Privacy Policy

Introduction

EnhanceMed Pty Ltd (ABN 68 642 289 209), are committed to protecting the privacy of client information and to handling any information in a responsible manner in accordance with the Privacy Act 1988 (Australia) inclusive of the Australian Privacy Principles, the Privacy Regulation 2013 and relevant State and Territory privacy legislation.

This Privacy Policy sets out how EnhanceMed complies with these legal and regulatory obligations in handling personal information.

A current version of the policy is available on our website and a copy can be provided on request. This policy is current and will be reviewed regularly to ensure compliance with ongoing Australian privacy legislation.

EnhanceMed and What We Do

EnhanceMed provides a range of consultative and administrative services to specialist healthcare providers/centres in Australia on behalf of the medical, dental and allied health practitioners who operate within them, either as an individual or as a group.

These services include finance management, operational support, project management and business compliance management.

EnhanceMed aims to optimise practitioner’s businesses and assist them in their provision of patient healthcare (clinical services) through administrative and non-clinical service delivery.

We do not provide services or data collection directly with patients and as such act as a third-party provider to the contracted specialist healthcare provider/centres.These contracted healthcare centres are also bound by the relevant privacy legislation regarding their collection of patient data, use and disclosure of personal information. In all interactions, patient records remain the property and responsibility of the medical practitioner, practice or other health service provider to which EnhanceMed is contracted. EnhanceMed manages employee records and hosts a company website, which also provides access to personal information.

Collection of Personal Information

EnhanceMed understands the importance of maintaining privacy in relation to the personal information we collect, use, disclose, hold or otherwise handle in providing consultative and administrative services, managing employee records and hosting a website.

EnhanceMed only collect information that is necessary, relevant and directly related to our functions and activities. Personal information is collected when:

specialist healthcare providers/centres contract our services;
clients interact with us over the phone, in person or online;
participating in surveys or questionnaires;
attending an EnhanceMed event;
subscribing to our mailing list.

The below types of personal information that may be collected by contracted specialist healthcare provider/centres and held and/or remotely accessed by EnhanceMed related to patients within could include:

Identity

Name
Address
Date of Birth
Gender/Sex
Email address
Telephone number
Healthcare identifiers
Details of next of kin

Billing and Administration

Medicare Number
Health insurance membership number
Credit card number (this information is not retained or stored and is purely collected to facilitate payment of clinical services)
Use of websites for appointments and/or online forms

Medical

Medical history
Clinical notes
Test results
Treatment plan
Prescribed medications
Referral details
Disease status
Clinical Digital Images

Through the EnhanceMed company website personal information of viewers is collected and held. This information may include any information contained in an online enquiry or a request, device type and ID, internet address, pages visited, time and date of visit and geo-location information.

EnhanceMed as an employer collects and retains employee personal information which is exempt from the Australian Privacy Principles. However, having regard to the recommendations of the Workplace Ombudsman and best practice, we have developed both an ‘Internal Information and Privacy Policy’.

Use and Disclosure of Personal Information

EnhanceMed treats all personal information as strictly private and confidential which is collected either as a contracted service and/or in day-to-day operations as a company. In the course of our operations, EnhanceMed uses and handles personal information as is reasonably required to manage the administration of contracted activities and functions including the storage of data, data analytics, systems maintenance, penetration testing, accounts reconciliation, debtor management, business compliance and Electronic Medical Record review. Personal information is also used to improve the quality of the services we offer, to deliver a more personalised service and for marketing purposes.

Subject to compliance with applicable Australian law, these activities can include our use and, where necessary, disclosure of personal information for billing and collection purposes, including the need to obtain payment from, as appropriate – the patient, Medicare, private health insurance funds or from any organisation responsible for payment of any part of the patient’s account, such as the Department of Veterans Affairs.

All healthcare services are required under legislation to have their own privacy policy which outlines to their patients that they may contract services (e.g. EnhanceMed) into their business and disclose personal patient information. These healthcare services impose security and confidentiality requirements on how the contracted service handles personal information. EnhanceMed is required not to use the personal information collected by the healthcare services for any purpose other than those activities they have been contracted to perform.

When undertaking contracted services or in daily business operations, EnhanceMed may correspond with healthcare providers and clients via email. Our emails are not encrypted.

EnhanceMed use aggregated and anonymised information collected to improve our services, including the administration of our website, production of reports and analytics, advertising our products and services, identifying user demands and assisting in meeting customer needs generally.

EnhanceMed use the personal information collected via our website to deliver services including: communicating with you, providing technical support, notifying you of updates and offers, sharing useful content, measuring customer satisfaction, diagnosing problems and providing you with a personalised website experience. Any information you choose to make publicly available, such as blog comments and testimonials on our website, will be available for others to see. If you subsequently remove this information, copies may remain viewable in cached and archived pages on other websites or if others have copied or saved the information.

Our website uses analytics and cookies to help us better understand visitor traffic, so we can improve our services. We do not use cookies to identify you, just to improve your experience on our website. If you do not wish to use the cookies, you can amend the settings on your internet browser so it will not automatically download cookies. However, if you remove or block cookies on your computer, please be aware that your browsing experience and our website’s functionality may be affected.

We may send you direct marketing communications and information about our services, opportunities, or events that we consider may be of interest to you (if you have requested or consented to receive such communications.) These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Australian Spam Act 2003. You may opt-out of receiving communications from us at any time by following the instructions to “unsubscribe'' set out in the relevant communication.

Where required to comply with a legal requirement, such as a regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request, EnhanceMed may from time to time disclose client information, which may include personal data.

EnhanceMed may also access, use or disclose personal information for the purposes of a permitted general situation or permitted health situation under the Privacy Act 1988 or where we reasonably believe it necessary to lessen or prevent a serious threat to the life, health or safety of an individual or public and to protect the rights, property or safety of our customers or third parties.

If there is a change of control in our business (whether by merger, sale, transfer of assets or otherwise) client information, which may include personal data, could be transferred to a purchaser under a confidentiality agreement. We would only disclose the personal data in good faith and where required by any of the above circumstances.

Sharing of Information with Third Parties

At times, personal information may be disclosed to third parties who provide support or maintenance services for computer software, systems or equipment including practice management systems, cloud storage systems and software and hardware within contracted centres where we are providing services.

To the extent that EnhanceMed do share personal data with a third party, we would only do so if that party has agreed to comply with our privacy standards as described in this privacy policy and in accordance with applicable law. Our contracts with third parties prohibit them from using any personal data for any purpose other than that for which it was shared. EnhanceMed do not and will not sell or deal in client personal information.

Storage And Security of Information

EnhanceMed subject to confidentiality and security conditions, manage and store personal information in a secure fashion.

EnhanceMed uses all reasonable means to protect the confidentiality and security of the personal information provided to them under contract by specialist healthcare providers/centres while in their possession or control. We take reasonable technical and organisational precautions to protect personal data and sensitive information held from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction (where applicable) of the information.

Employees, contracted third parties and other parties to whom EnhanceMed disclose information, sign a confidentiality agreement that requires them to comply with the Privacy Act 1988 and the EnhanceMed Privacy Policy.

EnhanceMed take reasonable steps to ensure that the personal information we hold is protected and kept confidential and secure, including by:

having a robust physical security of our premises and databases/records;
taking measures to restrict access to only personnel who need that personal information to effectively provide services;
having password protection and varying access levels on databases;
having technological measures in place, such as anti-virus software, fire walls etc.

Personal information may be stored on our computer systems and/or in hand-written notes. This information is collected in various ways through direct or remote access to the client’s computer systems, via the telephone, in person and in writing.

To enable EnhanceMed to deliver their services, transfer of personal information across interstate borders for storage and processing may be required. EnhanceMed does not take responsibility for its clientele storing or sending personal data overseas.

Retention of personal information

EnhanceMed retains personal information for as long as is needed to provide the contracted service and as otherwise necessary to comply with our legal obligations, deliver services, resolve disputes and enforce our agreements. When EnhanceMed no longer require the personal information, reasonable steps are taken to destroy the information or ensure that the information is de-identified.

EnhanceMed will endeavour to keep your personal information accurate, complete and up to date. If you wish to make a request to access and/or correct the personal information we hold about you, you should make a request by contacting us and we will usually respond within 7 days.

Breach of Security

In the event there is a breach within EnhanceMed’s security and personal information data is compromised, we will immediately contain the data breach to prevent any further compromise of personal information. Following assessment of the data breach and evaluating the risks, we will take action to remediate any risk of harm and undertake notifications in compliance with the applicable law.

The Privacy Act 1988 contains both voluntary and mandatory notification obligations if there is a breach of personal information data.

Links To Other Websites

The EnhanceMed website may contain links to other websites. These links are meant for the user’s convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites.

Please be aware that EnhanceMed is not responsible for the privacy practices of such other websites and encourage our users to be aware, when leaving our website, to read the privacy statements of each and every website that collects personally identifiable information.

This privacy policy applies solely to information collected by the EnhanceMed website and we accept no responsibility for information that you may provide to these websites.

The Spam Act 2003

The Spam Act 2003, prohibits sending unsolicited emails, SMS and MMS messages for commercial purposes and that every commercial message must contain an 'unsubscribe' option.

EnhanceMed will not send unsolicited communications that do not directly relate to a service you have previously signed up with or agreed to and that all electronic communications will include an unsubscribe facility.

Complaints and enquiries

EnhanceMed is committed to the protection of client’s privacy. If you have any questions about how we handle personal information, would like to complain about how we have handled your information or would like further information about our Privacy Policy, please submit a written query or complaint to our Privacy Officer (contact details below).

Our Privacy Officer will address your complaint and liaise with you to resolve the issue within a reasonable time (usually two weeks). If you are unhappy with the outcome, you may lodge a complaint with the Australian Information Commissioner to review. Further information is available at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint.

Contact Details

Please direct any queries, complaints, requests for access to EnhanceMed records to:

Privacy Officer

EnhanceMed Pty Ltd

ADDRESS: PO Box 3, Greenwell Point NSW 2540

EMAIL: enquiries@enhancemed.com.au

PHONE: 1300 309 053

Contact Info

1300 309 053

enquiries@enhancemed.com.au

Office Locations

Sydney NSW

South Coast NSW

South East and Central QLD

Opening Hours

Mon - Fri: 08:00 - 18:00
Sat - Sun: Closed

EnhanceMed acknowledges the traditional owners of the land in which we work and live, and recognise their continuing connection to land, water and culture.

We pay our respects to their elders past, present and emerging, and recognise the strength, resilience and capacity of the people of this land.