ManageMyHealth™

Privacy Statement

Last Updated on Friday, July 15, 2016

Introduction

Medtech is committed to protecting your privacy through its secure information technology service, ManageMyHealth™, and complying with applicable privacy laws. Medtech is also referred to as “we” and “us” in this statement and when referred to, such reference includes any person or Organisation to which it has licensed or assigned its rights and obligations.

This Privacy Statement applies to your use of the ManageMyHealth™ website found at www.managemyhealth.com.au ("ManageMyHealth™") as an account holder and the Personal Information collected by Medtech for the purposes of providing ManageMyHealth™.In this Notice, “Personal Information” means your Health Information as well as any other information identifiable to you which is collected or stored by Medtech for the purpose of providing ManageMyHealth™ including your account information and any information contained in email communications between you and your participating Healthcare Provider(s) using your ManageMyHealth™ account.“Health Information” means any information about your health which is identifiable to you. “Healthcare Provider” means the healthcare provider who initially provided you access to your Health Information via ManageMyHealth™.

ManageMyHealth™ is a personal health service that lets you review, gather, edit, store, and deal with health information online. With ManageMyHealth™, you have the ability to access your own medical records. You can also share your Health Information with family, friends, and other healthcare providers, and have access to online health information management tools.

You can choose to share specific information (or all information) with other people (such as friends and family) and with applications (such as applications that add data to your health records, provide information to your Healthcare Provider, or use some of your health records to receive customised information about managing your health).

ManageMyHealth™ also provides information on well being generally and incorporates contributions from third parties.

By using ManageMyHealth™, you accept the following statement: "I acknowledge that I have read this Privacy Statement, and agree to meet any obligations imposed on me in this Statement in using ManageMyHealth™.I also acknowledge and agree to the collection, use and disclosure of my personal information by Medtech and my health services provider as is set out in this Privacy Statement.".

Collection of Personal Information

Your Personal Information is collected by Medtech for the purpose of providing the services available on ManageMyHealth™. Medtech may also use your Personal Information for the purpose of making improvements to ManageMyHealth™, for providing customer support and data repair services and for any other purposes described in this Privacy Statement.

Health Information

Medtech may collect your Health Information indirectly from you from via your Healthcare Provider if you have authorized your Healthcare Provider to upload it to ManageMyHealth™.This includes periodic updates to your Health Information, which may be supplied by third party healthcare providers where you have consented to share all or some of your Health Information with third party healthcare providers via ManageMyHealth™.

Medtech may collect your Health Information directly from you when it is entered or uploaded by you to your ManageMyHealth™ account or communicated by you in email communications between you and your Healthcare Provider using your ManageMyHealth™ account.

If you submit or allow Health Information to be uploaded to ManageMyHealth™ on behalf of another individual (other than a minor in your care), you must be authorized to do so by the individual concerned. You must ensure that you have appropriate permission from that individual to provide that individual’s health information to Medtech and for Medtech and any authorised third parties to use and disclose that information in accordance with this Notice. Any such individual should have access to and should review this Privacy Statement.

Account Information

The first time you sign in to ManageMyHealth™, ManageMyHealth™ asks you to create an account. To create an account, you must provide personal information such as name, date of birth, e-mail address and physical address. This information is collected for the purpose of creating your account.

Medtech may request other information for setting up your account, but we clearly indicate that such information is optional. You can review and update your account information. You can modify, add, or delete any optional account information by signing into your ManageMyHealth™ account and editing your account profile.

An account allows you to manage one or more health records, such as the ones you create for yourself and your family members. You can choose what information to put in your records.

Other Information

Any information submitted to ManageMyHealth™ community forums or blogs becomes public information and is not covered by this Notice. Accordingly you should be cautious as to what information you disclose in these forums.

Accuracy of Information

Medtech is not responsible for the accuracy of your Health Information at the point where it is uploaded to ManageMyHealth™, whether by you or by your Healthcare Provider. You must take reasonable steps in the circumstances to ensure the accuracy of Health Information you upload to your ManageMyHealth™ account (including any corrections or modifications) and any Health Information provided by you on another individual’s behalf. You should not upload any Health Information to your ManageMyHealth™ account unless the accuracy of such information can be verified by your Healthcare Provider.

You must not use or rely on Health Information provided to you via ManageMyHealth™ if the information appears incorrect.

It is important for you to maintain the accuracy of your contact information so that you can be contacted at any time.

Storage of Personal Information

Any Personal Information you maintain with your ManageMyHealth™ account will be hosted on servers in a secure environment by a commercially reputable hosting vendor using best practice security techniques and encryption.

If you authorise your Healthcare Provider to upload your Health Information to ManageMyHealth™, you are consenting to Medtech storing that information on your behalf and obtaining periodic updates to the records via your Healthcare Provider.

Security

When any Health Information is uploaded to your ManageMyHealth™ account, it is sent over the Internet using Secure Sockets Layer (SSL). This method encrypts the information to help prevent others from reading it while it is in transit from a computer to ManageMyHealth™.

Health Information held by Medtech is encrypted within the ManageMyHealth™ database. Personal Information is hosted in a secure environment by a commercially reputable third party hosting vendor, using best practice security techniques.

If you are using ManageMyHealth™ to upload Health Information, you should properly secure your computer. To help do this, you can use anti-spyware and virus protection software. You can also restrict access to your computer (for example, by using a strong password for your computer login and a network firewall).

Medtech cannot be held liable in any way for events beyond our control, including accidental or unauthorized access or disclosure of your Health Information caused by you or persons authorized by you accessing your ManageMyHealth™ account.

Accidental access could be obtained by leaving yourself logged on and leaving your computer unattended, ‘over-the-shoulder’ access or from unsecure print-outs of your information.

Unauthorized access could involve someone who is known to you guessing your password or a stranger/hacker circumventing our security measures. Social networking is the easiest way to achieve unauthorized access to your information. To prevent this never give your access details to anyone, and this includes your password and your secret answer.

Health Information uploaded to ManageMyHealth™ from your Healthcare Provider is encrypted during transmission. Personal Information provided to you via your web browser is similarly encrypted during transmission using the highest standard available, including VeriSign Digital Certificates. This provides at least 128 bit encryption or 256 bit encryption if you are using the latest version of the web browser.

ManageMyHealth™ is protected by a reputable network Firewall. Daily backups are performed to allow system restores to be performed in a disaster recovery situation.

Use of Personal Information

Use of your Personal Information by Medtech is limited to the purposes of providing the services available on ManageMyHealth™ and the other uses set out in this Notice as modified from time to time.

Medtech uses your Personal Information to provide and operate ManageMyHealth™ This includes using your Personal Information to make ManageMyHealth™ or its services easier to use, for example, by automatically filling data fields with your Personal Information to avoid the need to repeatedly enter information.

Medtech may use or allow your Personal Information to be used for providing you with informative content via your ManageMyHealth™ account which is customized to your needs, interests and preferences (as determined from your Health Information).

Disclosure of Personal Information

Disclosure of your Personal Information by Medtech is limited to the purposes of providing the services available on ManageMyHealth™ and the other possible disclosures set out in this Notice as modified from time to time.

For the purpose of providing ManageMyHealth™, Medtech may disclose your Personal Information to employees and representatives of Medtech in order that they can provide data repair activities and customer support services. Medtech follows strict internal procedures to ensure that its representatives and employees are made aware of and comply with privacy obligations that may apply to them in collecting, storing and disclosing your Personal Information.

Disclosure to other users of ManageMyHealth™

A feature of ManageMyHealth™ is the ability to share your Health Information with people and services that can help you manage your health or meet your health-related goals. You can share information in a ManageMyHealth™ account with another person or business through ManageMyHealth™.

By default, access to your Personal Information will be limited to you and your Healthcare Provider (including other doctors within your Healthcare Provider’s practice). Medtech will disclose your Personal Information to your Healthcare Provider each time it accesses your ManageMyHealth™ account.

If you have granted consent to your Healthcare Provider to share your Health Information with other healthcare providers, Medtech may disclose your Health Information to those Healthcare Providers to the extent access is permitted. You may withdraw this consent at any time by contacting your Healthcare Provider.

You may increase the number of persons authorized to access your Health Information using an optional “trust list” functionality, which will allow you to grant access to other individuals involved with your care and family members. You decide what level and degree of access to grant other users of your ManageMyHealth™ records. To the extent you have permitted, Medtech may disclose your Health Information to these authorized users once you have granted them access.

Disclosure to third parties

Medtech may disclose your Personal Information without your consent if required to do so by law or in good faith believe that such action is necessary to: comply with the law, comply with legal proceedings served on Medtech or ManageMyHealth™ or protect and defend the rights or property of Medtech and our family of web sites.

Medtech may disclose your Personal Information to a third party if it deems it necessary to protect your personal safety, or the safety of members of the public. This includes allowing third party healthcare providers’ access to your Health Information in emergency situations where it is not possible to first gain your consent. You may prevent your Health Information from being disclosed in this situation by contacting your Health Care Provider or Medtech.

Medtech may allow the disclosure of your information in an unidentified, aggregated form to third parties for the purpose of outsourcing marketing services or for the analysis of population health statistics. This might include, for example, the sale of your Health Information by healthcare providers to public health boards. This aids the planning of effective healthcare services within your region, and is extremely valuable for allowing healthcare services to be targeted to the needs of the population.

Access to, correction and deletion of Personal Information

Access to Health Information

To access your Health Information held by your participating Healthcare Provider, an access code must be ordered in person from the Healthcare Provider. One specific e-mail address must be provided along with a valid photo-id.

We will act reasonably to ensure you will have access to your Health Information uploaded to your ManageMyHealth™ account at all times, however we cannot guarantee that access to your Health Information will always be available. Access may be temporarily unavailable if a planned outage is required or if ManageMyHealth™ experiences an unplanned outage. Such events are considered beyond our control but all reasonable efforts will be used to re-establish the service as soon as possible.

To protect your security, access to your account will be blocked following 3 failed attempts to logon. Your account can be unblocked by using the forgotten password function on the website. When your account is blocked, you will be offered the opportunity to obtain a copy of any Health Information you have uploaded to your account. Health Information that was provided by your Healthcare Provider or any other third party can be obtained from the relevant third party.

Correction of Health Information

You have the right to correct the Health Information available through your ManageMyHealth™ account at any time.

Information uploaded by you can be modified by you at anytime. If you modify your Health Information available on ManageMyHealth™ you must consider what impact that may have on a person or healthcare provider authorized by you who may have previously received the information. If this impact is significant you should inform the individual or healthcare provider of the change. You should not make any modifications to the Health Information you have uploaded to your ManageMyHealth™ account unless the accuracy of the modifications can be verified by your Healthcare Provider.

Health Information uploaded to your ManageMyHealth™ account which was provided to Medtech by your Healthcare Provider or other third party cannot be modified by Medtech. You may request to have this information corrected at any time by contacting your Healthcare Provider or other relevant third party and requesting a correction.

Deletion of your Health Information

You can close your ManageMyHealth™ account at any time by signing into your account and editing your account profile. We will wait 90 days before permanently deleting your Personal Information. On your request, we can provide copies of your Health Information to you before we do so.

Sharing records with applications through ManageMyHealth™

We may provide you with information about applications that connect with ManageMyHealth™. You can view the applications and should examine their privacy statements and terms of use prior to using them or allowing them access to any of your Health Information. In order to access ManageMyHealth™, the application provider must commit to protecting the privacy of your health data.

No application has access to your information through ManageMyHealth™ unless and until an authorised user opts in through ManageMyHealth™ to grant it access. You control what health information you allow an application to access and the length of time they can access the information.

E-mail controls

To keep you informed of the latest improvements, ManageMyHealth™ will send you a newsletter. By creating an account you have given us your implied consent to send you such newsletters. If you do not want to receive the newsletter, you can unsubscribe at any time.

Unique Identifiers

The primary unique identifier used within ManageMyHealth™ is chosen by you together with an email address, which you have authorized us to use to communicate with you. No other unique identifier is linked to you by ManageMyHealth™.

While an email address is globally unique we cannot guarantee that it will always be assigned to the same person. If an email address is no longer used by an individual it is then typically ‘made available’ to anyone else who wants to use it, much the same as a phone number. In the case of children we allow the use of a parent’s email address. Once an individual becomes 16 years old they become responsible for maintaining their account access by other persons such as their parents.

Changes to this Privacy Statement

This Privacy Statement may be updated from time to time - the "last updated" date is included at the top of the Privacy Statement. We encourage you to review this Privacy Statement periodically to stay informed about how we may use and disclose your Personal Information. Your continued use of ManageMyHealth™ constitutes your acknowledgement that you have read this Privacy Statement and any updates that are accessible on our website (at www.managemyhealth.com.au).

Enforcement of this Privacy Statement

Medtech is required to comply with applicable privacy legislation when dealing with Personal Information. If you would like any further information or have any queries relating to this Privacy Statement or our information handling practices in general, please contact us at:

Privacy Officer
ManageMyHealth™


Medtech Healthcare Pty Limited
Level 2, 99 Coventry Street,
Southbank
Victoria 3006

or

Email: privacy@managemyhealth.com.au