Privacy Policy

Introduction

This policy details the standards, rights, and obligations for how we handle and maintain your personal information that Veterans’ MATES collects or guards in accordance with the provisions of the Privacy Act 1988 and the Australian Privacy Principles (APPs). This includes how personal information is collected, stored, used, disclosed, quality assured and secured. This policy is aligned with the overarching Veterans’ MATES Program Management Plan and security framework, the University of South Australia (UniSA) Privacy Policy and the Australian Government Department of Veterans’ Affairs (DVA) Privacy Policy.

Personal information

In this policy, personal information is defined consistent with the definition in the Privacy Act of 1988 as “information or an opinion about an identified individual, or an individual who is reasonably identifiable:

1. whether the information or opinion is true or not; and
2. whether the information or opinion is recorded in a material form or not.”

In other words, it is information or opinion that identifies or could reasonably identify an individual. It includes:

• Records that contain your name, address or other details about you;
• Health information, including use of health services and past medical conditions.

Collecting personal information

Veterans’ MATES holds personal information related to health care claims that are collected by DVA for the purposes of providing Veterans’ MATES. Handling of personal material is guided by the Veterans’ MATES Security Framework and Standard Operating Procedures. The Security Framework has been developed specifically for the Veterans' MATES program, is approved by DVA, and consistent with all security standards for the storage and handling of government information and the Privacy Principles.

Additional personal Information will not be collected by Veterans’ MATES unless approved by DVA for the purposes of implementing Veterans’ MATES. If collection of personal information is approved by DVA, it will only be collected where the individual’s consent has been obtained. When we collect additional personal information, we will notify you using a privacy collection notice, in the form of a “Consent Form”, “Privacy Collection Notice” or “Privacy Policy”, in accordance with this personal information management plan. The notice will include why we are collecting the information (the purpose), whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information. The notice may also include reference to related policies regarding handling of personal information.

All information related to your health and your relationship with the Department of Veterans’ Affairs is considered sensitive. Sensitive material will be handled within the Quality Use of Medicines and Pharmacy Research Centre, University of South Australia, under a set of Standard Operating Procedures (SOPs) developed specifically for the Veterans' MATES program and in line with DVA requirements and guidelines.

Types of information we hold

Data collected by DVA that we hold include:

• Name, address and contact details
• Information about health service claims made on your behalf including claims for medicines dispensed, claims for visits to the doctor, claims for pathology tests, claims for diagnostic procedures, claims for hospitalisations, and claims for visits to allied health practitioners, such as the physiotherapist, occupational therapist, psychologist or dentist.

Data collected by Veterans’ MATES that we hold includes:

• Responses to the survey forms that you complete which have been provided as part of the Veterans’ MATES program. These surveys include bar code identification but no other personal identifying data;
• Your subscription to Veterans’ MATES materials by e-mail or short messaging service (SMS);
• Inquiries and general correspondence from members of the public to us; and
• Requests for information.

Information collected during Veterans’ MATES website access

Veterans’ MATES does track access of the Veterans’ MATES website. Types of information we record includes the user’s server address, the user’s top level domain name (e.g. .com, .gov, .au, etc.), the date and time of the visit to the site, the pages accessed and documents downloaded. This information is used only for statistical analysis and systems administration purposes. No attempt is made to identify users or their browsing activities and no personal information is recorded from those activities. The Veterans’ MATES website uses Google Analytics, which is a web analytics service provided by Google Inc. Google Analytics uses ‘cookies’ to help analyse how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers either in Australia or overseas. By using the Veterans’ MATES website, you consent to Google processing data about you in the manner and for the purposes set out above.

Use and disclosure of personal information

All information collected and held by the Veterans’ MATES program is used exclusively to perform the functions and activities required to implement Veterans’ MATES.Veterans’ MATES discloses personal information to achieve the primary aim of the program, which is to improve health care and outcomes of veterans. We may provide information about your health claims history to your general practitioner. We may provide information about your health claims history to you to assist you in deciding whether to make follow-up appointments with health professionals. Personal information is not provided to any other government agencies, private sector organisations, or anyone else without the approval of DVA.

Data storage

Veterans’ MATES stores all personal information securely and restricts access to the information to the people who require access to perform their duties. Data are stored on a central, dedicated server in a secure setting as required in the Attorney General's Protective Security Policy Framework. In addition, the information is physically located within a protected environment, which is secured by alarms and swipe card access.

Data security

Access to the server holding personal information is restricted to defined personnel and computer terminals. Access logs identify users to the environment and all computers. Multiple firewalls restrict outside, unauthorised access to the IT network. Computers from which the data can be accessed have security measures in place so that personal information cannot be transferred without approval from DVA. All computers accessing data have no email or internet access, no CD drives and USB ports are disabled. All people associated with the program have specialised security training and are bound by confidentiality agreements. Staff work to a set of Standard Operating Procedures (SOPs) developed specifically for the Veterans' MATES program and in line with DVA requirements and guidelines. The site has personnel with dedicated responsibility for security management. Security audits are undertaken every three months to ensure compliance with the security framework.

Data breach response plan

We take seriously and deal promptly with any unauthorised access to, disclosure of, or loss of personal information (data breach).  Examples of data breaches include unauthorized access to your documents or hacks to a database containing personal information.

If a data breach occurs, such as if personal information that we hold is subject to unauthorised access, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner’s Data breach preparation and response: A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth). We will aim to provide timely advice to you and limit any negative consequences.

Our notification to you will be sent as soon as practicable and will contain:

• a description of the data breach
• the kinds of information concerned
• recommendations about the steps you should take in response to the data breach.

Complaints

If you believe that the Veterans’ MATES program has breached the Privacy Act, the Code or otherwise mishandled your personal information, you can contact us using the contact details set out below.

Each complaint will be dealt with on a case-by-case basis.All complaints will be investigated by us in consultation with DVA and you will be advised of the outcome.

All privacy complaints are taken seriously. You should not be victimised or suffer negative treatment if you make a complaint.

If you believe that we have breached the APPs or mishandled your personal information, you should take the following steps:

1. Contact us: in the first instance, any privacy concern or complaint should be reported directly to Veterans’ MATES or to DVA.This can be done using the contact details set out at the end of this document.
2. Submit your concern or complaint in writing: in order to be able to fully investigate your complaint, we would prefer that you make your complaint in writing using the contact details set out at the end of this document.The complaint should include information about the claimed privacy breach and your contact details.Please note that if you do not provide sufficient information or if you submit an anonymous complaint, we may not be able to fully investigate and respond to your complaint.

We will acknowledge your concern or complaint upon receipt within a reasonable time frame.This may involve email or telephone correspondence with you.We will also provide you with updates as to our investigation into your privacy complaint, if you provide your contact details.We will try to respond to your privacy concern or complaint as soon as practicable.

We will use the information from your complaint to investigate and seek to resolve the issues you have raised.This may include speaking to relevant areas of DVA and considering their processes as well as speaking to third parties where relevant.

Accessing and correcting your personal information

You are able to access your personal information collected by Veterans’ MATES. You have a right under the privacy act to request corrections to any personal information we hold about you. We can be reached at:

Access to and requests for personal information collected by DVA but held by Veterans’ MATES should be directed to DVA. Information on accessing DVA data can be found in the DVA privacy policy. DVA can be reached at:

POST

EMAIL

PHONE