Privacy policy

Data controller and custodian

Medipass Solutions Pty Ltd, trading as “Medipass”

ABN 21 615 345 536

℅ PWC, Freshwater Place

Southbank, VIC 3006 Australia

hello@medipass.com.au

 

Types of data collected

We collect personal information from medical and health providers (“Practitioners”) that use Medipass and from end customers/Health Fund members (“Members”) to enable us to provide our services.  This information may be collected either direct using our practitioner web claiming interface, member smartphone application or indirect via integrations with medical practice management systems, Health Fund platforms or other partner services (collectively referred to as the “Services”).  

 

Personal information provided to us

We receive and store information you enter via Medipass or provide to us via a third party.  If you elect to use our Service, you may also provide us or a trusted third-party provider with the financial information required to process and fulfil your transaction.

 

You may choose not to provide us with certain information, but then you may not be able to take advantage of Medipass features.  The personal Information you provide is used for such purposes as allowing you to book medical appointments, obtain quotes, process health claims and payments, and communicating with you about transactions.

 

Members

As a Medipass Member, the types of personal Information collected may include your name, birthdate, address, mobile number, e-mail address, health fund account and payment card information that is entered via our Service.  When you make a booking, obtain a quote or process a health or payment transaction, we may communicate certain information with the selected Practitioner, your health fund and your payment card financial services organisation. We use this information as part of the health quote, health claim and payment process.

 

Practitioners

As a Medipass Practitioner, when you register for an account and use the Service, we collect the personal information you provide, such as:

  • Your practice, practice business registration, company name, location, email address, phone numbers;
  • Your practitioner registration details, such as medicare or health fund provider numbers, accreditation information and modality registrations; and
  • Government and industry issued identification numbers to verify your identify for underwriting and identity validation purposes.

We may retrieve additional personal information about you from third parties and other verification services such as credit bureaus and accreditation bodies.  

 

Personal information automatically collected

We receive and store certain types of information whenever you interact with Medipass. Medipass automatically receives and records information on our server logs from your browser or smartphone including your hardware model, operating system version, device identifiers, browser type, IP address, browser cookie information, and the function you requested.  We also record the details of your transactions on Medipass.

 

Personal information automatically collected

When you use Medipass on a location-enabled device, we may collect and process information about your actual location.  We use sensor data from your device including GPS, WiFi, Bluetooth and mobile network towers to determine your location.  This data is used to search for nearby practitioners, to enable simplified appointment check-ins, to verify the location of a provided service and for fraud detection purposes.

 

Personal information automatically collected

We also collect and use information about your interactions with the Service in a manner and format that does not identify you as an individual (“non-personally identifiable information”). We may collect, use, and disclose the following types of Non-Personally Identifiable Information:

 

Analytics information

We use third-party analytics tools to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or smartphone app as part of a web or application page request, including the pages you visit, your browser add-ons, your browser’s or device’s width and height, and other information that assists us in improving the Service.  We may collect and use this analytics information together with your personally identifiable Information to build a broader profile of our individual members so that we can serve you better, to improve the Service and for internal business purposes. We may disclose this combined information to our third-party business partners in aggregated, anonymised form as described below.

 

Browser cookies

We utilise “cookies” and other technologies to collect non-personally identifiable information from our website and from other websites that use our Services.  Information gathered through cookies and web-server log files may include information such as the date and time of visits, the pages viewed, IP addresses, links to/from any page, and time spent at our site.

 

We use cookie data to measure web traffic and usage activity on our website for purposes of monitoring, troubleshooting and improving our website and Services, to look for possible fraudulent activity, and to better understand the sources of traffic and transactions on our website and the websites of merchants that use our Services. Cookies also allow our servers to remember your account information for future visits and to provide personalized and streamlined information across related pages on our website and also across other websites or applications that use Services.

 

How we use information collected

We use the information collected to provide Medipass services, including:

  • Account registration and validation
  • Practitioner searches
  • Appointment bookings
  • Service quotes
  • Appointment check-ins
  • Health claims and payments processing

 

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Medipass and our users.  We also use information collected from cookies and other technologies to improve your user experience and the overall quality of our services.

When you contact Medipass, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

We will use information as required by law.

 

Protection of privacy

Health and payments information is sensitive and our Members have an expectation of privacy and confidentiality over the data we process.  We believe that our platform should be safe, secure and provide a high integrity of service.  To fulfil this, we treat security, privacy and processing integrity as our our top priority.

 

Although no data transmission can be guaranteed to be 100% secure, we take reasonable steps to ensure that your personal Information is accurate, complete, up-to-date, relevant and stored securely. We also take all reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss and unauthorised access, modification or disclosure by the use of various methods including access limitation and strong encryption technology to safeguard the account registration process and sign-up information.

 

Internal controls, security and privacy reference frameworks

Medipass maintains an internal control and risk framework which is guided by established security and privacy frameworks.  Specifically, we take into consideration the following frameworks on security and privacy:

  • ISO27001: an international framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
  • PCI DSS: (payment card industry data security standard) a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
  • AS4360: the joint Australia / New Zealand reference on organisational risk management.
  • RACGP Standard on management of health information and privacy.
  • Guidelines on privacy in the private health sector, Office of the Federal Privacy Commissioner

 

Medipass abides by several federal and state regulatory rules over privacy, including:  

  • The Australian Privacy Act of 1998
  • Australian Privacy Principles guidelines published by the Office of the Australian Information Commissioner

 

Staff education and compliance

Medipass staff are required to complete periodic security and privacy awareness training to help ensure compliance with applicable controls.  Training has been formed via consultation with a Director of Privacy from an Big 4 consulting firm.

 

Place of processing

Our principal place of processing is Australia.  Sensitive health records and payments information is processed in Australia. However, we may use processing partners, such as our help desk platform, that are located outside of Australia.  We may store your personal information in locations outside the direct control of Medipass, for instance, on servers or databases co-located with trusted hosting providers.

 

Some of the third parties to whom we disclose your personal Information are located outside of Australia. These countries may include the United States of America, Ireland or the United Kingdom.

 

Data retention

Medipass has a variety of obligations to retain the data that you provide us, both to ensure that transactions can be appropriately processed, settled, refunded or disputed, to identify fraud, and also to comply with laws applicable to us and to our health fund partners, banking providers and payment card processors. Accordingly, even if you close your Medipass account we will retain certain information as necessary to meet our obligations. However, we will identify your account in our database as “inactive”.

 

Information sharing

Medipass does not sell or rent your personal information to marketers or third parties.Medipass may disclose personal information it collects about you to third parties for a variety of purposes in connection with providing its Services. These third parties may include our agents, related bodies corporate, contractors, financial institutions, payment processors, health funds, verification services and credit bureaus, as well as any third parties that you have directly authorised to receive your personal Information. We may share Medipass Member contact information, but not their payment or health fund account information, with Practitioners as part of appointment booking or health claim and payments transaction processing.

 

We may also disclose your personal information to law enforcement, government officials, or other third parties if required by law or we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service.

 

Rights of users

Users have the right, at any time, to know whether their personal information has been stored and can consult Medipass to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons.  Requests should be sent to the Medipass at the contact information set out above. Be advised that we will need to verify your identity for such requests.

 

Changes to policy

We reserve the right to make changes to this policy from time to time. Please review this policy periodically to check for updates. If any changes are material and/or retroactive, we may provide additional notice and/or an opportunity to “opt-in,” as appropriate under the circumstances. We may also advise you of changes to this policy by emailing the revised policy to the addresses you provide us.

 

Questions or complaints

If you would like to access or seek correction of your personal information, or if you have complaints regarding our privacy practices, please contact our privacy officer by emailing info@medipass.io. Alternatively, you may contact us at the following address:

Medipass Solutions Pty Ltd, trading as “Medipass”

C/O PWC Freshwater Place

Southbank, VIC 3006 Australia,

 

Published date

This policy was last updated on 20 February 2017.