Privacy Policy

Healthsmart Exercise Physiology Pty Ltd, herewith referred to as Healthsmart EP, is committed to ensuring the confidentiality and security of any personal information (including sensitive information) and health information that we hold. Our Privacy Policy is developed and stands in line with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and the Health Privacy Principles contained in the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act).

This policy document details how Healthsmart EP collects, maintains, secures, utilises and discloses your personal, sensitive and health information. Our current Privacy Policy is available on our website, at our head office and our satellite offices. The document is also available upon request by contacting us. Please refer to the ‘Contact us’ section below.

Our Privacy Policy Outlines:

  1. Definitions
  2. Consideration of personal information privacy
  3. Collection of personal information
  4. Dealing with personal information
  5. Integrity of personal information
  6. Access to and correction of personal information
  7. Contact us
  8. Complaints
  9. Modifications to our Privacy Policy

1. Definitions

Personal Information

Personal information is any information by which a person’s identity can be reasonably determined.

Collecting personal information here at Healthsmart EP is essential in conducting our business.

Health Information

Health information relates to personal information that is ANY information or an opinion about the physical and/or mental health and/or a disability (at any time) of an individual, including but not limited to health services provided, or to be provided.

2. Consideration of personal information privacy

Open and transparent management of personal information

Healthsmart EP may collect information about:

  • individuals who are the subject of our service, the legal representatives, treating practitioners and other service providers of individuals who are the subject of our service
  • individuals who are assisting someone who is the subject of our service, such as interpreters or carers, our clients who make enquiries or referrals to use our service, the representatives, service providers or contractors retained by our clients,
  • individuals who provide services to Healthsmart EP, including our specialists and contractors, our employees or individuals who apply for employment with us,
  • visitors to our website.

The kind of information that we collect and hold:

We will only collect what information is allowed by law, and that is reasonably necessary for, or directly related to, our ability to perform one or more of our key functions or activities. We will take all reasonable steps to ensure that the information we collect, hold, use or disclose is accurate, up to date, complete and relevant.

Depending on the individual circumstances, the kind of personal information that we collect and hold, use or disclose may include your name and contact details, including your address, phone numbers, company name and position title, and email address. We may also collect information about your date of birth and gender, information about your private health insurance and Medicare details, and details about your lifestyle activities. We may also collect sensitive information including information about your health and your medical history, your genetic information, your racial or ethnic origins and language(s) spoken, your religious beliefs or affiliations, your philosophical beliefs, your sexual activity or orientation, your educational and employment history, your membership of any professional or trade associations, membership of any trade unions, and any criminal records you might have.

We will only collect your sensitive and health information if:

  • we believe it is specifically relevant and reasonably necessary to the assessment being undertaken, and
  • it is relevant and does not intrude unreasonably or unnecessarily into your personal affairs, and
  • you have consented (directly to us or a third party) for that information to be provided to us, and
  • the collection of that information is allowed by law or a court/tribunal order, or where a permitted general situation or permitted health situation exists as defined by the Privacy Act.

If we are not provided with the necessary personal information, including sensitive and health information, in an accurate, up-to-date or complete form, we may not be able to effectively provide the services requested.

Anonymity and pseudonymity

In certain circumstances we may need to verify your identity. Such circumstances include though are not limited to a medical examination. If, in the event circumstances of your interaction with us does not require Healthsmart EP to verify your identity, and where lawful and feasible, you can elect to remain anonymous or to identify yourself through a pseudonym.

Healthsmart EP may record the name and contact details of individuals who approach us for information, and other details as necessary to verify their identity and whether they are authorised to access the requested information.

We will only assign or identify individuals using unique identifiers if it is reasonably necessary for us to perform any of our functions effectively.

3. Collection of personal information

Collection of solicited personal information

Where possible, reasonable and practical to do so, we will collect your personal, sensitive and health information directly from you, in person, in writing, over the phone, through text messages, by facsimile or by email.

Healthsmart EP may also collect your personal, sensitive or health information from third parties who are permitted to share your information with us for the purposes of providing our services, including from:

  • Your representatives
  • The person or organisation who referred you to our service
  • Other third parties who have been asked to provide your information to us Your treating healthcare providers
  • Government and law enforcement agencies
  • Public registries and publically available records Regulatory and licensing bodies
  • Online searches and social media

Healthsmart EP will only collect information through lawful and fair means, and only what information is authorised or required by law or a court/tribunal order. Unless otherwise permitted or required by law or court/tribunal order, we will only collect sensitive and health information about you which you have consented (directly or to a third party) to be provided to Healthsmart EP.

If Healthsmart EP receives unsolicited information, we will make all reasonable attempts to determine whether we are authorised to have received that information. If it is determined that we are not authorised, where it is lawful and reasonable to do so, we will take all reasonable steps to permanently and securely destroy the information. If it is determined we are not authorised to that information, we will also take all reasonable and practicable steps to notify the parties involved.

Unless otherwise authorised or required by law, upon request, we will take what steps are reasonable in the circumstances, to enable individuals to ascertain whether we hold health information relating to them, the nature of that information and the purposes for which it will be used, and their entitlement to request access to the information.

If you supply personal, sensitive, or health information to Healthsmart EP about another individual, you must ensure that the individual has been made aware of our collection of their information, have been informed of how the information will be used, of any consequences if some or all of this information is not collected, as well as the reasons for, and the parties to which the information might be disclosed, and that you have their consent for this information to be provided to us. We ask also that they are informed of how they may request access to this information and that you refer them to our Privacy Policy. Healthsmart EP will also provide these details to individuals upon request. If Healthsmart EP receives personal information from you about an individual, it will be assumed that the appropriate notification and consent, as outlined above, have been obtained.

Why we collect your information

Healthsmart EP collects, holds and uses personal information to enable us to provide our services and manage our business. We will only request appropriate information that we believe to be reasonably necessary for us to perform our key functions and activities, and that are necessary to allow our specialists to provide a comprehensive assessment and opinion. The sensitive and health information that we collect will be disclosed in the medical reports we provide to our referring clients.

We use your personal information to allow Healthsmart EP to:

  • Provide our product or service to you or the parties that referred you to us
  • Carry out our functions as a provider of medicolegal and associated independent reporting services.
  • Contact you, or provide information to you about our services
  • Access and obtain medical records and history from treating healthcare providers Analyse, manage and improve Healthsmart EP’s services and products
  • Manage our relationship with our clients, employees, contractors and providers. Manage complaints and queries
  • Comply with our legal and regulatory obligations
  • Conduct searches to collect additional information for regulatory and prudential purposes.
  • Other purposes as required or authorised under law for purposes for which you have provided your explicit or implied consent.

4. Dealing with personal information

Use and Disclosure of information

In the course of undertaking Healthsmart EP’s key functions and activities, it may be necessary for us to use or disclose your personal, sensitive and health information to other parties including the organization or individuals who referred you to our services, to the medical providers and specialists that we engage to provide services, as well as to other third parties and subcontractors that provide services to us.

Healthsmart EP will only use or disclose your personal, sensitive and health information for the primary purpose for which it was collected, or a directly related secondary purpose you would reasonably expect.

Where we need to use or disclose your personal information for a secondary purpose, unless otherwise required or permitted by law, we will only do so with your consent.

Prior to the use or disclosure of your information, Healthsmart EP will take all reasonable steps to ensure that the information is relevant, accurate, complete, up-to-date, and not misleading. Except for the circumstances outlined above, or unless otherwise required or authorised by law or to comply with a court/tribunal order, Healthsmart EP will not use or disclose your personal information to a third party without your prior consent unless it is in a de-identified form that will be unable to be identified at any stage as your personal information.

Unless required by a law or enforcement body, or unless required to fulfil our obligations to an agency or state authority, or when necessary to verify an individual’s identity, Healthsmart EP will not use or disclose any government related identifiers of an individual.

Healthsmart EP will not include your health information in any health records linkage system unless you have expressly consented to that information being so included. We will only include your health information or disclose your identifier for the purpose of a health records linkage system if you have expressly consented to this.

Any information that Healthsmart EP may share in aggregate form to any third party as part of any review process to analyse, manage or improve our services, will be de-identified and in a form that will be unable to be identified at any stage as your personal information.

Direct marketing

In some circumstances, if you are a client and have expressed an interest, and have provided to Healthsmart EP your contact information, we may on occasion send you emails with information about our products or services that may be relevant or of interest to you. If you do not wish to receive these offers or information, you can let us know by calling us on 0438 550 360 1111 during business hours, contacting our Privacy Officer at the details outlined below, or by return email, to unsubscribe from our mailing list.

Other than as outlined above, Healthsmart EP will not collect, use or disclose your personal information for the purposes of direct marketing.

Cross border disclosure of personal information

In certain circumstances, Healthsmart EP may need to transmit or disclose your personal, sensitive or health information to our providers or specialists, employees, or contractors who are located interstate or overseas. Healthsmart EP will only do so if it is required for us to provide our service to you or to the person who referred you to our services. In those circumstances, we will take all reasonable steps to ensure your information is transmitted securely, including appropriate encryption and password protection of the information, and only to parties who have committed to acting in accordance with our Privacy Policy, and in accordance with the Privacy Act and HRIP Act.

The countries in which these overseas recipients may be located will vary depending on the individual circumstances, but may include New Zealand. Healthsmart EP will not transfer or disclose information outside of Australia or New Zealand without prior authorisation.

Adoption, use or disclosure of government related identifiers

Healthsmart EP will not adopt a government related identifier of an individual as our own identifier unless the adoption of the government related identifier is required or authorized by or under an Australian law or a court/tribunal order.

5. Integrity of personal information

Quality of personal information

Healthsmart EP will take the necessary steps as are reasonable in the circumstances to ensure that the personal information Healthsmart EP collects is accurate, up to date and complete.

Healthsmart EP will take the necessary steps as are reasonable in the circumstances to ensure that the personal information Healthsmart EP uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.

Security of personal information

Healthsmart EP has stringent privacy control measures to ensure the protection of your information and we take all reasonable steps to ensure personal, sensitive and health information is protected from misuse, interference and loss, or from unauthorised access, modification or disclosure.

Healthsmart EP may hold information in both hardcopy and electronic forms and have multiple means by which we safeguard this information including:

Limiting access of personal and sensitive information to authorised parties. The degree of staff access to information is restricted according to the level of their need for performing their duties.

Electronic records are securely stored on our protected network. We employ up to date and password protected security systems to prevent any unauthorised computer or electronic access.

Hard copies of any personal or sensitive information are stored in a secure area with restricted access.

We obtain confidentiality agreements and commitments from all of our specialists, contractors, allied health assessors and third party organisations that undertake services for us, to securely store all information according to legislative requirements and in accordance with our Privacy Policy. They are required to undertake appropriate technical and organisational measures to ensure these standards are enforced. All Healthsmart EP providers and contractors undergo audits to ensure they continue to comply with our stringent requirements.

All staff are subject to confidentiality agreements in relation to personal information.

Where information we hold is no longer accurate or no longer needed, and where we are not required under law or court/tribunal order to retain that information, we will take all reasonable steps to permanently de-identify or destroy that information. We will take all reasonable and practical steps to ensure that sensitive and health information is not retained for longer than necessary and are disposed of securely and appropriately.

6. Access to and correction of personal information

Healthsmart EP’s suite of products and services are provided to our referring clients. If you were referred to our service by another organisation, we recommend that you approach that organisation directly with requests for access to, or revision of, your personal information.

Access to personal information

You may request access to the personal information we hold about you by contacting our Privacy Officer in writing at the details below.

Please provide as much detail as possible regarding the information requested and the form in which you wish the information to be provided. Healthsmart EP may need to verify your identity and we may also charge you a reasonable administration fee for the provision of the information. We will endeavour to respond to your request in a reasonable period, usually within 30 days.

In some circumstances, Healthsmart EP may withhold access to your personal information for the following reasons:

  • giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
  • giving access would have an unreasonable impact on the privacy of other individuals the request for access is frivolous or vexatious the information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings
  • giving access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations
  • giving access would be unlawful
  • denying access is required or authorised by or under an Australian law or a court/tribunal order
  • if we suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter
  • giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body
  • giving access would reveal evaluative information in connection with a commercially sensitive decision-making process

If access is refused, Healthsmart EP will provide you a written notice with the reasons for the refusal and the mechanisms available to complain about the refusal if you are not satisfied with our decision.

Correction of Personal information

Healthsmart EP endeavours to take all reasonable steps to ensure that your personal information is accurate, up to date, complete, relevant and not misleading and if you believe any of your personal information is incorrect or out of date, you may seek correction of your information by contacting our Privacy Officer at the details below. We will endeavour to respond to your request in a reasonable period, usually within 30 days.

If we are unable to correct your personal information as requested, we will provide you a written notice with the reasons for the refusal and the mechanisms available to complain about the refusal if you are not satisfied with our decision.

If we are unable to make the correction, and at your request, we will take such steps as are reasonable in the circumstances to associate with the information, a statement that you believe the information is inaccurate, out-of-date, irrelevant or misleading and details of the amendment sought.

7. Contact us

If you have any queries or feedback regarding our Privacy Policy, or to request access to or correction of your information, or if you feel the policy has been breached in any way, please contact our Privacy Officer:

Email: admin@healthsmaertep.com.au

Post: Attention ‘Privacy Officer’, PO Box 729, Main Beach, QLD, 4217

Telephone: 0438 550 360

8. Complaints

If you would like to complain about a breach of the Australian Privacy Principles or the Health Privacy Principles, you may contact our Privacy Officer at the details above. We endeavour to respond to your complaint or concerns in a reasonable timeframe, usually within 30 days.

If you are not satisfied with the outcome of your queries with us, you may refer the matter to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, or by calling 1300 363 992. Or you can also refer the matter to the QLD Privacy Commissioner by visiting http://www.oic.qld.gov.au/privacy.

9. Modifications to our Privacy Policy

Our Privacy Policy undergoes periodic review. An up to date copy of this Privacy Policy is available on our website. A copy of our current Privacy Policy can also be made available upon request by contacting Healthsmart EP at the details listed above. You can also obtain our Privacy Policy on request when attending our office.