Nexus Privacy Policy

  • 1. Introduction

    Nexus Day Hospitals Pty Ltd and its related bodies corporate (collectively, Nexus, we, us or our) recognises that your privacy is very important. We are committed to, and understand the importance of protecting the personal information we collect from you.

    In handling your personal information, we comply with the Privacy Act 1988 (Cth) (Privacy Act) and the 13 Australian Privacy Principles (APPs) under the Privacy Act. Further, as a health service provider, Nexus comply with the Health Records and Information Privacy Act 2002 (NSW), Health Records Act 2001 (Vic) and Health Records (Privacy and Access) Act 1997 (ACT).

    This privacy policy sets out how we aim to protect the privacy of your personal information, your rights in relation to your personal information, and the way we collect, hold, use and disclose your personal information.

  • 2. What kinds of personal information do we collect?

    The kinds of personal information that we collect will vary depending on the type of dealings we have with you and how you interact with us.

    Patients

    Information we collect about you is generally considered ‘sensitive information’ (specifically, ‘health information’) within the meaning of privacy laws.

    When you become a patient of a Nexus hospital we may collect:

    • your contact information, such as your name, address, telephone number and email address;
    • your gender and date of birth;
    • your payment details;
    • your emergency contact details;
    • your GP contact details;
    • information about your eligibility for Medicare (including your Medicare number), your health fund details and/or Department of Veterans Affairs details (as applicable);
    • information about your eligibility for compensation or benefits (including workers compensation);
    • your medical history, medical investigations, medical images, treatment and advice you have been given, and other information relevant to your care and personal health; and
    • general feedback about Nexus and the hospital in which you had your

    Every time you attend the hospital, new information is added to your record. Please let admission staff know if your contact details have changed since your last admission.

    If you participate in the MyHealth Record program operated by the Commonwealth Department of Health, Nexus may access personal information stored in your MyHealth Record in accordance with the access controls that you have set within that system. If you do not want Nexus to access personal information stored in your MyHealth Record, you may modify the access controls in accordance with your preferences. Nexus will only access information stored in your MyHealth Record to the extent required for your treatment by Nexus.

    Other Individuals

    We may also collect personal information about individuals who are not patients of our hospitals. This includes individuals making enquiries about services offered at our hospitals.

    Information may also be collected about individuals who are not patients of our hospitals when making a record about a patient (for example, collecting emergency contact details or collecting a family medical history).

    Referring doctors and healthcare professionals

    We may also collect personal information about individual health practitioners who interact with our hospitals (such as referring doctors or other health professionals involved in the care of our patients). This is typically information such as your name, contact details, professional details, credentials, and information regarding interactions or transactions with the hospital. This information is collected for the purpose of administration, management and operation of our hospitals.

    Prospective employees/applicants

    We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you. We may also collect personal information from third parties in ways which you would expect (for example, from referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number, superannuation information, vaccination status, physical assessment for the role and other information necessary to conduct police checks.

    This Privacy Policy does not apply to Nexus’ employee records.

    Website visitors

    The way in which we handle the personal information of visitors to our website is discussed in the

    ‘Website Privacy’ section.

  • 3. How do we collect personal information?

    We will, where reasonable and practicable to do so, collect information directly from you, for example:

    • in person, over the phone, via email;
    • when you complete our hospital forms and paperwork; or
    • through the use of the Nexus

    In some instances, it may be necessary to collect information about you from another person such as:

    • your referring doctor (or their practice staff);
    • other health professionals involved in your care;
    • your private health insurer; or
    • your authorised representatives, relatives, next-of-kin or
  • 4. Why do we collect your personal information?

    Nexus collects your personal information in order to provide you with safe and effective healthcare and associated services. We also collect your personal information to administer and manage our hospitals and the health services we provide. More information about the way we use and disclose your personal information is set out below.

    Providing accurate and complete information is important for the safety, quality and effectiveness of the services we provide. If you do not provide accurate and complete information, or you withhold information, it may affect the safety, quality and effectiveness of the services we provide. In certain circumstances, if you do not provide us accurate and complete information, we may not be able to provide you with health care services. If you have any concerns about personal information we have asked you to provide, please raise those concerns with us.

    You do not have to identify yourself when you contact us. You can also use a nickname or alias to protect your privacy. However, it is generally not possible to remain anonymous as a patient.

  • 5. How do we use and disclose your personal information?

    Generally, we will only disclose your personal information to third parties for a purpose related to the provision of our healthcare services and in ways you would reasonably expect. We may also disclose your personal information to third parties for other purposes with your consent or if the disclosure is required or authorised by law.

    We may disclose your personal information to health professionals and health services providers involved in your care, such as:

    • your referring doctor;
    • your GP;
    • independent health service providers who are contracted to provide health care services at our hospitals (for example, a diagnostic imaging provider or a pathology provider); and
    • hospitals or health facilities you may be transferred to on

    We may also disclose your personal information when discussing your care with your authorised representatives, relatives, next-of-kin or carers unless you tell us you do not want us to do so.

    If you receive care or treatment that involves you being the recipient of a medical device or prosthesis, we may disclose your personal information to the manufacturer or supplier of that device or prosthesis to ensure that the device or prosthesis can be used safely and effectively (for example, to facilitate calibration or monitoring of the device or prosthesis for safety purposes). In some circumstances, those organisations are required to collect your personal information by law, for example, for safety, monitoring and recall purposes as required by the Therapeutic Goods Act 1989 (Cth).

    We may also use your personal information, and disclose your personal information to third parties, for other purposes required for the administration, management and operation of our hospitals, including:

    • administering billing (including administering Medicare benefits, health fund benefits and other third-party payment arrangements) and debt recovery;
    • managing, monitoring, planning and evaluating our services;
    • safety and quality assurance and improvement activities;
    • accreditation activities;
    • training of staff and health care workers;
    • testing and maintenance of information technology systems;
    • risk management and management of legal liabilities and claims;
    • responding to complaints or inquiries regarding health services provided at our hospitals;
    • obtaining advice from consultants and professional advisers; and
    • responding to subpoenas and other legal orders and

    If we sell our business, or any of our hospitals

  • 6. Direct marketing

    If you are a patient, we will not use or disclose your personal information for direct marketing without your consent.

    If you are a healthcare professional, we may collect and use your personal information to send you information about our services and activities (such as newsletters).

    If you do not wish to receive direct marketing communications, please email us at info@nexushospitals.com.au.

    We will never sell, distribute or lease your personal information to third parties unless we have your permission.

  • 7. Security of your personal information

    We take steps to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We store your personal information in different ways, including paper and electronic form.

    Personal information is held on secured servers or in storage located in controlled, access-restricted environments such as password-protected computer systems. We maintain strict policies regarding who has the authority to access your personal information and our employees are required to maintain the confidentiality of any personal information held by us.

    Personal information may also, in certain circumstances, be held on behalf of Nexus in paper-based or electronic forms by Nexus’ service providers (such as offsite document storage providers or electronic data storage providers). Nexus enters into agreements with such service providers which impose confidentiality and privacy obligations on the service provider.

    Nexus will destroy or de-identify personal information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.

  • 8. Will your personal information be sent overseas?

    We do not typically or routinely disclose personal information to overseas recipients. We will only disclose information overseas:

    • if we have your consent;
    • if we have taken steps to ensure the recipient will comply with the APPs; or
    • an exception under the APPs
  • 9. Correcting, accessing or updating your personal information

    Nexus takes reasonable steps to ensure the personal information we collect is kept up-to-date, accurate and complete.

    If your personal information changes (such as your name or address), you can contact us and let us know of the change. Please contact the Director of Nursing at the hospital you attended.

    Generally, if you need further information or do not understand any aspect of your care, we encourage you to contact your treating doctor so your questions can be answered in the context of your treatment.

    However, you have a right to request:

    • access to personal information we hold about you; and
    • correction of personal information we hold about you that is incorrect, inaccurate, out of date, incomplete, irrelevant or

    You may request access to any information we hold about you at any time. Where we hold information about you that you are entitled to access, we will provide you with suitable means of accessing it. We will not charge you for making the request. In circumstances where you request a copy, we may ask you to pay a charge to cover our administrative costs. In limited circumstances, your request may be declined in accordance with privacy laws.

    Where you think information Nexus holds about you should be corrected, you are entitled to request that we correct that information. It is generally not possible to make changes to clinical information recorded in your medical record, but you may ask us to include a statement in your records.

    From time-to-time, we may ask you to verify that your personal information held by us is correct and up-to-date.

    To protect your privacy and the privacy of others, we will need to verify your identity before granting access or making corrections to your personal information.

  • 10. Website Privacy
    Information we collect

    Our website may use cookies. A cookie is a small file which is placed on your computer or device when you visit our website. Cookies only identify your device and do not identify you personally.

    You can change the settings on your computer or device to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may affect how our website, and other websites, function.

    Pardot and Privacy Consent

    To provide our newsletter we use Pardot, which provides online tools to create, send and manage emails.

    Pardot may collect personal information, such as distribution lists that contain email addresses, and other information relating to those email addresses.

    For further information about the type of personal information Pardot collects, please refer to the Pardot Security and Privacy Architecture.

    We will only use this information to:

    • create, send and manage emails relating to the work of Nexus Hospitals

    • measure email campaign performance
    • improve the features for specific segments of customers

    • evaluate your use of our website

    • compile reports on website activity for website operators, and

    • provide other services relating to website activity and internet usage.

    Pardot may transfer this information to third parties where required to do so by law, or where such third parties process the information on Pardot’s behalf.

    Pardot collects information about when you visit the website, when you use the services, your browser type and version, your operating system and other similar information.

    Pardot is based in the United States of America (USA) and the information collected about your use of the website (including your IP address) will be transmitted to and stored by Pardot on servers located outside Australia.

    We are required to inform you that by subscribing to our eNewsletter:

    • You consent to your personal information being collected, used, disclosed and stored as set out in the  Salesforce Privacy Policy.

    • You understand and acknowledge that this service utilises a Salesforce platform, which is located in the United States of America (USA) and relevant legislation of the USA will apply.

    • Australian Privacy Principle 8.1 will not apply.

    • You understand and acknowledge that Pardot is not subject to the Privacy Act 1988 (Cth) and you will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the laws of the USA.

    You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by Pardot in every email, or contact Nexus Hospitals.

    You can also disable or refuse cookies or disable Flash player; however, you may not be able to use the services provided by Pardot if cookies are disabled.

    Links to other websites

    Our websites may contain links to other sites. We are not responsible for the privacy practices or content of other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each website linked on our website.

  • 11. Privacy Complaints

    If you have questions or concerns about privacy, please contact us using the contact information below.

    Email: privacy@nexushospitals.com.au Post:

    Privacy Officer
    Nexus Hospitals
    Level 1, 70-76 Alexander Street Crows Nest, NSW 2065

    If you have contacted us and your question or concern has not been resolved, you may make a complaint.

    We will consider your complaint to determine whether there are simple or immediate steps we can take to resolve your complaint.

    If your complaint requires more detailed consideration, we will let you know that we have received your complaint within two weeks and try to respond to your complaint promptly.

    In most cases, we will respond to a complaint within 30 days. If your complaint involves complex issues, we will let you know.

    In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner www.oaic.gov.au or call OAIC on 1300 336 002.

  • 12. Privacy and our website

    A copy of this privacy policy is also available on the Nexus website –

    www.nexushospitals.com.au/privacypolicy

    We regularly review our practices and procedures regarding how we manage personal information. As a result, this policy may be updated from time to time. Where we update this policy, we will make the updated policy available on our website.

    This privacy policy was last updated in August 2019.