Skip to main content

Privacy Policy

Our Privacy Commitment

Privacy matters to us and we know it matters to you.

We provide a wide range of health products and services] and to do this need to collect, store, use and disclose a wide spectrum of information.

We are committed to protecting your privacy, keeping your information safe and ensuring the security of your data.

Our Privacy Statement

Our Privacy Statement explains how we collect, use and protect your information.  It applies to Telstra Health Pty Ltd (ABN 38 163 077 236) and the following Telstra Health subsidiaries:

  • iCareHealth Pty Ltd (ABN 58 100 816 206)
  • CloudMed Pty Ltd (ABN 68 602 764 438)
  • R&R Holdings Asia Pacific Pty Ltd (trading as Emerging Systems) (ABN ABN 70 109 837 327)
  • Health IQ Pty Ltd (ABN 72 089 345 157)
  • Medinexus Pty Ltd (ABN 13 108 814 419)

It explains how we collect, use and protect your information in different situations.

Please select which of the following situations applies to you:

  • You work for one of our business customers (for example, you may be a doctor or an employee of an organisation that acquires our services and provide us with your information). (See section A below)
  • Your health service provider or another organisation that provides health services to you shares your information with us. (See section B below)
  • You use our HealthNow app

About this statement

This policy is effective as of 1 August 2018. From time to time, we may need to change this policy. We will post the updated version on our website www.telstrahealth.com and it will apply to the personal information that we hold at that time (so please check this policy regularly).

SECTION A: YOU WORK FOR ONE OF OUR BUSINESS CUSTOMERS

How we collect and use your personal information

The kinds of information we collect

The information we collect can include straightforward information like your name, date of birth, contact details (including address, email address and phone numbers), occupation (including credentials and specialisation), username or password to access our products and services and financial information (such as credit card or bank account numbers).

We may also collect more in-depth information including:

  • information about how you use our products and services;
  • records of your contact with us, including your remote desktop connection details when we assist you by providing you with technical support;
  • information that allows us to identify you for verification purposes;
  • technical information about our products and services; and
  • the location where you use our products and services.

How we collect your information

There are three ways that we can collect your information:

  • You give it to us when you or your representatives interact with us (for example, when you use our products, complete an application form, or contact us for help).
  • We collect the information when you use our products and services, including our call centres and online services.
  • We obtain information from outside sources like marketing mailing lists and public available information including profession registers.

We understand that you might not want to give us certain information. That’s fine, but it might mean that we cannot provide you with the products or services you need, or the level of service on which we pride ourselves.

How do we use information we hold?

We may use your information for a number of purposes:

  • Administration – to help us to properly manage the products and services we provide to you. Your information also helps us to maintain and update our records, to detect and prevent fraud, and in relation to charging and billing.
  • Communication – we need to be able to communicate with you in order to provide our products and services. We might do this in different ways such as calls, email, SMS and social media. Your information also helps us enhance your experience with our products and services.
  • Improvement – we use your information to help us maintain, develop and improve our products and services. We may also use the information to allow you to receive the benefit of services and products offered by third parties.
  • Direct Marketing – we may use your information so that we (and other Telstra group entities and affiliates) can promote and market to you health related products and services that we think will be of interest to you. To opt-out of this type of marketing, please follow the steps outlined in one of our marketing communications or contact us using the details set out in the “How to contact us” section of this policy.

We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes.

When do we share your information?

We may share your information with third parties who provide services to us, including organisations and contractors that assist us in connection with the purposes for which we collect and use that personal information.

Where we share your information with a third party service provider, we make sure that they have first agreed to protect the privacy of your information.

We may share your de-identified information with research partners for the purpose of research and analysis to help us improve our products and services. We will ask for your consent if we want to share information in a manner which can identify you.

We may also share your personal information:

  • if you are a representative of a health service provider, with the National Health Service Directory (NHSD) (see the NHSD privacy policy at http://nhsd.com.au/privacy) and with third parties that provide services to and assist in the management of the NHSD;  
  • with law enforcement and national security agencies, and other government and regulatory authorities as required or authorised by law;
  • with third parties who assist us to manage or develop our business and corporate strategies and functions, including our corporate risk or funding functions; and
  • for the purposes of facilitating or implementing a transfer/sale of all or part of our assets or business.
  • We do not disclose your personal information to entities outside of Australia unless you agree to this.

How do we keep you information?

We store your information in facilities in Australia. These may be our own facilities or facilities owned and operated by our service providers.

We take a number of steps protect your information, which can include:

  • employing facilities that allow encrypted secure messaging of sensitive data;
  • monitoring and access controls regulating who can access particular information; and
  • network and premises security.

We have designed our products and services with privacy in mind, including by:

  • making sure that any user account is only accessible by you (or people you have authorised);
  • requiring that your account is password protected; and
  • enforcing a strong password policy and non-reversible hashing for storage of passwords.

We frequently check our products and services to check that your information is safe. For some products, this includes penetration testing and regular security vulnerability testing.

Access to third party services

Some of our products and services allow you to share information with third party services or products. You should review the relevant third party terms and conditions and privacy policies before using a third party service or product. We are not responsible for these services or products.

How to access or correct your personal information or make a privacy complaint

If you want to access your personal information that we hold or would like to correct any errors in that information, please contact us using the details in the “How to contact us” section.

You can also use these contact details if you have a privacy complaint against us. We hope to resolve any complaints without needing to involve third parties, but you may also be able to lodge a complaint with a relevant regulator such as the Office of the Australian Information Commissioner (www.oaic.gov.au or 1300 363 992).

How to contact us

If you have any questions in relation to this policy or if you would like a copy of this policy sent to you (including in an accessibility format) please let us know by contacting us on 1800 887 238 between 9am and 5pm Monday to Friday
(except public holidays) or by emailing us at servicedesk@health.telstra.com

SECTION B: YOUR HEALTH SERVICE PROVIDER OR ANOTHER ORGANISATION SHARES YOUR INFORMATION WITH US

We provide a wide range of solutions to health service providers, such as:

  • business applications which help health service providers manage their business including patient administration;
  • clinical applications which help health service providers store, access, update and manage patient information;
  • informatics solutions which analyse health data to provide useful, actionable insights that health service providers can use to improve their services; and
  • secure messaging which provides health service providers with a fast, secure way to exchange health information such as diagnostic results, patient notes, referrals and prescriptions.

If we provide services to your health service provider (for example, a doctor, hospital, aged care provider or pathology lab), that organisation might share your information with us. This means that your provider’s privacy policy and
our privacy policy might both apply to your personal information.

We rely on your provider to have obtained your permission to share your information with us.

The kinds of information we collect

The information we hold can include straightforward information like your name, date of birth, contact details (including address, email address and phone numbers) and occupation.

It will also often include health and other sensitive information which could include your age, sex, nationality, racial or ethnic background, sexual preferences and practices, images and diagnostic information and health
identifiers.

We have strict requirements about how we handle sensitive information, including to only collect and use sensitive information with consent or otherwise in accordance with applicable law such as the Privacy Act 1988.

How do we use information shared by your health service provider?

Our staff only access your information (including health information) where necessary as part of technical support that we provide to your health service provider. 

We may use de-identified information about you including to provide reports to our customers for benchmarking and other purposes that allow them to improve their services to you.

There may also be circumstances where we are required to use or disclose your information as required or authorised by law.

We do not use your information for direct marketing purposes.

How do we share your information supplied by your health service provider?

Many of our business products and services help our health service provider customers share information securely with other members of the healthcare community. How your provider uses our products or services to share your
information with others will be explained in your provider’s privacy policy.

We may share your information with third parties who provide services to us, including organisations and contractors that assist us in connection with the limited purposes for which we use that personal information.

Where we share your information with a third party service provider, we make sure that they have first agreed to protect the privacy of your information.

We do not disclose your personal information to entities outside of Australia unless you agree to this.

How do we keep your information?

We store your information in facilities in Australia. These may be our own facilities or facilities owned and operated by our service providers.

We take a number of steps protect your information, which can include:

  • allowing our business customers to retain data on their own systems in connection with certain products and services;
  • employing facilities that allow encrypted secure messaging of sensitive data;
  • monitoring and access controls regulating who can access particular information; and
  • network and premises security.

We have designed our products and services with privacy in mind, including by:

  • making sure that any personal information is only accessible by people authorised by your provider;
  • requiring that accounts are password protected; and
  • enforcing a strong password policy and non-reversible hashing for storage of passwords.

We frequently check our products and services to check that your information is safe. For some products, this includes penetration testing and regular security vulnerability testing.

How to access or correct your personal information or make a privacy complaint

If you want to access your personal information that we hold, or would like to correct any errors in that information we recommend that you contact your Health Service Provider, who can use our systems to provide you with access your personal information or to correct errors.

You can use the contact details in the ‘How to contact us’ section if you have a privacy complaint against us. We hope to resolve any complaints without needing to involve third parties, but you may also be able to lodge a complaint with a
relevant regulator such as the Office of the Australian Information Commissioner (www.oaic.gov.au or 1300 363 992).

How to contact us

If you have any questions in relation to this policy or if you would like a copy of this policy sent to you (including in an accessibility format) please let us know by contacting us on 1800 887 238 between 9am and 5pm Monday to Friday (except public holidays) or by emailing us at servicedesk@health.telstra.com