PRIVACY POLICY

Commitment to privacy

We respect each person’s right to privacy, so we’re committed to complying with all applicable privacy legislation and to upholding the Australian Privacy Principles.

This Privacy Policy contains some important information about how we deal with personal information. “Personal information” is information we hold which is identifiable as being about you, your patients and your practice.

In this Privacy Policy the expressions ‘Synapse Medical Services’, ‘we’, ‘us’ and ‘our’ refer to the Synapse Medical Services Aus Pty Limited ABN 53 606 507 322 and its associated entities.

Health Records and Information Privacy

Because we are dealing with patient information, we take privacy very seriously. All staff and contractors must sign a confidentiality agreement before working with us.

All the patient information you provide to us is kept on secure servers and cannot be accessed by anyone who is not an employee or contractor of Synapse. As soon as your files have been completed, personnel are required to shred any hard copies and soft copies only will remain on our secure servers until it is no longer needed for any purpose, after which we will take reasonable steps to destroy the information or ensure than it is de-identified.

We protect your patients and we protect your practice.

Only you and the staff you authorise from your practice can request access to the information you have provided to us (including your information or that of your patients). Your patients may also request access to information we hold about them and such access will be provided unless it poses a serious threat to the life, health or safety of any individual or if the request for access is otherwise exempted under privacy legislation. No other medical practitioner, hospital, health fund or research body can access that information, unless to do so is authorised under law.

Collection of personal information

We only collect the personal information that is necessary to lawfully and ethically carry on our business, to provide the services our clients require in specific matters, to communicate efficiently with our clients and contacts, to keep our clients and contacts informed of legal developments and events, and to responsibly market our services.

Kinds of personal information we collect include

  • client and doctors’ information, including name, provider number and practice/employer information;
  • patient information (only as reasonably necessary to provide our services), including name, dates of birth, Medicare information, health fund information, billing item numbers and dates of service and, in some cases, health information; and
  • other personal information voluntarily provided to us.

We collect personal information about a person directly from the person concerned when it’s practical to do so. We may do this when a person meets with us, communicates with us by telephone, mail, fax or email, subscribes to our publications, or submits information via our website. We may be unable to provide the information or services a person requests if we are not given the personal information we ask for.

We also obtain information about people from our clients and their agents (in relation to specific matters), from their employers, or from publicly available records.

Given the nature of our services, it may not be practicable to collect personal information directly from the individual and we will instead receive personal information from a third party, such as a client. For example, we may receive information from our clients (being healthcare service providers) regarding their patients for processing. If a person gives us personal information about another person (for example, clients providing patients’ personal information), the third party must ensure that they have the legal right to do so and that they have obtained consent from the individual for us to use and disclose the information for the purposes for which it is provided to us (and in accordance with this Privacy Policy), without us contacting the person. Depending upon the circumstances, the third party may need to inform the person that the information has been provided to us and ensure that the person is made aware of the matters detailed in this Privacy Policy.

Use and disclosure

Client personal information

We may use personal information we hold about people who are clients, employees of clients, or contacts to send them our publications, information we think may interest them, or invitations to our events, but we won’t if they have told us that they don’t want to receive such communications.

Apart from that, we will only use or disclose the personal information we collect to provide the services that our clients instruct us to provide in specific matters.

Patient personal information

We do not use patient personal information except strictly for the purposes for which the personal information has been provided.

Generally

We will maintain the confidentiality of the information of our clients and their patients, and we will not disclose such information unless we have the individual’s instructions, or are legally able to do so.

Generally, we will only disclose personal information for a purpose that is related to the service that we are providing. We may disclose personal information to organisations that provide us with professional advice, such as solicitors, accountants and business advisors, and to contractors to whom we outsource certain functions such as data entry. These organisations may be located in countries such as Australia, India and the United Kingdom. Where possible, we contractually obligate our contractors (and in all other circumstances, we take all reasonable measures) to ensure that they comply with the privacy standards required by legislation in the jurisdiction in which the services are being provided.

We have operations in India, and some of our services are provided from this office. Our people (including our contractors) work in secure offices, complete their work on our secure server and we do not permit them to disclose information to sub-contractors. If you do not want personal information regarding you, your patients or your practice (“Your Personal Information”) to be sent outside of the country where you are located, please let us know and we can discuss the options available to you to keep the Personal Information in the country in which you are located (however you should note that these options may require you to pay additional costs).

Information security

We take appropriate steps to ensure that all personal information we hold is protected from loss, misuse, or unauthorised access, disclosure or modification. We maintain physical security over our premises and access to our computer systems is limited by user identifiers and passwords. All our staff and contractors are subject to strict obligations of confidentiality.

The measures we take to ensure compliance cover three (3) broad categories, all of which we comprehensively monitor. These include:

Administrative safeguards

 

  1. All staff and contractors sign comprehensive privacy and non disclosure agreements before they commence working with us.
  2. We have a privacy officer who is responsible for daily monitoring of privacy and security and also for ongoing team training and the induction and training of new team members.
  3. Team leaders ensure compliance and visually monitor daily operations including the appropriate use of secure logins to all servers.

Physical safeguards for any services provided from our India office include:

  1. Biometric (finger print recognition) technology is located on all entrances to work areas.
  2. The office has access control and CCTV monitoring.
  3. Personnel are only permitted to bring one small bag into work areas and have only one small drawer below their desks.
  4. Mobile phones are not permitted to be taken into work areas. Mobile phones are locked in lockers at the start of shifts. No personnel are permitted to work from home.
  5. Opaque film covers all windows where there is a view into a work area and where a computer screen may be visible from behind.
  6. A security guard is present onsite monitoring the premises.

All Australian offices also have access control and CCTV cameras.

 

Technical safeguards

  1. All servers are located in a secure, temperature controlled server room with 24 hour security and monitoring.
  2. All personnel work on remote Australian based servers and not on the local computers at which they sit.
  3. All data is stored in Australia.
  4. Access to local computers is blocked, all output devices/ports (e.g. USB, writable CD/DVD, flash) are disabled and external email is disabled on the local network.
  5. We use only communication channels secured by industry standard encryption protocols.
  6. Network perimeter security is implemented. This firewall ensures personnel cannot access any website that is not work related including all social media sites.

Our website

A person may use our website anonymously, but any information the person chooses to submit to us (e.g. to book for an event, subscribe to a publication, or send us an email) will be treated in accordance with this Privacy Policy.

Access rights

Individuals can request access to the personal information we hold about them. There are some limitations upon this right to access, including but not limited to, where giving access would have an unreasonable impact on the privacy of other individuals or if giving access would be unlawful. We may charge a reasonable fee if access is provided.

Correction

Individuals can also request correction of personal information we hold about them.

Contacting us about privacy

To enquire about any privacy issue, to make a request for access to or correction of personal information, or to complain about a possible privacy breach, please contact our privacy officer by emailing
privacy@synapsemedical.com.au