Policy Statement
Western Health (ABN 61 166 735 672) is a Victorian Public Health Service established under the Health Services Act 1988 (Vic) that manages a range of health services including acute hospitals, day hospitals and community health centres. We are also a registered provider of residential aged care services under the Aged Care Act 1997 (Cth).
Western Health recognises the importance of your privacy and understands that the security of your personal information is important to you. This Information Privacy Policy (Policy) explains how Western Health manages the information that we collect, store, use and disclose and how to contact us if you have any further queries about our handling of your information.
By providing your information to us, you consent (to the extent that we require your consent under privacy laws to do these things) to Western Health collecting, holding, using and disclosing your information in accordance with this Policy.
Policy Details
Background
Western Health is required to ensure that its handling of information of patients, employees, healthcare professionals, contractors, volunteers, students and visitors is in accordance with the relevant legislation, including the:
- Privacy and Data Protection Act 2014 (Vic) (PDP Act);
- Privacy Act 1988 (Cth) (Privacy Act);
- Health Records Act 2001 (Vic) (Health Records Act);
- Health Services Act 1988 (Vic) (Health Services Act);
- Aged Care Act 1997 (Cth) (Aged Care Act);
- Mental Health and Wellbeing Act 2022 (Vic) (Mental Health Act);
- Freedom of Information Act 1982 (Vic) (FOI Act),
- Family Violence Protection Act 2008 (Vic) (FVP Act);
- Child Wellbeing and Safety Act 2005 (Vic) (CWS Act);
- ublic Records Act 1973 (Vic) (PRA Act).
Together, the Relevant Legislation.
Commonly used Terms relevant to Information Privacy
Personal Information:
Personal information is defined in the PDP Act as information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Health Records Act applies.
Sensitive Information:
Sensitive information includes information about an individual's race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership or a professional or trade association, sexual preferences and criminal history.
Health Information:
Where Western Health collects your health information, the collection or handling of that information is subject to the Health Records Act and Health Services Act, including if you are an employee of Western Health.
In this Policy, references to information may include personal, sensitive and health information unless indicated otherwise.
Why does Western Health collect your information?
In the course of our business, Western Health may collect information about you to perform our functions and activities as a health service and residential aged care service provider.
What type of information do we collect?
The types of information and documents containing your information we collect will vary depending on the nature of our interaction with you and may include:
Identifying and contact information (such as name, date of birth, address, email address and telephone phone number);
Next of kin or preferred contact person;
Your medical history, information about your health condition, treatment, images of diagnostic scans, test results, immunisation history statements and COVID-19 vaccination certificates, both past and present;
Parenting orders, powers of attorney, medical treatment decision maker nominations and advanced care directives;
Records of communication including complaints, requests and queries;
Photographs;
Credit card and payment details;
Criminal histories and clearances, including through police record checks and working with children checks;
ethnic background;
Lifestyle history and family history;
Qualifications, education, professional registrations and employment history;
Commonwealth and Victorian government identifiers (such as Medicare numbers, individual healthcare identifiers, pension or Veterans' Affairs numbers and drivers licence numbers);
Private health insurer membership details;
Responses provided by you to surveys issued by us or by third party service providers on our behalf;
Referrals to us from other health services or health service providers; and
Closed-circuit television (CCTV) footage in public areas.
Who do we collect information from?
Western Health may collect information about you from a range of sources including:
Patients, next-of-kin, carers, family members and guardians in the course of, or in anticipation of, providing health services to patients;
Healthcare professionals;
Job applicants, past and present board members, employees and contractors of Western Health;
Volunteers and students assisting Western Health in the provision of health services;
Victorian Government agencies, authorities and departments;
Commonwealth Government agencies, authorities and departments, such as Services Australia that maintains the national register where your vaccinations are recorded;
Victoria Police;
Visitors to our premises; and
Third parties providing services to Western Health.
How does Western Health collect information?
Western Health will only collect information about you by lawful and fair means and not in an unreasonably intrusive manner.
Depending on the nature of your interaction with Western Health, we may collect your information in a number of ways including directly from you, through our website, admission forms, correspondence (written and verbal), from CCTV cameras in operation, at our acute hospitals, day hospitals, community health centres and residential aged care services. We may also collect your information from a range of sources such as those listed in the section above.
If you are a patient, Western Health typically collects your information directly from you. If you do not have the capacity to provide information to us, we may collect your information from another party including your emergency contact or next-of-kin/guardian/carer and first responders (including police and paramedics). We may also collect your personal information from third parties such as your general practitioner (GP), external specialist clinicians, other treating health service providers, your aged care or other care facility, or from health service providers who partner with us to provide health services.
If you are a healthcare professional, Western Health typically collects your information directly from you or from your patient.
If you are a contractor of Western Health, we typically collect your information directly from you or from third parties such as a nursing agency or recruitment agency.
If you are a student, we typically collect your information directly from you or from your educational institution.
If you are a volunteer or a visitor, we typically collect your information directly from you.
If you are a third-party service provider, we typically collect your information directly from you or the organisation who employs or engages you.
If you are an employee, we typically collect your information from you and government agencies that hold information required to be collected by us for your commencement or ongoing employment such as mandatory vaccinations, police checks and working with children checks.
If you are have applied for a position with Western Health, we typically collect your information directly from you or from a third party recruitment agency engaged by us for the recruitment process. We do not contact your nominated referees or collect any confidential external information without your prior consent.
For what purposes does Western Health collect, hold, use and disclose your information?
Western Health collects, holds, uses and discloses information for a range of purposes including the following:
To provide you, or your patient, with health services including hospital, diagnostic imaging, outpatient and residential aged care services;
To fulfil our clinical obligations;
To invoice and process any fees payable in relation to services rendered;
To manage our relationship with you and to contact you for follow up purposes, including to send you reminders and information about upcoming appointments/admissions;
To verify and update personal information held by us;
To perform business functions as an employer;
To recruit personnel;
To assess or manage risk of family violence;
To engage third party service providers;
To review, develop and improve our services including by asking patients to participate in a patient survey and quality improvement activities;
To undertake quality assurance, audits (clinical and non-clinical), accreditation, service planning, risk assessment and management and claims investigation and management;
To train and educate our staff and students;
To assist with administration, planning, financial or management purposes;
To recruit participants for clinical trials and research;
To comply with legal or regulatory obligations; and
For other purposes required or authorised by or under law, including purposes for which you have provided your consent.
To provide updates to past patients about events, campaigns and fundraising activities.
Our range of services and our functions and activities may change from time to time.
If you provide your email address, telephone and/or mobile phone number, Western Health will use your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of these purposes.
To whom may Western Health disclose your information?
Western Health may disclose your information to other persons or organisations including to:
Healthcare providers including:
Healthcare providers who provide healthcare services to and at Western Health sites;
Your referring/treating healthcare providers; and
Healthcare providers we may refer you to for further healthcare services (including allied professionals, diagnostic imaging service providers and pathology service providers);
Victoria Police to lessen a serious threat to you or others if we reasonably consider that disclosure is necessary or warranted;
Other agencies to meet our obligations under the Family Violence Sharing Scheme and Child Information Sharing Scheme;
The organisation that is funding the provision of our services to you such as government organisations (including Medicare Australia, TAC, WorkCover and Department of Veterans' Affairs) and private health insurers;
Other persons or organisations engaged by Western Health to assist us in carrying out the above purposes such as telehealth platform providers, data storage providers, IT support providers, auditors, insurers, recruitment agencies and professional advisors;
Regulatory authorities and Commonwealth and Victorian government agencies such as Medicare Australia, Department of Veterans' Affairs, the Inspector-General of Aged Care, WorkCover and TAC;
Courts, tribunals, safety and quality bodies and law enforcement agencies (such as providing CCTV recordings to Victoria Police);
Third parties for the purposes of reviewing the quality of services delivered and service improvement (de-identified);
Governmental departments or agencies to disclose certain information where we are required to do so by law about patients who have specific conditions, or to maintain a health or disease register where we are required to do so by law; and
Your family and/or emergency contact or next-of-kin/guardian/carer (unless you have requested that we do not do so).
The Western Health Foundation for the purposes of providing updates to past patients about events, campaigns and fundraising activities.
To the operator of an ambulance service such as Ambulance Victoria, including to determine if a fee is payable to the ambulance service operator by a person transported to Western Health in an emergency.
What happens if you don't provide Western Health with your information?
If you do not provide information requested of you to Western Health, we may be unable to provide you with the services you request of us or otherwise employ you, work with or transact with you.
How does Western Health hold your information and manage the data quality and security of your information?
Western Health stores information in hardcopy format on our premises and electronically on our servers, as well as through third parties who provide services to us, both in hardcopy format (for example off-site archives) and electronically (for example through cloud-based information storage systems). Some clinical services may involve the direct collection, storage and use of information by a third-party service provider, for example to monitor the functionality of implantable devices such as pacemakers.
To the extent required by the Relevant Legislation, Western Health will take reasonable steps to:
make sure that your information that we collect, hold, use and disclose is accurate, complete and up to date; and
protect your information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.
Information held by Western Health which is no longer required is destroyed or de-identified in a secure manner, subject to the requirements of the Relevant Legislation.
Does Western Health transfer information outside of Victoria?
Western Health may disclose your information outside of Victoria and/or overseas. For example, Western Health may use service providers who are located outside of Victoria and/or overseas and may disclose your information to such service providers to the extent necessary for those service providers to deliver services to Western Health and/or to you. Suppliers are contractually required by Western Health to manage your information to a standard that reflects our obligations to you under the Relevant Legislation. Some suppliers have publicly available privacy policies that assist us to confirm how information disclosed by us to the supplier is handled.
Website, News and Communications
The Terms of Use of our website outlines what information is collected by us about visits to our website and in online forms, and the purposes for which we collect that information,
If you have subscribed to receive news and communications about Western Health, you may contact us at any time to unsubscribe from those communications. Please visit the Contact Us page of the website and contact us via the online form.
Fundraising
Unless you have told us not to, Western Health may share limited information about you with the Western Health Foundation for the purpose of contacting you about our fundraising network, including asking for a donation. If we have shared your contact details with Western Health Foundation, you may request not receive contact about fundraising at any time by contacting [email protected]. The Western Health Foundation Privacy Policy can be found at whfoundation.org.au/privacy-policy/
How can you access or correct your information held by Western Health?
You have the right to request access to your information held by Western Health.
The most common requests for access to information received by Western Health (as a Victorian Public Health Service) are requests for copies of medical records. The FOI Act prescribes the process for requesting copies of medical records.
To information on how to make an FOI request to Western Health please visit our website: https://www.westernhealth.org.au/PatientsandVisitors/Medical_Records/Pages/Accessing-information-about-me.aspx
If our record of your information is incorrect in any way, you can request for it to be corrected.
Information Collection Notice
Our Information Collection Notice, published on our website and available across our sites where we collect information from you, summarises the aspects of this Policy focused on the purpose for which Western Health collects your information and how we will use and handle that information.
If you would like a hardcopy of this Policy or our Information Collection Notice posted or emailed to you, please Contact Us using the online form on our website.
How Western Health handles complaints
If you have any concerns or complaints about the manner in which your information has been collected or handled by Western Health, please advise us of your concern or complaint through the Contact Us page of the website, send it our feedback team at [email protected] or mail to Patient Representatives, Sunshine Hospital, 176 Furlong Road, St Albans 3021. Your concern or complaint will be considered or investigated and we will respond to your complaint as soon as practicable.
If you remain dissatisfied with our response and your concern or complaint relates to your health information, you may contact the Health Complaints Commissioner (HCC). The HCC responds to complaints about health services and the handling of health information in Victoria. Their service is free, confidential and impartial.
To lodge a complaint with the HCC:
- Fill out a complaint form online at http://hcc.vic.gov.au; or
- Phone 1300 582 113 between 9am and 5pm, Monday to Friday to discuss your complaint.
If you wish to make a complaint about how we have handled your personal or sensitive information in the context of mental health and wellbeing services provided at Western Health, you may contact the Mental Health Complaints Commissioner (MHCC).
To lodge a complaint with the MHCC:
If you wish to raise your concern or complaint about how we have handled your personal or sensitive information with an external body, you may contact the Office of the Victorian Information Commissioner (OVIC). OVIC responds to complaints about the handling of information by Victorian public sector organisations. Their service is free, confidential and impartial.
For information about how to lodge a complaint with OVIC please visit the OVIC website: Privacy Complaints - Office of the Victorian Information Commissioner (ovic.vic.gov.au).
Further information
Further information about the application of the PDP Act and the FOI Act can be found at the website of the Office of the Victorian Information Commissioner at www.ovic.vic.gov.au.
Further information about the application of the Health Records Act and Health Services Act can be found at the website of the Health Complaints Commissioner (Victoria) at www.hcc.vic.gov.au.
Further information about the application of the Mental Health Act can be found at the website of the Mental Health and Wellbeing Commission (Victoria) at www.mhwc.vic.gov.au.
Changes to our Information Privacy Policy
This Policy is effective from July 2024. As this Policy is updated from time to time, to obtain a copy of the latest version at any time, please visit our website at https://www.westernhealth.org.au/.