Skip to content

Privacy Policy

Home » Privacy Policy

Privacy Policy

This Privacy Policy applies from October 2024. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website regularly to ensure that you are aware of our current Privacy Policy.

This Privacy Policy sets out how Health Communication Network Pty Limited (ACN 068 458 515) trading as MedicalDirector and its related entities (us, our and we) collects, uses, stores, holds and shares personal information (including sensitive information) relating to the MedicalDirector software and services from individuals who:

  • are healthcare practitioners or practices, or employees or contractors engaged by them that use our MedicalDirector software or services in the course of providing healthcare services to patients. See Section 1: Software user information);
  • are patients who visit a healthcare practitioner or practice that uses our software and services in the course of providing healthcare services. See Section 2: Patient information;
  • we otherwise interact with in the course of our other general business activities. See Section 3: Other information.

Your privacy is important to us, and we are committed to dealing with your personal information and sensitive information responsibly, and in accordance with the Privacy Act, the Australian Privacy Principles, and any other applicable privacy and health data protection laws.

Section 1: Software Users

This section applies to the personal information of a healthcare practitioner or personnel of a healthcare practice using our software products or services in the course of providing healthcare products or services to individuals.

By using any of our software or services, you consent to us collecting, using and disclosing your personal information in accordance with this section of our Privacy Policy.

You are not required to provide us with any personal information, but if you do not, we may not be able to provide you with some or all of our software or services (including functionality and support services).

What information do we collect?

Where you request and use our software or services as a healthcare practitioner, healthcare practice (or employee or contractor of a healthcare practice) we may collect your personal information, including:

  • your name, date of birth and gender;
  • contact details such as your address, email address, telephone number, and fax number;
  • usage details such as information about your interest in, use of, and interaction with, our software and services such as practice ID, computer operating system version, SQL server version, .Net version, monitor screen resolution, user access level, and patient count where you have not opted out of the service improvement program;
  • education and vocational details such as where you studied, what year you graduated, where you work and your job title
  • government registrations and details that enables you to interact with government services, such as healthcare provider systems, online identity verification and authentication systems, including healthcare identifier, registration and provider numbers and associated systems;
  • details of your enquiries, complaints and support calls;
  • information about the nature, volume, financial details and outcomes of the health services that you provide;
  • any other personal information that may be required in order to facilitate your dealings with us.

We will only collect this information where it has been provided to us by or on behalf of you or in the normal course of your use of the software or services.

How do we collect it?

We collect your information from our software and from other sources, such as registration of an account, our support services, surveys, emails, telephone and in person.

Support services may take the form of remote access to your, or your healthcare practice's, network. We may collect or access your personal information in the course of providing support or technical services to you or your practice.

How do we use and share it?

We collect, hold, use and share your information for the purpose of carrying on our health software business and providing software to support and enable your provision of healthcare services, and related purposes. We may use and share your personal information:

  • to enable you to access and use our software products and services and obtain the benefit of the functionality, including providing data migration services, implementation services and technical and support services;
  • to enable you and your healthcare practice to administer and have the benefit of our software products and services;
  • to provide reports within software and perform analytics relating to delivery of your healthcare services, such as providing practice reports, quality improvement metrics and other reporting requirements;
  • to provide you with customised information about your use of our software products and services, unless you have opted-out of these service offerings;
  • to send you marketing and promotional messages that may be of interest to you;
  • to deal with inquiries and complaints made by you;
  • to confirm your subscription is current and you otherwise comply with the terms of your agreement with us;
  • to operate, improve and optimise our website, our software products and services and your user experience, such as performing analytics and conducting research on the use and operation of our software products, ensuring our software operates as intended and improving functionality of our software and services;
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and other information requested by you;
  • to administer surveys, contests or other promotional activities sponsored by or managed by us;
  • to comply with our legal obligations, including any court orders or requests from law enforcement agencies, and to enforce our agreements with third parties; and
  • any other purpose, with your consent.

We may also share your information to:

  • our service providers – certain third parties who provide services to us, such as technical and support services. Where we do so, we will make sure that they have first agreed to protect the privacy of your information. In some cases, we may share your information with our employees, contractors and trusted service providers located in Australia, Canada, countries within the European Union, United Kingdom, India, Israel, New Zealand and the United States of America.
  • relevant government service providers where functionality authorises or requires sharing of information, such Service Australia, Medicare Australia and My Health Record;
  • third parties that receive information as part of the software functionality, including patients and their representatives, other healthcare providers, hospitals, pharmacies, and other parties such as payment system operators and continued professional development providers.
  • specific third parties as authorised by you to receive information, including third party partners that you enter into a separate agreement with.
  • our related entities for the purposes of operating and managing our business, including providing MedicalDirector software and services, and otherwise for the purposes above;
  • buyers or prospective buyers for the purposes of facilitating a transfer or sale of our assets or business;

Section 2: Patient Information

This section applies to the personal information of individuals (e.g. patients) who visit a healthcare practitioner or practice that uses MedicalDirector software and services to record, store, access or communicate your information in the course of that healthcare practitioner or practice providing healthcare services to you.

What information do we collect?

Depending on the particular software and functionality that your healthcare practitioner or practice uses, we may collect the following personal information when your healthcare practitioner or practice uses our software to provide healthcare services to you (referred to as patient information):

  • personal details such as your name, date of birth and gender;
  • contact details such as your address, email address, telephone number, and fax number;
  • other health and sensitive information, where it has been provided to your healthcare practitioner or healthcare practice for the recording, storing, accessing or communication of your health and sensitive information, such as your Medicare details, information about your health, treatment plans and medication history or about health services which have been provided to you.

How do we collect it?

We collect your information through our software functionality when your healthcare practitioner or practice uses our software to record, store, access or communicate your information in the course of providing healthcare services to you.

Your healthcare practitioner or practice is responsible for collecting personal information directly from you, or your representative, or from third parties to facilitate healthcare, such government service providers, and other healthcare providers. We rely on your healthcare practitioner or healthcare practice to obtain your consent to share your information with us.

How do we use and share it?

We collect, hold, use and share your information for the purpose of carrying on our health software business, and to support and enable your healthcare provider or practice to access and use MedicalDirector software and services to deliver healthcare services, including by providing clinical decision support, communicating with other health service providers, communicating with you, monitoring and managing patient health and outcomes and medical practice business management and administration, including identifying patients for follow up. There may be one or more persons at a health practice involved in accessing to your patient information depending on their role and the software functionality.

To do this, we may use and share your information to:

  • our service providers – certain third parties who provide services to us, such as technical and support services. Where we do so, we will make sure that they have first agreed to protect the privacy of your information. In some cases, we may share your information with our employees, contractors and trusted service providers located in Australia, Canada, countries within the European Union, United Kingdom, India, Israel, New Zealand and the United States of America.
  • relevant government service providers where functionality authorises or requires sharing of information, such Service Australia, Medicare Australia and My Health Record;
  • third parties that receive information as part of the software functionality, including patients and their representatives, and other healthcare providers, hospitals, pharmacies and payment system operators.
  • provide data migration and implementation services or technical and support services to your healthcare provider, healthcare practice or their service providers upon request;
  • perform analytics to provide your healthcare provider or health practice with data to support their delivery of healthcare services, such as providing practice reports;
  • our related entities for the purposes of managing and operating our business and providing your healthcare practitioner or health practice with our software and services, and otherwise for the purposes above;
  • buyers or prospective buyers for the purposes of facilitating a transfer or sale of our assets or business;
  • to comply with our legal obligations, including any court orders or requests from law enforcement agencies, and to enforce our agreements with third parties; and
  • any other purpose, with your consent.

We may also engage in analytical uses of your data only after carefully de-identifying your information so that it is no longer identifiable.

We will return, retain or destroy any patient information in identified form that we have collected through our cloud software in accordance with our agreement with your healthcare practitioner or practice.

We will never sell your identifiable patient information to third parties.

We do not use your patient information for direct marketing purposes.

How do we store and secure your information?

Your healthcare practitioner or healthcare practice will usually be the data custodian of your patient information. Where your healthcare practitioner or healthcare practice uses our on-premises software or otherwise retrieves a copy of cloud-based data, they are responsible for the storage and security of your patient information.

Where your healthcare practitioner or healthcare practice uses our cloud-based software, or we otherwise hold your data as part of providing functionality in our software, we will store and secure your information as set out in this policy.

Section 3: Other Information

This section applies if you are someone that we otherwise interact with in the course of other general business activities such as a user of our website, a job applicant, or independent contractor.

What information do we collect?

The type of information we collect depends on the nature of our dealing with you. We generally collect your personal information from a variety of sources, including but not limited to forms, website interactions, interaction with, or registration of an account for, our products and services, surveys, emails, telephone and in person. Where you request our general products or services or interact with our website we may collect your information, including but not limited to:

  • personal details such as your name, date of birth and gender;
  • contact details such as your address, email address, telephone number, and fax number;
  • if you are a user of our website, any information you submit to us. We may collect data about your visit to our website through the cookies and other usage devices on an anonymised basis only; and
  • any other personal information that may be required in order to facilitate your dealings with us.

How do we collect it?

Most personal information we collect will be received from you directly. However, depending on the circumstances, it may also be collected from third parties such as recruitment agencies or our business partners and affiliates.

How do we use and share it?

Generally, we collect, hold, use and share your personal information for the purpose for which it was collected and for other purposes which are related to the purpose of collection. These purposes include:

  • to enable you to access and use our software and services (or for you to provide products and services to us);
  • to contact and communicate with you;
  • to operate, improve and optimise our website, our products and services and users' experience, such as performing analytics and conducting research;
  • to comply with our legal obligations, including any court orders or requests from law enforcement agencies, and to enforce our agreements with third parties;
  • as expressly permitted or authorised by law; and
  • any other purpose, with your consent.

Generally, we may share your information to:

  • our employees, on a need-to-know basis;
  • our professional advisers and agents, on a need-to-know basis;
  • our service providers – certain third parties who provide services to us, such as technical and support services. Where we do so, we will make sure that they have first agreed to protect the privacy of your information. In some cases, we may share your information with our employees, contractors and trusted service providers located in Australia, Canada, countries within the European Union, United Kingdom, India, Israel, New Zealand and the United States of America.
  • specific third parties authorised by you (generally, this will be with your individual consent) to receive information held by us;
  • our related entities for the purposes of managing and operating our business; and
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Direct marketing

We may provide you with information about, and offers for, carefully selected software and services. This may take the form of emails, mail or other forms of communication, in accordance with the Spam Act, the Privacy Act and applicable health data protection laws. However, we will never use your sensitive information for direct marketing purposes without your consent.

You may opt-out of receiving marketing materials from us by contacting us using the contact details set out below or by using the opt-out facilities provided in our marketing materials.

How do we store and secure your information

We will take reasonable steps to ensure that your personal information we hold about you is kept secure, accurate and up to date and is protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we, and our party service providers, use a number of physical, administrative, personnel and technical measures to protect your personal information.

Personal information we hold is kept in data centres located in Australia that are owned and operated by us or our service providers.

Access to third party services

Some of our software and services allows patients, healthcare practitioners or healthcare practices to sign up to or share information with third party services or products. You should review the relevant third-party terms and conditions and privacy policies before using a third-party service or product. We are not responsible for these services or products.

Accessing or correcting your information

If you are an individual seeking to access and correct your patient information, you should contact your healthcare practitioner or healthcare practice. Your healthcare practitioner or healthcare practice will usually be the data custodian of your patient information and therefore able to access and correct your patient information. Whilst we support your healthcare practitioner or practice, we are not the custodian of your patient information.

You can access the personal information we hold about you by contacting us using the information below.

We will use our best endeavours to respond to your request within 30 days of receiving it. Sometimes, we may not be able to provide you with access to all of your personal information or sensitive information and, where this is the case, we will tell you why. We may also need to verify your identity when you request such information.

If you think that any personal information or sensitive information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can Contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and will use our best endeavours to respond to your complaint within 30 days of receiving it.

If you think that we have failed to resolve the complaint satisfactorily or you still have a concern, you can contact the Office of the Australian Information Commissioner in any of the following ways:

online: www.oaic.gov.au/privacy

phone: 1300 363 992

email: enquiries@oaic.gov.au

fax: +61 2 9284 9666

mail: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601

Contact us

For further information about our Privacy Policy or practices, or to access or correct your personal information or sensitive information, or make a complaint, please contact us using the details set out below:

email: privacy@medicaldirector.com

mail: General Counsel, Level 8, 400 George St, Sydney NSW 2000

×