1. Introduction
- Provider = Changes Psychology Pty Ltd trading as Paperless admin. The provider has adopted the Policy below in accordance with the Australian Privacy Principals.
- Treating psychologist or service user = the psychologist, or practice of more than one health professional or psychologists, that uses the provider’s admin and billing services
- Client = the client of the treating psychologist providing the health services to them. The provider interacts with the client on behalf of the treating psychologist in order to faciliate administration and billing functions of the treating psychologists service.
- This Policy outlines how the Provider deals with Personal Information it collects from potential service users, service users (i.e “treating psychologists”) and the “clients” of service users in order to provide admin and billing services to those clients on behalf of the “service user”.
2. Collecting information directly from clients of the service user
Provider collects Personal Information directly when a treating psychologist, or practice of treating psychologists wishes to engage our services:
- contacts Provider by telephone, fax, email, sms or another from of communication;
- gives Provider his or her informationsends
- Signs our service agreement to agree to the commencement of services
3. Types of Information that Provider collects and stores in the treating psychologists email and practice management systems
Using processes described in this Policy, Provider collects the following categories of Personal Information about service users and clients:
- (Identity Information) name, date of birth, Medicare details, private health insurance details, credit/debit card details, family details
- (Contact Information) email address, mobile number/s, address
4. Sensitive Information
Privacy law categorise certain types of Personal Information as “sensitive information”, including:
- information or an opinion (that is also Personal Information) about an Individual’s:
- racial or ethnic origin;
- political opinions;
- religious beliefs or affiliations;
- philosophical beliefs;
- criminal record; and/or
- sexual orientation or practices;
- health information about an Individual, including:
- any information or opinion about the Individual’s health, health services, or wishes regarding health care; and
- information collected to provide, or in providing, a health service of any kind.
The provider’s staff and treating psychologists collect health information from clients in order to faciliate the provision of services and this sensitive information is saved within the service user’s practice management software by the providers staff (e.g. Powerdiary or Health Kit/Halaxy). If Individuals disclose sensitive information to psychologists, this may be included in casenotes created by psychologists that are then saved within the practice software.
5. How Provider transmits and stores client Information
The software used by the provider to transmit and store client information:
- (Email hosting Services) Google’s G suite hosting service that facilitates Gmail email hosting. Note we use the gmail account of the treating psychologist, not the gmail account of paperless admin, that is not used to interact with or collect information from clients). Note for treating psychologist that do not use gmail the name of their hosted email provider would be substituted for that of gmail in this document.
- (Website hosting of the providers website where the client claiming and payment forms are hosted – the data is transmitted to the ) Ventra IP Sydney
- (Practice management software) Health Kit/Halaxy or Powerdiary (whichever is used by the service user and their practice)
- (Payment processing software) National Australia Bank (NAB) NAB Transact Payment Facility
6. Data Security
The provider and the treating psychologist/s take reasonable security precautions to protect Personal Information from unauthorised access. This includes measures to secure the Provider’s physical facilities and electronic networks.
Provider limits access to personal information to those with a valid reason for using that information (ie only staff engaged by the provider have access to this information). Provider’s website includes security measures such as passwords, pins, encryption, session expiries, firewalls, SSL network encryption, SSL certificate and website transmission encryption, the use of reputable vendors (eg Google, Powerdiary and Health Kit) and physical locks to prevent physical access to the provider’s facilities
Google Gsuite (Gmail) security information: https://www.google.com/policies/privacy/#infosecurity
Ventra IP website hosting security information: https://ventraip.com.au/support/web-hosting/security
Powerdiary security information: https://www.powerdiary.com/security/
Health Kit/Halaxy security information: https://www.healthkit.com/your-privacy
National Australian Bank (NAB) security information: https://www.nab.com.au/common/privacy-policy
For more information on security, please contact Provider using the details in the “contacting us” below.
7. Why data is held, used and disclosed
The provider needs to collect client data and store on behalf of the treating psychologist/service user, in order to:
- facilitate the clients booking of appointments with a treating psychologist;
- manage records and documents associated with with a client’s appointments;
- process payment of the client’s session fees;
- facilitate medicare and health insurance claims;
8. Requests to release client information
As the clients information is stored within the treating psychologists email and practice management software, all client information requests need to be directed to the treating psychologist and not the provider – as the provider does not have the authority to release information without the consent of the treating psychologist. However if the client or treating psychologist have a query in relation to the storage or use of their information they can contact the privacy Officer via this email info@paperlessadmin.com.au
9. Complaints process
If clients or treating psychologists using the provider’s services have a complaint about privacy, they can contact the provider using the details listed above. The provider will respond to complaints in writing within a reasonable period (usually 10 business days from the day Provider receives an email).
The provider will try to work with Individuals and the treating psychologists to resolve complaints entirely within 20 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.
If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
10. Amendment
Provider may amend the Privacy Policy at its sole discretion. Individuals that continue to use the Services after receiving notice from Provider of such an amendment, agree to be bound by the Privacy Policy as amended.
11. Definitions
Individual, Individuals
means a natural person.
Provider
Changes Psychology Pty Ltd trading as Paperless admin.
Treating Psychologist (also referred to as the ‘service user’)
The psychologist, or practice of more than one health professional or psychologists, that uses the provider’s admin and billing services
Client
The client of the treating psychologist providing the health services to them. The provider interacts with the client on behalf of the treating psychologist in order to facilitate administration and billing functions of the treating psychologists service.
Personal Information
means information about an Individual whose identity is apparent, or can reasonably be ascertained, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.
Policy, Policies
means this document, drafted in accordance with the Australian Privacy Principles.
Service, Services
Includes the following services:
- facilitate the clients booking of appointments with a treating psychologist;
- manage records and documents associated with with a client’s appointments;
- process payment of the client’s session fees;
- facilitate medicare and health insurance claims;