Nexus Day Hospitals Pty Ltd and its related bodies corporate (collectively, Nexus, we, us or our) recognises that your privacy is very important. We are committed to, and understand the importance of protecting the personal information we collect from you.
In handling your personal information, Nexus complies with the Privacy Act 1988 (Cth) (Privacy Act) and the 13 Australian Privacy Principles (APPs) under the Privacy Act as well as other relevant laws about how private health service providers handle personal information (including but not limited to patient health information).
2. What kinds of personal information do we collect?
The kinds of personal information that we collect will vary depending on the type of dealings we have with you and how you interact with us.
Information we collect about you is generally considered ‘sensitive information’ (specifically, ‘health information’) within the meaning of privacy laws.
When you become a patient of a Nexus hospital we may collect:
- your contact information, such as your name, address, telephone number and email address;
- your gender and date of birth;
- your payment details;
- your emergency contact details;
- your GP contact details;
- information about your eligibility for Medicare (including your Medicare number), your health fund details and/or Department of Veterans Affairs details (as applicable);
- information about your eligibility for compensation or benefits (including workers compensation);
- your medical history, medical investigations, medical images, treatment and advice you have been given, and other information relevant to your care and personal health; and
- general feedback about Nexus and the hospital in which you had your procedure.
Every time you attend the hospital, new information is added to your record. Please let admission staff know if your contact details have changed since your last admission.
If you participate in the MyHealth Record program operated by the Commonwealth Department of Health, Nexus may access personal information stored in your MyHealth Record in accordance with the access controls that you have set within that system. If you do not want Nexus to access personal information stored in your MyHealth Record, you may modify the access controls in accordance with your preferences. Nexus will only access information stored in your MyHealth Record to the extent required for your treatment by Nexus.
We may also collect personal information about individuals who are not patients of our hospitals. This includes individuals making enquiries about services offered at our hospitals.
Information may also be collected about individuals who are not patients of our hospitals when making a record about a patient (for example, collecting emergency contact details or collecting a family medical history).
Referring doctors and healthcare professionals
We may also collect personal information about individual health practitioners who interact with our hospitals (such as referring doctors or other health professionals involved in the care of our patients). This is typically information such as your name, contact details, professional details, credentials, and information regarding interactions or transactions with the hospital. This information is collected for the purpose of administration, management and operation of our hospitals.
We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you. We may also collect personal information from third parties in ways which you would expect (for example, from referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number, superannuation information, vaccination status, physical assessment for the role and other information necessary to conduct police checks.
The way in which we handle the personal information of visitors to our website is discussed in the ‘Website Privacy’ section.
3. How do we collect personal information?
We will, where reasonable and practicable to do so, collect information directly from you, for example:
- in person, over the phone, via email;
- when you complete our hospital forms and paperwork; or
- through the use of the Nexus
In some instances, it may be necessary to collect information about you from another person such as:
- your referring doctor (or their practice staff);
- other health professionals involved in your care;
- your private health insurer; or
- your authorised representatives, relatives, next-of-kin or carers.
4. Why do we collect your personal information?
Nexus collects your personal information in order to provide you with safe and effective healthcare and associated services. We collect your personal information to administer and manage our hospitals and the health services we provide, and in order to meet mandatory reporting requirements related to serious events as required by the various Australian state and territory health authorities. More information about the way we use and disclose your personal information is set out below.
Providing accurate and complete information is important for the safety, quality and effectiveness of the services we provide. If you do not provide accurate and complete information, or you withhold information, it may affect the safety, quality and effectiveness of the services we provide. In certain circumstances, if you do not provide us accurate and complete information, we may not be able to provide you with health care services. If you have any concerns about personal information we have asked you to provide, please raise those concerns with us.
You do not have to identify yourself when you contact us. You can also use a nickname or alias to protect your privacy. However, it is generally not possible to remain anonymous as a patient.
5. How do we use and disclose your personal information?
Generally, we will only disclose your personal information to third parties for a purpose related to the provision of our healthcare services and in ways you would reasonably expect. We may also disclose your personal information to third parties for other purposes with your consent or if the disclosure is required or authorised by law. Any such disclosure would be subject to and comply with existing data security and storage requirements set out in the Health Privacy Principles and Information Privacy Principles.
We may disclose your personal information to health professionals and health services providers involved in your care, such as:
- your referring doctor;
- your GP;
- independent health service providers who are contracted to provide health care services at our hospitals (for example, a diagnostic imaging provider or a pathology provider); and
- hospitals or health facilities you may be transferred to on discharge.
We may also disclose your personal information when discussing your care with your authorised representatives, relatives, next-of-kin or carers unless you tell us you do not want us to do so.
We may disclose your health and personal information (as authorised by the Health Services Act 1988) for quality and safety purposes. This would be limited to disclosing your information to entities responsible for investigating failures in quality and safety and for health system quality and safety oversight, such as the relevant state health department and state regulatory bodies and/or other health service entities. Disclosure and/or use of your personal information in this circumstance is designed to address any quality and safety issues that may have affected you to ensure they inform continuous service improvement.
If you receive care or treatment that involves you being the recipient of a medical device or prosthesis, we may disclose your personal information to the manufacturer or supplier of that device or prosthesis to ensure that the device or prosthesis can be used safely and effectively (for example, to facilitate calibration or monitoring of the device or prosthesis for safety purposes). In some circumstances, those organisations are required to collect your personal information by law, for example, for safety, monitoring and recall purposes as required by the Therapeutic Goods Act 1989 (Cth).
We may also use your personal information, and disclose your personal information to third parties, for other purposes required for the administration, management and operation of our hospitals, including:
- administering billing (including administering Medicare benefits, health fund benefits and other third-party payment arrangements) and debt recovery;
- managing, monitoring, planning and evaluating our services;
- safety and quality assurance and improvement activities;
- accreditation activities;
- training of staff and health care workers;
- testing and maintenance of information technology systems;
- risk management and management of legal liabilities and claims;
- responding to complaints or inquiries regarding health services provided at our hospitals;
- obtaining advice from consultants and professional advisers; and
- responding to subpoenas and other legal orders and obligations.
If we sell our business, or any of our hospitals, your personal information will be transferred to the new owner.
6. Direct marketing
If you are a patient, we will not use or disclose your personal information for direct marketing without your consent.
If you are a healthcare professional, we may collect and use your personal information to send you information about our services and activities (such as newsletters).
If you do not wish to receive direct marketing communications, please email us at firstname.lastname@example.org.
We will never sell, distribute or lease your personal information to third parties unless we have your permission.
7. Security of your personal information
We take steps to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We store your personal information in different ways, including paper and electronic form.
Personal information is held on secured servers or in storage located in controlled, access-restricted environments such as password-protected computer systems. We maintain strict policies regarding who has the authority to access your personal information and our employees are required to maintain the confidentiality of any personal information held by us.
Personal information may also, in certain circumstances, be held on behalf of Nexus in paper-based or electronic forms by Nexus’ service providers (such as offsite document storage providers or electronic data storage providers). Nexus enters into agreements with such service providers which impose confidentiality and privacy obligations on the service provider.
Nexus will destroy or de-identify personal information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.
8. Will your personal information be sent overseas?
We do not typically or routinely disclose personal information to overseas recipients. We will only disclose information overseas:
- if we have your consent;
- if we have taken steps to ensure the recipient will comply with the APPs; or
- an exception under the APPs applies.
9. Correcting, accessing or updating your personal information
Nexus takes reasonable steps to ensure the personal information we collect is kept up-to-date, accurate and complete.
If your personal information changes (such as your name or address), you can contact us and let us know of the change. Please contact the Director of Nursing at the hospital you attended.
Generally, if you need further information or do not understand any aspect of your care, we encourage you to contact your treating doctor so your questions can be answered in the context of your treatment.
However, you have a right to request:
- access to personal information we hold about you; and
- correction of personal information we hold about you that is incorrect, inaccurate, out of date, incomplete, irrelevant or misleading.
You may request access to any information we hold about you at any time. Where we hold information about you that you are entitled to access, we will provide you with suitable means of accessing it. We will not charge you for making the request. In circumstances where you request a copy, we may ask you to pay a charge to cover our administrative costs. In limited circumstances, your request may be declined in accordance with privacy laws.
Where you think information Nexus holds about you should be corrected, you are entitled to request that we correct that information. It is generally not possible to make changes to clinical information recorded in your medical record, but you may ask us to include a statement in your records.
From time-to-time, we may ask you to verify that your personal information held by us is correct and up-to-date.
To protect your privacy and the privacy of others, we will need to verify your identity before granting access or making corrections to your personal information.
10. Website Privacy
Information we collect
You can change the settings on your computer or device to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may affect how our website, and other websites, function.
Links to other websites
Our websites may contain links to other sites. We are not responsible for the privacy practices or content of other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each website linked on our website.
11. Privacy Complaints
If you have questions or concerns about privacy, please contact us using the contact information below.
PO Box 568, Crows Nest NSW 1585
If you have contacted us and your question or concern has not been resolved, you may make a complaint.
We will consider your complaint to determine whether there are simple or immediate steps we can take to resolve your complaint.
If your complaint requires more detailed consideration, we will let you know that we have received your complaint within two weeks and try to respond to your complaint promptly.
In most cases, we will respond to a complaint within 30 days. If your complaint involves complex issues, we will let you know.
In the event you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner www.oaic.gov.au or call OAIC on 1300 336 002.
12. Privacy and our website
We regularly review our practices and procedures regarding how we manage personal information. As a result, this policy may be updated from time to time. Where we update this policy, we will make the updated policy available on our website.