Privacy Policy
This privacy policy outlines how your personal data and medical information may be utilized and shared and how you can access your information. Please read it carefully.
Introduction
MedExpress Medical Centres Pty Ltd ("MedExpress," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services or visit our website. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.
Definitions
The following definitions apply to this policy:
Personal Data
Non-public information that identifies a specific individual (“you”). An identifiable person is one who can be recognized by an identifier (such as name) or other specific factors. Personal Data does not include publicly available, de-identified, or aggregated data.
Sensitive Data
Personal Data regarding an individual's race, ethnicity, political, religious, philosophical, or trade union affiliations; medical or health conditions or protected health information (“PHI”) as defined by applicable privacy laws; genetic or biometric data; financial account information; government-issued ID numbers; sexuality; or social security measures or legal proceedings and sanctions handled outside pending proceedings. Sensitive Data also includes information designated as sensitive by a third party.
Agent
A third party that collects or uses Personal Data to perform tasks on our behalf or as our underwriters.
We/Us/Our
MedExpress Medical Centres Pty Ltd and its affiliated companies.
Information We Collect
At MedExpress Medical Centres Pty Ltd, we collect personal data to provide our medical assistance and coordination services effectively. We gather personal data from various sources, including directly from you, your authorized representatives, healthcare providers, insurers, and other relevant entities. This data collection enables us to deliver comprehensive and efficient healthcare services. The types of personal data we collect include, but are not limited to:
Identifiers and Personal Information
We collect identifiers and contact information to establish and maintain communication with you. This includes:
a) Your full name, date of birth, and gender
b) Residential and mailing addresses
c) Email addresses and phone numbers
d) Unique personal identifiers such as Medicare number or patient ID
Medical & Health Information
As a medical assistance provider, we collect detailed medical and health information to facilitate accurate diagnosis, treatment, and ongoing care. This includes:
a) Medical history and records of previous treatments
b) Current health conditions and diagnoses
c) Medication details and prescription history
d) Allergies and known medical conditions
e) Records of consultations, tests, and medical procedures
f) Health insurance information and policy numbers
Billing & Payment Information
To process transactions and manage billing, we collect financial information including:
a) Bank account details
b) Payment card information (e.g., credit or debit card numbers)
c) Billing addresses
d) Transaction records and payment history
Information About Your Interactions with Our Services
We collect data related to your interactions with our services to improve our offerings and ensure high-quality care. This includes:
a) Records of your inquiries, appointments, and service requests
b) Details of communications and correspondence between you and our staff
c) Feedback and satisfaction survey responses
d) Website usage data, including pages visited and forms submitted
Geolocation Data
For location-based services, we may collect geolocation data to:
a) Provide you with local healthcare provider information and emergency services
b) Customize services based on your location
c) Assist in coordinating transportation and logistics for medical services
Biometric Information
In certain cases, we may collect biometric information to enhance security and verify identities. This may include:
a) Fingerprint scans or other biometric identifiers required for accessing certain services or facilities
Government-Issued Identification Numbers
We may collect government-issued identification numbers for verification and compliance purposes, including:
a) Passport numbers
b) Driver’s license numbers
c) Social security numbers
Information from Third Parties
We may also collect personal data from third parties, such as:
a) Consumer reporting agencies and fraud databases for verifying identity and preventing fraud
b) Authorized representatives who provide information on your behalf
c) Healthcare providers and insurers involved in your care
Cookies & Tracking Technologies
When you visit our website, we use cookies and similar tracking technologies to enhance your user experience and gather information about your browsing activities. This may include:
a) IP addresses and browser type
b) Website navigation patterns
c) Interaction with online content and advertisements
Sensitive Information
Information such as race, ethnicity, political opinions, health conditions, genetic or biometric data, financial account numbers, government-issued ID numbers, sexuality, or information related to legal proceedings.
Use of Personal Data
At MedExpress Medical Centres Pty Ltd, we are committed to using your personal data responsibly and transparently to provide exceptional healthcare services. The information we collect is used for the following purposes:
Provision of Medical Services
We use your personal data to deliver high-quality medical assistance and healthcare services. This includes:
a) Diagnosing and treating medical conditions
b) Coordinating care with healthcare providers, specialists, and hospitals
c) Managing and maintaining accurate medical records
d) Facilitating consultations, tests, and medical procedures
e) Ensuring continuity of care and comprehensive treatment planning
Communication & Customer Support
To ensure effective communication and support, we use your contact information to:
a) Schedule and confirm appointments
b) Send reminders and follow-up messages
c) Respond to inquiries and requests for information
d) Provide updates on your health status and treatment plans
e) Address any concerns or complaints promptly
Billing & Payment Processing
We use financial and billing information to manage transactions and ensure timely payment for services rendered. This includes:
a) Processing insurance claims and reimbursements
b) Generating invoices and statements
c) Collecting payments and managing accounts
d) Verifying insurance coverage and eligibility
Improving Our Services
We continually strive to enhance our services and patient experience. We use collected data to:
a) Analyse and monitor service quality and performance
b) Conduct patient satisfaction surveys and gather feedback
c) Implement quality assurance programs and clinical audits
d) Develop and refine treatment protocols and healthcare practices
e) Train and educate our staff to maintain high standards of care
Legal & Regulatory Compliance
We are obligated to comply with various legal and regulatory requirements. We use personal data to:
a) Adhere to healthcare regulations and standards
b) Fulfill reporting obligations to health authorities
c) Respond to lawful requests and court orders
d) Maintain accurate records for auditing and inspection purposes
e) Ensure compliance with privacy and data protection laws
Marketing & Educational Outreach
With your consent, we may use your personal data for marketing and educational purposes. This includes:
a) Sending information about new services, health programs, and promotions
b) Providing health-related educational materials and resources
c) Conducting targeted marketing campaigns based on your health needs and preferences
d) Offering personalized health tips and wellness advice
Research & Development
We are dedicated to advancing medical knowledge and improving healthcare outcomes. We may use de-identified data for:
a) Clinical research and studies
b) Public health and epidemiological research
c) Developing new treatments and medical technologies
d) Enhancing healthcare delivery and patient care models
Security & Fraud Prevention
To protect your personal data and ensure the security of our services, we use information to:
a) Monitor and safeguard our IT systems and infrastructure
b) Detect and prevent fraudulent activities
c) Verify identities and authenticate users
d) Implement security measures and protocols
e) Conduct risk assessments and audits
Customizing Your Experience
We aim to provide a personalized healthcare experience by using your data to:
a) Customize website content and services to your preferences
b) Offer location-based services and information
c) Tailor our communication and interactions based on your health needs
d) Enhance user experience on our digital platforms
Consent-Based Uses
Where applicable, we may use your personal data for purposes that you have explicitly consented to. This includes:
a) Sharing information with third-party service providers as authorized by you
b) Participating in voluntary health programs and initiatives
c) Using data for any other purpose described at the time of consent.
Disclosure of your Information
At MedExpress Medical Centres Pty Ltd, we prioritize your privacy and handle your personal data with the utmost care and confidentiality. However, there are circumstances where we may need to disclose your information to third parties. Below are the key situations in which your data may be shared:
Healthcare Providers
a) We may disclose your personal data to healthcare providers involved in your care, including:
b) Doctors, specialists, and consultants for diagnosis and treatment
c) Hospitals, clinics, and medical facilities for coordinated care
d) Laboratories and diagnostic services for test results and medical imaging
e) Allied health professionals, such as physiotherapists, psychologists, and dietitians
Insurance Companies & Billing Services
To facilitate payment for medical services and manage insurance claims, we may share your information with:
a) Health insurance providers for verification of coverage and claims processing
b) Billing and payment processing services to manage invoices and reimbursements
c) Financial institutions for transaction processing and account management
Legal & Regulatory Authorities
We are required to comply with legal and regulatory obligations, which may involve disclosing your information to:
a) Government health departments and regulatory bodies for reporting and compliance
b) Law enforcement agencies when required by law or in response to legal proceedings
c) Courts and tribunals in relation to legal matters, disputes, or claims
Service Providers & Contractors
We may engage third-party service providers and contractors to perform certain functions on our behalf. These entities may have access to your information to:
a) Provide IT and technical support services, including data storage and security
b) Assist with administrative functions, such as mail and courier services
c) Conduct surveys and research for quality improvement and patient satisfaction
Research & Public Health
In the interest of advancing medical knowledge and public health, we may disclose de-identified information for:
a) Clinical and public health research conducted by reputable institutions
b) Epidemiological studies and health statistics reporting
c) Development of new treatments, therapies, and medical technologies
Business Transactions
In the event of a business transaction, such as a merger, acquisition, or sale of assets, we may disclose your personal data to:
a) Prospective buyers or investors for due diligence purposes
b) Legal and financial advisors involved in the transaction
c) Relevant authorities and regulatory bodies for compliance
Marketing & Communication
With your consent, we may share your information with third parties for marketing and communication purposes, such as:
a) Sending information about our services, health programs, and promotions
b) Conducting targeted marketing campaigns and health-related outreach
c) Providing educational materials and resources tailored to your needs
Emergency Situations
In emergency situations where your health and safety are at risk, we may disclose your information to:
a) Emergency medical services and first responders for immediate care
b) Family members or designated contacts to inform them of your condition
c) Public health authorities to manage and control public health risks
Consent-Based Disclosures
Where you have provided explicit consent, we may disclose your information to:
a) Third-party service providers and partners as authorized by you
b) Participate in voluntary health programs and initiatives
c) Any other purpose specified at the time of consent
Security & Fraud Prevention
To protect against security threats and fraud, we may share your information with:
a) Security service providers to monitor and safeguard our systems
b) Fraud prevention agencies to detect and prevent fraudulent activities
c) Relevant authorities for risk assessments and audits
Data Security
At MedExpress Medical Centres Pty Ltd, we are committed to protecting the confidentiality and integrity of your personal data. We have implemented comprehensive security measures to ensure that your information is safeguarded against unauthorized access, use, disclosure, alteration, and destruction. Below are the key aspects of our data security practices:
Technical Safeguards
We utilize advanced technical security measures to protect your personal data, including:
a) Encryption: All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols to prevent unauthorized access.
b) Firewalls and Intrusion Detection Systems: We employ firewalls and intrusion detection systems to monitor and protect our network from potential threats and vulnerabilities.
c) Access Controls: Access to personal data is restricted to authorized personnel only, using multi-factor authentication and role-based access controls to ensure that only those with a legitimate need can access your information.
d) Regular Security Audits: We conduct regular security audits and assessments to identify and address potential security risks and vulnerabilities.
Administrative Safeguards
Our administrative security measures include policies and procedures designed to protect your data:
a) Employee Training: All employees receive regular training on data privacy and security practices to ensure they understand their responsibilities in safeguarding your information.
b) Data Protection Policies: We have implemented comprehensive data protection policies that outline the standards and procedures for handling personal data securely.
c) Incident Response Plan: We have a robust incident response plan in place to quickly and effectively respond to any security breaches or data incidents, minimizing potential harm to your data.
Physical Safeguards
We have established physical security measures to protect our facilities and the data stored within them:
a) Secure Facilities: Our facilities are equipped with security systems, including surveillance cameras and controlled access points, to prevent unauthorized entry.
b) Data Centre Security: Data centres housing our servers and storage systems have stringent physical security measures, including biometric access controls and 24/7 monitoring.
c) Document Disposal: We ensure that all physical documents containing personal data are securely disposed of through shredding or other approved methods.
Third-Party Security
When we engage third-party service providers or partners, we ensure they adhere to our high standards of data security:
a) Vendor Assessments: We conduct thorough assessments of all third-party vendors to ensure they have appropriate security measures in place to protect your data.
b) Contractual Obligations: We include strict data protection clauses in our contracts with third parties, requiring them to comply with our security policies and procedures.
c) Ongoing Monitoring: We regularly monitor and audit third-party vendors to ensure their continued compliance with our data security standards.
Continuous Improvement
We are committed to continuously improving our data security practices to stay ahead of emerging threats and challenges:
a) Regular Updates: We regularly update our security technologies and protocols to incorporate the latest advancements in data protection.
b) Security Awareness: We foster a culture of security awareness within our organization, encouraging employees to stay informed about the latest security trends and best practices.
c) Feedback Mechanism: We welcome feedback from our patients and partners to help us identify areas for improvement and enhance our security measures.
Data Retention
At MedExpress Medical Centres Pty Ltd, we are committed to retaining your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Below are the key aspects of our data retention practices:
Retention Periods
We determine appropriate retention periods based on the following criteria:
a) Purpose of Collection: We retain personal data for the duration necessary to achieve the purposes outlined in our privacy policy, such as providing medical services, processing claims, and maintaining patient records.
b) Legal and Regulatory Requirements: We comply with all applicable legal and regulatory requirements, which may dictate specific retention periods for certain types of personal data.
c) Contractual Obligations: We adhere to any contractual obligations that may require the retention of personal data for specific periods.
d) Dispute Resolution and Enforcement: We retain personal data as needed to resolve disputes, enforce our agreements, and protect our legal rights.
Data Minimization
We practice data minimization by:
a) Regular Review: Periodically reviewing the personal data, we hold to ensure it is still necessary for the purposes for which it was collected.
b) Deletion of Unnecessary Data: Promptly deleting or anonymizing personal data that is no longer required for legitimate business or legal purposes.
c) Anonymization: Where feasible, we may anonymize personal data to remove any identifiable elements, allowing us to retain the data for analytical or statistical purposes without compromising your privacy.
Secure Disposal
When personal data is no longer needed, we ensure its secure disposal by:
a) Digital Data: Deleting or permanently anonymizing electronic records using industry-standard methods to prevent recovery.
b) Physical Data: Shredding or otherwise securely destroying physical documents containing personal data to ensure they cannot be reconstructed or read.
Access & Control
We provide you with control over your personal data by:
a) Access Requests: Allowing you to request access to the personal data we hold about you and providing you with the ability to correct or update your information as needed.
b) Data Portability: Providing you with the option to request the transfer of your personal data to another service provider, where technically feasible.
c) Deletion Requests: Enabling you to request the deletion of your personal data, subject to our legal and contractual obligations.
Compliance with Legal Obligations
We adhere to all relevant data retention laws and regulations by:
a) Regular Audits: Conducting regular audits of our data retention practices to ensure compliance with applicable laws and internal policies.
b) Legal Hold Procedures: Implementing legal hold procedures to preserve personal data in response to litigation, investigations, or other legal processes.
c) Documentation: Maintaining comprehensive documentation of our data retention policies and practices to demonstrate compliance with legal and regulatory requirements.
Your Rights
At MedExpress Medical Centres Pty Ltd, we are committed to protecting your privacy and ensuring that you have control over your personal data. Under applicable privacy laws, you have certain rights regarding the personal data we hold about you. These rights include:
Right to Access
You have the right to request access to the personal data we hold about you. This includes:
a) Obtaining confirmation of whether we process your personal data.
b) Accessing a copy of your personal data.
c) Receiving information about the purposes of the processing, the categories of personal data concerned, and the recipients of your personal data.
Right to Rectification
You have the right to request the correction of inaccurate or incomplete personal data. If you believe that any personal data, we hold about you is incorrect or incomplete, please contact us to make the necessary corrections.
Right to Erasure
You have the right to request the deletion of your personal data, subject to certain conditions. This right is also known as the "right to be forgotten." You may request erasure of your personal data if:
a) The data is no longer necessary for the purposes for which it was collected.
b) You withdraw your consent, and no other legal basis for processing exists.
c) You object to the processing, and there are no overriding legitimate grounds.
d) The data was unlawfully processed.
e) The data must be erased to comply with a legal obligation.
Right to Restrict Processing
You have the right to request the restriction of processing of your personal data in certain circumstances. This means we will limit the processing of your personal data, but still retain it. You may request restriction if:
a) You contest the accuracy of the personal data, for a period enabling us to verify its accuracy.
b) The processing is unlawful, and you oppose the erasure of the data and request restriction instead.
c) We no longer need the personal data for processing, but you require it for the establishment, exercise, or defence of legal claims.
d) You have objected to processing, pending the verification of whether our legitimate grounds override yours.
Right to Data Portability
You have the right to request the transfer of your personal data to another data controller. Where technically feasible, we will provide your personal data in a structured, commonly used, and machine-readable format. This right applies to personal data processed by automated means based on your consent or a contractual agreement.
Right to Object
You have the right to object to the processing of your personal data in certain situations. This includes:
a) Objecting to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority.
b) Objecting to processing for direct marketing purposes.
Right to Withdraw Consent
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
If you believe that we have not complied with your privacy rights, you have the right to lodge a complaint with a supervisory authority. In Australia, this is the Office of the Australian Information Commissioner (OAIC).
How to Exercise Your Rights
To exercise any of your rights, please contact us at ops@medexpress.com.au or call the relevant regional contact number listed above. We may need to verify your identity before processing your request to ensure that your personal data is protected from unauthorized access.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and indicating the date of the latest revision.
Contact Us
If you have any questions or comments about this Policy or the way that we collect or handle your Personal Data, or if you would like a paper copy of this policy, please contact us here.
Our efficient, reliable processes and procedures are thanks to the vast experience and knowledge our team have in the industry, and to our tight network of reliable medical experts.