Wesley Health Pty Ltd (WH) is a privately owned and operated business specialising in weight loss and diabetes programs, health screening and health risk management, corporate wellness programs, health education, and comprehensive reporting and strategic advice.
- Sensitive information refers to information about a person’s racial or ethnic origin, religious beliefs or affiliations, philosophical beliefs, trade and professional memberships, sexual preferences or practices, or health information;
- WH, we, us and our refer to Wesley Health Pty Ltd ABN 87 098 519 727
- Personal information refers to any information or an opinion whether true or not, from which an individual’s identity is apparent, or can reasonably be ascertained.
WH abides by the APPs and the Privacy Act 1988. We have adopted internal procedures and this policy to ensure that personal information is dealt with in accordance with the APPs. Health information is classified as ‘sensitive information’ and special care must be taken in the maintenance and storage of health records and the release or alteration of health information. The full text of the APPs can be found online at www.privacy.gov.au.
WH collects personal information such as name, address, phone numbers and other contact details. We also collect participants’ age, sex, personal and family health history to allow our Health Professionals to provide the best health advice to individuals. We need to collect personal information so we are able to:
- Identify and collate health results
- Provide relevant services and referrals
- Suggest suitable follow up initiatives based on areas of risk
- Develop and implement initiatives to improve our products and services.
It is an individual’s right to decline from providing any personal information they wish. However, as a result we may be unable to deliver all services, care for them in the most appropriate manner, evaluate their current level of health fully and provide them with the best health advice.
We will only collect personal information directly from the individual concerned, or from other health professionals based on the person’s consent. Personal information is recorded or up-dated in our records each time we have contact with an individual.
All health information collected and stored by us is only collected following consent from the individual. Health information is classified as ‘sensitive’. Therefore we will only use information:
- To help us in providing the services requested;
- As a means of identification;
- To minimise risk of unauthorised access to personal information in our records;
- To aggregate and analyse de – identified information for the preparation of corporate health risk management reports and advice;
- To prevent or lessen a threat to life or health;
- To research and publish anonymous information in the interests of improved public health.
We will not disclose personal or sensitive information to a third party unless:
- The disclosure is for a primary purpose for which the information was collected;
- The individual has requested/consented to the disclosure;
- The third party is our agent or contractor, in which case we will require them to use personal information only for the purpose for which it was disclosed;
- There are reasonable grounds to believe that disclosure is necessary to prevent or lessen a threat to life or health;
- The disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or
- The disclosure is permitted, required or authorised by or under law.
We may use personal information to advise of new services and initiatives that we think may be of interest to clients. This may include newsletters and general information about Wesley Health. Individuals not wishing to receive direct marketing communications may easily request not to receive any either by advising us in advance, or by selecting to unsubscribe from our email communications. Use of client personal or sensitive information in any “success stories” will only take place following further specific client consent.
Correction of Records
During the course of our relationship with clients we need them to tell us of any changes to their personal information. During each contact we will verify details we have on file and ask the individual to inform us of any changes, incompleteness or inaccuracy so we can update personal information. Once we receive an individual request to change personal information, we will take reasonable steps to correct the information in the manner requested or make note in the client record that the request has been made. We will respond to all requests to correct personal information within a reasonable period after the request is made.
The protection of personal information is a priority for Wesley Health. We are committed to maintaining:
- Safeguards to protect personal information against unauthorised use, disclosure, access, alteration, destruction and accidental loss. All personal information we hold is dealt with in accordance with the APPs;
- Industry standards for the security and protection of information. Personal information is stored securely and access is restricted to authorised personnel only. Our computer systems require access passwords, and these are kept secure;
- Internal policies on management of personal information and staff training to ensure compliance with these policies, and
- Our staff are required to read this policy and understand their responsibilities in relation to personal information. WH employees sign a Confidentiality Deed as part of their employment agreement.
Storage, Maintenance and Access to Client Records
In order to meet our legal obligations we are required to store client medical files for a period of 10 years. During this time we need to ensure the integrity and security of all information contained within the record and ensure that access to this information is conducted according to the APPs. We will generally allow access to personal information if a specific request is made by an individual.
- WH owns the information we keep on our clients.
- All clinical entries/file notes are dated.
- A client has the right to access or alter the personal information we keep on record.
- All information we hold on clients is confidential is not released to anyone outside of the immediate WH team without the client’s written approval or otherwise as permitted in the Disclosure section above.
- All requests to access/alter client information must be in writing.
- All requests for access to client information must be forwarded to the Manager for consideration in accordance with Privacy legislation and for entry into the Privacy register.
- Once a client file is closed, it is archived off site, with a professional records storage group.
- A client must complete a WH ‘Request for the release of personal information form’ prior to a copy of his/her complete medical record being released to either him/herself, a nominated Doctor or third party.
- The file must be picked up in person by the client (or the person nominated in writing as an authorised representative of the client) and receipt signed for in the Privacy register. ID will be requested (e.g. Drivers Licence)
- No individual’s copied medical record (or part thereof) is to leave without the account for retrieval and copying being paid. None are to be sent via post.
- In the case of a company requesting mass transfer of records the above policy still applies, i.e. each person must complete a ‘Request for release of personal information form’. Each entry is made into the Privacy register and signed for by the person nominated to collect the records. The account for retrieval and photocopying is sent to the company for payment.
Restrictions on Access
Individuals may not be allowed access to the personal information we hold about them under the following circumstances:
- We reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- Giving access would have an unreasonable impact on the privacy of other individuals; or
- The request for access is frivolous or vexatious; or
- The information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or
- Giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- Giving access would be unlawful; or
- Denying access is required or authorised by or under an Australian law or a court/tribunal order; or
- Both of the following apply:
- The entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;
- Giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- Giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- Giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
Charges for Access
An administrative charge exists to cover the costs of retrieval and copying of information, stationery, postage etc. The charges are:
- A retrieval fee of $50.00 to cover the cost of obtaining the file from archives.
- Copying fee charges at $25 per hour (labour) and 10 cents per page.
We are committed to constantly improving our procedures so that personal information is treated appropriately. Our Privacy Officer manages the following process for us to:
- Listen to concerns and grievances regarding our handling of personal information;
- Discuss the ways in which we can remedy the situation; and
- Put in place an action plan to resolve complaints and improve our information handling procedures if appropriate.
If this process does not result in a satisfactory outcome, the individual should be referred to the Privacy Commissioner’s Office (email firstname.lastname@example.org). We will work together with the Privacy Commissioner’s Office to resolve any issues.
Privacy Officer: Rachael Elsworth
Telephone: 1800 567 348