Privacy Policy

This Privacy Statement applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.

Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history or the health services you have received). Sensitive information also includes a person’s: religious beliefs; sexual preferences; political views; racial or ethnic origin; membership of a professional or trade association; and criminal record.

The information you provide us forms the basis of your health record. Your health record is updated when you see us.

We may collect personal information from you so that we can provide services to you, or where this is otherwise necessary, for our functions or activities.  In particular, we may collect your personal information:

• to provide you with health services and other services;
• to provide you with information regarding our services or to respond to your enquiries;
• to arrange billing with you for our services where applicable; or
• to obtain your consent to the above services and activities.

You are not required to disclose your personal information to us.  However, if you do not provide the information requested, we may not be able to provide you with appropriate services or treatment, or provide you with relevant information regarding our services.

If you are a cohealth client, it may not be practicable for you to be treated on an anonymous basis or for you to use a pseudonym, because this would prevent us from being able to provide you with appropriate care.  Services provided under Medicare require identification prior to service. People wishing to remain anonymous or use a pseudonym may not be eligible to claim Medicare or (funding) and may be required to make full payment for the services provided. In addition, due to some of our project and funding requirements, we may not be able to accept pseudonym names due to the collection of personal information requirements as stated in the agreements.

We collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.

We only collect your personal information where you have consented, or otherwise in accordance with the law.

We usually collect your personal information directly from you through your interactions with us.

We may also collect your personal information from third parties where authorised under the privacy laws, such as from other health service providers and health professionals, pathology and diagnostic imaging service providers for the continuation of your health care, and from family members, guardians or other persons you have authorised to provide your personal information to us.

When we collect your personal information, we will as soon as practicable take reasonable steps to notify you of the details of the collection, such as the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and also notify you that this Privacy Statement contains details on how you may access or correct your information, or raise any complaints.

We may collect personal information (including sensitive information) about you, such as:

• your name and date of birth;
• your contact details, such as your address, email, phone number;
• your health and medical history, including health-related practices and behaviours, and family history;
• your Medicare number, DVA number, and other government identifiers; and
• your billing details if applicable.

We may also collect personal information from individuals who are not clients to enable us to work or transact with them. These persons may include:

• staff, students and volunteers;
• job applicants; and
• contractors / consultants.

Generally, we will only collect sensitive information with your consent or where required by law.

If you are a cohealth client, we generally use your personal information for the following main purposes:

• to provide health services and other services for you;
• to provide you with information regarding our health services and other services;
• for administrative services, including billing and appointments, and for administration of our clinical records and management systems including accreditation;
• to refer you to other health professionals or support services; and
• to identify and claim benefits from third parties such as Medicare.

If you are a job applicant, staff member, student, volunteer or contractor/consultant service provider, we may use your personal information to manage our relationship with you or work or transact with you, for example to assess and (if successful) to engage an applicant, staff member or contractor.

Other specific purposes for which cohealth uses job applicants, staff members and contractor’s personal information include:

• for insurance purposes;
• to consider for the role being applied for; and
• to satisfy cohealth’s legal obligations.

Where cohealth receives unsolicited job applications, they will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.

cohealth career website is managed by Talent Propeller. Refer to our website for Talent Propellers privacy policy –  https://cohealthcareers.org.au/policy/privacy/index/

We may also use your personal information for purposes permitted under the applicable privacy laws, which may include the following:

• for purposes which are directly related to the main purposes we use your information (as above) – in circumstances where you would reasonably expect us to use your information;
• for management, planning, monitoring, improvement and evaluation of our services, we take all reasonable steps to de-identify any information used. You may be approached or invited to participate in specific surveys for research and program improvement or evaluation purposes, and your consent will be obtained for this purpose; and
• for training and educating our own staff, we take all reasonable steps to
  de-identify any information used.

cohealth is committed to LGBTIQA+ health equity. With client’s consent, cohealth asks and collects information about LGBTIQA+ identity. This ensure people have an opportunity to affirm their identity, and that cohealth provide the best service possible.

Referrals

Some of your personal information may be used for your referrals. cohealth uses a clinical software that ensures only relevant information is included on referrals.

We may disclose your personal information to:

• other health professionals or support services involved in the provision of your care, such as your GP or specialist medical practitioners; or
• hospitals, clinics, pathology and diagnostic service providers, and other organisations involved in the provision of your care; or
• outsourced service providers where necessary to enable cohealth to perform its function as a health care service.

where this is necessary for your ongoing care and support.  If you tell us you do not wish for your personal information to be disclosed to a particular health professional or organisation, we will not do so without your consent.

Subject to you providing all necessary consents or us otherwise being authorised under the privacy laws to do so, we may also disclose your personal information to:

• government departments (e.g. Medicare, so you can claim benefits for services);
• funding bodies (e.g. where you receive services which those bodies have funded);
• We may disclose your personal details to the Victorian Department of Health or its authorised contractors, in order for them to send you a survey about your experience with us. There is a detailed description of the survey at: https://vahi.vic.gov.au/ourwork/datasets/patient-experience-and-outcomes-data
• My Health Record (if you have not opted out of this Australian Government service)

We will not otherwise disclose your personal information to any third parties unless you have consented, or we are otherwise permitted or required to do so by law.  This may include disclosure of your personal information in the following circumstances:

• disclosure to comply with our legal obligations, including, but not limited to, where we are required to provide information under a subpoena or Court order or other mandatory reporting or information sharing requirements under law;
• where we are otherwise authorised or permitted to do so under law, such as where we reasonably believe disclosure is necessary to prevent or lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

If you are a job applicant, staff member, student, volunteer or contractor/consultant service provider, we may disclose your personal information to manage our relationship with you or work or transact with you.

The Family Violence Information Sharing Scheme under the Family Violence Protection Act 2008 (Vic)Part 5A) makes us responsible to request and share information to assess and manage family violence risks.

The Child Information Sharing Scheme under the Child Wellbeing and Safety Act 2005 (Vic) (Part 6A) makes us responsible to request and share information to promote the safety and wellbeing of children.

Information will only be shared, received and handled by cohealth under these Schemes in accordance with the terms of the relevant legislation.  Information cannot be shared under these Schemes unless it is for a permitted purpose, being:

• For the Family Violence Information Sharing Scheme: for either of:
  • a family violence assessment purpose (the purpose of establishing or assessing a risk of a person committing, or being subjected to, family violence); or
  • a family violence protection purpose (the purpose of managing a risk of a person committing, or being subjected to, family violence, including the ongoing assessment of risk, where there is a reasonable belief that a person may commit family violence, or that a person is being subjected to family violence.
• For the Child Information Sharing Scheme: for the purpose of promoting the wellbeing or safety of a child or group of children or managing a risk to a child.

Sharing information is important so we can work better to keep perpetrators in view and keep you (and your children) safe. We will only share confidential information about you (or your children) with other services that are legally allowed to receive that information, and only.

We may use video surveillance for security purposes and the footage will be used only by cohealth and by the providers of our security services for security purposes, and in accordance with the applicable privacy laws and surveillance devices laws. Surveillance videos are not used by cohealth for other purposes and the footage is not publicly available but may be supplied to law enforcement agencies when required or authorised to do so by law. Surveillance cameras are not located in any bathrooms or change room facilities.

We prioritise your privacy and confidentiality.

If your provider is working remotely during any consultations, it will always be done in a private space.

Before engaging in any real-time audio/visual recording, duplication, or storage of consultations, whether they occur in person, via telehealth, or remotely, we will always seek your consent. 

We will only disclose your personal information to a recipient that is located interstate or overseas with your consent and in accordance with the requirements of the APPs and HPPs.

It may be necessary to disclose your personal information to persons or organisations outside of Victoria/Tasmania, or overseas to provide you with ongoing care and treatment (for example, where a referral is made to a health professional located interstate or overseas).

We will only disclose your personal information outside of Victoria/Tasmania or overseas if:

• you have provided your prior consent, and the receiving person or organisation is subject to a law, binding scheme or binding contract that provides substantially similar protection to the APPs and HPPs which you can access and enforce; or
• if the disclosure is otherwise required or authorised by law.

We may collect your personal information through the cohealth website, such as your email address or other contact details when you seek information regarding our services or make another enquiry with us. We will deal with this personal information in accordance with this Privacy Statement and the privacy laws.

We use ‘cookies’ on our websites to make web pages easier to use. A cookie is a small packet of information that a website places on a computer as a tool to record preferences and enhance functionality of the site. We may also use web beacons, Flash local stored objects and JavaScript. When you use our website, having your cookies enabled will allow us to maintain the continuity of your browsing session and remember your details when you return.

You can prevent the use of these through adjusting your browser settings to block, reject or delete these functions, but this may affect your ability to use the full functionality of the website and it may not function in an optional manner.

We may also use analytics tools to collect data about your interaction with our websites, and to track use of our websites and to maintain and improve those sites.

Information collected could include:

• IP address;
• top-level domain name;
• the date and time of visit to cohealth website;
• pages access on the cohealth website and any documents downloaded;
• type of browser used (e.g. Internet explorer, Firefox, Safari, Google Chrome); and
• type of device used (e.g. phone, tablet, PC).

We use the ‘HotDoc’ appointment booking platform. If you choose to register with HotDoc to book appointments, you will be sharing your personal information with HotDoc for this purpose, and you are agreeing to your personal information being collected and handled by HotDoc (and your booking information shared with us) in accordance with HocDoc’s Privacy Policy. You can click here to view HotDoc Privacy Policy and can e-mail HotDoc, privacy@hotdoc.com.au, with any concerns or requests related to the HotDoc account that is created.

cohealth’s staff are required to respect the confidentiality of personal information and the privacy of individuals.

cohealth has in place steps to protect the personal information cohealth holds from misuse, interference and loss, and from unauthorised access, modification, and disclosure.   We use various physical and technological security measures to protect the personal information we hold, including locked storage of paper records and passworded access rights to computerised records.

We store your information securely and where possible, we keep it in an electronic file.

We have a data breach response plan, which we would follow in the unlikely event of a privacy or data breach. We are also required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act.  The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.

An ‘eligible data breach’ occurs when:

• there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
• this is likely to result in serious harm to one or more individuals; and
• the organisation has not been able to prevent the likely risk of serious harm with remedial action.

An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.

Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act.

When your personal information is no longer required (and in the case of your health information, the information has been retained for the required periods under the HPPs or otherwise under law) we will take steps to securely destroy the information or to ensure that the information is permanently de-identified.  Note that under law we are generally required to hold your health information for a minimum of seven years from the date of last entry for an adult, and for any clients who are children until they would have reached 25 years old.

cohealth will take reasonable steps to ensure that the personal information it holds is accurate, complete, up-to-date, relevant and not misleading.

You have a right to request access to the personal information that we hold about you.

To request access to medical records or other health information, you will need to complete a Request for Access to Medical Records Form, available from reception at any cohealth service or click here to download the form. You are required to provide proof of your identity to staff when applying. We may charge a fee (as allowed under legislation) for photocopying and sending the information.  If fees apply, you will be contacted to discuss those fee’s prior to release.

You may otherwise request access to the personal information that we hold about you, using our contact details below.

cohealth may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, cohealth may charge a reasonable fee to retrieve and copy any material. If the information sought is extensive, cohealth will advise the likely cost in advance.

In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.

If you believe that the personal information we hold about you requires correction or updating (e.g. because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected by contacting the Site Manager or Privacy Officer of cohealth at any time.

cohealth will make a decision on your request to access or correct records within 30 days of your request.  If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.

cohealth will store all feedback separately to a client’s electronic health record. Your feedback will be kept confidential and only those involved in the complaint handling will have access to the details.

cohealth follow the Complaint Handling Standards of the Health Complaints Commissioner, in accordance with the Health Complaints Act 2016 (Vic).  This Act also provides that consumers can make a complaint to the Health Complaints Commissioner about the way a complaint is handled by a health service provider.

If you would like further information about the way cohealth manages the personal information it holds, please contact the Privacy Officer.  If you have any concerns, complaints or you think there has been a breach of privacy, or you wish to access or correct your personal information, then also please contact the Privacy Officer who will first deal with you usually over the phone.

• email: privacy@cohealth.org.au
• call: 03 9448 6102 
• postal: 90 Maribyrnong St, Footscray VIC 3011

If you are not satisfied with our response your privacy enquiry or complaint, we will seek to meet with you to discuss further.

If you are not satisfied with our response, or in any case you do not wish to deal with us directly, you may at any time raise your enquiry or complaint to any of the following:

Office of the Australian Information Commissioner via:

• website: https://www.oaic.gov.au/
• call: 1300 363 992
• postal: GPO Box 5218, Sydney NSW 2001

Office of the Victorian Information Commissioner via:

• website: https://ovic.vic.gov.au/
• email: enquiries@ovic.vic.gov.au
• call: 1300 006 842
• postal: PO Box 24274, Melbourne VIC 3001

Health Complaints Commissioner via:

• website: https://hcc.vic.gov.au/
• call: 1300 582 113
• postal: Level 26, 570 Bourke St, Melbourne VIC 3000

For further information, you can request access to cohealth policy documents from the Privacy Officer or learn more about the Victorian Charter of Human Rights and Responsibilities, and/or the Australian Charter of Healthcare Rights, at:

• The Victorian Equal Opportunity and Human Rights Commission on 1300 292 153
• The Australian Commission on Safety and Quality in Health Care on (02) 9126 3600

We may revise this Privacy Statement from time to time. We will update you on any changes to this Privacy Statement through our website at cohealth.org.au, and we will make the most current version of this Privacy Statement will be available when you receive services from us, or on your request.