Protecting your privacy
Nepean Blue Mountains PHN ('NBMPHN') is committed to protecting your privacy. This Policy outlines our practices and policies for the collection, use and management of personal information.
'personal information'- means information or an opinion, whether true or not or recorded in any form or not, about an individual whose identity is apparent, or can reasonably be ascertained. References to 'personal information' include sensitive information and health information.
'Sensitive information'- is personal information about an individual's racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, sexual preferences and practices or criminal record.
'Health information'- includes information about an individual's physical or psychological health, health services provided to the individual, or an individual's expressed wishes about the future provision of health services.
'privacy law'- refers to legislation that applies to NBMPHN's collection and use of personal information. NBMPHN is required to comply with the Privacy Act 1988 (Cth) and is bound by the Australian Privacy Principles ('APPs') set out in that Act.
Where NBMPHN collects health information it is also required to comply with the Health Privacy Principles ('HPPs') set out in the Health Records and Information Privacy Act 2002 (NSW). NBMPHN may also be required to comply with other laws relating to the protection of personal information.
Why do we collect personal information?
In performing functions as a Primary Health Network, NBMPHN may need to collect personal information about:
- people who receive health care services from or through NBMPHN ('patients')
- health professionals whom we employ or engage to provide health care services;
- other health professionals to whom patients are referred through NBMPHN;
- our employees, and contractors and service providers and their employees; and
- members of our community, stakeholders and other people we deal with.
NBMPHN uses this information to provide, coordinate and integrate health care services, provide information to patients, health service providers and other members of the community and to report to government agencies and other funding bodies. It may also be used to assist NBMPHN to better understand and prioritise the health-related needs of the region.
If we do not collect the personal information we need, NBMPHN may not be able to provide health services or other functions required.
What personal information do we collect?
The information NBMPHN collects depends on our relationship to the individual and the nature of the function we are performing.
- In the case of patients/consumers/clients utilising our health services, we usually collect names, addresses, contact numbers and other contact details, health information (including information about services provided) and healthcare identifiers
- In the case of health service providers, we usually collect names, addresses, contact numbers and other contact details, information about professional qualifications, information about the services offered or provided and provider numbers (including individual healthcare provider identifiers issued under the PCEHR system).
- From prospective and current employees and contractors we usually collects names, addresses, contact numbers and other contact details, and information about work history and performance, qualifications, services offered or provided and other relevant details.
- From stakeholders and other members of our community, we only collect information to the extent necessary for the particular circumstances.
- Information may also be collected from Volunteers and who sit on committees and who support and assist the NBMPHN. Only information required for that purpose and information willing to be provided will be collected.
Where it is practicable to do so, we will allow people to deal with us anonymously or using a pseudonym. However, this will generally not be possible for patients/clients/consumers, health professionals or our employees, contractors and service providers.
How do we collect the personal information?
NBMPHN collects personal information in person, in writing, by telephone and through our website.
Personal information and health information about patients/clients/consumers is collected directly from patients attending consultations or receiving treatment. Information may also be collected from other health professionals, provided written consent is obtained.
NBMPHN may collect personal information about individual health professionals directly from them (for example, when they apply to provide services through NBMPHN) and from health service provider organisations or other health professionals and professional registration bodies. We will only collect information with your consent.
When assessing applications from prospective employees, contractors or service providers, NBMPHN may collect personal information from former employees, professional associations or nominated referees, although we only do this with the applicant's consent.
NBMPHN may also be required to collect personal information under specific laws relating to the administration of the health system.
What do we tell you about our collection of personal information?
When we collect personal information, we are required to take reasonable steps to ensure that the individual is aware of certain details relating to the collection of personal information. We are required to do this whether we collect the information directly from the individual or indirectly via a third party.
Usually, NBMPHN does this by ensuring that a privacy notice is provided at the time the personal information is collected. Such a notice may also be heard when personal information is collected by telephone. The privacy notice will usually include information about the purposes for which we are collecting the information in the particular circumstances, the types of organisations that that information may be disclosed to, the consequences of us not being able to collect the information and whether there is any legal requirement for the information to be collected.
Use and disclosure of personal information
NBMPHN uses the personal information it collects for a range of purposes connected with our functions as a not for profit primary health care organisation.
Personal information about patients/consumers/clients is mainly used for the purpose of providing health services. However, such information may also be used for a range of related purposes, including service monitoring, quality assurance and research, and as otherwise authorised by privacy law Personal information about patients/consumers/clients may be disclosed to other health professionals for healthcare related purposes, but such disclosure will only occur with the patient's consent or as otherwise permitted under privacy law
Personal information about our contractors and service providers (including health professionals) is used to administer and manage our contractual arrangements with them. However, we may also use this information to make or facilitate referrals, put health practitioners in touch with each other and to otherwise integrate primary health care services.
For that purpose it is stored in internal directories that are accessed by our staff. We may also include personal information we collect in a directory of health service providers that we make available to other service providers or members of the public, including on the NBMPHN website. However, personal information will not be disclosed in this way without the provider's consent.
Personal information collected in connection with an application for employment or to provide services will be used for that purpose only. If the application is not successful, we may wish to retain the details for a reasonable period to enable us to consider other opportunities which may be of interest to the applicant.
If you subscribe to NBMPHN’s newsletter or other publications we use your contact details to send you news about NBMPHN and details of services that we think may be of interest.
If at any time you decide that you no longer wish to receive this sort of information, please let us know and we will remove your details from our mailing list.
NBMPHN may disclose personal information to other persons or organisations where required or authorised to do so by court order or other legal requirement, for the purpose of minimising a risk to public health or safety, to investigate suspected fraud or other unlawful activity and for other purposes authorised by law. Notification of health authorities may be required for specified infectious diseases. Some personal information about patients and providers may be required to be notified to Commonwealth authorities in connection with the Health Insurance Act 1973 or other laws relating to the administration of the health system.
From time to time, NBMPHN may use the services of external suppliers to coordinate programs and initiatives that require the release of some of this information (eg. preparing and disseminating surveys). Only information relevant to the program or initiative will be shared, and only for the express purpose of conducting that program or initiative.
NBMPHN may use communication tools hosted overseas to enable us to communicate with key stakeholders within and outside of our region. In these instances, essential contact information (such as name, organisation and email address) may be stored overseas (including the US). We will only use this information for sending you relevant communications and every effort is taken to minimise the amount of information we might store overseas and keep it secure.
NBMPHN will only transfer personal information about an individual to someone who is in another State or foreign country if:
- NBMPHN is reasonably sure that the information will not be held, used or disclosed inconsistently with the privacy principles set out in the Privacy Act; or
- the recipient is bound by legislation that is substantially similar to the Privacy Act.
How do we hold personal information we collect?
NBMPHN holds a range of personal information in hardcopy files and in electronic databases. Our information systems and files are kept secured from misuse, interference and loss and from unauthorised access, modification and disclosure. Our electronic systems are password protected and our policies provide that staff and service providers only have access to areas of the network only to the extent necessary for them to perform their role. Levels of access are determined by senior managers.
NBMPHN Board members, staff (including students, interns and volunteers) and contracted agents and service providers have been informed of the importance NBMPHN places on protecting your privacy and their role in helping us do so. All are required to adhere to NBMPHN's Code of Conduct, this Policy and other policies and procedures relating to the use and disclosure of personal information, and are required to sign a confidentiality agreement that outlines their responsibilities related to the use of information obtained by their employment or engagement or other involvement with NBMPHN.
NBMPHN makes every effort to ensure that the information we hold about our service providers remains up-to-date and is used and disclosed in accordance with consents given when the information is collected. We will periodically review our service databases to ensure that this information remains up-to-date and accurate.
Staff is required to review their electronic files to delete or archive material that is no longer required for ongoing programs or activities. Information that is not required for operational purposes is archived.
Accessing and correcting personal information NBMPHN holds about you
Subject to any legal restrictions, NBMPHN will let you know what personal information we hold about you if you request us to do so. If your request is particularly complex, or requires detailed searching of our records, there may be a cost to you in order for us to provide this information.
If you believe there are errors in our records about you, please let us know and we will investigate and correct any inaccuracies.
All requests for access to patient health information should be made in the form Application for Access to Health Records (pdf, 51kb).
If you want to access health information on behalf of another person, you will need to obtain the consent of that person.
Dealing with NBMPHN online
Cookies and web beacons may collect the information about each page of the website that you visit, your server address, the type of browser you are using, your operating system, your top level domain name and the date and time that each page is accessed. NBMPHN uses google analytics to monitor website activity, and some of these features may include non-identifiable demographic information.
You may be required to log in to the NBMPHN website in order to access certain functions. In this instance, website visitation activity will be personally identifiable, however this data is only used to maintain the website services offered by NBMPHN and understand how they can be improved.
Furthermore by providing a link to another website, NBMPHN is not endorsing that website nor guaranteeing the accuracy of the information contained on that website.
Complaints and further information
If you believe your privacy has been breached and wish to make a complaint, please contact The Chief Executive Officer (Privacy Officer) listed below. The Chief Executive Officer will investigate your complaint and notify you of the outcome.
If your complaint indicates that there has been an interference with privacy by a person other than NBMPHN, the Chief Executive Officer may discuss the complaint with that other person in an attempt to resolve it.
The Nepean Blue Mountains PHN Chief Executive Officer
WHL, Blg BR, Level 1, Suite 1, Locked Bag 1797, Penrith NSW 2751
02 4708 8100