June 2021
1.0 Statement
Qscan Group inclusive of all business units, have a commitment to be the premier radiology specialist provider for its Patients and Referrers.
This Policy outlines how we are subjected to several obligations to protect the privacy, security, and confidentiality of personal information. Depending on the circumstances, these may include the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (the Privacy Act) and laws relating to the protection of health records. The purpose of this policy is to clearly communicate how we collect and manage personal information.
2.0 Purpose
3.0 Scope
Who does this privacy policy apply to?
This privacy policy applies to you only to the extent that the collection and handling of your personal information by the Qscan Group is subject to the Privacy Act and/or any State/Territory health records legislation.
This privacy policy applies to all Qscan Group companies. A current list of all Qscan Group companies can be accessed at https://qscan.wpengine.com/locations/
What information does the privacy policy apply to?
Qscan’s privacy policy applies to personal information. Personal information is information or an opinion about an identified person, or a person who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.
Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.
In this privacy policy, all references to personal information include sensitive information unless indicated otherwise.
4.0 Purposes of collection, use & disclosure of personal information
Why does the Qscan Group collect, hold, use and disclose personal information?
In general, the Qscan Group collects, holds, uses and discloses personal information:
Our range of products and services and our functions and activities may change from time to time.
If you provide your email address, telephone and/or mobile phone number, you also consent to the Qscan Group using your email address, telephone and/or mobile phone number to contact you (including by telephone call, SMS or email) for any of the above purposes.
5.0 What kinds of personal information does the Qscan Group collect and hold?
In the course of our business, the Qscan Group may collect personal information about you that is necessary for us to perform our functions and activities. The Qscan Group will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
The types of personal information we may collect, and hold may vary depending on the nature of our interaction with you and may include:
Patients
If the required personal information is not provided by a patient, the Qscan Group may not be able to perform the necessary medical service due to safety risks and legal requirements.
6.0 Referring healthcare practitioners and healthcare practitioners who engage Qscan to provide them with facilities and services
7.0 Prospective, current, and past employees, contractors, and service providers
If the required personal information is not provided, the Qscan Group may not be able to engage with you in the manner requested by you (for example, the Qscan Group will not be able to offer you employment or, if you are a healthcare professional, provide you with access to our web-based portals).
8.0 Remaining anonymous or using a pseudonym
Due to the nature of the Qscan Group’s services it is not possible for persons to deal with the Qscan Group anonymously or by using a pseudonym. The reasons for this are because:
9.0 How and when is personal information collected by the Qscan Group?
The Qscan Group may collect your personal information in a number of ways including through application forms, claims forms and correspondence (written and verbal).
If you are a patient, collection of personal information may occur throughout the various stages of medical imaging/treatment including:
If you are a patient, the Qscan Group typically collects your personal information directly from you but may also collect your personal information from:
If you are a healthcare professional, the Qscan Group typically collects your personal information directly from you or from your patient or other healthcare professionals.
If you are a prospective or current employee, the Qscan Group may collect your personal information from third parties such as recruitment agencies.
If we receive unsolicited personal information which we would not normally have collected and this information is not relevant to us providing a service to you, we will destroy or de-identify the information.
10.0 How does the Qscan Group hold personal information?
The Qscan Group will hold your personal information securely in accordance with the requirements under the Privacy Act. Personal information may be held in the following formats:
To the extent required by the Privacy Act, the Qscan Group takes reasonable measures to ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification, and disclosure. This includes:
Unless the Qscan Group is required to retain your personal information in accordance with legislative and regulatory requirements, the Qscan Group will take reasonable steps to destroy and/or de-identify your personal information in secure manner once it is no longer necessary to hold the information for the provision of services to you.
11.0 Disclosure of personal information
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third parties including:
In addition, your images and reports are made available to all medical providers (including allied health professionals) who have been granted access to the Qscan Group’s web-based portals, including medical providers who are not involved in your care. Please refer to the section of this privacy policy titled “Access to your information via web-based portals” for more information.
12.0 Consent to Collect, Hold, Use and Disclose your Personal Information
If you are a patient, in most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), the Qscan Group will obtain consent for the purposes for which we intend to collect, hold, use and disclose your personal information. In the event that you are unable to provide or communicate your consent, the Qscan Group may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary in order to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise.
You may choose not to provide the Qscan Group with consent for the collection, use and disclosure of your personal information, however, this may mean that the Qscan Group is unable to provide the health services required.
13.0 Transfer of personal information overseas
In order to perform the functions and activities as described above, the Qscan Group may disclose your personal information to third party service providers located overseas. For example, the Qscan Group uses Microsoft Office 365 (but not for patient data) whose data centres are located in Hong Kong, Singapore and South Korea and a medical transcription service located in the Philippines.
While we typically store all patient data locally in Australia, some healthcare professionals who refer patients to us or who undertake medical reporting for us may be located overseas and access patient data held by us from overseas.
If you are participating in a clinical trial, your personal information may be disclosed overseas to the country in which the clinical trial is being conducted.
In the event the Qscan Group transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to trans-border data flows.
14.0 Access to personal information
At your request, the Qscan Group will provide you with access to your personal information held by the Qscan Group subject to some limited exceptions permitted by law. If you wish to request access to your personal information held by the Qscan Group, please contact our Quality Coordinator whose details are in the “Contacting the Qscan Group” section of this privacy policy. The Human Resources Manager will advise you of any action that you need to take in order to access your personal information, which may include visiting the nearest Qscan site and providing valid photo ID (eg. Driver’s license, passport etc).
15.0 Accurate and up-to-date personal information
The Qscan Group will take reasonable steps to ensure that your personal information is accurate, up-to-date, and complete. This will include:
If you need to correct or update your personal information, please contact the Human Resources Manager (whose details are in the “Contacting the Qscan Group” section of this privacy policy) as soon as possible. The Human Resources Manager will advise you of any action that you need to take in order to correct or update your personal information, which may include visiting the nearest Qscan site and providing valid photo ID (eg. Driver’s license, passport etc).
16.0 Access to your information via web-based portals
The Qscan Group uses secure web-based password protected portals to allow:
These health professionals and their Responsible Persons are able to access these web-based portals with a unique provider number, subject to the health professional agreeing to comply with terms and conditions relating to access, privacy and confidentiality and ensuring that their Responsible Persons comply with these terms and conditions. By agreeing to these terms and conditions, the health professional confirms that the health professional will, and will ensure that their Responsible Persons will, only access information that is required for the health professional to provide a medical service to the health professional’s patients (and not the information of other Qscan patients stored in the portals) and that the information will not otherwise be used, knowingly shared or disclosed for any other purpose.
Our systems track, record and store all access activities on every patient file. Qscan frequently monitors the use of this service and takes all reasonable steps to ensure that the system is being used appropriately for its intended purpose.
17.0 Our Websites
Personal information submitted electronically via our online booking form will be subject to this privacy policy.
18.0 Privacy complaints
If you have a complaint about your privacy, you can contact our Human Resources Manager details are in the “Contacting the Qscan Group” section of this privacy policy). The Qscan Group will investigate your complaint and will endeavour to provide you with a response as soon as possible.
If you are unhappy with our response, you can contact the Office of the Australian Information Commissioner (Privacy Commissioner) on the telephone contact number below, or through their website.
Privacy Commissioner Number: 1300 363 992
Office of the Australian Information Commissioner: www.privacy.gov.au/complaints
19.0 Contacting the Qscan Group
Individuals are welcome to ask any questions regarding privacy and the way that Qscan Group manages personal information.
The contact details for the Human Resources Manager are:
Email: people.culture@qscan.com.au
Web: www.qscan.com.au
Address: PO Box 222 RBH Post Office Herston Q 4029