Introduction
Manage My Health™ Pty Ltd (ManageMyHealth) is committed to protecting your privacy through its secure information technology service and complies with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth). ManageMyHealth is also referred to as "we” and “us”.
ManageMyHealth is a personal health service that lets an authorised user (“you”) to review, gather, edit, store, and deal with health information online. With ManageMyHealth, you have the ability to access your own medical records once your medical practitioner makes these available through ManageMyHealth. You can also share your health information with family, friends, and health care professionals, and have access to online health information management tools.
You can choose to share specific information (or all information); with other people (such as friends and family) and with applications (such as applications that add data to your health records, provide information to your healthcare provider, or use some of your health records to provide information to you about managing your health).
ManageMyHealth also provides information on well being generally and incorporates contributions from third parties.
By using ManageMyHealth you agree to be bound by this Privacy Statement and the Terms of Use.
General Privacy Statement
Collection of Personal Information
The first time you sign in to ManageMyHealth™, ManageMyHealth™ asks you to create an account. To create an account, you must provide personal information such as name, date of birth, e-mail address & physical address.
We may request other optional information, but we clearly indicate that such information is optional. You can review and update your account information. You can modify, add, or delete any optional account information by signing into your ManageMyHealth™ account and editing your account profile.
An account allows you to manage one or more health records, such as the ones you create for yourself and your family members. You can choose what information to put in your records.
To access your medical records held by your participating Healthcare Provider an activation code must be obtained in person from the Healthcare Provider. One specific e-mail address must be provided along with a valid photo-id.
You can close your account at any time by signing into your ManageMyHealth™ account and editing your account profile. We wait 90 days before permanently deleting your account information and all records.
Purpose of Collection of Health Information
Information is collected and maintained for individuals for the purpose of improving or maintaining their health and well being. Use of the information for other purposes is not authorised. Express consent must be given by the individual if the information is used for any other purpose.
Aggregated information which has identifying information removed may be used to improve the quality of the services offered on ManageMyHealth™, for marketing of ManageMyHealth™ and for general analysis or population health statistics.
ManageMyHealth does not use your individual account and record information from ManageMyHealth™ for marketing without ManageMyHealth first asking for and receiving your opt-in consent.
Any information submitted to ManageMyHealth™ Community Forums or Blogs becomes public information and is not covered by this privacy statement. Accordingly you should be cautious as to what personal information you supply in these areas.
Source of Health Information
The source of the information will come directly or indirectly from you.
This includes the information you authorise to be supplied by your doctor or other health professional.
ManageMyHealth has no control over the content of the information which is provided to you by your Healthcare Provider or other authorised third parties.
Collection of Health Information from Individual
Information submitted to ManageMyHealth™ for collection must be specifically authorised by the individual.
Subsequent access to the information by third persons (such as health care professionals and family members) will only be accessible by those persons the individual specifically authorises to have such access.
Manner of Collection of Health Information
The collection of information will always be undertaken in a manner that is lawful and with the specific authorisation of the individual.
Information entered by an individual (or on behalf of an individual e.g. minor in their care) is entirely at their discretion.
If Information is provided on behalf of an individual, it is assumed the provider has the legal right to do so.
Storage and Security of Health Information
Storage of information is hosted in a secure environment by a commercially reputable hosting vendor using best practice security techniques.
The information is encrypted within the ManageMyHealth™ database.
Information delivered to ManageMyHealth™ from your Healthcare Provider is encrypted during transmission. Your information provided to you via a web browser is encrypted during transmission using the highest standard available today using VeriSign Digital Certificates. This provides at least 128-bit encryption or 256 bit encryption if you are using the latest version of the web browser.
ManageMyHealth™ is protected by a reputable network Firewall.
Daily Backups are performed to allow system restores to be performed in a disaster recovery situation.
Access to your account will be blocked following 5 failed attempts to logon. Your account is unblocked by using the forgotten password function on the website.
Information provided to you from your Healthcare Provider cannot be modified within the system.
ManageMyHealth follows strict internal procedures in collecting, storing and disclosing information about you.
ManageMyHealth has incorporated all reasonable measures to protect your information, however, we are reliant upon you to do the same with your computer using appropriate anti-spyware and virus protection software. You can also restrict access to your computer (for example, by using a strong password for your computer login and a network firewall).
ManageMyHealth cannot be held liable in any way for events beyond our control or in any way for accidental or unauthorised access of your information.
Accidental access could be obtained by leaving yourself logged on and leaving your computer unattended, ‘over-the-shoulder’ access or from unsecured printouts of your information.
Unauthorised access could involve someone who is known to you guessing your password or a stranger/hacker circumventing our security measures. Social engineering is the easiest way to achieve unauthorised access to your information. To prevent this never give your access details to anyone, this includes your password.
Access to Personal Health Information
We will act reasonably to ensure you will have access to your information at any time.
The exceptions to this include:
- You have been denied access to ManageMyHealth™;
- ManageMyHealth™ requires a planned outage;
- ManageMyHealth™ experiences an unplanned outage. Such events are considered beyond our control, but all reasonable efforts will be used to re-establish the service as soon as possible.
- We offer no guarantees that access to your information is available at all times.
Initially access to your information will be limited to you and the registering Healthcare Provider e.g. your doctor, including other clinicians within your Healthcare Provider Practice. This will be expanded in later versions to allow other healthcare professionals you authorise and an optional "trust list" functionality which will allow you to grant access to other individuals involved with your care, such as your family members.
Correction of Health Information
Information entered by you can be modified at any time.
If you do modify your information you must consider what impact that may have on a person authorised by you who may have previously read the information and potentially acted on it. If this impact is significant you should inform the individual of the change.
All other information about you provided by your authorised third parties cannot be modified by you or ManageMyHealth™. If you feel information requires correction you must contact the information source and request a correction. ManageMyHealth™ has no control of or responsibility for this process or the outcome.
Accuracy of Health Information to be Checked before Use
All reasonable steps are taken by ManageMyHealth™ to ensure the information submitted is accurately stored.
Human error (either by ManageMyHealth™ staff and agents, by you or any third-party submitting information) cannot be easily identified by ManageMyHealth™. Therefore, before using any information all users must take such steps as are reasonable in the circumstances to determine its accuracy.
Users must not act if the information appears incorrect.
If any user acts without taking reasonable steps to determine its accuracy that user is responsible for their actions and not necessarily the person who provided the information.
It is important you maintain the accuracy of your contact information so that you can be contacted at any time.
Sharing your personal health information
A feature of ManageMyHealth™ is the ability to share your health information with people and services that can help you manage your health or meet your health-related goals.
You can share information in a ManageMyHealth™ account with another person or business through ManageMyHealth™.
Retention of Health Information and destruction
ManageMyHealth will not delete your information unless you request your information to be deleted or your access is terminated.
When requested by you, we will take reasonable steps to destroy or de-identify the personal information held by us once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the Privacy Act 1988.
When such data is not required for any purpose, Manage My Health will take reasonable steps to permanently destroy the data in secure manner in due course and will not keep any copies.
If your account is blocked because you have abused your access privileges you will be offered the opportunity to obtain a copy of any legitimate health information you have entered. In these circumstances information provided by your Healthcare Provider will not be provided and must be obtained from your Healthcare Provider.
Limits on Use of Health Information
Access to your information by you and others is limited to the purpose of your healthcare or wellbeing. Use outside of this purpose is not permitted without authorisation.
Our terms and conditions authorise use of aggregated information which has identifying information removed. This aggregated information may be used to improve the quality of the services offered on ManageMyHealth™, for marketing of ManageMyHealth™ and for general ManageMyHealth™ usage analysis or population health statistics.
Health statistics will be gathered to allow planning of effective healthcare services within your region. This information is extremely valuable as it allows the limited healthcare services to be targeted to the needs of the population, which in turn potentially provides benefits to you and your family.
ManageMyHealth does not use your individual account and record information from ManageMyHealth™ for marketing without ManageMyHealth first asking for and receiving your opt-in consent.
Limits on Disclosure of Health Information
Initially access to your information will be limited to you and your registering doctor, including other doctors within your doctor’s practice. This will be expanded in later versions to other health professionals you authorise and an optional "trust list" functionality which will allow you to grant access to other individuals involved with your care.
ManageMyHealth may occasionally hire other companies to provide services on our behalf, such as web site hosting; packaging, mailing; answering customer questions about products and services; and sending information about our products, special offers, and other new services. If we provide personal information to such companies, we only provide the personal information they need to deliver ManageMyHealth™. They are required to maintain the confidentiality of the information and are prohibited from using that information for any other purpose.
ManageMyHealth may disclose personal information if required to do so by law or in good faith believe that such action is necessary to: comply with the law, comply with legal proceedings served on ManageMyHealth™; protect and defend the rights or property of ManageMyHealth and our family of web sites; or, act in urgent circumstances to protect the personal safety of users of ManageMyHealth products or members of the public.
We will not otherwise disclose such of your information that allows you to be identified to anyone without your consent.
Unique Identifiers
The primary unique identifier used within ManageMyHealth™ is an email address of your choice, which you have authorised us to use to communicate with you. No other unique identifier is linked to you by ManageMyHealth™.
While an email address is globally unique, we cannot guarantee that it will always be assigned to the same person. If an email address is no longer used by an individual it is then typically ‘made available’ to anyone else who wants to use it, much the same as a phone number.
How we may use your personal information
Manage My Health Pty Limited collects and uses your information to operate and improve and deliver ManageMyHealth™ or carry out the transactions you have requested. These uses may include providing you with more effective customer service; making ManageMyHealth™ or its services easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services and technologies; and displaying content and advertising that are customised to your interests and preferences.
Manage My Health Pty Limited may occasionally hire other companies to provide services on our behalf, such as web site hosting; packaging, mailing; answering customer questions about products and services; and sending information about our products, special offers, and other new services. If we provide personal information to such companies, we only provide the personal information they need to deliver ManageMyHealth™ product and services. They are required to maintain the confidentiality of the information and are prohibited from using that information for any other purpose.
Manage My Health Pty Limited may disclose personal information if required to do so by law or in good faith believe that such action is necessary to: comply with the law, comply with legal proceedings served on ManageMyHealth™; protect and defend the rights or property of ManageMyHealth and our family of web sites; or, act in urgent circumstances to protect the personal safety of users of ManageMyHealth products or members of the public.
Data Breaches
In the event that Manage My Health has reasonable grounds to believe that:
- there has been an unauthorised access to, unauthorised disclosure of, or loss of, personal information held by us; and
- the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates, then
We will notify you and the Commissioner pursuant to the Privacy Act 1988 and take the necessary steps to contain and minimise the harm, assessing risk to the affected individuals as a result of the data breach and take pro-active steps to prevent such breaches in future by improving the process and/or the IT systems.
How we use de-identified aggregate data, information and statistics
ManageMyHealth may use de-identified aggregated data (de-identified data refers to data from which all personally identifiable information has been removed) and de-identified usage data from your use of ManageMyHealth™ features and services for the purpose of improving the quality of ManageMyHealth™, marketing the usefulness of ManageMyHealth™, to report on usage statistics and usage analysis of various features for the purpose of improving the quality of ManageMyHealth™ or for the purpose of research and analysis of ManageMyHealth features and services. This data will never identify an individual account. ManageMyHealth will never use your individual identifiable data without first asking for and receiving your opt-in consent.
We are aware that over time you may change your email account hence you are allocated a unique system identifier which is inaccessible except by the system.
Record access and controls
When you create a record, you become the person responsible for that record. You decide what level and degree of access to grant other users of your ManageMyHealth™ records. You can view and update records you are responsible for and can examine the history of access to those records.
Sharing records with applications through ManageMyHealth™
We may provide you with information about applications that connect with ManageMyHealth™. You can view the applications and should examine their privacy statements and terms of use prior to using them or allowing them access to any of your health information. In order to access ManageMyHealth™, the application provider must commit to protecting the privacy of your health data.
No application has access to your information through ManageMyHealth™ unless and until you opt in through ManageMyHealth™ to grant it access. You control what health information you allow an application to access and the length of time they can access the information.
E-mail controls
To keep you informed of the latest improvements, ManageMyHealth™ will send you a newsletter. By creating an account, you have given us your implied consent to send you such newsletters. If you do not want to receive the newsletter, you can unsubscribe at any time.
Use of cookies
We only use temporary cookies on ManageMyHealth™ which are deleted upon you signing out. The cookies contain no personal information.
Changes to this privacy statement
We may occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the top of the privacy statement. We encourage you to review this privacy statement periodically to stay informed about how we are helping to protect the personal information we collect. Your continued use of ManageMyHealth™ constitutes your agreement to this privacy statement and any updates.
Enforcement of this Privacy Statement
ManageMyHealth will comply with Privacy Act 1988, including other applicable data protection legislation when dealing with personal information. If you would like any further information or have any queries, problems or complaints relating to our Privacy Policy or our information handling practices in general, please contact us at:
Privacy Officer
ManageMyHealth™
Manage My Health Pty Limited
Level 2, 99 Coventry Street,
Southbank
Victoria 3006
or
Email: hq@mmhglobal.com