Heart and Beyond
Privacy Policy

Privacy Policy

Introduction

Dr Viswanathan Venkatachalam Pty Ltd (ACN 640 128 409) trading as Heart & Beyond ("Heart & Beyond") respects your privacy and is committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) and Health Records and Information Privacy Act 2002 (HRIP Act). This Privacy Policy seeks to inform you how and why personal information is collected, stored, used, disclosed and protected by Heart & Beyond.

Application

This Privacy Policy:

  1. applies to all instances where personal information is collected from you or from third parties; and
  2. must be adhered to by all Heart & Beyond employees, medical practitioners, contractors, board members, volunteers, agents, students and representatives that have access to Personal and Health Information.

Other Heart & Beyond terms and conditions may also apply to you in addition to this Privacy Policy.

In this Privacy Policy:

  • "health information" has the following meaning:
    • personal information or an opinion about an individual's physical or mental health or disability (at any time);
    • personal information or an opinion about an individual's express wishes about the future provision of health services for themselves; or
    • personal information or an opinion about a health service provided, or to be provided, to an individual;
    • other personal information collected to provide, or in providing, a health service;
    • other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
    • genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual;
    • or healthcare identifiers.
  • "NSW Health Organisations" shall include Agencies or organisations which fall under the portfolio of the NSW Ministry of Health.
  • "personal information" has the definition given to it under the Privacy Act.
  • "sensitive information" has the definition given to it under the Privacy Act.
  • "stakeholders", "you", "your" and "yourself" refers to the individual about whom we collect personal information.
  • "we", "our" and "us" refers to Heart & Beyond.
  • "website" means https://www.heartandbeyond.com.au/.

Acceptance and amendment of policy

This Privacy Policy replaces all other privacy policies of Heart & Beyond and may be amended from time to time, without further notice to you. Where there has been a material change to this Privacy Policy, we will notify you by email or by putting a notice on our website.

Your continued use of Heart & Beyond website, its services or provision of further personal information to us once you have been notified of the revised Privacy Policy constitutes your deemed acceptance of the revised Privacy Policy.

What personal information do we collect?

Personal information

Where possible, Heart & Beyond will obtain your personal information directly from you. The information may be collected through various means such as:

  • Patient visits
  • Use of our website
  • Attendance at one of our consultation rooms or offices
  • Attendance at one of the hospitals our medical practitioners are contracted too
  • Attendance at one of our events
  • Filling out paper-based or electronic forms (online)
  • Over the phone
  • Applying for employment
  • Interacting, contracting and/or engaging with the Heart & Beyond.

We will only collect personal information from you that is necessary and relevant to our relationship with you, including to enable us to provide you with health care services or to enable you to participate in research studies. While the precise nature of the personal information we may require will depend on the specific service(s) that we are providing to you and the exact nature of our engagement and relationship with you, we may request that you provide some or all of the following information:

  • Information that we may require to initially identify you, including your name, date of birth, business or company names and numbers, home address and or business address;
  • Information that we can use to contact you, including your telephone number, mobile number, email address, work address, mailing address;
  • personal information such as your name, address and contact details, your health history, family history, past and current treatments, lifestyle factors, and any other information which is necessary to assist the health care team in providing appropriate care, or our research team in conducting its research.
  • Information that we need to employ or otherwise make payments to you or your business/company, such as your name, title, date of birth, citizenship, residency status, qualifications, work history, education history, bank account details, superannuation details, details of any relevant licences, uniform size, basic medical information (such as injuries or allergies) and contact details; and
  • Information that may assist us to confirm your health status, including your health records or medical information.
  • Medicare number
  • Healthcare identifiers
  • Health fund details

We kindly note that the above is not an exhaustive list of the information that we may request.

Sensitive information

The Privacy Act  places restrictions on us collecting sensitive information about you (which includes information about your religion, political views, ethnicity, criminal records and sexual preferences). Generally, we will not collect sensitive information about you. However, should we need to, for instance if you are applying for a job with us, we would not do so without first obtaining your consent.

We may also collect sensitive personal information where we are provided with such information directly by our clients or service providers to provide health services. This may include:

  • Government identifiers such as drivers’ licence, passport and Medicare numbers
  • Health records;
  • Information about racial or ethnic origins;
  • Information about criminal convictions;
  • genetic information about an individual that is not otherwise health information.

Anonymity and Pseudonymity

Heart & Beyond understands that when dealing with Heart & Beyond some members of the public may wish to remain anonymous or use a pseudonym. Although anonymity is an important element of privacy, there are limited circumstances where Heart & Beyond allows this, such as when you submit a general enquiry with Heart & Beyond or browse our website. Heart & Beyond is not required to allow such anonymity or pseudonymity if it is impracticable to do so, or it is otherwise required by law.

In general, you can browse our website without telling us who you are or revealing any personal information about yourself. We are however able to determine your IP address.

How we collect Personal Information

Heart & Beyond will collect Personal Information in several ways, including but are not limited to:

  • directly from you or when relevant another party, for example when you complete forms provided to you by Heart & Beyond including, Heart & Beyond attendance forms or when you provide us with information by phone, email or in agreements;
  • at our offices or site hosted meetings/events/engagements, we may gather basic contact details from you. This data is utilised for identification purposes for building security and safety measures and extending future invitations to meetings and events.
  • from our own records of how you use our services;
  • your use of our website and cookies. A 'cookie' is a small file stored on your computer's browser, which assists in managing customised settings of the website and delivering content. Cookies can facilitate a user’s ongoing access to and use of a site. They allow us to track usage patterns and to compile data that can help us improve our content and target advertising. You can change the settings in your browser to control how your browser deals with cookies; and/or
  • from a third party or stakeholder as authorised by you.
  • if you engage or contract with us
  • if you make an inquiry regarding our services
  • if you make an inquiry through our website
  • if you interact with us via social media platforms
  • if you subscribe to any of our mailing lists or use any of our online applications

We may also collect personal information about you from:

  • relatives
  • another health service provider
  • publicly available sources
  • any person or third party authorised to act on your behalf or authorised to provide your personal information to us;
  • any third party authorised and permitted to provide your personal information to us;
  • anyone sharing information with us for law enforcement purposes;
  • any persons you nominate, if you submit an employment application to us; and
  • our related companies or medical practitioners practising within Heart & Beyond including information about your transactions or other interactions with them, including browsing on their websites and apps
  • our clients to enable us to deliver health services or to perform health checks before we agree to provide services.

Confidentiality of Personal Information

Except as otherwise described in this notice, all personal information that is not public information will be treated as confidential at all times. We restrict access to personal information about you to employees of Heart & Beyond, who must use that information to provide services to you.

How we store personal information

We want you to have continuing trust in Heart & Beyond and its services, so, we have put in place reasonable physical, electronic, and managerial procedures to safeguard and secure your personal information.

These procedures and safeguards include but are not limited to include implementing strict confidentiality practices for medical practitioners, employees, contractors and service providers, and investing in security software to protect against the possibility of cyber-attack or other external threats.

Third party storage providers

We may store electronic records of your personal information with other third parties, including but not limited to:

  1. third party database storage providers, which may be based in Australia and/or overseas; and/or
  2. third party medical or health software and stored on a secured electronic cloud server.

In some cases, the organisations that we may share your information with may be based outside the location where the information is collected. For example, we may share your information with other parties in.

Heart & Beyond takes all reasonable measures to ensure that third party providers or organisations store any personal information in a safe and secure place and restrict their use of the personal information.

How long do we retain your Personal Information?

Retention periods

We will only keep your personal information we hold for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any applicable legal obligations. The retention periods we apply to personal information take account of:

  • legal and regulatory requirements and guidance;
  • limitation periods that apply in respect of taking legal action;
  • our ability to defend ourselves against legal claims and complaints;
  • good practice; and
  • the operational requirements of Heart & Beyond business.

Personal information obtained by mistake or indirect collection

Personal information that is collected by mistake or indirectly and is not required for the purpose of carrying on Heart & Beyond business will be handle such personal data in accordance with applicable data protection laws.

Why we need to collect Personal Information

Heart & Beyond collects Personal Information for a range of purposes relating to our functions and activities, including to:

  • provide and improve optimal services and information;
  • deliver a more personalised experience and service offering;
  • employ you;
  • conduct a range of internal administration activities relating to you, including investigating and handling complaints, processing applications, administering billing services and complying with regulatory and legal requirements.
  • enter into an agreement or contractual relationship with you.
  • to comply to the applicable regulations and laws.

What happens if you don't provide the Personal Information we have requested?

It is entirely your choice as to whether you provide us with your Personal Information. However, if you do not provide the Personal Information we have requested, we might not be able to:

  • enter into any agreements or contract with you;
  • provide some of the health or medical services which you require;
  • provide you with specific website features and online browsing features;
  • properly investigate or resolve any complaints made by you;
  • processes applications for employment or other assistance;
  • create a Heart & Beyond account for you; or
  • process payments

How we use and disclose personal information

We may use or disclose your personal information for the primary purpose for which it was collected ("primary purpose") i.e.  providing healthcare and medical services.  In addition, we may use your information to provide you with other medical, health or cardiology information that might be useful to you. We only use personal information for the primary purpose unless you have provided us with your consent.

Any  disclosure of your personal information (excluding sensitive information) for a purpose other than the primary purpose or in relation to the primary purpose ("secondary purpose") will be in accordance with requirements under Privacy Act or other applicable laws or with your consent.

Pursuant to the Privacy Act, disclosure for a secondary purpose is generally not allowed unless an exception applies. some exceptions include where:

  • you would reasonably expect Heart & Beyond to use or disclose Your Personal Information for the Secondary Purpose;
  • you have given your consent for your personal information to be used for a secondary purpose;
  • the secondary use or disclosure is required or authorised by law or court or tribunal order;
  • a permitted general situation or health situation exists in relation to the secondary use or disclosure; and/or
  • Heart & Beyond reasonably believes that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Use

We may use your personal information to:

  • set up and activate your account with Heart & Beyond;
  • provide health care or medical services to you;
  • provide any ongoing health and medical related services to you;
  • consider your request for our services;
  • coordinate delivery of the services;
  • facilitate and process your payments;
  • carry out or respond to your queries or requests;
  • provide information to you that you have requested;
  • provide additional information to you as requested by you and to respond to your queries about our services;
  • facilitate reviews and to seek your feedback in relation to particular services provided, customer satisfaction and our relationship with you and to manage any customer complaints;
  • to monitor or improve the quality and standard of service that we provide to you;
  • to consider any concerns or complaints you may raise against us;
  • for regulatory reporting and compliance with our legal obligations;
  • to contract or engage with you;
  • to better understand your preferences.
  • appropriately manage our business, such as assessing insurance requirements, conducting audits, and undertaking accreditation processes;
  • where required, effectively communicate with third parties, including the NSW Ministry of Health, NSW Health Organisations, Medicare Australia, private health insurers and Department of Veterans' Affairs;
  • for purposes relating to our medical and health service offering including but not limited to Angioplasty and Stents, Coronary Angiogram, CT Coronary Angiograms, Stress Echocardiogram, Echocardiogram, Ambulatory BP Monitor, Pacemaker checks, Holter Test, and Electrocardiogram.
  • for any other purpose disclosed to you at the time the relevant personal information is collected

If you have provided us with your personal information and do not wish to receive further information from Heart & Beyond, you can send us an e-mail at enquiry@heartandbeyond.com.au and tell us that you do not want to receive future communications.

Disclosure

We may share your personal information (excluding information that is considered sensitive information) in circumstances where disclosure is associated with the primary purpose. We may share such information with:

  • Heart & Beyond affiliates, medical practitioners, contractors, and employees
  • Hospitals that are contracted with Heart & Beyond and its medical practitioners
  • Other business partners to support your relationship with Heart & Beyond and to better service you.
  • Third parties involved in your care, including healthcare professionals outside of Heart & Beyond Health Network, such as:
    • General Practitioners;
    • Cardiothoracic Surgeons;
    • Electrophysiologists;
    • Cardiac Imaging Specialists;
    • Senior medical experts and specialists who have been asked to assist in diagnosis or treatment;
    • Other health professionals involved in an individual's further treatment

We will not give or sell this information to any other company for its use in marketing or solicitation and we will not disclose any sensitive information to any other party without your consent.

We may disclose this information:

  • third parties to facilitate the provision of products and services to you
  • to our third party service providers to assist us in providing and improving our services to you, and to analyse industry trends and better understand your needs or to develop, improve and market our services to you;
  • Government departments responsible for health, aged care and disability where Heart & Beyond is required to do so;
  • NSW Health Organisations, where Heart & Beyond is required to do so, or where this is necessary to facilitate the provision of quality and efficient health care services in NSW;
  • Private health insurance providers and Medicare Australia
  • My Health Record, if you are registered in the My Health Record system (unless you request that a particular document not be uploaded to your My Health Record);
  • Third parties who provide services to us in connection with our business operations
  • For regulatory reporting and compliance with our legal obligations; or
  • anyone authorised by you to receive your personal information including relatives, close friends, guardians (unless Heart & Beyond has been informed otherwise and your consent may be express or implied);
  • To our agents, successors and/or assigns.

How to access personal information or ask for a correction

Access

We take reasonable steps to ensure that the personal information that we collect and hold is accurate, complete and up-to-date. However, we rely on you to advise us of any changes to your personal information to help us maintain accurate, complete and up-to-date information.

You can access the personal information we hold by contacting us in writing and confirming who is requesting access to the personal information and for what purpose. On certain occasions, one of our employees may need to identify the person requesting the information. This is usually done by asking the stakeholder to confirm their identity by providing a copy of the stakeholder’s license or coming into our office in person. By taking this extra step, the we are ensuring that the personal information provided is going to the correct person and that personal information is not accessed incorrectly or fraudulently.

Correction

If you consider that there is any personal information that we hold about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you are entitled to request correction of the personal information. After receiving a request from you, we will take reasonable steps to correct your personal information. If we make a correction and we have disclosed the incorrect information to others, you may ask that we notify the recipient of the correction

Website

IP Address

When you browse or use our website, we are able to determine your IP address. We use your IP address to help diagnose problems with our server, to administer our website, to measure the use of our website and to improve the content of our website. Basically, we use your IP address to gather aggregate demographic information.

Encryption technology

Our website does not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.

Third Party Links

The Heart & Beyond website contains links to other non-Heart & Beyond websites. Heart & Beyond is not responsible for the privacy practices or the content of such websites and you should exercise your best judgement when sharing personal information on these websites.

Lodging a complaint and complaint handling

Complaints to Heart & Beyond

If you wish to make a complaint about a breach of this Privacy Policy or the Australian Privacy Principles established pursuant to the Privacy Act, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint as well as any supporting evidence and information.

Your complaint will be referred to our Privacy Officer. The Privacy Officer will investigate the issue and determine the steps that we will undertake to resolve your complaint. You can contact the Privacy Officer using the details set out below. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation.

Complaints to the OAIC

If you are not satisfied with our response or we fail to provide a response to your complaint within 30 days of receipt of your complaint, you can lodge a privacy complaint with the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are set out below:

Post:                GPO Box 5288, Sydney NSW 2001

Ph:                   1300 363 992

Fax:                  (02) 9284 9666

Website:         https://www.oaic.gov.au/  

How to contact Heart & Beyond

If you have any other questions, concerns or complaints about our privacy policy or its implementation, please contact our Privacy Officer:

Att:                  The Privacy Officer

Post:                Heart & Beyond, Suite 101, 172 Fox Valley Rd, Wahroonga, NSW 2076.

Ph:                   02 8457 7900

Email:              enquiry@heartandbeyond.com.au

Website:         https://heartandbeyond.com.au/