Privacy Policy

Purpose

Sonic Healthcare Limited (ABN 24 004 196 909) is committed to ensuring the privacy and confidentiality of your personal information.

In this document, Sonic Healthcare, Sonic, Us and We refer to Sonic Healthcare Limited.

This Privacy Policy (Policy) intends to clearly describe how Sonic Healthcare handles your personal information, including its collection, use, disclosure and security, and any personal information that we collect through our website(s).

Sonic complies with the Privacy Act 1988 (Cth) (Privacy Act), the associated Australian Privacy Principles (APPs) and state or territory legislation that governs how private sector health service providers should handle your personal information, including, but not limited to, health information.

From time to time, Sonic may amend this Policy, in whole or part, at our sole discretion.

Any changes to this Policy will be effective immediately upon posting the revised Policy on our website(s). We will deem that you have agreed to such changes if you continue to access our services following any changes. If you do not accept the terms of this Policy, as amended from time to time, in whole or part, you must not access our services, including our website(s).

Consent

Sonic is committed to ensuring that any personal information we collect is obtained lawfully, transparently and with your consent, whenever it is practical for us to do so.

By providing personal information to us, you consent to us collecting, using and disclosing your personal information as described in this Policy.

In some circumstances, where it is not reasonable or practical for us to collect this information directly from you, responsible persons (for example, a spouse or partner, close family member, emergency contact or enduring medical power of attorney) may consent on your behalf.

Collection of personal information

Who does Sonic collect personal information about?

We may collect personal information from patients, healthcare professionals, employees, contracted service providers, students, trainees, suppliers and other individuals with whom we engage in the course of our usual business operations.

You are not required to provide personal information to us. However, if the information you provide to us is incomplete or inaccurate, the services we provide to you may be affected.

How do we collect personal information?

We will usually collect your personal information directly from you or by email, telephone, written correspondence or via our website(s). Where it is not reasonable or practical for us to collect this information directly from you, we may need to collect information about you from a third party. We may also collect information from a third party where your health may be at risk, and we need your personal information to provide you with emergency medical treatment.

The third parties from whom we may collect your personal information include:

  • other health service providers, including healthcare professionals, hospitals, clinics and other pathology practices if they have referred you to us or are involved in your care. (Your doctor will generally explain why they are collecting the information and where it is going.)
  • your nominated responsible persons (such as a relative or carer)
  • the My Health Record program operated by the Australian Commonwealth Department of Health, if you have chosen to participate
  • health insurers, law enforcement or other government instrumentalities.

What types of information do we collect and hold?

The type of personal information we collect about you depends on who you are, our relationship with you and the nature of our interaction with you.

The personal information we collect about you will include only the information that is necessary or required:

  • to provide you with services (including, in the case of patients, coordinating and communicating with your healthcare providers)
  • for us to engage with you in the usual course of our business
  • for administrative and internal business purposes related to the services we provide to you.

The personal information we collect may include:

  • your name, age, gender, date of birth, contact details
  • information relating to your lifestyle and medical history relevant to providing healthcare services (such as your medications, diagnostic tests and treatments, family medical history, occupational history, genetic or biometric information and copies of correspondence to and from your healthcare providers)
  • relevant government and insurance identifiers (such as your Medicare number or private health insurance details), when necessary for billing or other administrative purposes
  • personal information collected in the form of clinical images and samples
  • records of our past engagement with you
  • any information relating to your employment (if you are a Sonic team member), including employment histories, applications, pre-employment checks, qualifications, training records and information required by laws, regulations or standards
  • payment details
  • other information, occasionally including religion and ethnicity, that may be relevant in our dealings with you.

Anonymity and pseudonymity

You may deal with us anonymously or by using a pseudonym:

  • unless it is impracticable for us to do so, or unless we are required or authorised by law to only deal with identified individuals
  • on the understanding that doing so may mean that we may not be able to provide certain services to you, either at our usual standard, or at all.

How does Sonic use your information?

We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected (or a related secondary purpose). The exceptions to this are if you have consented to another purpose, or if we are permitted/required to do so by law, which may include:

  • to coordinate and/or communicate with healthcare providers involved in your care
  • to procure additional healthcare services on your behalf (such as referrals to other providers or obtaining second opinions)
  • to conduct activities related to quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
  • to liaise with your health fund, insurer, Medicare, Department of Veterans’ Affairs, Department of Health or another payer or contractor of services
  • to fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law
  • to send you standard reminders (for example, for appointments for follow-up care, account management), by text message, mail or email, to the number or address that you have provided to us
  • to handle a complaint or respond to anticipated or existing legal actions
  • to obtain feedback about our services or provide advice or information to you about products, services, treatment options and clinical trials that are relevant to you
  • for billing and payments
  • to engage you (as a contractor) to provide products or services to us
  • to consider your application for employment with us.

In addition, we may de-identify and/or aggregate the personal information that we collect to carry out clinical research, quality assurance or analytics relating to customer service, health outcomes and other business activities.

Sonic may use electronic processes when using your personal information as specified above. We may link, combine or share personal information about you in various databases created by any of Sonic’s businesses.

We will not seek your consent to use your personal information for the above purposes.

Use of personal information for direct marketing

We may use your personal information for marketing that is directly related to our services, in compliance with applicable laws, such as the Privacy Act 1988 (Cth) and Spam Act 2003 (Cth). We may engage third parties, under contract, to provide marketing services on our behalf.

You may advise us that you do not wish to receive direct marketing from us at any time by contacting us or by using the opt-out facilities provided in our client registration processes, informed consent procedures and the marketing communications you receive.

Disclosure of personal information to third parties

When providing services to you or otherwise engaging with you, we may disclose your personal information to trusted third parties, including:

  • healthcare service providers or other relevant parties involved in your care or requesting services on your behalf (including to obtain second opinions or make referrals, on your behalf, for specialist medical services)
  • registries, statutory bodies and other third parties where requested to do so by you or as required by law (such as national cancer registries)
  • approved and trusted contractors engaged in providing professional services (such as debt collection, information and communication technology providers, specialist clinical services).

Where we outsource any of our services or hire contractors to perform professional services, we will require them, under contract, to comply with the Privacy Act, or other relevant privacy legislation and, where applicable, our Privacy Policy.

We may use electronic processes to disclose your personal information as specified above, where available or relevant. Where we use document automation technologies to disclose your personal information (such as to generate appointment bookings, referrals, results or e-scripts), we will only disclose your information to the extent reasonably necessary and only for the purposes specified above.

We will not seek your additional consent to disclose your personal information for the purposes described above.

My Health Record

If you choose to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access the personal information it contains. We may also disclose your personal information by uploading your health information electronically to the My Health Record system if requested to do so.

If you do not want us to access personal information stored in your My Health Record or upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.

Cross-border disclosure

We may enter into arrangements with other related entities or third parties outside of Australia to store, access or use data we collect, including personal information, in order to provide services to us (such as data processing, analysis, interpretation or the performance of specialised tests). In such cases, we will take reasonable steps to ensure that the third parties do not breach the APPs, including by requiring that the third party has information security measures and information handling practices in place that are of an acceptable standard and approved by us.

The countries in which the recipients are likely to be located include, but are not limited to, those countries where the Sonic group operates (New Zealand, USA, UK, Germany, Switzerland and Belgium).

Website

When you use our website(s), we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us.

Our website(s) may use cookies that allow us to gather anonymised statistics relating to the management of our website(s). These analytics may include, but are not limited to, your internet service provider (ISP), domain name, browser type and the pages you visit.

Our website(s) and our email communications may contain links to third-party websites. We do not control third-party websites or any of their content and if you visit these websites, they will be governed by their own terms of use (including privacy policies). You should satisfy yourself of the personal information handling policies of third-party website operators.

Protecting your personal information

We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure.

Accuracy

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes.

Security

We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures to protect your privacy. We regularly review our information security processes to ensure they continue to offer an appropriate level of protection for your information.

Retention

When we no longer need your personal information for the purposes described in the Policy, and we are not required to retain it under relevant accreditation standards or law, we will destroy or permanently de-identify it.

Notification

If we become aware that unauthorised access or disclosure of your information has occurred and there is a likely risk of serious harm associated with that

Access to, and correction of, your personal information

Access

You have the right to request access to the personal information about you which we hold.

We will provide you with access to your information, unless there is a reason under the Privacy Act or other relevant law to refuse or limit such access, such as if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or giving access would have an unreasonable impact on the privacy of other individuals.

You may request access to the personal information we hold about you by contacting our Privacy Officer (see below).

To protect your privacy, we will need you to verify your identity before providing access to your information. We may recover reasonable costs associated with supplying this information to you.

In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner so that complex clinical information can be explained to you within the context of your individual circumstances.

Correcting your personal information

You have the right to request an amendment to the information we hold, should you believe it to be inaccurate.

If we are satisfied that any part of the information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant, having regard for the purpose for which it is held, we will take reasonable steps to amend that information.

If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information.

Should you wish to request changes to your personal information held by us, you can ask for our Privacy Officer (see below), who can give you more detailed information about our correction procedure.

Contacting Sonic about privacy issues and complaints

If you have comments or concerns relating to this Policy, or wish to make a complaint about our handling of your personal information, please contact our Privacy Officer. We may need to verify your identity and ask for further details to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time and generally within 21 days.

Sonic Healthcare Privacy Officer contact details

Address
The Privacy Officer,
Sonic Healthcare Level 22, Grosvenor Place,
225 George St, Sydney NSW 2000

Email
privacyofficer@sonichealthcare.com.au

Telephone
(02) 9855 5333

If we cannot satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination.

If your concern or complaint relates to health information, you may also contact the relevant state or territory privacy commissioner.

Office of the Australian Information Commissioner (OAIC)

Address
GPO Box 5218
Sydney NSW 2001

Email
enquiries@oaic.gov.au

Telephone
1300 363 992

Web
www.oaic.gov.au

REVIEW DATE: March 2022