Who we are?
We are Idameneo (No 123) Pty Ltd (ACN 002 968 185), Sidameneo (No. 456) Pty Ltd (ACN 089 995 817) and our related body corporates, together the medical and dental centre division of Limestone Bidco Pty Limited (ForHealth Medical & Dental Centres, we, us, our).
We manage medical and dental centres in Australia (Centres) and provide facilities and services to healthcare providers including medical and dental practitioners (healthcare providers) who operate their own independent businesses from the Centres. We provide the administrative and non-medical services to those healthcare providers to assist those healthcare providers to provide you with medical, dental or other health services (medical services). Those healthcare providers are not our employees or our independent contractors and, in providing medical services, are operating their independent businesses. Medical records are not owned by us but rather are owned by the relevant healthcare professional in conjunction with you, their patient.
The healthcare practitioners who provide you with medical services have legal and professional obligations to ensure that your medical records contain sufficient information to enable other healthcare professionals to continue to manage your needs and provide continuity of care.
Any release of medical records is completed in compliance with a medical records release policy.
What personal information do we collect and hold?
We will only collect personal information from you where reasonably necessary for purposes directly related to the services healthcare providers provide you, their patient. We will only collect as much personal information as healthcare providers operating from our Centres need to provide you, their patient, with services (including medical services) and to allow us to facilitate payment by the healthcare provder for those services. The types of personal information we may collect and hold about you include:
Billing and administration
We may also collect personal information from you when you use and access our websites (including any information contained in an online enquiry or a request for an appointment, device type and ID, IP address, pages you visited, time and date of visit and geo-location information).
If you do not provide the personal information we request, healthcare providers operating their own business from our Centres may not be able to provide medical services to you.
How do we collect and hold personal information?
We collect personal information about you in several ways, including from:
- you directly (including through our websites, when you complete a new patient form, or when you interact with a personnel of a Centre, e.g. a nurse or receptionist);
- someone with responsibility for you (such as your parent, carer or guardian);
- independent healthcare providers in a Centre, including as recorded in your patient records;
- external health providers which is provided to a Centre and included in your medical record;
- national digital health records (such as your My Health Record);
- government agencies such as the Department of Veterans Affairs or Medicare, that you may use for assistance to access the medical and dental services at our Centres; and
- contractors or service providers engaged to carry out functions on our, or our medical practitioners’, behalf (such as call centres and other providers of recall, marketing campaigns and other communication services).
When you attend one of our Centres to obtain services from the healthcare providers operating from those Centres, a unique digital medical record is created for you. Every time a medical, dental or health service is provided to you, new information is added to your medical record.
Why do we collect, hold use and disclose your personal information?
1. Health Services
Personal information is collect, use, disclose and handle about you for reasons including:
- to allow healthcare providers to provide you, their patient, with appropriate health care, treatment and services;
- to allow healthcare providers to assist you in managing and improving your health;
- provide a medical history for you that allows your healthcare provider to provide you with better care, as it assists with identifying changes to your health over time;
- respond to your online enquiries or process requests for appointments; and
- send you appointment reminders (including by SMS or email) in relation to obtaining services from your healthcare provider. This enables the making of follow-up appointments to discuss test results, or to remind you that you, or a dependent, are due for an immunisation, pap smear, annual health assessment or other type of consultation or test.
2 Ordinary course operation of our business
We also use and handle your personal information as is reasonably incidental to our ordinary course operations, including where necessary to manage our administration, store data, conduct systems maintenance and penetration testing, and manage accounts and payment for the services provided to you. Subject to compliance with applicable Australian law, these incidental operations shall include our use and, where necessary, disclosure of your personal information:
- for billings and collection purposes, including to obtain payment from, as appropriate, you, Medicare, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
- to provide you with information and materials about products and services offered by the Centres which might be of interest to you. Where you attend a Centre you will be taken to have consented to the receipt of such materials (including by SMS and email), and to the use and disclosure of your personal information for this purpose. You may opt-out of receiving such materials by contacting the Privacy Officer below or following the unsubscribe process described in the relevant material;
- if the circumstances require, to our professional advisers or insurers, or those of your medical practitioners in compliance with applicable law and on a confidential basis;
- to manage and store your personal information in a secure fashion;
- for data entry and data analytics purposes;
- to enable an individual to discharge their duties as a director, officer or executive manager of our corporate group under Australian law; and
- to third parties, subject to confidentiality and security conditions, (including, in certain circumstances described below, to offshore third parties):
- who provide support or maintenance services for medical software, systems or equipment we use (including our practice management system, cloud storage systems and software and hardware within Centres);
- which provide services to local health networks (either on a de-identified basis, or for the purpose of the third party de-identifying such information); or
o where otherwise reasonably incidental to our ordinary course operations at our Centres, including to provide or assist us with the services described above.
3 Teaching and research
We may use de-identified information (derived from your personal information) for teaching purposes or to monitor, evaluate, plan and improve medical services.
We may use your de-identified information to provide third parties (such as universities, government organisations and pharmaceutical companies) with aggregated, de-identified health information about the medical practitioners’ patients. These third parties may use the bulk de-identified information they receive from us for their business purposes.
Should you, at any time, wish to withdraw your consent for your personal information to be part of a de-identified information database, please notify our Privacy Officer using the contact details below providing your full name, date of birth and address. Withdrawing this consent will not affect the relationship between you and your healthcare provider, nor will it hinder your ability to access services at a Centre.
If third parties undertaking research request identified data (ie. personal information) from our medical records, we will only provide such identified data if:
- it is for medical research purposes;
- we are satisfied privacy and confidentiality requirements (including any requirements under the
Privacy Act 1988 (Cth)) have been satisfied; and
- the research has been approved by a Human Research Ethics Committee, or you have otherwise provided your consent to that information being accessed, used or disclosed for research purposes in accordance with a medical study.
4 Other handling
We may also access, use or disclose your personal information:
- with your consent (or that of your parent, guardian, attorney, authorised representative or other responsible person), including where you consent to receiving direct marketing communications (including by SMS or email) about our products and services or those of our partners. You may opt-out of receiving such communications by contacting the Privacy Officer below or following the unsubscribe process described in the relevant communication;
- where required to comply with any Australian law;
- for the purposes of a permitted general situation or permitted health situation under the Privacy Act 1988 (Cth); or
- where we reasonably believe it necessary to lessen or prevent a serious threat to the life, health or safety of an individual or public health or safety.
Do we transfer personal information overseas?
We will use best endeavours to ensure your personal information is only stored and accessible from within Australia. However, we may disclose your personal information, or enable it to be accessed by:
- entities, where required to provide or facilitate the provision of health services to you;
- wholly owned subsidiaries of our parent company, Limestone Bidco Pty Limited or our other related bodies corporate; or
• third parties which are based overseas (including in India, Malaysia and the Philippines):
- who provide support or maintenance services to us for medical equipment, systems and software (including payroll systems and software), where their access to personal information is incidental to the proper performance of a support or maintenance arrangement; and
- for the purpose of providing medical transcription services on our behalf.
We will take reasonable steps to ensure that these recipients do not breach the requirements of the
Privacy Act 1988 (Cth) and other State and Territory privacy legislation that may be applicable. However, when you provide your personal information to us, you consent to the disclosure of that information outside of Australia in the circumstances described above, and acknowledge that we are not required to ensure overseas recipients handle that personal information in compliance with Australian privacy law.
Security and storage of personal information
We, and healthcare providers operating their own business in Centres are subject to a range of obligations relating to the periods for which health information and records must be retained. We must generally retain health information about an individual until at least:
- an individual turns 25 – if we collected the information before the individual was 18; or
- otherwise, 7 years from the last occasion on which that health information was altered, or a health service was provided to that individual by a medical practitioner operating from the Centre.
Following such retention periods, if we no longer require personal information for a purpose permitted by Australian law, we will take reasonable steps to securely destroy or de-identify such personal information.
Accessing and correcting your personal information
You (or your parent, guardian, attorney, authorised representative or responsible person) may request
(i) details of what personal information we hold about you; or (ii) access to, or that corrections be made to, the personal information we hold about you, by contacting the Privacy Officer (details below). If you do so, please specify your identity and the details and format of the information which you are seeking access to, or correction of (including the element of inaccuracy or incompleteness, and information required to correct your information). We will respond to your request within a reasonable time, which will be no longer than 45 days in NSW and Victoria, and 14 days in the ACT.
There are some circumstances where your healthcare providers may not required to give you access to or correct your personal information. Your healthcare provider will normally give you a written notice setting out our reasons for not complying with your request, and informing you of how you can complain about our refusal.
We may charge a reasonable fee for our costs involved in collating and providing you with access to any personal information, in accordance with applicable law. That fee is payable before access is given.
Making a complaint
If you have any concerns or would like to make a complaint about how we handle your personal information, please contact the Privacy Officer (details below). Please include your name, email address and/or telephone number and clearly describe your concerns or complaint.
We will endeavour to respond to your complaint within a reasonable time after it is made. If you are unhappy with our response, we will provide you with information about further steps you can take.
How to contact us
You can contact our Privacy Officer in the following ways:
Attention: Privacy Officer