How we collect and store your information
- If we are working with an insurer, the Insurer will pass on to us information that helps us design a program specifically for you. You will have provided to the Insurer your consent for this information to be passed on to us. If you believe that you did not consent for this information to be provided to us, or, you believe that the information is not correct, please contact the Insurer and request that they amend their records.
- If you have been referred to us by a third party, or, have made contact with our organisation independently, we will first obtain your written consent to collect information about you. This will include any information you give us and information you allow us to receive from third parties, such as any health professionals that you allow us to receive.
- We will store both physical records and electronic records. Our electronic files and database are password protected. Only staff who are working with you are permitted to access your physical and/or electronic file(s). We will take all reasonable steps to protect your information from modification, misuse, unauthorised access or unauthorised disclosure.
Consent to disclosure
- If we decide it would be beneficial for your treatment to share parts or the whole of your information, we will first seek your consent.
- In the following situations, you consent to disclose this information is not required:
- Where we are required by law to disclose the information (such as the receipt of a
- Subpoena or other Court Order).
- Other laws require the collections of information (such as public health information);
- There is a serious or imminent threat to life and health; and
- Notification to the Medical Defence Organisation.
Your access to records
- You may access your information during a consultation, by inspecting the records.
- We are entitled to refuse such a request if you are involved in any type of legal proceedings or claim, where the information has been provided to us by third parties or where in our reasonable opinion, the provision of such information will be detrimental to you.
- If you wish to obtain a copy of your information, you must provide that request to us in writing. We may require you to provide photo identification to verify the identity of the requestor. We will endeavour to provide copies within 30 days of us receiving that request. We will charge for any expenses incurred that will include photocopying expenses and administrative time. We will tell you that amount and if you wish to proceed in obtaining copies, we will require that amount paid in full.
- We will never provide original documents.
Heath Records and Information Privacy Act 2002 (NSW)
Analyse Health is committed to following to the Health Records and Information Privacy Act 2002 (NSW).
This Act sets out 15 principals, which have been summarised by the Information and Privacy Commissioner:
- Lawful – only collect health information for a lawful purpose. Only collect health information if it is directly related to the organisation’s activities and necessary for that purpose.
- Relevant – ensure that the health information is relevant, not excessive, accurate and up to date. Ensure that the collection does not unreasonably intrude into the personal affairs of the individual.
- Direct – only collect health information directly from the person concerned, unless it is unreasonable or impracticable to do so.
- Open – inform the person as to why you are collecting health information about them, what you will do with the health information, and who else might see it. Tell the person how they can see and correct their health information, and any consequences, if they decide not to provide their information to you. If you collect health information about a person from someone else, you must still take reasonable steps to ensure that the person has been notified as described above.
- Secure – ensure that health information is stored securely, not kept any longer than necessary, and disposed of appropriately. Information should be protected from unauthorised access, use or disclosure (Note: private sector organisations should also refer to section 25 of the HRIP Act for further instructions).
- Transparent – explain to the person what health information about them is being stored, why it is being used and any rights they have to access it.
- Accessible – allow people to access their health information without unreasonable delay or expense (Note: private sector organisations should also refer to sections 26-32 of the HRIP Act for further instructions).
Correct – allow people to update, correct or amend their health information where necessary (Note: private sector organisations should also refer to sections 33-37 of the HRIP Act for further instructions).
Accurate – ensure that the health information is relevant and accurate before using it.
- Limited Use – only use health information for the purpose for which it was collected, or a directly related purpose that the person would expect. Otherwise, you generally need their consent.
- Limited Disclosure – only disclose health information for the purpose for which it was collected, or a directly related purpose that the person would expect. Otherwise, you generally need their consent.
- Identifiers & Anonymity: Not identified – only identify people by using unique identifiers if it is reasonably necessary to carry out your functions efficiently.
- Anonymous – give people the option of receiving services from you anonymously, where this is lawful and practicable.
- Controlled – only transfer health information outside New South Wales in accordance with HPP 14.
- Authorised – people must expressly consent to participate in any system that links health records across more than one organisation. Only include health information about them, or disclose their identifier for the purpose of the health records linkage system, if they have expressly consented to this.
If you would like to view the complete Health Records and Information Privacy Act 2002 (NSW), please feel free to click here.