Defence Health recognises the importance of protecting your personal information and the trust you place in us.
Under the Commonwealth Privacy Act 1988, as amended from time to time and the Privacy Principles which form part of the Act and apply to Defence Health as an organisation that is in possession of individuals' ‘personal information’, we must observe strict restrictions and standards about the collection, use, disclosure, security and integrity of that information.
In some circumstances, State privacy laws will mean that these restrictions and standards will continue to apply to the ‘personal information’ of an individual held for a period of time after their death.
In the course of providing our services, there is certain personal information we may require from you. Defence Health’s primary purpose in collecting personal information is for the provision of health benefits and financial services advice to you and to otherwise fulfil our legal obligations as a private health insurer and financial services provider.
Defence Health may disclose personal information relating to the member's dependants to the member. Where a member grants their spouse or partner authority to operate the relevant policy, Defence Health may disclose personal information relating to the member or any of the member's dependants to the member's spouse/partner. To protect the privacy of all persons covered by the policy, a member is also required to seek and obtain the consent of any dependant aged 16 years and over to the disclosure of their personal information to the member's spouse/partner, before granting authority to the member's spouse/partner to operate the policy. If a dependant is 16 years or over, they may ask Defence Health not to share their information with the member or member's spouse/partner.
For the purposes of this policy and unless circumstances suggest otherwise, a person aged 16 years and above will be considered capable of making their own privacy decisions. Defence Health will take instructions from the person who is able to make relevant decisions relating to health insurance and health matters generally for that person or dependant.
3. What personal information does Defence Health collect?
The amount and type of personal information we collect and hold about you depends on the nature of your relationship with us and the extent to which you have used our services or made claims.
This includes personal details such as your name, address, date of birth, names of dependants, and contact details including telephone numbers, facsimile numbers, email addresses or post office box numbers. We may also hold:
In relation to Health Insurance Cover
- Information to set up an account for you, including bank account, credit card details, Medicare numbers, and information about your employer;
- Information about the status of your health insurance cover;
- Information about claims you make or wish to make on your cover;
- Information about your preference for products, services and benefits we offer from time to time;
- Member account online log on details.
In relation to Financial Services Advice
- Where general financial product advice is provided, sufficient personal information to assist you in completing an application form for the relevant insurance policy, and for us to manage the relevant insurance policy;
- Where a risk policy is to be purchased as part of your superannuation, your tax file number will be collected.
We may seek to collect personal information which is regarded as sensitive information. This includes information about your health. We may do so only with your consent, as required or authorised by law or where otherwise permitted by Privacy Principles in the Privacy Act and any applicable State or Territory health privacy laws.
4. How does Defence Health collect personal information?
4.1 Information gathered from you
Where it is reasonable and practicable to do so we will collect most of your information from you directly, such as:
- When you submit an application form to apply for a product or service
- When you submit a variation to level of cover or persons covered
- When you submit a claim for benefits
- When you log on to your online member account
- Each time we have contact with you through our Member Service Centre and when we provide financial services advice
- Each time we conduct direct marketing surveys or in response to our direct mail.
Sometimes we may ask to collect particular personal information about you. Unless we have already done so, when or before we collect that information, we will take reasonable steps to inform you of:
- The purposes for which the information is collected
- Where applicable, any Australian law or court or tribunal order requiring the information to be collected,
- The main consequences if all or part of the information is not provided, and
- How you can access and correct your information and make a complaint about a privacy breach.
4.2 Information gathered from third parties
Other ways we generally collect information:
- In circumstances where additional health information is required we may contact your nominated health provider, including to conduct claims processing and control (including claims audits, risk management and fraud prevention)
- We may contact your health provider to clarify details provided by you
- From other individuals covered on your family membership
- In circumstances where services claimed may be compensable from another source, we may contact any persons necessary to establish eligibility of benefits for you
- From your employer, if you are part of a Payroll Deduction Scheme
- From insurers with whom you have an existing insurance policy.
If you do not provide any information requested about you or your dependants or do not consent to our collecting that information from third parties, then depending upon the type of information concerned, the consequences of our not being able to collect this information may include:
- Our inability to process any application for membership, membership renewal or claims; and
- Our inability to provide any other services to you including the provision of financial services advice.
5. Purposes for holding the information collected
We generally hold information for the following purposes:
- To approve and administer transactions/claims you wish to make
- To provide you with services you have requested
- To inform you of products, benefits or services we think you might be interested in
- To provide financial services advice
- To improve our services.
6. How personal information is held
We hold your personal information in a combination of computer storage facilities, paper-based files and other records. These facilities and records are located on site at our head office and off-site at secured premises operated by third parties on behalf of Defence Health. The third parties are bound by Defence Health’s strict information security policies and procedures. These policies and procedures are in place to protect personal information held by us from misuse, loss or unauthorised access, modification or disclosure.
7. How does Defence Health use personal information?
We collect and use personal information for the following purposes:
- To check your eligibility for membership or check your identity
- To process your application for services
- To approve and process transactions you wish to make
- To set up an account for billing your membership contributions
- To provide you with financial services advice
- To provide you with services you have requested or any additional or related services
- To provide you with member account log on details
- To identify whether you would benefit from risk management or disease management programs
- Unless you have opted-out, you consent to us using your information including sensitive information to contact you via mail, telephone, email or SMS to inform you of health-related or other products, benefits or services we think may interest you
- To address information technology requirements, systems maintenance and development issues
- To aid business development and extend our range of services
- To investigate and resolve complaints concerning the provision of services
- To conduct claims processing and control (including claims audits, risk management and fraud prevention)
- To comply with legislative requirements and provisions and court or tribunal orders.
8. When does Defence Health disclose your information?
We do not disclose your information to others, except in the following cases:
- To organisations which provide services to us
- With your consent or where it is necessary to provide you with services under the Policy
- Where required or authorised by Australian law or court or tribunal order
- To organisations which have requested us to provide services to you or who co-operate with us in offering products or services, including risk management and disease management programs and financial products
- To members, in relation to couple and family memberships, for example, in the form of benefit advice statements, to disclose information about benefits limits and treatment for all persons covered by the Policy, including dependants.
When you are admitted to hospital, personal information about you and your condition is provided by the hospital to Defence Health to enable your claim to be paid. Australian Health Service Alliance Ltd is an agent of Defence Health and in this capacity, receives your personal information. Australian Health Service Alliance Ltd. is a privacy compliant organisation. The Private Health Insurance Act 2007 requires us to collect certain information about you and this will generally govern how we use the information despite the provisions of the Privacy Act 1988 (Cth). For more information visit www.ahsa.com.au.
Other service providers we have arrangements with include our information technology suppliers, general insurance and life insurance underwriters, mail houses, marketing supplier organisations, health providers, fraud management, risk management and disease management program providers and our electronic claims facilitators.
9. Your consent
By becoming a member, or continuing your relationship with us, you are taken to have consented to the following on your own behalf and on behalf of your dependants:
- The collection of health or financial information about yourself or your dependents
- The collection of your tax file number where you have made application for a risk insurance product as part of superannuation.
You also agree that:
- You will make, or authorise the making of, all claims under your Policy and will ensure that each claim includes the sensitive information of an individual aged 16 years and over only with their consent.
You should note that you may withdraw any or all of your consents at any time simply by notifying us in writing and dependants may request. However, depending on the circumstances this may prevent us from being able to provide services to you. If we use or disclose your personal information in a way not contemplated in this policy we will normally only do so after gaining your consent. We may ask for your consent in writing, over the phone or on our website.
We also may disclose or use your personal information without your consent in the following circumstances:
- We reasonably believe it is necessary to assist an enforcement body to perform its functions, or
- We suspect that an unlawful activity or misconduct of a serious nature has been, is being or may be engaged in that relates to Defence Health and the personal information is a necessary part of our internal investigation or reporting of the matter, or
- We reasonably believe it is necessary to prevent a threat to life, health or safety, or
- We are authorised or required by Australian law or court or tribunal order to do so, (e.g. where information is required by bodies regulating us or in response to subpoenas or warrants), or
- We have contracted an external organisation to provide support services and that organisation has agreed to conform to our privacy standards and to allow us to audit them for compliance,
- To establish, defend or exercise a legal claim or for a confidential alternative dispute resolution process
- The disclosure is to a credit reporting agency in connection with us extending credit to you, or recovering from you amounts that you owe under any contract you may have with us that is overdue more than 60 days, and we have provided you with the required notice; or
- In any other situation that is permitted by the Privacy Act in relation to personal or sensitive information or government identifiers.
10. Access and correction
An individual, including a member or dependant may request access to personal information Defence Health holds about them. A member may also request access to personal information about any dependant under their Policy unless the dependant is 16 years old or over and has asked Defence Health not to share their information.
A member’s spouse/partner may request access to personal information about the member or any other dependant under the Policy, where the member has granted their spouse/partner authority to operate the Policy, unless the dependant aged 16 years or over and has asked Defence Health not to share their information.
The type of information held generally includes the following:
- Contribution History: a record of premium payments
- Membership History: includes the history of your membership and level of cover held
- Financial information: this includes bank account details
- Claims History or Benefit advice statement: a record of Hospital, Medical and Ancillary claims and benefits paid
- Personal, health and financial information required by underwriters to assess your risk insurance application or by us to provide you with financial services advice.
Personal information held about you or your dependants (where relevant to the Policy) can be obtained by contacting Defence Health on 1800 335 425 or via email to firstname.lastname@example.org.
Alternatively, you may choose to register for on-line access via a secure password. On-line access permits you to view the personal information of yourself and any of your dependants, and update details such as cover type, payment methods and contact details. To authenticate changes a confirmation letter will be issued to the member.
If an individual considers that the personal information held is not accurate, relevant, complete or up-to-date, or it is misleading, Defence Health will take reasonable steps to correct the information. Please help us to keep accurate details by informing us whenever your personal details change or whenever you become aware our records are inaccurate. You can do this by contacting Defence Health on the number or email address above or via our website. In limited circumstances a request for access or correction may be denied. Defence Health will provide reasons for denial of access or a refusal to correct personal information and explain how you can complain about the denial or refusal if you wish to do so.
Defence Health has strict information security policies and procedures in place to protect personal information held by us from misuse, interference, loss or unauthorised access, modification or disclosure.
Defence Health uses a secure waste disposal system for destruction of records containing personal information that does not need to be retained. Archived information is held off-site for 5 years before secure destruction.
If you do not want to receive direct marketing communications by any specific medium, please contact us on 1800 335 425 or via email to email@example.com and we will cease those communications with you as soon as possible. If at any time in the future you wish to be reinstated on our mailing list, please let us know.
14. Privacy complaints
An individual should first direct any complaint of an alleged breach of the Privacy Act to Defence Health’s Privacy Officer. Defence Health will ‘interfere with the privacy of an individual’ if it deals with personal information in a way that is contrary to, or inconsistent with, an applicable Privacy Principle in the Privacy Act.
The Privacy Commissioner may investigate complaints about acts or practices that constitute an ‘interference with privacy’ if Defence Health doesn’t resolve the individual’s concerns.
15. Contact details
Defence Health Privacy Compliance Officer
Level 4, 380 St Kilda Road
Melbourne VIC 3004
Phone: 1800 335 425
Office of the Australian Information Commissioner
Privacy Hotline 1300 363 992 (local call charge)
20th December 2013