Prestige Health Services Australia Pty Ltd (ACN 611 536 004) and New Zealand company no. 7808196) (PHSA) provides a range of allied health, injury management and rehabilitation services in Australia and New Zealand.
PHSA’s services include the provision of client-centered rehabilitation services, supporting individuals with injury, illness, or disability to achieve health, social and vocational goals; allied health assessment and treatment services (such as psychology, counselling and social work); federal and state-based workplace rehabilitation services; injury prevention services; and work health and safety assessments, training and consulting (Services).
PHSA provides its Services in accordance with:
- in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) and other health privacy laws; and
- in New Zealand, the Privacy Act 2020 and the Health Information Privacy Code 2020.
- Types of personal information collected
- How your personal information is collected
- How we use personal information
- How we share or disclose personal information
- How your personal information is held
- How you can access and correct your personal information
- How you can provide feedback or make a privacy complaint
What is personal information?
“Personal information” means information or an opinion that is capable of reasonably identifying you, whether that information or opinion is true or not and whether the information or opinion is recorded in a material form or not. Personal information may include your name, age, gender, postcode and contact details, as well as sensitive information.
“Sensitive information” includes, for example, the following:
- health information, such as details of your medical history
- your genetic and biometric information
- information or an opinion about your racial or ethnic origin, sexual orientation, membership of a professional association, trade association or trade union or your religious beliefs (which is also personal information).
Type of personal information collected
PHSA collects personal information and sensitive information.
PHSA may collect personal information and sensitive information for a lawful purpose connected with a function or activity of PHSA. The information that we collect is limited to what is needed for the Services that PHSA is providing.
The personal information and sensitive information collected and held by PHSA includes:
- Name, address, phone number and date of birth
- Employment status and salary
- Diagnosis and past and present treatment
- Names and contact details of treatment providers
- Injury, illness and/or the disability history of individuals who are referred to our Services (each a participant)
- Government related and other identifiers (for example insurer claims numbers and, in Australia, a National Disability Insurance Scheme (NDIS) Plan number)
- Employment history
- Educational qualifications
- Claim information
- Referral information, for example, the details of the referring employer or insurer, the names and contact details of a participant’s treating professionals and the name and contact details of a participant’s next of kin or carer;
- Correspondence (letter; email; fax; or phone)
- Photos (for example workplace assessment photographs detailing the nature of your role and duties required)
- Medical records, medical certificates, reports and assessments.
If you are a job applicant, we may collect details of your referees.
How your personal information is collected
Personal and sensitive information may be collected through the following means:
- face to face and over the phone from you or via meetings conducted virtually
- when you complete a form on our Website or online
- when you enquire about a Service through our Website
- when you send an email or enquiry to us
We may also collect information about you from other sources if:
- you have given authority for us to collect your information from another source;
- you have given consent/authority to another source to share the information with us, for example, as part of your rehabilitation or pre-employment assessment such as employers, care agencies and third party insurers, other rehabilitation providers, such as treating doctors and the Accident Compensation Corporation (ACC) in New Zealand;
- the information will not be used in a form that identifies you; or
- the collection of the information in a particular manner is authorised by law.
In addition to collecting and storing necessary information to communicate with individuals about their health concerns, PHSA also stores names, addresses and contact details of key contacts of clients, contractors, insurers, suppliers and other parties we interact with related to business activities.
PHSA does not collect personal information from our social media pages (such as LinkedIn, Facebook, Instagram or YouTube accounts).
How we use personal information
PHSA only uses personal information and sensitive information as necessary for PHSA to provide the Services.
Personal and sensitive information collected by PHSA is used to complete a thorough assessment of participants and identify the most appropriate rehabilitation / intervention services for participants to, for example, return to work, improve their health and wellbeing and recommence social activities. Refusal to provide the information that is requested by PHSA may result in PHSA being limited with the Services it is able to provide to participants.
Personal information will be used to:
- contact you regarding Services related to your enquiry or completed online form
- inform you of updates to a Service you used or showed interest in or may reasonably have interest in
- comply with various contractual and legal obligations, such as to provide Services we have been engaged to provide to our clients and participants
- assess and manage risk to the health, safety and wellness of participants, clients and wider community.
- assess the suitability of job applicants and consultants for employment/engagement with PHSA.
How we share or disclose personal information
PHSA will only share your personal and sensitive information with third parties where permitted by law, including if any of the following applies:
- you have consented to the disclosure
- the disclosure is in connection with, or directly related to, one of the purposes for which your information was obtained
- the information was obtained from a public source
- a health situation exists where disclosure is permitted under privacy law, for example to provide a health service or for research purposes
- disclosure is authorised by you
- disclosure is necessary to prevent or lessen a serious threat to public health or safety, or the life or health of any individual
- disclosure is necessary for court proceedings
- disclosure is necessary to uphold or enforce the law
- disclosure is authorised by, for example, the Privacy Commissioner.
Where PHSA is required to disclose participants’ personal and sensitive information to third parties, this is not done ordinarily without the participant’s consent and is to assist in the appropriate rehabilitation / intervention being provided to the participant. Only in exceptional circumstances can personal and sensitive information be provided to third parties without the consent of the participant, such as where a participant or employer has reported possible self-harm or harm to others, or where PHSA is required to by law.
Your personal and sensitive information may be disclosed to the following in relation to carrying out the Services we have been engaged to provide:
- if you are a participant, your authorised health practitioners and representatives
- our industry partners, including employers and insurers (providing workers compensation, life insurance and compulsory third party insurance)
- our related companies and their staff
- our professional advisors (such as accountants and lawyers)
- government or third-party service partners such as:
- in Australia, the NDIS, iCare, Comcare and operators of the state workers compensation schemes and Life Insurers
- in New Zealand, the ACC, the Ministry of Social Development (MSD) and Apex NZ.
Personal information and sensitive information is not disclosed ordinarily to recipients outside Australia and New Zealand. In the event that personal information and sensitive information we have collected is disclosed to a party outside Australia and New Zealand, we will take steps to confirm the recipient will comply with a standard which provides a level of protection comparable to the privacy laws of Australia and New Zealand.
How your personal information is held
PHSA takes reasonable steps to implement and maintain generally accepted standards of technology and operational security to protect personal information. PHSA also takes reasonable steps to protect the personal and sensitive information it holds from misuse and loss and from unauthorised access, modification or disclosure.
Personal information and sensitive information is stored in ‘Case Manager’, our client case manager software (provided by Chameleon Software Pty Ltd), which is a secure system with password access and permission controls. Health-related information that we collect for the purpose of treating participants may include details on specific injuries or treatments. Our team members only have access to files which are relevant to their roles. Similarly, a client manager will only be able to access all participant files referred by that client. All data stored within Case Manager is encrypted at rest and in transit is protected using transport layer security (TLS) encrypted with a Case Manager security certificate, which has been signed by a trusted certificate authority.
In respect of New Zealand participant files, our administration and accounts team based in Australia only provide support in respect of entering referral details into Case Manager and issuing invoices. Our IT manager, who is based in Australia and is an employee of PHSA, may need to access Case Manager (and New Zealand participant files), where required to provide IT support.
Our quality assurance team may review reports before they are provided to clients: Australian quality assurance team members review reports intended for Australian-based participants and New Zealand-based quality assurance team members review reports intended for New Zealand-based participants. On occasion, our New Zealand-based team members may need to access Australian participant files for account management and quality assurance purposes.
Case Manager uses Amazon Web Services (AWS) to store personal and sensitive information and related document files.
Paper-based copies are destroyed once uploaded onto the system.
PHSA employees and contractors are trained in privacy controls and procedures to protect your personal information. Any person acting on behalf of PHSA must not transfer personal information to an employer or treating professional without a participant’s consent and establishing the identity of the recipient through the use of a personal identifier and/or cross check.
PHSA also maintains your security by using locks, security systems, data storage facilities, password protected devices, lockable filing cabinets and other appropriate information technology security systems and processes. Individual offices are available for client appointments to ensure confidentiality and privacy is maintained.
PHSA will take reasonable steps to destroy or permanently de-identify personal information (such as a job applicant’s resume) if it is no longer required. However, please note that PHSA is required to retain health-related information for specific periods mandated by health privacy legislation in Australia and New Zealand.
In Australia, for example, state health privacy laws require health service providers to retain health information for seven years from the last time an individual received the health service.
In New Zealand, for example, the Health (Retention of Health Information) Regulations 1996 require health providers to keep any health records they hold for a patient for 10 years from the last time they provided services to that patient. Some Occupational Health monitoring records can require retention for up to 40 years.
We may collect information about you when you use and access our Website. We may record certain information about use of the Website, such as the pages or screens visited, the time and date of the visit, the type of device being used, the internal protocol or IP address assigned to the device, the country where you are located and, where you enter our Website from another website, the address of that website. This information does not identify you as an individual, but it does provide PHSA with statistics and data that we can use to analyse and improve our Website.
You can disable cookies through your internet browser. However, our Website may not work as intended if you do so.
How you can access and correct your personal information
PHSA will take reasonable steps to make sure that the personal information and sensitive information we collect, use or disclose is accurate, complete and up-to-date.
You have a right to request access to the personal and sensitive information we hold about you. To request access, please contact our Privacy Officer using the contact details below.
If you consider any of your personal or sensitive information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are entitled to request correction of the information. After receiving a request from you, we may require you to verify your identity and/or evidence that the information we have is inaccurate, incomplete or out-of-date. We will take reasonable steps to correct the information.
We will deal with your request within a reasonable timeframe. We may decline your access and/or correction request in certain circumstances in accordance with the applicable privacy laws. Sometimes we may not be able to make requested corrections because the information is an opinion, such as a clinical or medical assessment. If we do refuse your request, we will provide you with a written reason for our decision and information on how to complain about the refusal. Where we have refused your correction request, we will include a statement with your personal (or sensitive) information about the requested correction if you ask us to do so.
How you can provide feedback or make a privacy complaint
- If you are in Australia, please contact the PHSA Privacy Officer by email: [email protected] or phone 1300 522 141; or
- If you are in New Zealand, please contact the PHSA Privacy Officer at [email protected]
If you have a concern or complaint about the way in which your personal information is being managed, please contact our Privacy Officer using the contact details below.
Our Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint.
Your complaint will then be investigated. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within a reasonable time, usually within 10 working days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint:
- If you are in Australia, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website oaic.gov.au.
- If you are in New Zealand, you can lodge a complaint with the Office of the Privacy Commissioner via webpage: Office of the Privacy Commissioner | Before you make a complaint.
Quality Management Team
Prestige Health Services Australia Pty Ltd
1300 522 141