2. What is 'personal information'?
3. What kind of information do we collect?
4. How we collect and hold personal information
5. Why we collect, use and disclose personal information
6. Quality and security of personal information
7. Access to personal information
8. Information security
9. The Australian Privacy Principles
10. Privacy compliance
The Independent Hospital Pricing Authority (IHPA) is committed to the protection of your personal information in accordance with the Privacy Act 1988. Our aim is to ensure that your personal information is managed in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (‘Privacy Act’).
IHPA is also committed to ensuring that the statistical hospital data we collect pursuant to our functions under the National Health Reform Act 2011 (‘the Act’) is managed in a manner which is generally consistent with the APPs, State and Territory privacy and health data laws. Although these laws do not strictly apply to this data in the form in which it is held by IHPA, we treat that data with the same care as we treat personal information we hold.
The Policy incorporates information to help you understand what information we collect, how we collect and hold personal information, the purposes for which we hold, collect, use and disclose personal information and whether we are likely to disclose information to overseas recipients.
The Policy also informs individuals how they may access and request corrections to their personal information and how they may complain about a breach of privacy.
IHPA will take all reasonable steps to ensure that it establishes and maintains internal practices, procedures and systems to ensure compliance with the APPs. This obligation is an ongoing one and IHPA will continue to review its procedures to ensure that personal information is managed in an open and transparent way.
Personal information is defined in the Privacy Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable’.
What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstance. Whether an individual is ‘reasonably identifiable’ from particular information about that individual will depend on considerations including: the nature and extent of the information and whether it is possible for the recipient of the information to identify the individual using available resources (including other information available to that recipient).Where it may be possible to identify an individual using available resources, the cost, difficulty, practicality and likelihood of a person or entity doing so will be relevant to deciding whether an individual is ‘reasonably identifiable’. Where it is technically possible to identify an individual from information, but doing so is not practically possible, that individual will not generally be regarded as ‘reasonably identifiable’. For example, the individual may not be reasonably identifiable where steps required to do so are overly expensive or resource intensive.
The definition of personal information only relates to natural persons and in most circumstances it will not apply to deceased persons. It does not extend to other legal persons such as companies.
a) Personal information
IHPA only collects personal information where the information is reasonably necessary for, or directly related to, one or more of IHPA’s functions or activities. IHPA collects a range of personal information to facilitate its business functions (such as employment functions) including names, addresses, phone numbers, email addresses, other contact details, employment history, educational qualifications, procurement records, consultancy records, committee membership lists (which includes members’ names, contact details, resumes, tax file numbers, drivers licence numbers, vehicle insurance details, employment details), creditor and debtor information (which includes names, contact details, bank account details, credit card details), stakeholder lists (which includes names, addresses, employment details, and other contact details), recruitment records and personnel records. This information is subject to the Privacy Act and we have an obligation to ensure that we manage this information in accordance with the Act.
b) Hospital data
IHPA also collects a range of hospital data pursuant to its functions outlined in the Act. This hospital data includes Activity Based Funding Data (‘ABF data’) and National Hospital Cost Data Collection data (‘NHCDC data’). ABF data contains data relating to care provided to patients and general data about patients including: sex, date of birth, country of birth, indigenous status, marital status, postcode, type of usual accommodation and labour force status. The NHCDC data contains general data about patients as well as specific data such as data relating to the nature of patient care, diagnosis, factors affecting health status, and data relating to a patients functional independence and life skills. Importantly, both the patient and the hospital are assigned a unique identifier. This unique identifier is used instead of the patient’s name and the name of the hospital and the unique identifiers are not available to the general public. IHPA has implemented a range of strategies to ensure that data sets are not able to be searched or combined in a way that would allow a person to determine the identity of an individual. As such, the hospital data IHPA holds is depersonalised and not subject to the Privacy Act.
Further, hospital data is subject to secrecy provisions contained in the Act which relate to ‘protected Pricing Authority information’ and impose strict obligations on the use and disclosure of that information. Therefore our management of hospital data must be in accordance with the relevant secrecy provisions contained in the Act. The Act recognises the importance of protecting patient confidentiality. IHPA is prohibited from publishing information that is likely to enable the identification of a particular patient - see section 279(2).
IHPA collects personal information about individuals directly from those individuals or their authorised representative. IHPA may also collect personal information if it is required or authorised by or under an Australian law to do so. Where IHPA receives personal information about you that it did not solicit from you, it will determine whether it could have collected that information in accordance with the APPs if it had solicited the information. If it determines it could not have obtained the information in accordance with the APPs, IHPA will consider whether it is obliged to retain that information under its record-keeping rules, and if not will destroy the information or ensure that the information is de-identified where it is lawful and reasonable to do so.
IHPA does not collect sensitive information about an individual unless the individual has consented to the collection of the information and the information is reasonably necessary for, or directly related to, one or more of IHPA’s functions or activities. Sensitive information is defined in the Privacy Act to mean information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record that is also personal information, or health information or, genetic information about an individual, or certain biometric information.
Where IHPA collects personal information it will inform you of a number of matters including our purpose for holding the information, requirements for access to information, the ramifications of a failure by us to collect the information and if the information is required under Australian law.
IHPA collects personal information to enable it to undertake a range of business related purposes. These are grouped according to the specific purpose below:
- IHPA collects and uses committee files to maintain current committee member information for business related purposes. The personal information relates to contact details; salary details; bank accounts; benefits and leave; taxation details; and terms of engagement.
- IHPA collects and uses personnel files to maintain current employee information for business related purposes. The personal information in these files relates to the employee and may include: applications for employment; terms of employment; records relating to employee’s salary, benefits and leave; medical certificates or health related information; contact details; taxation details, and superannuation contributions.
- IHPA collects and uses contractor files to maintain current contractor information for business related purposes. The personal information relates to financial details; contact details; and terms of engagement.
- IHPA collects and uses stakeholder files to maintain current stakeholder information for business related purposes. The personal information relates to contact details; and employment details.
IHPA only collects personal information for purposes which are directly related to our functions or activities under the Act and only when it is necessary for, or directly related to such purposes. We only use personal information for the purposes for which we collected it. We do not give personal information about an individual to other Government agencies, private sector organisations or anyone else unless the individual has consented; the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies; or it is otherwise required or authorised by law.
Hospital data is only used or disclosed in a de-identified fashion. Where small cell data (that is, data sets with a small number of entries) is present, we take a range of measures (such as zeroing or aggregation) to ensure that no identifying data is used or disclosed.
IHPA will take reasonable steps to ensure that your personal information is accurate, current, complete and relevant. IHPA will also ensure that your personal information is protected from misuse, interference, loss and from unauthorised access, modification or disclosure. IHPA will destroy or de-identify your personal information if it is no longer needed for any purposes and if we are not required by an Australian law to retain it. IHPA does not routinely send personal information overseas, but where it does so, it will ensure that it has appropriate procedures and systems in place for ensuring the security of that information.
You can access the personal information that we hold about you, and you can ask us to correct the personal information we hold about you. If you are listed on one or more of our email lists you can opt out at any time. You can unsubscribe by using the ‘unsubscribe’ options noted in our emails. You may wish to deal with IHPA anonymously. We will endeavor to address your request if it is practicable to do so. Should you wish to contact IHPA about any privacy inquiry or complaint, or should you wish to access your personal information, please contact the Chief Operating Officer on 02 8215 1110, Level 6, 1 Oxford Street, DARLINGHURST, NSW, 1300.
IHPA has adopted a comprehensive data security framework to ensure that the personal information that it holds is protected from misuse, interference, loss or from unauthorised access or disclosure. IHPA has developed an internal Protective Security Framework (PSF) modelled on the Commonwealth’s Protective Security and Policy Framework. One of the key components of IHPA’s PSF is information security. IHPA has developed an Information Security Policy which outlines how IHPA complies with its information security obligations in respect of the handling and protection of personal information. IHPA has adopted physical security controls to protect information and data by preventing unauthorised access to IHPA’s information. In addition IHPA has adopted personnel security procedures to ensure that the information IHPA holds is protected from misuse. IHPA ensures that access to personal information is only permitted where necessary and where personnel have been appropriately identified and authorised to do so. IHPA also has in place a comprehensive information, communications and technology (ICT) framework which is designed to protect information from a wide range of threats in order to minimise the risk of personal information being misused or compromised.
The thirteen Australian Privacy Principles (APPs) are described here to provide an outline of IHPA’s privacy obligations when managing personal information.
CONSIDERATION OF PRIVACY OF PERSONAL INFORMATION
APP1 – Open and transparent management of personal information
APP2 – Anonymity and pseudonymity
This requires IHPA to provide individuals with the option of not identifying themselves, or of using a pseudonym. Some exceptions apply here. These include where IHPA is required or authorised by or under an Australian law to deal with individuals who have identified themselves; or it is impracticable for IHPA to deal with individuals who have not identified themselves.
COLLECTION OF INFORMATION
APP3 – Collection of solicited personal and sensitive information
IHPA must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of IHPA’s functions or activities. IHPA must not collect sensitive information about an individual unless the individual has consented to the collection of the information and the information is reasonably necessary for, or directly related to, one or more of IHPA functions or activities. Under the exceptions listed in APP3.4 IHPA can solicit sensitive information in some cases without complying with APP3.3 where the collection is required or authorised by or under an Australian law. IHPA must collect personal information about an individual only from the individual unless the individual consents to the collection of the information from someone other than the individual or IHPA is required or authorised by or under an Australian law to collect the information from someone other than the individual or it is unreasonable or impracticable to do so. Sensitive information is defined as an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences, criminal record, health information and genetic information about an individual.
APP4 – Dealing with unsolicited personal information
If IHPA receives personal information that it did not solicit IHPA must determine whether it could have obtained the information under APP3 if IHPA had solicited the information. If IHPA determines that it could not have collected the information and the information is not contained in a Commonwealth record, IHPA must destroy the information or ensure that the information is de-identified but only if it lawful and reasonable to do so.
APP5 – Notification of the collection of personal information
IHPA must either at or before the collection of personal information notify individuals or a number of matters set out at APP5.2. These matters include the purpose for holding personal information; requirements for access to information and the ramifications of a failure by IHPA to collect the information, if the information is required under Australian law or a tribunal/court order.
DEALING WITH PERSONAL INFORMATION
APP6 – Use and disclosure of personal information
IHPA must only use the personal information collected for a purpose other than the primary purpose if the individual has consented to the use or disclosure or if the exceptions apply in APP6.2 or 6.3. These exceptions include whether the individual would reasonably expect IHPA to use the information for the secondary purpose and where disclosure is required under Australian law. In relation to sensitive information if an individual would reasonably expect IHPA to use or disclose the information for a secondary purpose and that purpose is directly related to the primary purpose, that use or disclosure is permitted.
APP7 – Direct Marketing
APP7 relates to direct marketing activities and applies to private sector entities.
APP8 – Cross-border disclosure of personal information
Before IHPA disclose personal information about an individual to an overseas recipient it must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs, other than APP1, in relation to the information.
APP9 – Adoption, use and disclosure of government related identifier
APP9 prohibits an organisation from adopting a government related identifier. It applies to private sector organisations.
INTEGRITY OF PERSONAL INFORMATION
APP10 – Quality of personal information
This requires IHPA to take such steps (if any) as are reasonable in the circumstances to ensure person information that is collected, used or disclosed is accurate, current, complete and relevant.
APP11 – Security of personal information
This requires IHPA to take such steps as are reasonable in the circumstances to ensure that personal information is protected from misuse, interference, loss and from unauthorised access, modification or disclosure. IHPA must also take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purposes for which it may be used or disclosed, it is not contained in a Commonwealth record and IHPA is not required by or under an Australian law to retain it.
ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
APP12 – Access to personal information
IHPA is required to give an individual access to personal information upon request of that individual. IHPA can refuse to give access to the information under the Freedom of Information Act 1982 or any other Commonwealth Act, to the extent that IHPA is required or authorised to refuse access. IHPA must respond to the request for information and give access to the information if it is reasonable and practicable to do so. Where an individual’s request for information is refused, IHPA must give reasons to the individual for that refusal and mechanisms available to complain about the refusal, unless it would be unreasonable to do so.
APP13 – Correction of personal information
IHPA must take reasonable steps to correct personal information that it holds where it is satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant, misleading or where the individual requests IHPA to correct the information. Where personal information is corrected, IHPA must take reasonable steps to notify third parties of the amendment.
IHPA has established a robust compliance program to ensure that it meets its obligations to manage personal information appropriately and to comply with the APPs. IHPA reviews how and when it collects personal information to ensure that the collection is permitted in accordance with the APPs. IHPA also reviews its use and disclosure of personal information to ensure that it manages personal information in accordance with the APPs.