This policy relates to the Telstra Health HealthNow consumer mobile app (‘HealthNow App’) which provides secure access to My Health Record and helps manage hospital appointments and recording of healthcare contacts. Further information about the HealthNow App is contained here: https://healthnow.io/
Please refer to the following privacy policies for other Telstra Health services, if these are relevant to you:
- Virtual Clinical Services
- National Cancer Screening Register
Importantly, by registering as a user of the HealthNow App, you acknowledge and agree that we may collect, hold and share sensitive information about you, including information about your health. Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of such information and if the information is reasonably necessary for the performance of our functions, as described below.
This policy is effective as of 20 April 2022, [HL1] although we may need to change it from time to time. If we do so, we will post the updated version on our website
https://healthnow.io/content/healthnow/privacy.html and it will apply to the personal information then held by us.
We take privacy and confidentiality very seriously. We take reasonable steps to maintain the security of your information and protect it from unauthorised use and disclosure, and to ensure that any recipients of your information will protect it in accordance with the Australian Privacy Principles.
We will not disclose or transfer to offshore recipients any of your personal information that is:
- collected by the HealthNow App; or
- contained in your My Health Record.
The kinds of information we collect and hold
The types of information we may collect might include:
- your name, date of birth, contact details (such as your email address and phone number);
- usernames or passwords used to access the HealthNow App;
- health and government-issued identifiers, such as Medicare or DVA details;
- usage information about your visit to our website and how you use the HealthNow App and any integrated products and services;
- records of your communications and interactions with us; and
- location information, when you use our location-enabled service or appointment check-in functionality.
How we collect your information
We may collect your information in a number of ways, including:
- directly from you or someone caring for you, such as where you provide information to us when you access the HealthNow App or our website, complete an application form or enter an agreement for the HealthNow App or any integrated products our services, or you contact us with a query or request or to resolve an issue you might be facing;
- from our customers and partners, such as health insurers, hospitals, primary health networks, government agencies or employers, who make the HealthNow App and its functionalities available to you;
- if applicable, from the third parties we list in the section of this policy with the heading “When we disclose your personal information”;
- information about how you use the HealthNow App or any integrated products or services; and
- real-time information about the location of your device, as permitted by you.
If you choose not to provide certain information, we may not be able to provide you with services and access to and use of the HealthNow App or any integrated products or services.
How we hold your information
If you connect to My Health Record, the HealthNow App provides you with a read-only view of your My Health Record. The interface between HealthNow and My Health Record does not enable us to view your My Health Record and we do not access, collect or store any information contained in your My Health Record. The collection and handling of any information contained in your My Health Record is governed by the My Health Records Act 2012 (Cth), and managed by the Australian Digital Health Agency ('ADHA') as the operator of the My Health Record System. For more information, please visit https://www.myhealthrecord.gov.au.
With the exception of information from your My Health Record, other information you provide may be stored by the HealthNow App, however this is often limited to your email address. Any information we do store will generally be held in electronic format, in secure storage facilities that we own and operate ourselves, or that are owned and operated by our service providers. These facilities are situated in Australia.
How we secure your information
The HealthNow App is designed with your security and privacy as our highest priority. We understand that your personal information and health details are private and sensitive information and we'll ensure it is kept that way.
Account and Password Protection
- The HealthNow App is designed so your user account is only accessible by you (or people you authorise).
- Your account is password protected.
- We enforce a strong password policy and uphold best practice standards with regard to password management, such as non-reversible hashing for storage of passwords (this is a one-way function that changes a plain text to a unique code that is irreversible).
- All personal and health information accessed or stored by the HealthNow App is always encrypted at rest and in transit.
- Our security measures include strong cryptographic standards.
- The HealthNow App is subject to ongoing security programs, including penetration testing and security vulnerability testing.
Network, Infrastructure and Hosting
- Our network and infrastructure are designed with security in mind and are hosted in Australian based data centres.
HealthNow App security
- The HealthNow App is registered on your device and accessed using your account username and password. You also have the option to enable fingerprint or face id login on compatible devices.
- Your account and data are only accessible by authorised users with their unique email address and password.
- Our HealthNow App does not store any of your information on your mobile phone.
- After a period of inactivity, your Telstra Health Account requires you to login with your email address and password (or fingerprint/face id) again as an additional means of protecting your information.
- All communication between the HealthNow App and our Telstra Health Account servers is handled over SSL secure connections.
Your system security
While we take all precautions to protect your information and your interactions with the HealthNow App, we recommend you take precautions to ensure your own devices are kept secure.
How we may use your information
We may use your information for a range of different purposes, including:
- to provide you with, and support the operation and functionality of, the HealthNow App and any integrated products and services;
- to enable you to view, store and monitor your information;
- to administer and manage the HealthNow App and any integrated products and services we provide, to charge and bill for them, and to collect any amounts owing;
- to provide, evaluate and support the HealthNow App, including health records management, secure communications and technology services;
- to provide you with customer service, including to assist you with enquiries;
- to monitor network use, quality and performance, and to operate, maintain, develop, test and upgrade our systems and infrastructure; and
- as otherwise authorised or required by law.
We may request the ability to update your phone’s calendar to allow you to create appointments through the HealthNow App, and the ability to view your phone’s calendar to ensure duplicate appointments aren’t created. We don’t otherwise collect, hold or use the data from your phone’s calendar.
While we also use some application data to gain a better understanding, through analytics programs, of how users utilise the HealthNow App and any integrated products and services, this is undertaken on an anonymised or aggregated basis only.
When we disclose personal information
We may provide the personal information of our customers and prospective customers (excluding health or sensitive information and information contained in your My Health Record) to other health professionals and also to third parties who provide services to us, including organisations and contractors that assist us with the purposes for which we use that personal information. These services include:
- customer enquiries;
- information technology and network services; and
- mailing operations.
We may also exchange personal information of our customers and prospective customers where appropriate:
- with our related entities;
- with law enforcement and national security agencies, and other government and regulatory authorities;
- with third parties who assist us to manage or develop our business and corporate strategies and functions, including our corporate risk functions; or
- for the purposes of facilitating or implementing a transfer/sale of all or part of our assets or business.
We may provide information, including sensitive and health information, about you to your usual medical practitioner and their employing or contracting organisation. This will be done subject to your consent.
Where needed we may also provide information about you in referrals to other healthcare practitioners, such as medical specialists.
From time to time, we engage third party contractors to provide support services in relation to the HealthNow App and any integrated products and services.
We take the privacy and confidentiality of customer information very seriously, and have implemented a range of measures to protect that information including, depending on the circumstances:
- strict monitoring and access controls regulating which staff can access particular information; and
- network and premises security.
Access to third-party services, including My Health Record
Connected with the HealthNow App, we may provide you with the opportunity to connect to other third party services or products. We do not endorse these third party services or products and you should review their corresponding terms and conditions and privacy policies before using any third party service or product. We accept no liability in relation to third party services or products.
My Health Record is an Australian Government initiative that is administered, controlled and governed by the Australian Government and the Australian Digital Health Agency (ADHA) and the My Health Records Act 2012 (Cth)
The HealthNow App can be used to view your health information stored in your My Health Record, provided we have your consent to do so.
There are separate Australian Government terms which govern your use of the My Health Record system which are available via https://www.my.gov.au.
If you use our location-enabled service (Contact Search) or appointment check-in functionality on the HealthNow App, we may collect and process information about your mobile device’s GPS location (including the latitude, longitude or altitude of your mobile device). We do not store this data and it is only used at the time we are providing services to you. If you wish to use this feature you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling location-services functions on your device, provided your device allows you to do this.
If you are a customer, we may also use your personal information (other than information contained in your My Health Record) so that we can promote and market our products and services that we think will be of interest to you on an ongoing basis. This will only be done with your consent.
This marketing may be direct marketing by mail, telephone or electronic message or by customising on-line content and display advertising on our websites, and may continue for a period after you cease acquiring any products or services from us.
You may opt-out of this marketing by following the steps in the marketing communication or contact us using the contact details set out in the “How to contact us” section of this statement.
We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes.
To ensure that we maintain our high standard of customer care, we may record calls to our service and we will comply with relevant legislation.
How to access or correct your information or make a privacy complaint
If you wish to access any of your information that we hold about you, or you would like to correct any errors in that information, please contact us using the “How to contact us” section of this statement, so that we can respond to your request.
You may also contact us in the same way to notify us of any privacy complaint, including if you think that we have failed to comply with the Australian Privacy Principles or any binding APP code that has been registered under the Privacy Act 1988 (Cth). While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, you may also lodge a complaint with a relevant regulator such as the Australian Information Commissioner (www.oaic.gov.au or 1300 363 992).
For any issues with the content of your My Health Record, please contact the Australian Digital Health Agency, as the Operator of that System. Details are available at www.myhealthrecord.gov.au/privacy.
How to contact us
If you have any questions in relation to this statement or our management of your personal and health information, please contact us at firstname.lastname@example.org