|
Introduction
The Privacy Act 1988 (Cth) regulates the handling of personal information, including health information. The purpose of this document is to outline how McKesson complies with its confidentiality and privacy obligations. McKesson will make this Privacy Policy available to anyone who asks for it.
As an organisation, McKesson’s principal concern is and always will be the health of our consumers to whom we provide services. A high level of trust and confidentiality is required to ensure the confidence of the consumers we service. Callers to a McKesson health service can be assured that their privacy will be protected when accessing a McKesson health service; that their information will be collected and updated in accordance with this policy and that subject to some limited exceptions, they can access their information for review. Where McKesson is providing health services for organisations which are subject to an approved privacy code McKesson is required under contract to comply with the terms and conditions imposed by any approved privacy code. McKesson complies with the relevant approved privacy code whilst providing services for those organisations. Application
Collection, Use & Disclosure What information does McKesson collect about me?
McKesson recognises that the information we collect is often of a highly sensitive nature and so we have adopted the highest privacy compliance standards relevant to McKesson to ensure health information and personal information (Personal Information) is protected.
McKesson may collect Personal Information about you for the purpose of providing health services to you. Personal Information collected may include:
- Your name, date of birth, address, telephone number
- The name of any referring health service provider
- Products or drugs used or proposed to be used by you
- Your previous and current medical history
- Your emergency contact details
- Your local doctor (GP) contact details
- The name of any health service provider to whom McKesson refers you
When you become a user of a McKesson-operated health service, a record is made containing the aforementioned Personal Information relevant to your care. Does McKesson collect information about me from other people or organisations?
In some instances, and subject to your consent, it may be necessary to collect information about you from your next of kin, relative or carers. Every time you contact us and new information is collected and added to your record, it will be done in accordance with this privacy policy. Please let us know if your contact details or your local doctor’s contact details have changed since last contact.
In providing health care services we may also collect information about you from other healthcare providers including your health fund and local health service or hospital. We would only do so with your consent, such consent may be given to us or is by way of your arrangement or relationship with that other organisation, such as when you give your information to that other organisation and agree with the terms of their privacy policy. Why is my information collected?
McKesson only collects information that is needed to ensure your best possible care. Your previous medical history will help identify further health recommendations. To help look after your own health we ask that you provide us with accurate and complete information.
McKesson is a value-based organisation and is committed to upholding the principles of the Federal Privacy Act 1988 which protects the privacy of health information in Australia.
McKesson may access information:
-Provided directly by you
-Provided on your behalf with your consent
-From a health service provider who refers you to a McKesson health service How we use your Personal Information
Personal Information collected by McKesson may be used or disclosed:
- For the purpose you were advised of at the time of collection of the information by us
- As expressly permitted under any agreement with you
- As required for delivery of the relevant service to you
- As required for the ordinary operation of our services (i.e. to send you further requested information)
- As required under law
- Where there is a serious and imminent threat to an individual’s life, health, or safety
- A serious threat to public health or public safety
McKesson will retain your Personal Information in accordance with any record keeping laws. Who might receive information regarding my care and treatment?
Your local doctor (GP) or your local health service
We may send a letter to your local doctor (as nominated by you) or your local health service or hospital regarding your healthcare management if this is appropriate in the circumstances. Sometimes your local doctor or your local health service or hospital will contact us for additional information about your healthcare management. In this situation, we will only release information to the doctor whom you have specified as your local doctor on your present record or to your local health service or hospital if they are involved in your ongoing care. Will anyone else receive information about me?
In some circumstances we may be required by law to release your Personal Information. For example we are required to comply with a subpoena to produce medical records before a court. Community Health and Support Services
You may need support services as part of a defined healthcare plan. With your prior consent, we will release your relevant Personal Information to enable these support services to provide their support and continue your care. Security
Given the sensitive nature of the Personal Information collected by McKesson to provide its health services, extra precautions are taken to ensure the security of that information. McKesson uses a multi-level security system which includes firewall security, network security, server security, user security, and physical security to hold your Personal Information. How do I protect my information?
Information about you is also located within McKesson’s password-protected computer system and is available to healthcare professionals who are involved in your care.
We maintain strict policies regarding who has the authority to access your Personal Information. All our personnel are bound by a formal code of conduct to maintain the confidentiality of your Personal Information. We educate and monitor our personnel to ensure Personal Information is handled confidentially and with respect and care. McKesson requires its employees to observe obligations of confidentiality in the course of their employment. Before allowing independent contractors to access your Personal Information McKesson requires contractors to sign a confidentiality undertaking to comply with obligations of confidentiality the same as its employees.
McKesson may contract out the following services:
- Fulfilment of mailed-out information
- Interpreter service Secondary purposes, which are directly related to the primary purpose of collection for which McKesson may use or disclose Personal Information may be for quality assurance of delivery of its health services, training, billing, and as may be required by McKesson's insurers. Calls with you may be monitored or recorded for quality assurance or training purposes. If you do not wish for your call to a McKesson health service to be monitored or recorded you are able to discontinue the call at any time or advise the operator that you do not want your call recorded or monitored and McKesson will respect your request and act accordingly. Can my information be collected, used, disclosed and held anonymously?
McKesson will, wherever practicable and lawful, give you the option of remaining anonymous during the provision of our health service. Anonymity in relation to health services, however, may be impracticable and restrict the quality of care being able to be provided by McKesson. Accessing your Personal Information, complaints and obtaining further information How can I access my Personal Information?
You have a right under the Privacy Act 1988 to request access to your Personal Information held by McKesson and if it is inaccurate to request correction.
Please note, however, that under the legislation, in special circumstances, access to your Personal Information may be declined or restricted by McKesson (for example, where providing access would pose a serious threat to the life or health of you or another person). If McKesson does decline your request to access or correct your Personal Information, then McKesson will provide you with reasons for such denial.
McKesson will respond to your request for access to your Personal Information within 14 days of receipt of the request. McKesson may impose a reasonable fee for providing access to your Personal Information. You will be advised of the fee at the time you are given access to your Personal Information. What to do if I have a privacy complaint?
If you wish to:
- Complain to McKesson about a breach of privacy
- Access your Personal Information held by McKesson
- Correct any information held by McKesson about you
- Find out more about how McKesson deals with personal information You can contact:
Privacy Officer
McKesson Asia-Pacific
PO Box 4069,
Lane Cove, NSW 2066
FAX: 02 9420 0171 Email:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This email address is being protected from spam bots, you need Javascript enabled to view it.
What should I do if I have a complaint about the privacy of my health information?
If you have any questions regarding what happens to the information about you, please contact us. If you wish to make a privacy complaint please contact our Privacy Officer at the above address.
If you are not satisfied with the way in which we handle your information or deal with your privacy concerns, you may wish to make a formal complaint to the Privacy Act Complaints Hotline on 1300 363 992 or your State’s Health Services Commissioner.
|
