Background
In this Privacy Policy, reference to “we”, “us” or “our” is reference to Police Health Limited (ABN 86 135 221 519), a registered not for profit, restricted access private health insurer, including the brands Police Health and Emergency Services Health. Reference to “you” or “your” is reference to a customer or a person insured under a private health insurance policy or having any contact or dealing with us.
Our primary purpose for collecting information is to conduct a health insurance business and any health related business, including the provision of goods and services either directly or through a third party.
We are committed to maintaining the privacy of individuals whose information we collect in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). We aim to manage personal information that we collect in an open and transparent way. This Privacy Policy describes how we manage personal information. If you have any queries about the Policy or the manner in which personal information is managed, you may contact us for further information (contact details appear at the end of this Policy).
Collecting and holding personal information
We collect and hold personal information and sensitive information about people insured or interested in becoming insured under a health insurance policy, providers of health services, suppliers, contractors, people attending functions or events and other contacts to conduct our activities, understand and meet stakeholder needs and meet our legal obligations. Personal information is broadly, any information about or relating to you where you are identified by us or could be identified. Sensitive information is a subset of personal information including your health information. Further details can be obtained via the link to the Office of the Australian Information Commissioner located below in section ‘Information about Privacy’.
If you do not provide us with the information we ask for, we may not be able to perform these activities and functions, in particular relating to applications for health insurance cover, administering health insurance policies, providing relevant services, assessing and paying claims and meeting statutory reporting requirements.
An individual may deal anonymously with us when seeking general information about us and our products. However, it is not practicable for individuals not to identify themselves, or to use a pseudonym, when dealing with us in relation to health insurance or claims.
We collect and hold the minimum personal and sensitive information required to perform our functions and activities. This information may include:
- Contact and identity information, such as names, addresses, age, gender, marital status and relationship details, employment details, government identifiers, passwords, telephone, mobile and facsimile numbers and email addresses.
- Financial information, such as premiums, income, Australian Government Rebate on private health insurance tier level, bank account details, and employment details.
- Sensitive information, such as information about claims, health services provided to you and your health.
- Correspondence or correspondence details, verbal and written, hard copy or electronic.
- Provider information, relating to their scope of practice.
Where possible, the information is collected from you, from a person or organisation authorised to provide the information on your behalf or from another person insured on your health insurance policy. Information may also be collected from government agencies, business partners, contractors, employers, other private health insurers, other insurers and service providers.
In particular, when you make a claim, you consent to us collecting sensitive (health) information directly from third parties, or if the information relates to someone other than you on the health insurance policy, you give consent on behalf of that person and you must be authorised to do so.
Where you receive treatment at or by a hospital, our contracted third party, the Australian Health Service Alliance (www.ahsa.com.au) collects personal information about your claim to assist us in assessing and paying your claim and assisting us in meeting our statutory reporting requirements.
Personal information may be collected from a person acting on behalf of an insured person or from an organisation or person when authorised by a person acting on behalf of the insured person. The circumstances of this collection usually relate to an application for a health insurance policy, amendments or additions to a health insurance policy, amendments or changes to personal details and when making claims under a health insurance policy.
Information (personal and sensitive) may be collected by us by voice (in person or via phone), electronically (via email, mobile application, website application and portal or internet applications including social media [e.g. Facebook]) or in hard copy (forms, claims or other correspondence) and is stored by us either electronically, in hard copy or both electronically and in hard copy.
HAMB Systems Ltd supports our membership management and claims processing system by the provision of software and hosting services. Personal information is held on systems hosted by HAMB Systems Ltd at its sites. Third party suppliers host voice recordings and related material. Data may be held on systems owned and managed by “cloud” service providers. These and other service providers that host personal information are subject to the Privacy Act, and agreements ensure the integrity and security of personal information and management of the information in accordance with this Privacy Policy and the Australian Privacy Principles.
We collect personal information on a recurring basis, in particular relating to managing your health insurance with us and when making a claim. This is your notification that we will collect your personal information on a recurring basis. When you or your authorised representative interact with us and when you receive treatment for which a claim is made on your health insurance policy, it is reasonable for you to expect that we will collect your personal information.
If you are the Contributor of a health insurance policy with us, you are responsible for ensuring that every person on the health insurance policy is aware of this Privacy Policy, particularly as it relates to the collection, holding, use and disclosure of their personal information for the purposes of their cover and verifying that appropriate benefits are paid. Where you provide personal information to us about another person on the health insurance policy, you must be authorised to do so.
If you are not the Contributor of a health insurance policy with us, but are making a claim, or otherwise providing personal information, on behalf of another insured person, you must be authorised to do so.
If you or any other person on your health insurance policy does not consent to the collection and the way we use and disclose personal information, we may not be able to provide you or the other person with cover.
Use of personal information
Personal information is used for a number of reasons such as:
- Administering the private health insurance fund and your private health insurance policy. This includes providing a billing and claims payment service involving assessment, processing, control, auditing, benefit review, research and system maintenance and undertaking related regulatory requirements such as Contributor communication and reporting.
- Enabling us to comply with legislative requirements for the collection of and submission of data to Government agencies.
- Developing and providing products and services.
- Communicating to you general information about us, the health insurance industry, health and well-being or other material which we consider may be of interest to you.
- Advising you of direct marketing offers, such as promotions, products and services provided or offered by us or on our behalf, or other service providers who have a relationship with us, that we consider may be of interest or benefit to you or other people insured on the same health insurance policy (where applicable). Direct marketing material may be brought to your attention by various means and includes being sent to you through electronic communications such as email or text message, mail and/or by phone. When you become a customer or become insured under a private health insurance policy, you consent to receiving marketing material for an indefinite period (including after you may cease to be insured by us). If you do not want to receive direct marketing material or offers, you can withdraw your consent by contacting us.
- Resolving business or legal matters, issues or complaints.
- Purchasing or providing health or health related services on your behalf, including membership of organisations.
- Part of the security protocols used by staff to confirm the identity of the person being dealt with.
- Undertaking surveys to improve our products and services.
- Identifying persons that may benefit from risk management, health management and disease management programs and, where the person has consented or the person would reasonably expect us to do so, for the provision of these health programs.
- Perform any other functions or activities.
Our functions and activities and our range of products and services may change from time to time.
Disclosure of personal information
We may disclose your personal information (including sensitive health information) to other individuals on your health insurance policy for administering the policy, including for the payment of benefits. As the Contributor is the holder of the health insurance policy, we disclose all personal information about all insured persons on the policy to the Contributor, including details of all benefits and services claimed on the policy. We send all communications on health insurance policies, including those that cover more than one person, to the address supplied by the Contributor. In addition, at the time of joining us, the Contributor authorises us to share personal information amongst individuals on the health insurance policy.
A Contributor must advise us promptly if their partner ceases to be eligible to be covered as their partner in accordance with the Fund Rules. Subject to these Fund Rules, a person who ceases to be a partner of a Contributor may be eligible to become a Contributor on their own policy. This is to prevent potential privacy breaches. If your child is insured or not-insured under the policy of your ex-partner, we cannot confirm this with you, or provide details about your ex-partner’s policy to you.
A person over the age of 14 years may request to have their sensitive information kept private from other persons insured on the policy. We will endeavour to keep the information private, but may be obliged to disclose information on request by the Contributor of the insurance policy, or a parent or guardian of the person. If any insured person aged 18 years or older wants to guarantee that their personal information (in particular sensitive information) is not disclosed to other persons on the health insurance policy, they will need to purchase their own health insurance policy. We may need to disclose personal information to various organisations, such as:
- Government agencies, including Medicare, Private Health Insurance Ombudsman, the Department of Health and the Australian Prudential Regulation Authority;
- Other private health insurers or other health insurance industry bodies;
- Health service providers;
- Professional advisers;
- Persons or organisations authorised by you (this includes other people covered under the same health insurance policy) and your agents and advisers;
- Insurers or legal representatives of insurers, or statutory authorities such as Return to Work SA, in relation to claims made for damages or compensation for motor vehicle or other accidents or workers compensation;
- Organisations contracted by us to assist in the delivery of our functions and services. This includes our contracted third party agents such as the Australian Health Service Alliance Ltd (Note: From time to time, we disclose personal information to the Australian Health Service Alliance who provides clinical, classification and contract support in order to assist us with correctly assessing a claim for payment and to identify persons who could potentially benefit from a chronic disease management program), organisations that provide mail out services, organisations for security purposes, organisations that support our voice recording infrastructure and organisations that supply and support our information technology infrastructure;
- To business partners who provide services direct to you on our behalf or business partners from which we purchase services on your behalf and this includes organisations that results in you also becoming their client and/or member (note: this may involve the retention of disclosed personal information by the business partner to deliver their services to you);
- Third parties (organisations contracted by organisations contracted by us) to assist us in the delivery of our functions and services and, unless required by law, with our agreement;
- Payment system operators and financial institutions;
- Your employer; and/or
- Other parties to whom we are authorised or required by law to disclose information, such as auditors and actuaries.
We will not sell your contact details or add your contact details to mailing lists of third parties unrelated to your health insurance policy or with whom we do not have a relationship, without your prior consent. We will require that business partners and contractors comply with the Australian Privacy Principles.
We are not likely to disclose your personal information to overseas recipients.
Security
We undertake all reasonable steps to ensure that your personal information is kept secure and to protect your information from misuse, loss and unauthorised access, modification or disclosure. Paper documents are protected from unauthorised access through the application of a security system at our premises. Computer and network security systems include, amongst other things, the use of firewalls, encryption technology and password protection.
Social media, analytics and electronic exchanges
When you visit our websites, a record of your browser, devices used to access the website, location, IP Address, cookies and such similar related information is made.
We use persistent and session cookies to store information entered into the websites. This information is stored on your browser until it is closed. Information is securely transferred by encryption protocols (SSL) to our server and exists within memory for the duration of the HTTPS request and associated response, upon which it is removed. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the websites. Our websites use a range of tools and services provided by third parties, including Google Analytics, a service which transmits website traffic data to various Google servers around the world, including the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
By using our websites, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google- external site. In addition to anonymous Data Collection Tools, we also collect identifiable information through the use of tracking pixels and cookies. This allows for the collection of information regarding the use of the web page that contains the tracking pixel/cookie. For example, if you have used Facebook on the same device, we share the tracking cookie data with Facebook who will use this to optimise advertising provided to you when using Facebook.
We use Facebook Custom Audiences to deliver advertising about us to users on Facebook based on email addresses we have collected. If you would like to opt-out of our Facebook advertising, follow this link and update your ad preferences – http://facebook.com/ads/website_custom_audiences/
You acknowledge that the Internet is not a secure environment. We cannot guarantee the security of information you send and receive by electronic means, and hence electronic exchanges are undertaken at your own risk.
We provide links to third party sites, and third party applets for social media sharing. These sites are not under our control and hence we are not responsible for any practices by these third parties that may breach your privacy. We encourage you to review the privacy policies of these third parties.
If you access or log-in to our websites through a third party social media service, we may also collect information from that social media service. This may include:
- Your user name for that service;
- Any information or content you have permitted the social media service to share with us (such as your profile picture(s), email address, followers or friends lists); and
- Any other information you have made public (including other posts you make using your social media profile).
We do not collect your social media profile password. When you access our websites through your social media profile, or when you connect to your social media profile, you authorise us to collect and handle your personal information in accordance with this Privacy Policy.
We may send you push notifications from time-to-time in order to update you on our latest blogs or about current promotions which we may be offering. If you no longer wish to receive these communications, you may turn them off at any time at the device level or by visiting our websites and following the prompt. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
Use and access of our websites must be in accordance with the terms and conditions published on the websites.
We provide Contributors with access to Online Member Services in accordance with the published terms and conditions.
Correcting, updating and accessing personal information
Subject to any legislation, an individual has a right to request reasonable access to their personal information and to request its correction. Generally, obtaining access, updating and correcting your personal information is undertaken by our Customer Services Officers using one of the points of contacts listed further below.
Depending on the information and how it is stored, information may be viewed at our office, accessed through the Online Member Service or sent to the requestor. We reserve the right to charge an administration fee for the provision of the information to cover costs incurred.
We have the right to withhold the release of personal information in certain circumstances.
The accuracy of your personal information is important to us. If you believe that any personal information is not accurate, complete or up to date, we should be advised in writing as soon as practicable.
Complaints
Questions about our Privacy Policy and privacy practices, requests for access and correction of personal information that you believe have not been addressed or complaints about a possible breach of privacy should be directed to the Privacy Officer using the contact details listed below.
Contact details
In relation to Police Health:
Postal Address: PO Box 6111, Adelaide SA 5000
Phone number: Adelaide local - (08) 8112 7000
Other areas - 1800 603 603
Facsimilie number: (08) 8112 7099
Email address: enquiries@policehealth.com.au
In relation to Emergency Services Health:
Postal Address: PO Box 6111, Adelaide SA 5000
Phone number: 1300 703 703
Facsimilie number: 1300 151 152
Email address: enquiries@eshealth.com.au
Information about Privacy
Information about privacy, including links to the Privacy Act 1988 (Cth) and the Australian Privacy Principles can be found on the Website of the Office of the Australian Information Commissioner, www.oaic.gov.au
Privacy Policy changes
From time to time, we may modify this Privacy Policy. Where this occurs we will publish the new Privacy Policy on our websites, www.policehealth.com.au and www.eshealth.com.au
Policy Administration
- Policy Approved From: 28 February 2024
- Policy Review Date: 28 February 2025
Amendments approved by the Board: 24 February 2021 and 4 November 2021
Oversight Responsibility: Risk Management and Compliance Committee