Sonic Healthcare Limited (ABN 24 004 196 909) is committed to ensuring the privacy and confidentiality of your personal information.
In this document, Sonic Healthcare Limited is variously referred to as Sonic Healthcare, Sonic, Us and We.
Sonic complies with the Privacy Act 1988 (Cth) (Privacy Act), the associated Australian Privacy Principles (APPs) and state or territory legislation that governs how private sector health service providers should handle your personal information, including, but not limited to, health information.
Sonic may, from time to time, amend this Policy, in whole or part, at our sole discretion.
Any changes to this Policy will be effective immediately upon the posting of the revised Policy on our website(s). By continuing to access our services following any changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as amended from time to time, in whole or part, you must not access our services, including our website(s).
By providing personal information to us, you consent to us collecting, using and disclosing your personal information as described in this Policy.
In some circumstances, where it is not reasonable or practical for us to collect this information directly from you, responsible persons (for example, a spouse or partner, close family member, emergency contact or enduring medical power of attorney) can give consent for collection on your behalf.
Collection of personal information
Who does Sonic collect personal information about?
We may collect personal information from patients, healthcare professionals, employees, contracted service providers, students, trainees, suppliers and other individuals with whom we engage in the course of our usual business operations.
You are not required to provide personal information to us. However, if you do not provide us with all the information we request, the services we provide to you may be affected. If you provide incomplete or inaccurate information to us, or withhold personal information from us, we may not be able to provide you with the services you are seeking, or otherwise engage with you.
How do we collect personal information?
We will usually collect your personal information directly from you by email, telephone, in writing or in person, or through our website(s). Where it is not reasonable or practical for us to collect this information directly from you, we may need to collect information about you from a third party. In the case of patients, we may also collect information from a third party where your health may be at risk and we need your personal information to provide you with emergency medical treatment.
The third parties from whom we may collect your personal information include:
Other health service providers, including healthcare professionals, hospitals, clinics and other pathology practices if they have referred you to us or are involved in your care. (Your doctor will generally explain why he or she is collecting the information and where it is going to.)
Your responsible persons (such as a relative or carer)
Our own internal records to link your information
The My Health Record program operated by the Commonwealth Department of Health, if you have chosen to participate
Health insurers, law enforcement or other government instrumentalities.
What types of information do we collect and hold?
The type of personal information we collect about you depends on who you are, our relationship with you and the nature of our interaction with you.
The personal information we collect about you will include only the information that is:
Reasonably necessary for us to engage with you in the usual course of our business
Necessary to provide you with services (including, in the case of patients, coordinating and communicating with your healthcare providers)
Required for administrative and internal business purposes related to the services we provide to you.
The personal information we collect may include:
Your name, age, gender, date of birth, contact details
Health information relating to your lifestyle and medical history relevant to providing healthcare services (such as your medications, diagnostic tests and treatments, family medical history, occupational history, genetic or biometric information and copies of correspondence to and from your healthcare providers)
Relevant government identifiers (such as your Medicare number), when necessary for billing or other administrative purposes
Other personal information collected in the form of clinical images and samples
Records of our past engagement with you
In relation to employees, any information relating to your employment including, employment histories, applications, pre-employment checks, qualifications, training records and information required by laws, regulations or standards
Other information, occasionally including religion and ethnicity, which may be relevant in our dealings with you.
Anonymity and pseudonymity
In certain circumstances, you may have the option of dealing with us anonymously or by using a pseudonym, however, this may limit the services that we can provide to you or the manner in which we engage with you. In some circumstances, it may be impracticable for us to deal with you in such an unidentified manner.
How does Sonic use your information?
We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected (or a related secondary purpose). The exceptions to this are if you have consented to another purpose, or if we are permitted/required to do so by law, which may include:
To coordinate and/or communicate with healthcare providers involved in your care
To procure additional healthcare services on your behalf (such as referrals to other providers or obtaining second opinions)
To conduct activities related to quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
To liaise with your health fund, Medicare, the Department of Veterans’ Affairs, Department of Health or another payer or contractor of services
To fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law
To send you standard reminders (for example, for appointments for follow-up care, account management), by text message, mail or email to the number or address which you have provided to us
To handle a complaint or respond to anticipated or existing legal actions
To obtain feedback about our services or provide advice or information to you about products, services, treatment options and clinical trials that are relevant to you
For billing and payments
To engage you (as a contractor) to provide products or services to us
To consider your application for employment with us.
In addition, we may anonymise (de-identify) or aggregate the personal information that we collect for the purpose of carrying out clinical research, quality assurance or customer service, health outcome and other business analytics.
Sonic may use electronic processes when we use your personal information as specified above. We may link, combine or share personal information about you that is held in various databases created by any, or all, of Sonic’s businesses.
We will not seek your consent to use your personal information for the purposes listed above.
Use of personal information for direct marketing
We may use your personal information for marketing which is directly related to our services, in compliance with applicable laws, such as the Privacy Act 1988 (Cth) and Spam Act 2003 (Cth). We may engage third parties, under contract, to provide marketing services on our behalf.
You may advise us that you do not wish to receive direct marketing from us at any time by contacting us or by using the opt-out facilities provided in our client registration processes, informed consent procedures and the marketing communications you receive.
Disclosure of personal information
During the course of providing services to you, or otherwise engaging with you, we may disclose your personal information to trusted third parties including:
Healthcare service providers or other relevant parties involved in your care or requesting services on your behalf (including for the purpose of obtaining second opinions or making referrals, on your behalf, for specialist medical services)
Statutory registries or bodies where requested to do so by you or as required by law (such as national cancer registries)
Other third parties or organisations, if required by, and in order to comply with, our legal obligations
Approved and trusted contractors, under agreement, as engaged by us to provide professional services (such as debt collection, information and communication technology providers, specialist clinical services).
Sensitive information is only ever disclosed for the purposes for which you gave it to us or for directly related purposes you would reasonably expect, or if you agree, for example, to handle a complaint.
We may use electronic processes to disclose your personal information as specified above, where available or relevant.
We will not seek your additional consent to disclose your personal information for the purposes listed above.
My Health Records
If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if the access permissions you have set allow this. When requested to do so, we may disclose your personal information by uploading your health information electronically to the My Health Record system.
If you do not want us to access personal information stored in your My Health Record, or to upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.
We may enter into arrangements with other related entities or third parties outside of Australia to store, access or use data we collect, including personal information, in order to provide services to us (such as data processing, analysis, interpretation or the performance of specialised tests). In such cases, we will take reasonable steps to ensure that the third parties do not breach the APPs, including by requiring that the third party has information security measures and information handling practices in place that are of an acceptable standard and approved by us.
The countries in which the recipients are likely to be located include, but are not limited to, those countries where the Sonic group operates (New Zealand, USA, UK, Ireland, Germany, Switzerland and Belgium).
When you use our website(s), we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us.
Protecting your personal information
We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes.
We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures, in order to protect your privacy.
We will destroy or permanently de-identify any of your personal information that is no longer needed for the purpose for which it was collected, provided we are not required, under relevant accreditation standards or an Australian law, to retain the information.
Access to, and correction of, your personal information
You have the right to request access to the personal information about you which is held by us.
We will provide you with access to your information, unless there is a reason under the Privacy Act or other relevant law to refuse or limit such access, such as if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or giving access would have an unreasonable impact on the privacy of other individuals.
You may request access to the personal information we hold about you by contacting our Privacy Officer.
To protect your privacy, we will need you to verify your identity prior to providing access to your information. We may recover reasonable costs associated with supplying this information to you.
In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner, so that complex clinical information can be explained to you within the context of your individual circumstances.,
Correcting your personal information
You have the right to request an amendment to the information we hold, should you believe it to be inaccurate.
If we are satisfied that any part of the information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant, having regard for the purpose for which it is held, we will take reasonable steps to amend that information.
If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information.
Contacting Sonic about privacy issues and complaints
If you have comments or concerns relating to this Policy, or wish to make a complaint about our handling of your personal information, please contact our Privacy Officer. We may need to verify your identity and ask for further information, in order to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time, and generally within 21 days.
Sonic Healthcare Privacy Officer contact details
The Privacy Officer,
Level 22, Grosvenor Place, 225 George St,
Sydney NSW 2000
(02) 9855 5333
If we are unable to satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination.
If your concern or complaint relates to health information, you may also contact the relevant state or territory privacy commissioner.
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
1300 363 992
Details correct as of 27 June 2019