Who are we?
We are Integrated Care Services Pty Ltd ABN 71 059 950 695 (ICS), a subsidiary of Medibank Private Limited ABN 47 080890 259 (Medibank). References to ‘us’, ‘we’ or ‘our’ include ICS, Medibank and, where the context requires, other Medibank subsidiaries (collectively ICS Related Companies). We administer and deliver the Care Programs, an extended support system for patients which helps them to better manage their conditions in the comfort of their own home and which empower patients to take positive steps towards improving their health and quality of life (Care Programs).
Who does this policy apply to?
- All individuals whose personal information is collected, used or disclosed in the course of receiving health-related services from, or through, ICS; and
- All individuals whose personal information is collected by us in the course of our functions and activities such as service providers, contractors and prospective employees of ICS or an ICS Related Company (ICS Provider).
Protecting your privacy
We are committed to protecting the privacy of your personal information and complying with the Privacy Act 1988 (Cth), State and Territory laws governing the use of personal information (collectively the Privacy Acts), which regulate how personal information is handled, from its collection, to use and disclosure, storage, access and disposal.
‘Personal information’ generally means any kind of information in any form about a person that identifies that person and includes sensitive information such as health information.
When handling your health information, in addition to our obligations under the Privacy Acts, we must also comply with privacy legislation controlling the management of clinical and health information, including the Health Records Act 2001 (Vic) in Victoria, Health Records (Privacy and Access) Act 1997 (ACT) in the Australian Capital Territory, and the Health Records and Information Privacy Act 2002 (NSW) in New South Wales (collectively referred to as the Health Privacy Laws).
- how we manage the personal information that we collect, use and disclose; and
- how to contact us if you:
- have any questions about our management of your personal information; or
- would like to access or correct the personal information we hold about you; or
- would like to lodge a complaint with us regarding our compliance with Privacy Acts and Health Privacy Laws.
What kind of personal information do we collect?
The types of personal information we may collect include:
- identifying information such as name, date of birth, employment details;
- contact information such as home address, home and mobile phone numbers and email address;
- government-issued identifiers including Medicare numbers;
- health information including current and past medical history, and any new health information;
- biometric information and templates;
- for some services, other sensitive information relevant to the provision of our services, including racial/ethnic origins, and sexual preferences and practices;
- information about your lifestyle and interests (for example, sporting and other lifestyle interests);
- information about the government agency, health insurer, organisation or service provider which has referred you to us or which is funding your participation in the Care Programs (Funder);
- information about involvement in other programs you participate in or memberships you may have;
- (where you are an ICS Provider) financial information, such as bank account and credit card details; and
- (where you are an ICS Provider) information necessary to enable and manage our relationship with you.
You generally have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, on many occasions we will not be able to do this. For example, we will need your name and other details in order to provide you the Care Programs.
If you do not provide to us or authorise us to collect the personal information we request, we may be unable to provide you with our services.
How do we collect and hold personal information?
We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
We may collect your personal information from:
- you or a person authorised by or responsible for you;
- your GP, hospital or other health service providers who provides, or has provided, services to you;
- organisations and agencies with which we collaborate to deliver our Care Programs to you;
- a Funder on whose behalf we are providing you with services or which refers you to our Care Programs;
- a service provider engaged by us or a third party who partners with us;
- organisations and agencies from which we collect information in order to enable and manage our relationship with you as an ICS Provider; and
- where applicable, another ICS Related Company with which you have an existing relationship.
Where we collect your personal information from a third party, we will take reasonable steps to ensure that you are made aware of this and in some cases we may require your further consent to do so.
We take all reasonable steps to protect your personal information from misuse, loss, or unauthorised access, modification or disclosure. We store your information securely and have a range of security controls in place to ensure that your information and documents are protected. Our employees are trained on privacy and access to personal information is restricted to individuals properly authorised to do so.
We also take steps to make sure that the personal information that we collect, use and disclose is accurate, complete, up to date and relevant. We keep your personal information for only as long as it is required in order to provide you our services and to comply with our legal obligations. When it is no longer needed for these purposes, we take reasonable steps to destroy or permanently de-identify this personal information.
Why do we collect, use and disclose your personal information?
We collect your personal information to offer and manage the Care Programs. We also collect your personal information to help us improve our products and services and to provide you with information about other products and services offered by ICS, its partners and other ICS Related Companies. We may also be required by law to collect some personal information.
We may use your personal information for these purposes, including to:
- provide you with the Care Programs and other health-related services;
- manage our relationship with you and contact you for follow-up purposes;
- assess your suitability for, and contact you about, other products and services offered by, or through, ICS, our partners or other ICS Related Companies;
- undertake research, reporting and/or evaluation of our services;
- provide training and development for our staff (using de-identified information where possible);
- manage and resolve any legal, clinical or commercial complaints or issues;
- help us improve our services, products, and operational processes and systems (including, for example, by customer satisfaction surveys);
- (where you are an ICS Provider) enable and manage our relationship with you as an ICS Provider;
- perform other functions and activities relating to our business; and
- comply with our legal obligations.
In doing so, we may disclose your personal information to persons or organisations in Australia and overseas, including:
- health service providers;
- our agents, professional advisers and service providers, including technology providers;
- your authorised representatives;
- persons authorised by or responsible for you, including your carers, agents, government agencies, organisations and institutions;
- any organisation or agency to whom you have consented or requested for your information to be disclosed;
- organisations and agencies with which we collaborate to deliver our Care Programs to you;
- (where you are an ICS Provider) organisations and agencies which enable our relationship with you, such as registration and credentialing authorities, professional associations, and your financial institution; and
- other parties to whom we are authorised or required by law to disclose information.
We may also disclose your personal information to Funders to enable payment of our services and to ensure they have visibility of your participation in a Care Program. However, this information is limited to the fact of your enrolment in, or cessation of, one of the Care Programs. We will not disclose any health information about you to Funders except with your consent.
By using our products and services you consent to us sharing your personal (including health) information with other ICS Related Companies. This enables ICS Related Companies to share IT services and infrastructure, have an integrated view of our clients and provide you with a personalised service deal with complaints and facilitate effective reporting of operational matters.
How we communicate with you
The Care Programs may be delivered by face to face, telephonic or other methods.
To keep you informed quicker, where you provide us with an email address; we may send service-related communications to you by email. Service-related communications are updates or reminders on your participation in the Care Programs.
From time to time, we may also collect and use your personal information so that we and other ICS Related Companies can promote and offer our services to you and keep you informed of other programs which we believe may be of interest to you, including by direct mail, SMS and MMS messages, by phone and email.
You can choose how we communicate with you and manage your consents to receiving promotions and offers by contacting us on 1300 721 590
Do we disclose your personal information overseas?
We may need to disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business. Most of these overseas organisations are service-providers or related entities which provide support and assistance to us in delivering our Care Programs to you.
Where we do, we take reasonable steps to ensure that your information is given the same type of protection as it is afforded within Australia. This may be through satisfying ourselves that the overseas organisation has controls in place to comply with Australian privacy laws, ensuring that the overseas organisation is located in a country which we believe has a similar privacy regime to Australia or through contractually or otherwise mandating the adequate management of the information.
On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not take the above steps in relation to the management of your information.
Please see the Appendix at the end of this policy which outlines the main countries to which personal information may be disclosed.
You can access or correct your personal information. How do you contact us to do so?
We will generally provide you with access to your personal information if practicable (although an administration fee may be charged), and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision seek alternatives and take any further legally required steps.
If you would like to access or correct personal information we hold about you, please contact us on
1300 721 590.
Do you have any concerns over the way we have collected, used or disclosed your personal information?
If you have any concerns or queries about the manner in which your personal information has been handled, please contact the ICS Privacy Officer whose contact details are provided below.
If you wish to make a formal complaint, please provide your complaint in writing to the ICS Privacy Officer. We will consider your complaint promptly and contact you to seek to resolve the matter
Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within 5 business days. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.
If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
ICS Privacy Officer contact details:
Integrated Care Services Privacy Officer
GPO Box 9999 (in your Capital City)
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.
Appendix: Countries to which personal information may be disclosed
Listed below are the countries to which we may disclose personal information in the course of our functions and activities. This list does not include countries where you may have specifically instructed us to send your information or expressly consented to us sending your information.
Please see the Do we disclose your personal information overseas? section for information on the steps we take to ensure the adequate protection and appropriate management of this information.
- United States
This list is updated from time to time. You can contact us at any time to receive the latest version.