Privacy policy
This Policy sets out the types of personal information collected, used and disclosed by Cura Day Hospitals Group Pty Ltd (ACN 125245409) (Cura) and all its subsidiaries.
Cura takes your privacy seriously and is committed to open and transparent management of personal information. In dealing with personal information, Cura complies with the Privacy Act 1988 (Cth) and relevant State and Territory privacy legislation.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
Sensitive information means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin;
(ii) political opinions;
(iii) membership of a political association;
(iv) religious beliefs or affiliations;
(v) philosophical beliefs;
(vi) membership of a professional or trade association;
(vii) membership of a trade union;
(viii) sexual orientation or practices;
(ix) criminal record;
that is also personal information;
(b) health information about an individual;
(c) genetic information about an individual that is not otherwise health information;
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification;
(e) biometric templates.
The types of personal information that Cura collects from you will depend on your relationship with us.
(a) Patients of Cura facilities: In order to provide healthcare services to our patients we collect the following information about our patients:
(i) contact details for patients and identified emergency contacts, including address, postcode, telephone and fax numbers, email addresses;
(ii) demographic information about patients, including age, date of birth, and gender, origin of birth and Aboriginal and Torres Strait Islander status;
(iii) health information about patients, including medical history, medications, diagnostic imaging and reports, pathology results, diagnoses (including mental health or disability), prosthesis details, observations, reported symptoms and may include clinical photographs;
(iv) billing information for patients, including health insurance membership numbers, Medicare and DVA numbers.
We also use this information for the management of the healthcare service, including:
(v) billing/debt-recovery, service-monitoring, funding, complaint-handling, incident reporting, developing and planning services, evaluation, quality assurance or audit activities, and accreditation activities;
(vi) asking you to complete a patient survey or questionnaire for the purposes of service improvement;
(vii) education and training of our staff, where de-identified information is not sufficient for this purpose;
(viii) disclosure to a medical expert for medico-legal opinion, an insurer, an employed practitioner’s medical defence organisation, or lawyer, for the purpose of addressing liability/indemnity matters, for example following an adverse incident, or for anticipated or existing legal proceedings.
From time to time Cura is involved in research. If we invite you to participate in research we will provide you with specific information about what that would involve, including the types of personal information that would be collected as part of the research.
(b) Private healthcare providers providing services at Cura facilities: In order to manage the provision of services by private providers of healthcare services at our facilities, we collect the following information about private healthcare providers:
(i) contact details of private healthcare providers including address, postcode, telephone and fax numbers, email addresses;
(ii) information about the services provided by the healthcare provider at Cura facilities including procedure types and outcomes;
(iii) provider numbers of healthcare providers.
(c) Prospective employees: In order to assess applications for employment at Cura facilities we collect the following information about prospective employees:
(i) contact details of prospective employees including address, postcode, telephone and fax numbers, email addresses;
(ii) demographic information about prospective employees, including age, date of birth, and gender;
(iii) qualifications and experience of prospective employees;
(iv) information contained in references obtained from third parties.
(d) Suppliers: If you are one of our suppliers or provide services to Cura, we may collect information about you that we consider is necessary to manage the service arrangement, such as the nature of the products and services that you provide, quotes that you provide and your direct credit details.
(e) Other collections: Cura may also collect personal information from you if you complete a survey, questionnaire or when you communicate with Cura by email, telephone, in writing or in person. Cura will use the information you provide to deal with your enquiry or request.
We only collect personal information that is reasonably necessary for our functions and activities or otherwise in compliance with the requirements of APP3 and 4.
We will usually collect sensitive information with your consent (or consent from someone acting on your behalf if you are unable to give consent).
In some circumstances we may collect sensitive information without your consent. We will comply with the requirements of APP3 in doing so. Some of the circumstances in which we may collect sensitive information without your consent include where:
(a) collection is required or authorised by or under an Australian law or court/tribunal order;
(b) we reasonably believe the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety, and it is unreasonable or impracticable to obtain your consent.
(c) collection is necessary to provide a health service to you, and either:
(i) the collection is required or authorised by or under an Australian law; or
(ii) the collection occurs in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality that bind Cura.
(d) collection is necessary for research relevant to public health or public safety, the compilation or analysis of statistics relevant to public health or safety, or the management, funding or monitoring of a health service, and
(i) the particular purpose cannot be served by collecting de-identified information;
(ii) it is impracticable to obtain your consent;
(iii) the collection is either:
(A) required by or under Australian law;
(B) in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind Cura;
(C) in accordance with guidelines approved by the Information Commissioner under section 95A of the Privacy Act 1988 (Cth).
Where Cura collects personal information from will depend on the circumstances of the collection.
(a) Directly from you: Cura tries to collect personal information that is about you directly from you. We will collect personal information from you:
(i) when you are able to provide us with information about yourself and your medical condition;
(ii) if you complete a survey, questionnaire or you communicate with Cura by email, telephone, in writing or in person;
(iii) if you are providing services to Cura or patients at a Cura facility; or
(iv) if you apply for employment at Cura.
(b) From other people: Where it is unreasonable or impracticable to collect information directly from you, Cura may obtain personal information about you from a third party. For example, Cura may collect personal information from about you from:
(i) a pathology provider or imaging provider who has performed a service on request from your healthcare provider to provide healthcare services to you;
(ii) your General Practitioner or another healthcare provider who has information about your condition to assist us in providing healthcare services to you;
(iii) a member of your family, a friend or your carer to assist us in providing healthcare services to you;
(iv) your health insurer, Medicare or DVA to assist us in processing billing for healthcare services provided to you;
(v) a reference identified on your application for employment at Cura.
(c) Publicly available sources: Cura may collect information about you from the public domain, for example professional registration boards if you are a healthcare provider providing services at a Cura facility.
(d) From the Cura website: When you visit a Cura website, our web server may download a cookie to your computer. A cookie is a small piece of information sent by our server to your browser. Cookies do not contain personal information about you but can identify a user’s browser. Cura uses cookies to capture information about a user’s browser. If you do not wish to receive cookies, you may set your browser to refuse them.
If you are a patient, it is not practical for you to remain anonymous because we need to keep a record of the treatment we provide to you. We may be able to accommodate you using a pseudonym, however: you should be aware that failure to provide your real identity may:
(a) adversely impact the quality of care Cura can provide to you, and in some cases, could be dangerous to your health. For example:
(i) we will be unable to link other health information we hold about you, limiting our ability to provide coordinated care;
(ii) if you choose not to tell us medical information that is relevant to your care we will not provide care based on all of the relevant information.
(b) mean that you are unable to claim Medicare, DVA or health insurance refunds for your treatment. You should contact these entities to discuss the availability of refunds.
If you wish to use a pseudonym that is linked confidentially to your real identity, please let us know and we will discuss with you the arrangements that can be made for your admission to our facilities.
If you are a healthcare provider providing healthcare services at a Cura facility, it is not possible for you to remain anonymous or use a pseudonym. Cura is required to ensure that you are properly qualified to provide services and so is required to know your identity.
Cura holds personal information on databases, electronic and hard copy files.
Cura does not use personal information for direct marketing.
We disclose personal information in accordance with the requirements in APP6.
This means that we will usually disclose information for the particular purpose for which it was collected. For our patients, this will include disclosures that are necessary to provide healthcare to our patients. For example:
(a) disclosure of your health information to your private healthcare provider who you have engaged to provide health services at a Cura facility;
(b) disclosure of your personal information to staff involved in the provision of your care at a Cura facility (including healthcare providers, nurses, physiotherapists, occupational therapists) or administrative staff (involved in bookings, billing and reception duties), including staff who are not our employees;
(c) disclosure of your personal information to Medicare, DVA or your private health insurer for the purpose of billing.
In some cases we will disclose information for a different purpose to that for which it was collected. We may do this when:
(d) you consent to the disclosure (or someone acting on your behalf consents if you are unable to give consent); For example, we may seek your consent to disclose your health information to:
(e) disclosure is for the facilitation of health services provided to you (ie a purpose directly related to the primary purpose of collection). For example:
(i) we may disclose personal information to pharmacy providers, pathology providers and imaging providers for the purposes of those third parties providing health services and conducting tests as ordered by your healthcare providers;
(ii) we may disclose personal information in a discharge summary to your General Practitioner to facilitate continuing health care after your discharge from a Cura facility;
(iii) where you have a medical device implanted at one of our facilities, we may disclose information about you to Medicare or another entity involved in the tracking of implanted medical devices to facilitate any recalls on medical devices.
(f) disclosure is for the management of the health service (ie a purpose directly related to the primary purpose of collection). For example:
(i) billing/debt-recovery, service-monitoring, funding, complaint-handling, incident reporting, developing and planning services, evaluation, quality assurance or audit activities, and accreditation activities;
(ii) education and training of our staff (who may not be our employees), where de-identified information is not sufficient for this purpose;
(iii) disclosure to a medical expert for medico-legal opinion, an insurer, an employed practitioner’s medical defence organisation, or lawyer, for the purpose of addressing liability/indemnity matters, for example following an adverse incident, or for anticipated or existing legal proceedings;
(iv) disclosure to our contractors who provide services to Cura, for example IT service providers;
(g) the disclosure is required or authorised or authorised by or under an Australian law or a court/tribunal order. For example, where relevant, we are required by law to disclose your health information to the Cancer Register (as relevant in each Australian jurisdiction);
(h) we reasonably believe that the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety or any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent;
(i) the disclosure is necessary for research, or the compilation or analysis of statistics, relevant to the public health or public safety, and:
(i) it is impracticable to obtain your consent; and
(ii) the disclosure is conducted in accordance with guidelines approved under section 95A of the Privacy Act 1988 (Cth);
(iii) we reasonably believe that the recipient of the information will not disclose the information, or personal information derived from the information.
(j) we are providing a health service to you, we may disclose to a ‘person responsible’ for you if:
(i) you are physically or legally incapable of giving consent to the disclosure, or physically cannot communicate consent to the disclosure;
(ii) we are satisfied that either the disclosure is necessary to provide appropriate care or treatment to you, or the disclosure is made for compassionate reasons;
(iii) the disclosure is not contrary to any wish you expressed before you became unable to give or communicate consent, and of which we are aware or could be reasonably expected to be aware; and
(iv) disclosure is limited to the extent reasonable and necessary for providing appropriate care or fulfilling the compassionate reasons.
(k) we are otherwise permitted to make the disclosure in accordance with APP6 and the Privacy Act 1988 (Cth).
You have the right to access the personal information that Cura holds about you. There are some limited exceptions to this set out in APP12.
If you request to access your personal information, we will ask you to verify your identity and specify what information you wish to access. This will help us to identify the relevant information. To make a request to access your personal information please contact us at Privacy@curagroup.com.au;au or Cura Day Hospitals Group, Ground Floor, Boundary Court, 55 Little Edward Street, Spring Hill Qld 4004 or 07 3218 3700 and ask that your request be directed to the Privacy Officer.
It is unlikely that Cura will disclose personal information to entities outside of Australia. However any request received or made to disclose personal information to entities outside of Australia will require the approval of the Cura Privacy Officer prior to release of information.