HealthStencil PTY LTD (HealthStencil, we, us or our), owner and operator of the ‘HealthStencil’ (https://healthstencil.com/) website (Website), is committed to the protection of your personal information.
The Website is intended to collect details of a person’s health status (including any signs and symptoms of any illness or condition) before or at the time the person attends a health service provider for assessment and management of their health. Health service providers can use this information as part of their assessment and management of Website users that are patients or clients. When patient or client information regarding their health status is provided through the Website, this will generate a unique code, and this information can only be accessed by a user’s treating health service provider using that unique code.
The Website is designed so patient or client Website users provide only the details of their health status, and health service provider Website users only provide assessment and management details, without the need for users to provide any identifying personal information.
About this Policy
This Policy deals with the way we will collect, use, disclose, store and protect your personal information. This Policy also describes the way in which you may access or correct the personal information we hold about you, and how to contact us is you have any complaints in relation to your privacy.
We will handle your personal information according to law, and we are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act).
The APPs set out strict requirements for the handling of your personal information.
This Policy must be read with the terms and conditions for your use of the Website (Terms). This Policy forms part of the Terms. The Terms can be found here: Terms and Conditions.
This Policy, the Website and information and functionality provided by the Website is intended for and applicable to Australian audiences only. The Website should not be used by persons located outside of Australia.
What is ‘personal information’?
This Policy applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not. This may include your name, location, or other identifying details.
Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes an individual’s health information, such as identifying details of any illness or condition they have, or the services they have sought or received from health service providers. Sensitive information also includes information about an individual’s racial or ethnic origin, religious beliefs, sexual orientation or practices, or criminal record.
Personal information we may collect
The Website is intended to collect details of the health status of patient/client users, and health service provider users can use this information as part of their assessment and management of the patient/client.
As discussed above, the Website is designed so patient or client users provide only the details of their health status, and health service provider users only provide assessment and management details, without the need for users to provide any identifying personal information.
However, the information users provide through the Website could contain personal information, for example, if users choose to provide their name, location, contact details or other identifying details. This may also include details of a health condition or illness which are unique to the user and could identify the user on that basis.
We will only collect your personal information so you can effectively use the Website, where you choose to provide this information.
The kinds of personal information we may collect depends on the information you provide through the Website. The kinds of information collected may include:
- your name;
- your contact details;
- your health practitioner registration details (e.g. for health service provider users);
- your age, weight, and height (e.g. for patient/client users); and
- the details of your health status, condition or illness (e.g. for patient/client users).
How your personal information is collected
We will only collect your personal information where it is reasonably necessary for our activities in providing the Website for your use.
We will collect your personal information in a lawful and fair way.
We will only collect your personal information and sensitive information (such as identifying health information) where you have consented through your use of the Website, or otherwise in accordance with the law.
We will usually collect your personal information directly from you when you use the Website.
If you are a patient/client user and you generate a unique code for your personal information provided through the Website, and you provide this unique code to your treating health service provider, you consent to us collecting personal information you provide to your treating health service provider for the purposes of your assessment and management (through the health service provider’s use of the Website and the unique code you provide).We may also collect your personal information from other third parties, such as family members or other persons you have authorised to provide your personal information through the Website.
When we collect your personal information, we will take reasonable steps to ensure that you are made aware of the details of the collection, including the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and notify you that this Policy contains details on how you may access or correct your information, or raise any complaints. We will whenever practical, provide you with this information through this Policy or through the Website.
How your personal information is used
The Website will collect details of the health status of patient/client users, and health service provider users can use this information as part of their assessment and management of the patient/client. This information can only be accessed by a patient/client user’s treating health service provider using the unique code generated in respect of that information. We will use your personal information for the main purpose of facilitating patient/client users to provide information, and health service providers to access this information, through the Website.
We may also use your personal information for purposes which are directly related to providing you with the Website, in circumstances where you would reasonably expect us to use your information for these purposes, and only in accordance with the law.
Disclosure of your personal information to others
We will not disclose your personal information to any third parties unless you have consented through your use of the Website, or we are otherwise permitted or required to do so by law.
If you are a patient/client user of the Website and you generate a unique code for your personal information provided through the Website, and you provide this unique code to your treating health service provider, you consent to us disclosing this personal information to your treating health service provider for the purposes of your assessment and management (through the health service provider’s use of the Website and the unique code you provide).
In accordance with the law, we will only disclose your personal information without your consent in accordance with the law, such as in circumstances where we reasonably believe this is necessary to prevent or lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
We will only disclose your personal information to a recipient that is located overseas with your consent and in accordance with the APPs.
The Website and information and functionality provided by the Website is intended for and applicable to Australian audiences only. The Website should not be used by persons located outside of Australia.
However, if you provide personal information to us through your use of the Website and generate a unique code for this personal information from the Website, and you provide this unique code to your treating health service provider who is located overseas, you consent to us disclosing this personal information to this treating health service provider located overseas (through the health service provider’s use of the Website and the unique code you provide) on the basis that APP 8.1, which concerns overseas disclosure of personal information, will not apply to this disclosure.
Protection of your personal information
We will protect your privacy and the security of your personal information by taking steps to ensure that your personal information is protected against misuse, interference and loss, and unauthorised access, modification or disclosure.
These steps include the use of a unique code generated by the Website in respect of any patient/client information regarding their health status which is provided through the Website. Treating health service providers can only access the patient/client information using the unique code generated by the patient/client themselves or by their treating health service provider with the patient’s/client’s consent. This ensures that only you or persons you have authorised can access your information through the Website.
Our registration process also ensures that only health service providers registered with the Website can access patient/client information using the unique codes generated.
We also use a variety of technological security measures to protect the personal information we hold.
We may hold your personal information in a number of ways including in electronic format.
Your personal information will be stored in secure electronic servers located in Singapore and provided by a third party, but the personal information will remain under our control and the third parties will not have access to it.
When your personal information is no longer required, we will take steps to securely destroy the information or to ensure that the information is de-identified.
Quality of the personal information we hold
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date, complete, relevant and not misleading.
How to access and correct your personal information
You may request to access the personal information that we hold about you, using our contact details below.
In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.
If you believe that the personal information we hold about you requires correction (e.g. because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected using our contact details below.
If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.
We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act. The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.
An ‘eligible data breach’ occurs when:
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
- this is likely to result in serious harm to one or more individuals; and
- the organisation has not been able to prevent the likely risk of serious harm with remedial action.
An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act.
The Website and cookies
If you prefer not to receive cookies you can adjust your internet browser settings to delete or disable cookies or warn when cookies are used.
We respect your privacy and we take all complaints and concerns regarding privacy very seriously.
If you have any complaints or concerns regarding the way we handle your personal information please contact us using the details below.
We will investigate your complaint using our internal processes, under which we will assess your complaint and respond to you within a reasonable time.
If you are not satisfied with the outcome of our investigation, you may wish to submit your complaint or concern to the Office of the Australian Information Commissioner. For further information please refer to the Office of the Australian Information Commissioner website (see www.oaic.gov.au).
How to contact us
If you would like to contact us regarding any privacy matters, including where:
- you would like to request access to or correction of your personal information;
- you have a complaint or concern regarding your privacy; or
- you would like further information about this Policy,
Please contact us using the following details:
Updates to this Policy
We may update this Policy from time to time. We will notify you about any changes to this Policy through the Website.