Health& respects your privacy and is committed to protecting the personal (including health) information that we hold about you.
In the United States of America, we are bound by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). You can find out more information about HIPAA from: www.hhs.gov/ocr/privacy/. In Australia, we are bound by the Privacy Act 1988 (Cth) (Privacy Act) and must comply with the Australian Privacy Principles (APPs). You can find out more information in Australia about the Privacy Act and the APPs at the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
If you visit and navigate our website www.healthand.com (Website) and use the following functions -
- View, print and/or share general health reports (General Reports) and animations;
- Use the Ask Questions feature (Ask Questions);
- Become a member of Health& by creating an Account with us (Account);
- Use and access the MyHealth feature (MyHealth);
- Use and access the Doctor Check-up feature (Doctor Check-up), and;
- Collectively, any of these features (Website Features)
2. What personal information we collect about you and how we collect it
We aim to collect and hold personal information only if it is relevant and necessary to providing the services you have requested from us.
(a) Personal information has the meaning given to that term in HIPAA and the Privacy Act and includes information or an opinion (whether true or not) about an identified individual, or an individual who is reasonably identifiable.
When you access the Health& Website, including by submitting an online enquiry, we will generally not collect any personal information about you, unless you specifically provide it to us.
(b) Health and wellbeing information - If you use and navigate the Health& Website, Health& may collect personal information including health information about you and information about your general wellbeing.
(c) Communication information - In addition to the personal information specified above, we may collect the following information from you:
- Telephone number, and;
- Email address.
This information is used for communications where required or authorised by law, or with your consent.
(d) Cookie information - We may utilise ‘cookies’ (passive tracking mechanism) to enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. A cookie is a small file saved on your computer’s hard drive that does not identify you personally, but does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
Health& does not use spyware software on the Health& Website.
Voluntary disclosure of personal information
The extent of the information that you provide to Health& is up to you. Importantly, all personal information that you provide to us will be encrypted and protected at the highest level – even employees of Health& will not be able to access your personal information.
3. Purpose of collection
We collect and hold your personal information for the primary purpose of providing you with health information. In providing you with health information, we may provide you with specific services through the Health& Website, such as:
- Providing you with Doctor Check-ups;
- Providing you with information through the Ask Questions function of the Health& Website;
- Providing you with General Reports, and;
- Providing you with information about the latest developments that may be relevant to your health.
We may also use or disclose your personal information for purposes that are directly related to the primary purpose of collection, such as to:
- Compile statistical de-identified data for market research and/or humanitarian purposes;
- Deliver other services such as newsletters, or any other information that we may consider to be of interest to you;
- Inform you of developments at Health& and other services that we can provide to you;
- Answer your emails or your enquiries, and;
- Send you information that you request.
We may add your personal information to our database for the purpose of compiling our own internal statistical data. However, this data will only identify you by a system-generated Universal Unique Identifier (UUID) once you become a member of the Health& Website. We will not otherwise use your personal information for another purpose unless you have consented to that use of the information or if it is required by law.
We may share your personal information between the Health& group of related companies for the purposes of providing the services set out above.
4. Disclosure of your personal information
We will not disclose your personal information to any third party, except to the following third parties that may also have access to your personal information for the purposes of assisting us with providing the best possible service to you:
- IT technicians may have access when providing on-site support, although it is our usual practice for them to work under supervision, and;
- File storage server providers and our web-hosting service providers.
Personal information submitted by visitors to the Health& Website is only held on servers located in Australia. We do not transfer data outside of Australia to any of our service providers in order to obtain secure storage, back-up and data retrieval services. Health& has verified the security arrangements of its outsourced data processors.
We are not otherwise likely to disclose information to overseas recipients unless it is with your consent, or the disclosure is required or authorised by law.
We will not otherwise disclose personal information about you unless:
- The disclosure is required by law;
- The disclosure is authorised by law, or;
- You have consented to our disclosing the personal information about you.
Health& has written agreements in place with all entities that have access to personal information that we collect through the Health& Website, holding them to the same (or higher) privacy and security standards as Health&.
5. Personal information quality
We aim to ensure that your personal information is accurate, complete and up to date. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested and properly update the information to us to keep it true, accurate, current and complete.
If you believe that the information is inaccurate or incomplete, please contact us and we will use all reasonable efforts to correct the information. If we do not believe the information to be incorrect, we will take reasonable steps to add a statement to the information claiming that you believe the information is not accurate, complete or up to date.
6. How we safeguard your information
We are committed to maintaining the security and confidentiality of the data you provide to us and we will take all reasonable precautions to protect your personal information from misuse, loss and unapproved access, disclosure, use or alteration.
Personal information that we hold about you is maintained by Health& Pty Ltd. We have the following security measures in place to protect your information:
- We transmit the personal information you give to us through the Health& Website using Secure Socket Layer (SSL) technology;
- All personal information is encrypted to the highest level – even Health& staff are unable to access your personal information;
- All computers have password protection;
- All computers linked to our intranet are password protected and virus protected;
- Our offices are monitored regularly by a security service;
- The Website is protected by a firewall;
- Passwords are encrypted on our server and are not stored in plain text;
- Our offices are securely locked after hours, and;
- Health& will only retain your personal information in an identifiable format as long as your username is saved on our system (i.e., until you deactivate your Account). The Health& Website provides you with the option to easily deactivate your Account at any time.
7. Accessing your personal information
You have a right to access, supplement, or seek correction of personal information (including health information) that we hold about you. We will give you access to your personal information unless there is a lawful reason for refusing your request for access or correction. If we refuse your request, we will give you written notice explaining our reasons for that refusal and how you may complain about that refusal. We aim to respond to your request for access to personal information within 10 working days.
We are not required to provide access where:
- denying access is required or authorised by law, or;
- providing access would be unlawful.
9. Change in control of Health&
If we sell or otherwise transfer part or the whole of Health& or our assets to another organisation (e.g., in the course of a transaction like a sale, merger, acquisition, dissolution, liquidation), you agree that your personal information that is collected through Health&, including through the Website and the Website Features, may be disclosed to a third party or prospective buyer or transferee.
If you have a complaint about our collection, use or disclosure of your personal information, or you wish to make a complaint about a breach of HIPAA or about a breach of the Privacy Act/Australian Privacy Principles, please contact us at the details set out below.
Please set out details of your complaint and your contact details. We aim to respond to your complaint within 10 working days. Within this time frame, we will contact you to acknowledge your request and ask for any other applicable information. We will then investigate the issue and advise you in writing of that outcome.
You can also make a complaint to the US Office for Civil Rights. Further information is available at www.hhs.gov/ocr/office/index.html. You can also make a complaint to the Office of the Australian Information Commissioner. Further information is available at www.oaic.gov.au.
11. Internal and external audit reports
Because Health& maintains or collects personally identifiable information and personal health information, we file an internal audit report no more than one year old and an external audit report no more than two years old that finds the Website meets or exceeds industry security standards and practices – both technological and administrative – to guard against unauthorised access to personally identifiable information and personal health information.
12. Opting out of future collection
Health& allows you to opt out of the future collection of your personally identifiable information and personal health information at any time, or request amendment of previously collected information as allowed by state and federal law.
13. Protection of children
Website users under the age of 18 are considered to be Minors. Parents/guardians would have access to that Minor’s health information. Any collection of health information of Minors would also require parental/guardian consent. Private health information – for all Health& participants including Minors – will be protected and secured in observance of patient privacy state and federal laws. Health& will retain personal information collected online from any Health& patron – including Minors – for as long as is necessary to fulfil the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorised access or use. Operators are prohibited from conditioning a Minor to provide more information than is reasonably necessary to participate in that activity.
14. Contact us
Post Health& Pty Ltd
PO Box 13265
Law Courts 8010 Australia