1 Purpose

Reset Healthcares Pty Ltd (ACN 684 120 947) (Reset Healthcares) is committed to complying with its privacy obligations under relevant laws.

2 Applicability/ Scope

Employees and associated providers/subcontractors of Reset Healthcares are required to comply with this policy.

3 Policy Statement

Reset Healthcares has corporate governance arrangements in place to align with provider responsibilities for how it collects, uses and discloses personal and/or health and sensitive information necessary for the provision of its telehealth services and Reset Healthcares’ business operations in accordance with this policy and the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act), the Health Records and Information Privacy Act 2002 (NSW) and other applicable laws.

3.1 Patient Outcome Statement

Reset Healthcares places patients at the centre of the planning, monitoring, and improving for its delivery of high-quality care. This includes the right to have all personal and/or health or sensitive information that is obtained and recorded by Reset Healthcares respected with privacy for the provision of services.

We will take all reasonable and proportionate steps to act in accordance with the following rights balancing our obligations under other laws:

1. an individual has a right to have the individual’s:
   1. personal privacy respected; and
   2. personal information protected; and
2. an individual has a right to access their personal information, including health information, subject to permitted exceptions.

3.2 Organisation Outcome Statement

Reset Healthcares is committed to clearly communicate the personal information handling practices to give individuals a better and more complete understanding of the type of personal information Reset Healthcares collects and the way this is handled.

4 Definitions

In this policy:

• Data means Information contained in a record including but not limited to personal, health and sensitive information.
• Health information means:
  1. information or an opinion about:
     1. the health, including an illness, disability or injury, (at any time) of an individual; or
     2. an individual’s expressed wishes about the future provision of health services to the individual; or
     3. a health service provided, or to be provided, to an individual;
     that is also personal information;
  2. other personal information collected to provide, or in providing, a health service to an individual;
  3. other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances;
  4. genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
• Personal Information is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
  1. whether the information or opinion is true or not; and
  2. whether the information or opinion is recorded in a material form or not.
• Record means any material that contains information including but not limited to paper documents and electronic files of all types.
• Sensitive information means:
  1. information or an opinion about an individual’s:
     1. racial or ethnic origin; or
     2. political opinions; or
     3. membership of a political association; or
     4. religious beliefs or affiliations; or
     5. philosophical beliefs; or
     6. membership of a professional or trade association; or
     7. membership of a trade union; or
     8. sexual orientation or practices; or
     9. criminal record;
     that is also Personal Information; or
  2. health information about an individual; or
  3. genetic information about an individual that is not otherwise health information; or
  4. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
  5. biometric templates.

4.2 Collection of Personal Information

We collect Personal Information directly from you unless it is not practicable or reasonable to do so or you have granted us permission to obtain the information from someone else or we are otherwise authorised or required to do so. For example, we may need to collect information from your guardian or responsible person, prior service providers, health professionals and government agencies in order to provide services to you. Every effort will be made to collect the Personal Information in an environment that protects the Personal Information and maintains confidentiality.

Collection of Personal Information directly from you can include, but is not limited to, interacting with us over the phone, online, via surveys and questionnaires, electronic data collection devices, subscribing to a mailing list, applying for a position as an employee, contractor, or in another capacity, applying for a Reset Healthcares program.

Personal Information collected may be held in paper format stored in an authorised access only location, and/or electronic databases which are password protected and/or on the cloud computing networks. In some circumstances, this information may be stored outside Australia. When this occurs, we will take reasonable steps to ensure that data security and appropriate privacy practices are maintained.

Reset Healthcares may collect Personal Information from individuals who visit its website, make enquiries, subscribe to communications, or otherwise interact with Reset Healthcares online or offline, even if they do not become patients.

This information may include names, contact details, enquiry content, technical data (such as IP address and browser information), and other information voluntarily provided. This Privacy Policy applies to the handling of such information.

Reset Healthcares will endeavour to work with individuals who wish to provide Personal Information anonymously or in a deidentified format. Given the nature of our services and the need to identify persons so as to provide appropriate care, in many cases this is not practicable e.g. where lack of Personal Information could impact the delivery of care and/or services to you, impact our ability to fulfill our regulatory obligations or otherwise unreasonably impact our business processes.

4.3 How do we collect, hold, use or disclose Personal Information?

We collect and hold Personal Information in order to provide telehealth services and to run our business. Our primary use of personal information is in the provision of our telehealth services and care.

We may disclose your Personal Information to our associated medical practitioners, pharmacists and/or service and product delivery providers.

We may also use your Personal Information for secondary purposes which are related to the primary use including activities related to your care or our business including billing, rostering, recruitment and management of staff, budgeting and administration activities and activities necessary to fulfill our obligations and conduct our business in an efficient and prudent manner. In addition to this, we may also use personal information for training, research, quality and safety activities.

We may also use Personal Information for direct marketing purposes such as communicating with you about our services.

Your information may need to be disclosed to government bodies, a court, tribunal or official organisations as required, to our advisors and marketing providers from time to time, to health care or service providers who may be involved in your care or service delivery and as required at law.

Without the ability to collect, hold and use your Personal Information to provide services and run our business, we would be unable to provide you with quality care and services that is tailored to you.

We use Halaxy Pty Ltd’s practice management software platform (Halaxy) to collect, store and manage patient and practitioner information, including personal and health information, for the purpose of delivering telehealth services and managing clinical and administrative functions.

Information entered into Halaxy is stored and managed in accordance with Halaxy’s privacy policy and security standards, a copy of which is available on Halaxy’s website at: https://www.halaxy.com/privacy/au

Reset Healthcares takes reasonable steps to contractually require where possible that third-party service providers such as Halaxy maintain appropriate privacy, confidentiality and data security protections consistent with Australian privacy laws.

4.4 How we use automated decision making

We may share your Personal Information with artificial intelligence (Al) applications for service improvement and, in some cases, to assist with your services and care. If we do so, we will advise you and obtain your consent through our agreements with you such as the patient or contractor agreement.

We use technology tools to innovate our service offering including the use of software programs on our website and the collection of data to improve our services.

We currently do not use automated decision making but this may change in the future with technological advancements.

In any event, we comply with our privacy obligations in relation to the use of technology.

4.5 How do you access and seek correction of your Personal Information?

You are entitled to access your Personal Information held by us. We encourage you to inform us of any changes to your Personal Information as soon as possible. You may ask us to correct any error or omission in your Personal Information.

If you wish to view your personal record, you can ask your practitioner for access or make a formal request in writing.

To ensure privacy of your information, appropriate identification requirements will need to be met. A reasonable fee may be charged if the Personal Information is to be provided such as photocopying costs.

In certain circumstances, an appointment may be desirable which should be made in advance. We may decline to provide access in special circumstances, for example, if a health professional advises us that they consider the access would be harmful to you or another person.

Patients, and their authorised representatives who wish to access or correct Personal Information should address their request in writing to info@resethealthcares.com.au

4.6 How do we protect your Personal Information

Reset Healthcares takes reasonable steps to ensure that the Personal Information we hold is kept confidential and secure including by having robust physical security of our premises, databases and records; taking measures to restrict access to only personnel who need that Personal Information for service delivery or to run our business; providing employees with education about privacy and cyber security; and by having technological measures in place such as anti-virus software, firewalls, password protected access to systems.

It should be noted that scammers, hackers and those motivated by unlawful purposes can be extremely sophisticated, patient, and well-funded, in their attempts to access Personal Information. For this reason, it is not possible to guarantee that security protocols can never be breached.

4.7 Online activity

Reset Healthcares’ uses cookies. These cookies recognise when your device has visited our website so we can distinguish you from other website users. This improves your experience and Reset Healthcares’ website. If you do not wish to use the cookies, you can amend the settings on your internet browser so it will not automatically download cookies, but this may impact your browsing experience and our website's functionality for you.

Our website uses data analytics to help us better understand who visits our website so we can improve our services. Although this data is mostly anonymous, it is possible under certain conditions that we can connect it to you.

4.8 Direct marketing

We may send you direct marketing communications and information about our services or opportunities that we consider may be of interest to you if you consented or request to receive such communications. These communications may be sent in various forms including but not limited to mail, SMS and email in accordance with applicable marketing laws. You consent to us sending you these direct marketing communications by any of those methods.

You may opt out of receiving marketing communications from us at any time by unsubscribing to the relevant communication as advised on that communication or otherwise advising us that you do not wish to receive a particular or any marketing materials.

4.9 Retention of Personal Information

We will not keep your Personal Information for longer than we need to. However, in some cases we are required to retain records for periods of time as prescribed under applicable laws. This may mean that we will need to retain your Personal Information for longer than the duration of your relationship with us.

4.10 Overseas

We are unlikely to disclose Personal Information to overseas recipients except when a patient has a family member who is overseas and the patient has requested disclosure to that person overseas.

4.11 My Health Record

Reset Healthcares or its employees' may have access to the My Health Record system, Reset Healthcares will comply with all relevant legislation associated with the My Health Record system.

5 Receive this policy in an alternative format

This Privacy Policy can be accessed via the intranet or by hard copy. Should you require a copy of this policy in an alternative form, please send your request via our general enquiries below.

6 Enquiries and complaints