0%
tooltip
Pending signatures  

 

 

 

 

 

Australian Medical Services  ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​​ 

Privacy Policy ​​ 


1 Purpose

Teladoc Health Australasia Pty Ltd (“Teladoc” or “we” or “us” or “our”) is committed to maintaining compliance with all applicable laws related to the confidentiality of personal information including, amongst others, the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and the Health Records Act 2001, and complying with all contractual requirements concerning privacy and confidentiality (“Privacy Requirements”). ​​ 

The purpose of this Australia Expert Medical Services Privacy Policy (“Policy”) is to outline Teladoc’ responsibilities with respect to the uses, disclosures, and handling of Personal Information (“PI”) for its Australian based Medical Services. ​​ 

2 Scope

This Policy applies to the administration of Australian based Medical Services.

Expert Medical Services is a suite of medical information services (“Services”) offered by Teladoc to eligible individuals (“Members”). ​​ The Services are designed to improve the quality of health care by connecting individuals and their treating physicians with specialists who can provide expert guidance with respect to diagnoses and treatment plans. ​​ 

3 Personal Information Collected

Teladoc collects Personal Information that is necessary to perform the Services. ​​ The type and volume of Personal Information collected varies according to the type of Service being provided. ​​ To the extent necessary, we collect the following Personal and Sensitive Personal Information:

  • Demographic information, including name, address, phone number, date of birth, email address;

  • Identification information, including drivers license or passport as necessary to verify identity;

  • Insurance policy number;

  • Medical records, including medical history, treatment records, diagnostic testing; and

  • Demographic information of Members’ relatives or friends who may legally represent the member (“Legal Representative”).

4 How Personal Information is Collected

We collect Personal Information in the following ways:

  • Directly from the you and/or your Legal Representative;

  • Directly from your treating physician upon authorisation from you to collect medical records; and

Prior to the collection of PI, except as necessary to determine eligibility for Services, we provide notice to you and obtain consent as required by law.

5 Purposes for Collecting, Using, and Disclosing Personal Information

The primary purpose for which Teladoc collects, uses and discloses Personal Information is to provide the Services to you. ​​ 

5.1 ​​ Uses and Disclosures Necessary to Provide the Services

Teladoc may use and disclose PI as necessary to provide the Services. ​​ Activities we perform to provide the Services include:

  • Checking eligibility for Services;

  • Collecting medical history and treatment information

  • Working with expert physicians and other clinicians;

  • Notifying you of eligibility for the Services; and

  • To recommend hospitals and/or doctors.  ​​​​ 

5.2  Uses and Disclosures for Management and Administrative Purposes

Additionally, to the extent necessary to facilitate and perform the Services, we will use and disclose PI as necessary for our own management and administration purposes (“Management and Administration”). Teladoc’ Management and Administration involves activities associated with operating and managing our business including:

  • Information security and privacy compliance;

  • Maintaining information technology systems;

  • Business development and planning;

  • Sending information related to changes to Services or information that may be useful to you;

  • Product development;

  • Quality assessment and improvement;

  • Training and managing personnel;

  • Reviewing competence or qualifications of health care professionals;

  • Legal services;

  • Auditing; and

  • Sales, transfer, merger, or consolidation of all or part of the company.  ​​ ​​​​ 

5.3 ​​ Disclosures to you (or your legal representative and/or individual’s involved in your care)

Teladoc will disclose PI it collects about you with you and/or your Legal Representatives after proper verification. ​​ 

Teladoc may disclose PI to an individual involved in your care pursuant to verbal or written permission from you. ​​ Verbal permission shall be documented by Teladoc in the appropriate information system or record.  ​​​​ 

5.4 ​​ Disclosures to Subcontractors

Teladoc may use trusted third party, including contractors and service providers (“Subcontractors”) to help perform the Services. We may also use Subcontractors to assist us with our Management and Administrative functions. Examples of Subcontractors to who Teladoc discloses PI include:

  • Teladoc physician experts (“Experts”) who provide expert medical opinions;

  • Companies that host and administer our information technology systems; and

  • Current or future parent company, any subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Policy. ​​ 

Before disclosure of any PI to a Subcontractor, Teladoc enters into an appropriate agreement with the Subcontractor that provides for the continued privacy and security of PI (“Subcontractor Agreement”).  ​​ ​​ ​​ ​​​​ 

Additionally, as part of its due diligence process and prior to disclosure of PI to a Subcontractor, Teladoc will use reasonable efforts to assess such third party’s compliance with privacy and security requirements.

If Teladoc knows of a pattern of activity or a practice of the Subcontractor that constitutes a violation of the Subcontractor Agreement, Teladoc will investigate. ​​ If Teladoc determines that a violation of the Subcontractor Agreement has or is occurring, Teladoc will require the Subcontractor to takes steps to cure the breach or end the violation. ​​ If such steps are unsuccessful, Teladoc will terminate the Subcontractor Agreement if feasible.

Upon termination of a Subcontractor Agreement, the Privacy Officer will ensure that all PI held by the Subcontractor is either securely destroyed or returned to Teladoc. ​​ 

5.5  International Data Transfer

Teladoc stores all Personal Information on servers and information technology systems located in Australia. ​​ 

Teladoc’ parent company and other subsidiaries (“Affiliates”) are located outside of Australia. ​​ Some Administrative and Management functions that involve the use of Personal Information may take place at an Affiliate located outside of Australia. ​​ These Affiliates are in the United States and/or the European Union. ​​ The functions these Affiliates perform include legal, privacy and security, information technology management, and business management functions.  ​​ ​​ ​​ ​​​​ 

As such, Teladoc will transfer Personal Information outside of Australia. ​​ Prior to the transfer of Personal Information outside of Australia, Teladoc will provide notice and obtain consent from you.  ​​ ​​ ​​ ​​​​ 

5.6 When Required by Law and for Public Policy

Under certain circumstances, Teladoc may use and disclose PI for the following purposes: ​​ 

  • As required by law;

  • As necessary for public health activities (such as public health reporting, child abuse reporting, notification of exposure to disease or condition);

  • To report victims of abuse, neglect or domestic violence;

  • For health oversight activities;

  • For judicial and administrative proceedings;

  • To law enforcement officials; and

  • For health or safety.

 

Any use or disclosure of PI for any of the above purposes must be reviewed and approved by the Privacy Officer prior to making the use or disclosure.

6 Authorisations

Except as permitted in this Policy, Teladoc will not make any other uses or disclosures of PI without first obtaining a written authorisation from you (“Authorisation”). ​​ Teladoc obtains an Authorisation from you to facilitate the collection of medical records from physicians and health care facilities. ​​ 

7 Minimum Necessary

Teladoc makes reasonable efforts to limit the use, disclosure or request of PI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. ​​ 

8 Verification

Prior to disclosing PI to a person requesting such information (“Requestor”), unless the Requestor is known to Teladoc, Teladoc takes reasonable steps to verify the identity of the Requestor and the authority of the Requestor to have access to such PI. ​​ We verify identity in a number of different ways, including asking a series of questions or asking for a copy a driver’s license.  ​​​​ 

9 Sale of Personal Information

Teladoc does not request, receive or pay any cash or other remuneration in exchange for PI. ​​ 

10 Security of Personal Information

Teladoc maintains a robust information security program. We have appropriate technical and organizational measures in place to protect Personal Information against unauthorized use or disclosure, damage or destruction. Such measures include but are not limited to:

  • Training staff on protection Personal Information;

  • Disposing of Personal Information in a secure manner;

  • Ensuring the physical security of the premises where Personal Information is processed;

  • Signing confidentiality agreements with staff, providers and clients;

  • Using effective password protection;

  • Encrypting or password protecting emails and other communications containing sensitive Personal Information;

  • Implementing a disaster recovery plan, that includes making backups of personal data;

  • Undertaking regular data security audits in order to detect errors and implement improvements; and

  • Retaining Personal Information for the minimum amount of time needed to meet legal and compliance requirement, typically 10 years from the date the Services are completed.

11 Your Rights

11.1 Access to Personal Information

You have the right to obtain a copy of the Personal Information that Teladoc maintains about you. ​​ 

11.2 Amendment to Personal Information

Requests by you to amend the PI that Teladoc maintains, must be submitted to Teladoc in writing at the address or email listed below.

11.3 Questions and Complaints

You have the right to file a complaint with Teladoc or ask questions regarding our privacy practices. ​​ Your complaint and questions shall be sent to the address or email listed below. ​​ All complaints and questions regarding Teladoc’ privacy practices shall be referred to the Privacy Officer for review and response. The Privacy Officer will review all complaints and questions and respond in a timely manner. ​​ 

 

Any complaint that meets the definition of a Privacy Incident shall be handled pursuant to Section 14—Incident Response.

11.4 Contact Information

You may initiate any of the right listed in this section by either emailing or mailing the Privacy Officer at the following addresses:

 

Privacy Officer

Teladoc

Level 11, 50 Queen Street,

Melbourne, VIC 3000, Australia

lopd@teladochealth.com

user_hashdocid

5

 

Powered by docxpresso