Qscan Group inclusive of all business units, have a commitment to be the premier radiology specialist provider for its Patients and Referrers.
This Policy outlines how we are subjected to several obligations to protect the privacy, security, and confidentiality of personal information. Depending on the circumstances, these may include the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (the Privacy Act) and laws relating to the protection of health records. The purpose of this policy is to clearly communicate how we collect and manage personal information.
Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.
4.0 Purposes of collection, use & disclosure of personal information
Why does the Qscan Group collect, hold, use and disclose personal information?
In general, the Qscan Group collects, holds, uses and discloses personal information:
Our range of products and services and our functions and activities may change from time to time.
If you provide your email address, telephone and/or mobile phone number, you also consent to the Qscan Group using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.
5.0 What kinds of personal information does the Qscan Group collect and hold?
In the course of our business, the Qscan Group may collect personal information about you that is necessary for us to perform our functions and activities. The Qscan Group will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
The types of personal information we may collect, and hold may vary depending on the nature of our interaction with you and may include:
If the required personal information is not provided by a patient, the Qscan Group may not be able to perform the necessary medical service due to safety risks and legal requirements.
6.0 Referring healthcare practitioners and healthcare practitioners who engage Qscan to provide them with facilities and services
7.0 Prospective, current, and past employees, contractors, and service providers
If the required personal information is not provided, the Qscan Group may not be able to engage with you in the manner requested by you (for example, the Qscan Group will not be able to offer you employment or, if you are a healthcare professional, provide you with access to our web-based portals).
8.0 Remaining anonymous or using a pseudonym
Due to the nature of the Qscan Group’s services it is not possible for persons to deal with the Qscan Group anonymously or by using a pseudonym. The reasons for this are because:
9.0 How and when is personal information collected by the Qscan Group?
The Qscan Group may collect your personal information in a number of ways including through application forms, claims forms and correspondence (written and verbal).
If you are a patient, collection of personal information may occur throughout the various stages of medical imaging/treatment including:
If you are a patient, the Qscan Group typically collects your personal information directly from you but may also collect your personal information from:
If you are a healthcare professional, the Qscan Group typically collects your personal information directly from you or from your patient or other healthcare professionals.
If you are a prospective or current employee, the Qscan Group may collect your personal information from third parties such as recruitment agencies.
If we receive unsolicited personal information which we would not normally have collected and this information is not relevant to us providing a service to you, we will destroy or de-identify the information.
10.0 How does the Qscan Group hold personal information?
The Qscan Group will hold your personal information securely in accordance with the requirements under the Privacy Act. Personal information may be held in the following formats:
To the extent required by the Privacy Act, the Qscan Group takes reasonable measures to ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification, and disclosure. This includes:
Unless the Qscan Group is required to retain your personal information in accordance with legislative and regulatory requirements, the Qscan Group will take reasonable steps to destroy and/or de-identify your personal information in secure manner once it is no longer necessary to hold the information for the provision of services to you.
11.0 Disclosure of personal information
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third parties including:
12.0 Consent to Collect, Hold, Use and Disclose your Personal Information
If you are a patient, in most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), the Qscan Group will obtain consent for the purposes for which we intend to collect, hold, use and disclose your personal information. In the event that you are unable to provide or communicate your consent, the Qscan Group may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary in order to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise.
You may choose not to provide the Qscan Group with consent for the collection, use and disclosure of your personal information, however, this may mean that the Qscan Group is unable to provide the health services required.
13.0 Transfer of personal information overseas
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third party service providers located overseas. For example, the Qscan Group uses Microsoft Office 365 (but not for patient data) whose data centres are located in Hong Kong, Singapore and South Korea and a medical transcription service located in the Philippines.
While we typically store all patient data locally in Australia, some healthcare professionals who refer patients to us or who undertake medical reporting for us may be located overseas and access patient data held by us from overseas.
If you are participating in a clinical trial, your personal information may be disclosed overseas to the country in which the clinical trial is being conducted.
In the event the Qscan Group transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to trans-border data flows.
14.0 Access to personal information
15.0 Accurate and up-to-date personal information
The Qscan Group will take reasonable steps to ensure that your personal information is accurate, up-to-date, and complete. This will include:
16.0 Access to your information via web-based portals
The Qscan Group uses secure web-based password protected portals to allow:
These health professionals and their Responsible Persons are able to access these web-based portals with a unique provider number, subject to the health professional agreeing to comply with terms and conditions relating to access, privacy and confidentiality and ensuring that their Responsible Persons comply with these terms and conditions. By agreeing to these terms and conditions, the health professional confirms that the health professional will, and will ensure that their Responsible Persons will, only access information that is required for the health professional to provide a medical service to the health professional’s patients (and not the information of other Qscan patients stored in the portals) and that the information will not otherwise be used, knowingly shared or disclosed for any other purpose.
Our systems track, record and store all access activities on every patient file. Qscan frequently monitors the use of this service and takes all reasonable steps to ensure that the system is being used appropriately for its intended purpose.
17.0 Our Websites
18.0 Privacy complaints
If you are unhappy with our response, you can contact the Office of the Australian Information Commissioner (Privacy Commissioner) on the telephone contact number below, or through their website.
Privacy Commissioner Number: 1300 363 992
Office of the Australian Information Commissioner: www.privacy.gov.au/complaints
19.0 Contacting the Qscan Group
Individuals are welcome to ask any questions regarding privacy and the way that Qscan Group manages personal information.
The contact details for the Human Resources Manager are:
Address: PO Box 222 RBH Post Office Herston Q 4029