The purpose of this policy is to ensure that Northern Queensland Primary Health Network (NQPHN) collects, uses, discloses, and administers personal and health information in accordance with the Commonwealth Privacy Act 1988 (Privacy Act) and associated Australian Privacy Principles (APPs).
NQPHN makes the commitment to undertake reasonable steps to implement the practices, procedures, and systems described in this policy that will ensure NQPHN complies with the Privacy Act and protect the privacy of personal and health information which the organisation collects, uses, discloses, and administers. NQPHN will implement practices based on the principles of openness and transparency when assisting individuals understand how their personal and health information is managed.
NQPHN recognises the rights of individuals to have their personal and health information administered in such a way as to make it secure and protected, and accessible to them upon request.
Purpose for collecting personal information
NQPHN collects only the personal or health information necessary to allow the organisation to provide products and services and maintain relationships with clients whose information they hold. NQPHN’s primary function is to assess and understand the health needs of the local region, and to engage service providers to provide health services within the local region.
We use personal information to:
- comply with legislative, regulatory and/or funding requirements;
- conduct quality assurance, improvement, clinical audit, and research activities in respect of the medical and allied health industry;
- engage service providers to provide health services;
- perform risk and probity checks in respect of contract management;
- oversee and undertake performance management of service providers;
- provide information about NQPHN products and services;
- perform administrative operations, including accounting, payroll, risk management, record keeping, archiving, systems development and testing;
- conduct marketing or client satisfaction research;
- develop, establish, and administer alliances and other arrangements with other organisations in relation to the promotion and use of related products and services;
- develop and identify products and services that may interest clients and staff; and
- tell clients about products and services that may be of interest to them.
Type of personal information collected
The type of personal information that NQPHN collects includes names, addresses, email addresses, phone numbers, position title and other identifying information. Health information may be collected by NQPHN directly or indirectly from service providers engaged by NQPHN to provide health services, during contract management.
NQPHN also collects data to provide broad advice to the government and industry. Data is combined and general statistics are generated. NQPHN produces several publications and will also collect data to monitor the use of these publications.
How personal information in collected
The main way that NQPHN collects personal information is when it is provided directly to us by an individual, or if it is given to us by a service provider.
NQPHN will record e-mail addresses only after direct receipt of a message or if collected directly from the individual. E-mail addresses will not be added to a mailing list, unless they have been provided specifically to subscribe to NQPHN’s mailing list. Where individuals subscribe to NQPHN publications, their details are added to the NQPHN contact database.
Personal information collected by e-mail or electronic forms will be used only for the purpose for which it was provided and will not be disclosed without consent, except where authorised or required by law.
Where it is lawful and practicable to do so, NQPHN will allow individuals to provide information anonymously.
An individual who chooses to access the services of NQPHN anonymously will be advised of any potential consequences resulting from their decision.
NQPHN will not preclude an individual from participating in the activities of the organisation, because they request anonymity.
Management of information
NQPHN will take reasonable steps to ensure that its web environment, internal network, and databases are protected from unauthorised access using current technologies. This includes:
- Undertaking regular assessments of security measures, and assessing the risk of misuse, interference, loss and unauthorised access, modification, or disclosure of that information;
- Implementing appropriate steps to minimise any risks to security that have been identified;
- Conducting regular reviews to ensure these steps have been implemented appropriately.
NQPHN will store personal and health information on secure servers that are protected in controlled facilities.
Use and disclosure of personal information
NQPHN may, from time to time, use and disclose personal information to related companies, agents or contractors who provide products and services to NQPHN or on behalf of NQPHN. In dealing with these agents or contractors, NQPHN ensures that the information provided is disclosed only for the purpose for which it was collected.
Subject to law, the types of third parties NQPHN may disclose personal information to include:
- NQPHN’s agents, contractors, and external advisers;
- other organisations with whom NQPHN has alliances or arrangements for the purpose of promoting respective products and services, provided that such use would be expected by the individual concerned and provided there is an easy way for an individual to opt out of receiving further information from the third party;
- Commonwealth and State government agencies and other funders; and
- external payment systems operators.
Health information will not be used for a secondary purpose unless the use or disclosure is required or authorised under law, a person has consented to the use or disclosure of their health information for the secondary purpose, for the use of research (de-identified data) or the use or disclosure is otherwise permitted by the Privacy Act.
Transborder data flows
NQPHN will only transfer personal information about an individual to someone who is in another State or foreign country if:
- the individual consents to the transfer;
- the recipient is bound by legislation that is substantially similar to the Privacy Act; or
- NQPHN is reasonably sure that the information will not be held, used or disclosed inconsistently with the privacy principles set out in the Privacy Act.
Access to information
Individuals may request access or corrections to their own personal or health information held by NQPHN by writing to the Privacy Officer at NQPHN, PO Box 7812, Cairns City, QLD, 4870. Alternatively, you can call (07) 4034 0300.
Any complaints in relation to NQPHN’s handling of personal information should be directed to email@example.com, or NQPHN, PO Box 7812, Cairns City, QLD, 4870. Alternatively, you can call (07) 4034 0300.
Unless a complaint can be dealt with immediately to the satisfaction of both parties, NQPHN will provide a response to the complainant within 14 days of the complaint being received.
If an individual believes the complaint has not been appropriately handled by NQPHN, they should contact the Office of the Australian Information Commissioner using their online Privacy Complaint Form at www.oaic.gov.au.
Privacy Impact Assessment (PIA) register
As part of our commitment to transparency and compliance with privacy standards, the NQPHN PIA register is available below.
|General practice data||Demographic and clinical data extracted from clinical software of general practices participating in the NQPHN Data Program and/or PIP QI.||Executive Director Health System Integration and Innovation|
|PMHC-MDS||Primary Mental Health Care Minimum Data Set (PMHC-MDS) - entered into rediCASE by NQPHN-funded mental health providers. De-identified data extracted monthly and uploaded to the Department of Health and Aged Care portal. Data regarding service provision, client demographics, diagnoses, medications.||Executive Director Health System Integration and Innovation|
|Surveys||Registration for events/trainings, etc.||Executive Director Health System Integration and Innovation|
|Feedback, Compliments, and Complaints||To enable a mechanism for stakeholders to provide feedback, compliments, and complaints to NQPHN in accordance with regulatory obligations. Feedback provider contact details (name, address, phone, email). Details of feedback, compliment, or complaint (this may in some circumstances include sensitive information e.g. health information). This information will be collected by NQPHN staff and managed centrally by the Risk Manager within a Feedback, Compliments, and Complaints register.||Executive Director Business Services|
|Human Resources||EmployeeConnect is a Human Resource Information System. It will be used for storing employee onboarding information, position descriptions and advertising, reviews for performance, and reporting.||Executive Director Business Services|