home

Printable Privacy Statement

Medical Objects Privacy Statement

Medical Objects recognizes the concerns of community on privacy of individual’s personal information and is committed to complying with the National Privacy Principles as set out in the Privacy Act 1988 (Cth) and the Privacy Amendment (Private Sector) Act 2000. This document addresses each of the principles stated in the act.

1. Collection

The information collected includes the following:-

Health Care Provider Information includes Practice Name, Address, Contact Person Name and Practice Doctors Details.
Patient Health Records Comprises of two groups of data

Patient health documentation
Patient identification data that may include: Names, date of birth, sex, primary language, addresses, phone numbers, email addresses, nationality, race and religion

Health Care Provider Information is collected from the Service Request form sent to us by fax or any other means. This information is collected for the purpose of providing a functional provider lookup directory accessible to all users of Medical Objects system.

Patient Health Records is derived from the electronic messages sent to Medical-Objects servers including referrals to Consultant Physicians or Specialists, Requests and Confirmations of Requests for Pathology Services to Approved Pathology Practitioners and Requests for Diagnostic Imaging Services. By sending digitally signed messages to Medical Objects servers, users are implicitly giving their consent for Medical Objects to store patient records for the purpose of message delivery to the designated receiving health care provider(s). Individual health care provider should ensure that prior consent is obtained from their patient before transferring their patient health information to another health care provider.

2. Use and Disclosure

Health Care Provider information is only used for the primary purpose of providing provider lookup directory within Medical Objects system. Users must be registered, or have a valid certificate issued by Health e-Signature Authority (Hesa) in order to use this service.

The Patient Health Records are derived from electronic messages received from users and stored on Medical Objects Servers. The records are re-assembled into the original messages for delivery to the designated recipient(s) upon request.

3. Data Quality

Medical Objects relies on the users to ensure the information sent to it is complete, accurate and up-to-date. Medical Objects application system uses digital signature mechanism to verify integrity of the information sent across the network.

Only users with proper authorization are able to update information stored on the servers through Medical Objects application client programs.

Medical Objects relies on users to ensure completeness, accuracy and currency of the information stored on the Medical Objects servers.

4. Data Security

Data security is one of the utmost important aspects of Medical Objects system. Medical Objects takes every step possible to ensure confidentiality, integrity and availability of the system and information. The following security safeguards are implemented to meet these security goals.

All messages transmitted across the network are encrypted and signed using digital signature before transmitted across the network to protect confidentiality and integrity of the message. Messages received from health care providers are also signed using digital signature generated by the original sender using PKI key. This will prevent any future repudiation on the sending of the respective messages.
Information stored on the servers is only accessible by users with proper authorization. This authorization is normally determined through the verification of digital signature attached to a request message.
Medical Objects application client programs make provision for user to keep a repository of all their messages on their computer. The user is encouraged to do this to prevent loss of data.
Firewall is used to block unauthorized access to the network.
Only specific ports are opened for users accessing the servers.
The system has redundancy built in to maintain high availability.

It is the responsibility of the individual user to safeguards information downloaded on their computer that is not under Medical Objects administration.

5. Openness

Upon request, Medical Objects will make known to the user the types of personal information it holds, the purpose for which it is held and how Medical Objects collects, holds, uses and discloses that information.

6. Access and Correction

Users may request access to their personal information, subject to the exceptions prescribed by the National Privacy Principles, to correct any inaccuracies or out-of-date information.

7. Identifiers

Medical Objects will not use any type of the identifiers issued by the Commonwealth agencies to identify the record of personal information.

8. Anonymity

Where practicable, Medical Objects will maintain the anonymity of an individual in a database of personal information unless the identity of the individual is necessary to perform lawful activity.

9. Transborder Data Flows

Medical Objects will not transfer personal information relating to an individual outside Australia unless you have consented to such a transfer or Medical Objects has satisfied itself that the recipient of the personal information will uphold principals for the handling of personal information which are similar to the National Privacy Principles.

10. Change in Business Circumstances or Closure of a health service

Medical Objects will disclose the information it holds to another organisation in the event of change in business circumstances only if there is sufficient assurance that the information is going to be used for the same purpose stated in this privacy statement document.

The information in storage will otherwise be destroyed if the business ceases to exist. This is possible since Medical Objects made provision for users to back up all the messages received in their own computer.

Medical Objects Privacy Policy