Privacy Policy

Privacy Policy

This Privacy Policy applies from August 2022. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

This Privacy Policy sets out how Health Communication Network Pty Limited (ACN 068 458 515) trading as MedicalDirector and its subsidiaries (us, our and we) collects, uses, stores, holds and discloses personal information and/or sensitive information.

You can use this Privacy Policy by reading the general purpose information below and by going directly to our more detailed Software User and Patient Data sections if those sections are relevant to your particular circumstances.

Who do we collect personal and sensitive information from?

We collect personal information and/or sensitive information from a range of individuals. In this policy, we talk to:

• healthcare practitioners or healthcare practices (or employees of those healthcare practitioners or of those healthcare practices) using our software products or services in the course of providing healthcare products or services to patients – you may wish to refer to our Software User section, if you want to know more about how we collect, use and disclose personal information and/or sensitive information of our software users;
• patients who visit a healthcare practitioner/practice that uses our MedicalDirector Helix, MedicalDirector Care or MedicalDirector Smart software products (together, Cloud Products) to record, store, access or communicate your information in the course of providing healthcare services to you. MedicalDirector collects this information through its management and hosting of the Cloud Products, although your healthcare practitioner or healthcare practice is responsible for collection of your personal and sensitive information directly from you – if you think you might be a patient as described in this section, we encourage you to visit our Patient Data section and to discuss with your healthcare practitioner or healthcare practice directly to confirm;
• other individuals where we collect your personal information in the course of our other general business activities. By doing business with us, visiting our website, entering any of our contests, expressing an opinion to us, participating in one of our online forums or communities or otherwise providing us with your personal information and sensitive information (General Products or Services), or by providing goods or services to us, you consent to our collection, use and disclosure of your personal information and sensitive information for these purposes in accordance with this Privacy Policy and any other arrangements that apply between us. Please refer to the general purpose information below.

Generally, how do we protect your personal information and sensitive information?

Your privacy is important to us, and we are committed to dealing with your personal information and sensitive information responsibly, and in accordance with the Privacy Act, the Australian Privacy Principles, and any other applicable privacy and health data protection laws.

We only collect personal information and sensitive information for purposes which are directly related to our services, functions or activities, and only when it is necessary for, or directly related to these purposes.

We will take reasonable steps to ensure that the personal information and sensitive information we hold about you is kept secure, accurate and up to date and is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we, and our third party service providers, use a number of physical, administrative, personnel and technical measures to protect your personal information and sensitive information.

Personal information and sensitive information is kept in data centres located in Australia.

Generally, what personal information and sensitive information do we collect and hold?

We generally collect your personal information and/or sensitive information from a variety of sources, including but not limited to forms, website interactions, interaction with, or registration of an account for, our products and services, surveys, emails, telephone and in person. Where you request our General Products or Services or interact with our website we may collect personal information and/or sensitive information, including but not limited to:

• personal details such as your name, date of birth and gender;
• contact details such as your address, e-mail address, telephone number(s) and fax number; and
• any other personal information that may be required in order to facilitate your dealings with us.

Our Software User and Patient Data sections contain more specific information on personal information and sensitive information that we collect and hold as it relates to users of our clinical software and Patient Data (this is defined in our Patient Data section below).

To whom do we disclose your personal information and sensitive information?

Generally, we may disclose your personal information and/or sensitive information to:

• our employees, on a need to know basis;
• our professional advisers and agents, on a need to know basis;
• specific third parties authorised by you (generally, this will be with your individual consent) to receive information held by us; and
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

We may additionally disclose your personal information to our service providers, such as our cloud service providers or providers of marketing and promotional services (where we are permitted by applicable laws to undertake marketing and promotional activities).

We may also disclose your personal information and/or sensitive information to recipients as described in our Software User and Patient Data sections below.

Why do we collect, hold, use and disclose such personal information and sensitive information?

Generally, we collect, hold, use and disclose your personal information and/or sensitive information for the primary purpose for which it was collected and for other purposes which are related to the primary purpose of collection. These purposes include, but are not limited to, the following:

• to enable you to access and use certain of our products and services (or for you to provide products and services to us);
• to contact and communicate with you;
• to operate, improve and optimise our website, our products and services and users' experience, such as performing analytics and conducting research;
• to comply with our legal obligations, including any court orders or requests from law enforcement agencies, and to enforce our agreements with third parties;
• as expressly permitted or authorised by law; and
• any other purpose, with your consent.

Our Software User and Patient Data sections contain more specific information on how we use and disclose personal information and sensitive information as it relates to users of our clinical software and Patient Data.

Overseas recipients

We do not disclose your personal information or sensitive information to overseas recipients. If we need to disclose such information to an entity located outside of Australia, we will obtain your written consent to the disclosure.

Do we use your personal information or sensitive information for direct marketing?

If you are a direct user of our software solutions or if you interact with us in the course of our general business activities we may provide you with information about, and offers for, carefully selected products and services. MedicalDirector does not use Patient Data in identified form for direct marketing purposes.

This may take the form of emails, mail or other forms of communication, in accordance with the Spam Act, the Privacy Act and applicable health data protection laws. However, MedicalDirector will never use your sensitive information for direct marketing purposes without your consent.

You may opt-out of receiving marketing materials from us by contacting us using the contact details set out at Contact Us below or by using the opt-out facilities provided in our marketing materials.

Our other clinical software products

We do not collect or store identified Patient Data through our MedicalDirector Clinical, MedicalDirector Pracsoft, MedicalDirector SideBar and MedicalDirector BlueChip software products. It is possible that from time to time in providing technical and support services to our subscribers and users of these products that our personnel may have temporary access to Patient Data, but this will be temporary only and Patient Data will not be collected or held by us.

Accessing or correcting your personal information and sensitive information 

You can access the personal information and sensitive information we hold about you by contacting us using the information at Contact Us below.

We will use our best endeavours to respond to your request within 30 days of receiving it. Sometimes, we may not be able to provide you with access to all of your personal information or sensitive information and, where this is the case, we will tell you why. We may also need to verify your identity when you request such information.

If you think that any personal information or sensitive information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

If you are an individual seeking to access and correct your Patient Data, you should in the first instance contact your healthcare practitioner or healthcare practice. Your healthcare practitioner or healthcare practice will usually be the data custodian of your Patient Data. MedicalDirector supports your healthcare practitioner or healthcare practice (for example, in the hosting and storage of patient data through the Cloud Products) but will usually not be the custodian of your Patient Data.

Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information or sensitive information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and will use our best endeavours to respond to your complaint within 30 days of receiving it.   

If you think that we have failed to resolve the complaint satisfactorily or you still have a concern, you can contact the Office of the Australian Information Commissioner in any of the following ways:

online: www.oaic.gov.au/privacy

phone: 1300 363 992

email: enquiries@oaic.gov.au

fax: +61 2 9284 9666

mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information or sensitive information, or make a complaint, please contact us using the details set out below:

email: privacy@medicaldirector.com

mail: General Counsel, L8, 400 George St, Sydney NSW 2000

This section applies to the personal and/or sensitive information of a healthcare practitioner or healthcare practice (or employee of that healthcare practice) using our software products or services in the course of providing healthcare products or services to individuals.

By requesting or using any of our software products or services in accordance with the applicable end user terms and conditions (i.e. as a Software User), you consent to our collection, use and disclosure of your personal information and sensitive information in accordance with this Software User section of our Privacy Policy and any other arrangements that apply between us.

You are not required to provide us with any personal information or sensitive information, but if you do not provide us with this information, we may not be able to provide you with some or all of our products or services (including support services).

While we take appropriate measures to safeguard against unauthorised uses and disclosures of personal information and sensitive information, we cannot guarantee the security of such information. To assist in preventing unauthorised use or disclosure of your personal information and sensitive information you must maintain the confidentiality of any login information and passwords applicable to your use of our software products and services.

Please note that we have described how we collect, use and disclose Patient Data in our separate Patient Data section below.

What personal information and sensitive information do we collect and hold from Software Users?

Where you request and use our software products or services as a healthcare practitioner, healthcare practice (or employee of a healthcare practice) we may collect your personal information and/or sensitive information, including but not limited to:

• personal details such as your name, date of birth and gender;
• contact details such as your address, e-mail address, telephone number(s) and fax number;
• usage details such as information about your interest in, use of, and interaction with, our software products and services;
• education and vocational details such as where you studied, what year you graduated, where you work and your job title;
• details of your enquiries, complaints and support calls;
• information about the nature, volume and financial details of the health services that you provide; and
• any other personal information that may be required in order to facilitate your dealings with us.

We will only collect this information where it has been provided to us by or on behalf of you in accordance with the arrangements that govern your use of our software products and services, including in the normal course of your use of the software products or services.

How do we collect Software Users' personal information and sensitive information?

We collect your personal information and/or sensitive information from our software products and from a variety of other sources, including but not limited to forms, website interactions, interaction with, or registration of an account for, our support services, surveys, emails, telephone and in person.

Support services may take the form of remote access to your, or your healthcare practice's, network. We may collect or access your personal information and/or sensitive information in the course of providing support services to you (including through MedicalDirector Helix, MedicalDirector Clinical, MedicalDirector Pracsoft, MedicalDirector Sidebar, MedicalDirector Insights, Helix Telehealth, MedicalDirector Care, MedicalDirector Smart, MedicalDirector Shield, MedicalDirector Bluechip as well as other programs from our partners offered to you from time to time).

Why do we collect, hold, use and disclose Software Users' personal information and sensitive information?

When you use our software products and services, we may collect, hold, use and disclose your personal information and/or sensitive information for the primary purpose for which it was collected and for other purposes which are related to the primary purpose of collection. These purposes include, but are not limited to, the following:

• to enable you to access and use our software products and services;
• to enable you and your healthcare practice to administer and have the benefit of our software products and services;
• to contact and communicate with you;
• to provide you with customised information about your use of our software products and services, unless you have opted-out of these service offerings;
• to send you marketing and promotional messages that may be of interest to you;
• to operate, improve and optimise our website, our software products and services and your user experience, such as performing analytics and conducting research on the use and operation of our software products;
• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and other information requested by you;
• to administer surveys, contests or other promotional activities sponsored by or managed by us;
• to comply with our legal obligations, including any court orders or requests from law enforcement agencies, and to enforce our agreements with third parties; and
• any other purpose, with your consent.

De-identified analytics 

We may from time to time undertake data analytics on data related to the use of our software products and services. We will not use Patient Data in identified form without the appropriate individual consents and authorisations (as required by applicable laws).

Before we perform such data analytics, we will carefully remove certain information or alter the information that we collect about you so you can no longer be identified from that information (i.e. so that the information is no longer associated with your personal and/or sensitive information).

We may use de-identified data derived from your personal information and/or sensitive information for internal purposes, such as:

• improving the functionality of our software products;
• in connection with our digital publishing and medical reference services;
• for research and further data analytics, on a de-identified basis; and
• to contribute to our own medical information resources and health communication services.

We may also use such de-identified information for other analytical purposes, such as to:

• develop and market analytical insights, including in relation to trends in medical conditions or treatment patterns, or developing new software products or services; and
• from time to time, to offer you the opportunity to opt-in to, or opt-out of, certain data insight service offerings, which will be provided in accordance with any applicable end user terms and conditions. One such service offering is our de-identified and aggregated data based research program (sometimes referred to as OneNil), through which we may provide certain insights generated from such de-identified (and aggregated) information to our trusted partners, such as companies who are involved in the provision of health services or pharmaceutical treatments. MedicalDirector may receive a commercial benefit for the provision of these insights.

Data matching or linking of Software Users' personal information and/or sensitive information

Your personal information and/or sensitive information may be linked to other information we hold about you. We may also combine your personal information and/or sensitive information we receive from you with information collected or obtained from third parties or public sources, for the purpose of better understanding your preferences and interests so we can enhance the software products and services we market to you as a health practitioner or a health practice (including an employee of a health practice) using our software products and services. We will only ever do these things with your separate, express consent.

We may undertake software user data matching or linking at an aggregate level based on aggregate de-identified data (such that the information is no longer associated with your personal or sensitive information). For example, this may include “socio-economic status” based on geographical location.

This section applies to the personal and/or sensitive information of individuals (e.g. patients) who visit a healthcare practitioner/practice that use our Cloud Products (being the MedicalDirector Helix, MedicalDirector Care and MedicalDirector Smart software products) to record, store, access or communicate your information in the course of that healthcare practitioner or practice providing healthcare services to you.

In relation to our MedicalDirector Clinical software, we do not ourselves collect or store Patient Data in identified form. However, we may provide healthcare practitioner or healthcare practice software users of MedicalDirector Clinical the opportunity to participate in de-identified analytics as described further below.

What Patient Data do we collect and hold through MedicalDirector Helix?

MedicalDirector indirectly collects the following information through our management and hosting of the Cloud Products, when you visit your health practitioner or health practice and your health practitioner or an employee of a healthcare practice uses the Cloud Products to provide healthcare services to you:

• personal details such as your name, date of birth and gender;
• contact details such as your address, e-mail address, telephone number(s) and fax number;
• other health and sensitive information, where it has been provided to your healthcare practitioner or healthcare practice for the recording, storing, accessing or communication of your health and sensitive information, such as your Medicare details, information about your health, treatment plans and medication history or about health services which have been provided to you,

(in this Privacy Policy we refer to this collectively as Patient Data).

Your healthcare practitioner or healthcare practice is responsible for collection of personal and sensitive information directly from you.

We may also from time to time collect such information about you from a publicly available source or from third parties, but only where such collection complies with the Privacy Act and other applicable laws.

Why do we collect, hold, use and disclose Patient Data in the Cloud Products?

We may collect, hold, use and disclose your Patient Data (through MedicalDirector Helix) for the primary purpose for which it was collected and for other purposes which are related to the primary purpose of collection. These purposes include, but are not limited to, the following:

• to enable your healthcare provider or healthcare practice to access and use the Cloud Products and deliver healthcare services to you;
• to operate, improve and optimise our website, the Cloud Products and user experiences, such as carefully de-identifying Patient Data (so that it is no longer in identified form) and then performing analytics and conducting research utilising the de-identified data;
• to comply with our legal obligations, including any court orders or requests from law enforcement agencies, and to enforce our agreements with third parties; and
• any other purpose, with your consent.

MedicalDirector will return, retain or destroy any Patient Data in identified form that we have collected through the Cloud Products in accordance with our end user terms and conditions that we agree with your healthcare provider or healthcare practice.

MedicalDirector will never sell your transactional, identifiable Patient Data to third parties.

Your healthcare practitioner or healthcare practice will usually be the data custodian of your Patient Data. MedicalDirector's role is to support your healthcare practitioner or healthcare practice to meet their responsibilities. This is achieved, in part, by our delivery of industry best practice information security and information management when dealing with your healthcare practitioner or healthcare practice.

De-identified analytics (through MedicalDirector Helix and/or MedicalDirector Clinical)

MedicalDirector may provide certain users of our healthcare practitioner or healthcare practice clinical software the opportunity to participate in health, education and research through the sharing of selected de-identified data with MedicalDirector. Through this sharing of selected de-identified data, MedicalDirector will drive innovation in product development, near real-time insights into population health and research into clinical pathways and health demands research. Future innovations and enhancements to our health, education, research and insights that will be enabled through data sharing may occur via analytics, visualisations, machine learning or other such developments.

One such project is our de-identified and aggregated data based research program (sometimes referred to as OneNil). If your healthcare practitioner participates in this program we may provide certain insights generated from de-identified (and aggregated) information to our trusted partners, such as companies who are involved in the provision of health services or pharmaceutical treatments. MedicalDirector may receive a commercial benefit for the provision of these insights.

We do not use Patient Data in identified form for these purposes. Before we perform any data analytics, we will carefully remove certain information or alter the information that we collect about you (and aggregate such information) so you can no longer be identified from that information (i.e. so that the information is no longer Patient Data as it is not associated with your personal information or sensitive information).

Data matching or linking (through MedicalDirector Helix)

With your consent that will be obtained directly by MedicalDirector or otherwise via your healthcare professional/practice, your Patient Data may be linked to other information we hold about you. We may also combine your Patient Data we receive from MedicalDirector Helix with information collected or obtained from third parties or public sources, for the purpose of better understanding your preferences and interests so we can enhance the products and services we market to you or your healthcare provider or healthcare practice. We will only ever do these things with your separate, express consent.

We may from time to time undertake certain data matching or linking at an aggregate level based on aggregate de-identified data. For example, this may include “socio-economic status” based on geographical location. This will not be undertaken using Patient Data in identified form.