will respond to your complaint within 30 days. If you are not satisfied with the response, you may refer the matter to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, or by calling 1300 363 992. Or you can also refer the matter to the Office of the Victorian Information Commissioner,by calling 1300 006 842 (1300 00 OVIC) or by visiting https://ovic.vic.gov.au/
6. Modification to our Privacy Policy
Our Privacy Policy undergoes periodic review. An up to date copy of this Privacy Policy will be published on our website. A copy of our current Privacy Policy can also be made available upon request by contacting us at the details listed above.