For information on how the Agency deals with personal information as the My Health Record System Operator, see the Privacy Statement on the My Health Record website.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Why does the Agency collect and handle personal information?
Like many organisations, the Agency collects personal information in order to communicate with people and meet its business obligations and objectives.
The Agency may collect personal information in the course of assisting healthcare organisations submit an application to register for digital health services.
How does the Agency collect personal information?
The Agency may collect personal information from an individual:
- by telephone or facsimile;
- via Australian Digital Health Agency (the Agency) website, or other websites owned or operated by the Agency;
- by mail or email; and
- in person.
Wherever possible, the Agency will collect information directly from an individual. Where the Agency collects personal information from a third party, it will take reasonable steps to inform the individual to whom the personal information relates about the collection.
Whose personal information does the Agency collect?
The Agency may collect personal information about:
- individuals who contact the Agency with an enquiry;
- individuals who act on behalf of a healthcare organisation and apply to register for digital health services through the Agency;
- individuals who deal with the Agency as part of consultation, including a reference group or as a representative of a stakeholder organisation;
- the Agency's business associates;
- goods and services providers (including contractors); and
- job applicants.
What personal information does the Agency collect?
The types of personal information that the Agency may collect include:
- name and other identifying information about the individual (this may include Evidence of Identity documentation where the individual is applying to register for digital health services through the Agency);
- name of organisation that the individual represents;
- job title;
- contact information such as address, email and contact number;
- Healthcare Provider Identifiers;
- resumes and other information provided to the Agency; and
- financial details (e.g. in order to conduct business with contractors).
Does the Agency collect sensitive personal information?
The Agency will only collect sensitive information (including health information), as defined by the Privacy Act, with an individual's consent or where collection is required or authorised by law.
Where relevant, the Agency may collect information about an individual's membership of a professional association. This will usually occur where an individual represents a professional association in their dealings with the Agency. This may also include the individual's Healthcare Provider Identifier.
How does the Agency use and disclose personal information?
The Agency may use the personal information it collects in order to:
- respond to enquiries and otherwise engage with stakeholders;
- support a healthcare organisation to apply to register for digital health services;
- provide information and marketing to an individual about an initiative by the Agency, including with regard to any consultation or engagement event;
- conduct business with its business associates and contractors;
- contact an individual regarding matters that it believes will be of interest to them; and/ or
- assess a job application and communicate with job applicants.
Individuals who receive an email newsletter or other marketing material from the Agency, have the ability to opt out of further communications of this nature.
Where the Agency collects personal information and/or Healthcare Provider Identifiers as part of supporting a healthcare organisation to apply to register for digital health services, the Agency will disclose that information to the Department of Human Services. If an individual applying to register for digital health services chooses to verify their identity with the Agency via the Document Verification Service (DVS), the Agency will disclose the personal information the individual providers (for example, passport number) via DVS to the government issuer, who will verify whether the information provided matches the information held by the issuer.
The Agency will only disclose personal information about an individual with that individual's consent or where disclosure is required or authorised by law.
Information provided via the internet
The security of any information provided to the Agency via the internet cannot be assured as the internet is not a secure environment. Individuals should protect their own personal information appropriately.
Cookies and location information
A cookie is a very small text file which is stored on an individual's computer hard drive, or other access device, when a user first visits a website. Cookies may be used on the Agency websites, including www.digitalhealth.gov.au. When a user returns to a website owned by the Agency, the cookie enables the Agency to register that same browser on which the cookie is stored has returned. Cookies help the Agency to improve its website and monitor internet traffic.
In addition to cookies, the Agency may collect information from you such as your computer's IP (internet protocol) address. When you sign up to receive downloads from our website, the Agency may also collect geolocation data associated with your IP address, which will identify your region or city.
All of this information is used by the Agency to analyse website traffic and/or improve user experience. No attempt will be made to identify users or their browsing activities, except where required by or under law.
Refer to the help section of your browser for instructions on blocking, deleting, or disabling cookies.
Access and correction
Individuals have the right to request access to and/or correct the personal information that the Agency holds about them. If you wish to request access or a correction, please contact the Agency's Privacy Team at the address set out below. The Agency may request evidence of your identity before granting a request for access or correction.
Enquiries and complaints
If you wish to make an enquiry or complaint relating to the handling of your personal information, please contact the Agency's Privacy Officer at the address set out below. If you have a complaint, we will respond as quickly as possible and inform you of the progress of your complaint. The Agency will use the information collected in the lodgement of complaints to investigate and resolve individual issues and to provide feedback to staff within the Agency.
The Australian Digital Health Agency (the Agency)
Level 25, 56 Pitt Street
Sydney NSW 2000
Telephone: (02) 8298 2600
Changes to policy