About us

Medx is a Joint Venture between Integral Diagnostics Limited (Australia) (www.integraldiagnostics.com.au) and Medica Group PLC (UK) (www.medica.co.uk). Where we share personal data with our parent entities, they may process personal data in a similar way to us under this Privacy Policy (policy). Medx provides teleradiology services, enabling health providers and patients to access radiologists and reporting services across a range of time zones.

The point of contact regarding any queries regarding this policy is the Privacy Officer by email to privacy@medxradiology.com or by writing to The Privacy Officer, Suite 9.02, Level 9, 45 William Street, Melbourne, Victoria, 3000, Australia.

What personal data do we collect?

In order to provide patients with adequate health care services, we need to process personal data. It is important to be aware that if we receive incomplete or inaccurate data, we may not be able to provide our services as requested.

The types of personal data we collect may include but is not limited to current (and sometimes historical) data about:

  • Name
    • Gender
    • Date of birth
    • Contact details including phone number, address, and email address
    • Emergency contacts and next of kin
    • Payment-related information including credit card details, banking details, Medicare number, concession card numbers, Veterans Affairs details, and pension numbers
    • Communications and interactions with us
    • Relevant feedback, complaints, and claims.

Additionally, in relation to patients:

  • Requesting practitioner details
  • Results copy recipients
  • Insurance details including private health fund details and Workcover claim details
  • Healthcare identifiers
  • Medical history and other health data including but not limited to; imaging history, test results, medical conditions, treatments, allergies, pacemaker use, claustrophobia, implants, medications, and use of health services
  • Where relevant, family history and lifestyle data, which may include data about your work, relationships, religion, beliefs, ethnic background, sexual preference/activity, and genetic information
  • Preferences in respect of health services.

Additionally, in relation to job applicants and staff:

  • Qualifications, skills, experience, and character
  • Screening checks (including health, reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks).
  • Performance, conduct, use of our IT and communications resources, payroll matters and training.

Additionally, in relation to other healthcare providers:

  • Healthcare identifiers
  • Referral trends
  • IT system details.

Collection of personal data

Personal data will in some circumstances be collected directly from you, for example via patient forms, over the phone or from face-to-face consultation.

In other instances, we may collect personal data about a patient from a third-party source. This may include but is not limited to:

  • relatives and personal representatives
  • other health service providers such as general practitioners, specialists, hospitals, day clinics and other medical imaging practices, and
  • the patient’s electronic health record, in accordance with any applicable laws (e.g. the My Health Records Act in Australia).

We may also collect personal data from the parties to whom we disclose personal data as described below.

The circumstances in which we may collect personal data from a third-party source include where the patient has provided consent, where it is not reasonable or practical to collect the data directly and where otherwise permitted by law. This may include where the patient’s health is potentially at risk and their personal data is needed to provide them with emergency medical treatment.

What we do with personal data

Personal data is important to our ability to provide health services. For example, we may need to process your personal data for the purpose of:

  • making an assessment of your health status
  • providing a diagnostic imaging report about your health
  • working with and referrals involving other healthcare providers in connection with your medical care, including medical practitioners, nurses, allied health professionals, pathology services, other radiology services, physiotherapists and outpatient or community health services.

We may also process personal data for other purposes including:

  • sending out appointment reminders
  • invoicing, billing, account management and debt recovery
  • verifying your identity and personal data
  • maintaining and updating our records
  • other administration, management, quality control and improvement of our services and operations including accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training
  • medico-legal matters including medical indemnity insurance
  • conducting research in accordance with privacy requirements (which may involve, for example, consent, de-identification or ethics committee approvals)
  • recruiting and managing our staff, including considering job applicants for alternative and subsequent positions
  • facilitating acquisitions and potential acquisitions of our business, and
  • with your consent or where otherwise required or authorised by law.

Under the data protection laws in the UK and European Economic Area, and laws of other jurisdictions which are similar in this regard, we must identify which of the permitted lawful bases we rely on for processing personal data. Those lawful bases are one or more of:

  • your consent – note you can withdraw your consent under these laws; you can contact us as set out above with your request
  • we have a contractual obligation
  • we have a legal obligation
  • we have a vital interest
  • we need it to perform a public task, and
  • we have a legitimate interest, e.g. to protect and defend our legal rights, ensure our services run smoothly, respond to any of your questions, feedback, claims or disputes and to fulfil the other purposes described above.

We are subject to many laws in providing our services, and sometimes we may process personal data as required or authorised by or under those laws. In Australia, this may include the Privacy Act itself, as well as the Health Insurance Act, the Health Insurance (Diagnostic Imaging Accreditation) Instrument, the My Health Records Act, the Healthcare Identifiers Act and the National Health Act, and for staff the Fair Work Act, Superannuation Guarantee (Administration) Act, the Income Tax Assessment Act and other tax laws, Corporations Act, occupational health and safety acts and workers compensation acts. We may also need to respond to subpoenas and comply with mandatory reporting obligations to government authorities (e.g. where we suspect a patient is at risk of serious harm).

How we share personal data

In addition to healthcare providers as described above, we may provide your personal data to other third parties. These third parties may include:

  • parent(s) – (if the patient is under the age of 18)
  • guardians
  • a person exercising a patient’s power of attorney under an enduring power of attorney
  • insurers including private health funds
  • government agencies such as public health insurance bodies, workers’ compensation authorities, health departments and veteran’s affairs departments, as appropriate
  • community and government cancer and disease screening programs (e.g. breast screening services)
  • health safety and quality bodies and patient ombudsmen services
  • our service providers including providers of archival, auditing, accounting, legal, banking, payment, debt collection, delivery, data processing, data analysis, document management, data broking, research, investigation, insurance, website, and technology services.

Additionally, in relation to job applicants and staff:

  • academic institutions
  • referees
  • screening check providers (including law enforcement agencies)
  • professional and trade associations
  • your current, previous and prospective employers
  • providers of payroll, superannuation, staff benefits, surveillance and training services.

As Medx is designed to provide services internationally, the third parties described above may be located in various countries and regions including Australia, New Zealand, the United Kingdom, Europe, Africa, Asia, UAE and other countries. We may also process personal data in those countries and regions. We will comply with all applicable legal requirements for transfers of personal data to recipients in different countries. The ways we do this may include:

  • transferring to approved countries under the relevant law (e.g. under EU law, countries assess by the EU as providing adequate safeguards)
  • using agreements with recipient that meet the requirements of the applicable (including any standard clauses required)
  • obtaining your consent, and
  • transferring in your interest, to conclude or perform a contract with a third party.

How do we look after personal data

We endeavour to store and retain a patient’s personal data securely either using our own facilities or with the assistance of our service providers. This includes:

  • in paper-based form and other hard copy documents located securely within the practice and at secure storage facilities; and
  • in electronic records in a secure environment.

We may retain your personal data for the period that is necessary according to the purpose it was originally collected for, or to fulfil the purposes outline in this policy, or to meet legislative or regulatory obligations, such as health records requirements.

After it is determined that your personal data has reached the end of its retention period, we will either delete or anonymise that data or, if this is not possible then we will securely store your data and isolate it from any further use until deletion is possible.

What are your data protection rights?

Your data protection rights may vary depending on the law that applies in the circumstances, and any applicable exceptions. However, we welcome any request from you in relation to the potential rights listed below and may be able to assist even where we are not legally required to do so. If we are unable to meet your request, we will let you know our reasons.

The types of data protection rights available may include the following:

  • Access – Seeking to view or receive copies of your personal data.
  • Correction/rectification – Updating of inaccurate or incomplete personal data. Where we decide not to make a requested correction to your personal data and you disagree, you may ask us to make a note of your requested correction with the data.
  • Erasure.
  • Restriction of processing.
  • Objection to processing – e.g. if you believe our data processing activities prejudice you in any way.
  • Data portability – Transfer of your personal data to another organisation, or to you.

You can contact us as set out above to make a request access in respect of any of these rights. Please provide as much detail as you can about the particular personal data your request relates to, as this can assist with our response.

We will respond within a reasonable period of time (including within any time required by applicable law) and may need to verify your identity.

We may charge reasonable expenses in supplying requested data, subject to applicable legal requirements.

In certain circumstances, for example if we only hold your personal data because we are providing services to another health provider, it may be more appropriate for you to exercise these rights in respect of the other provider rather than Medx, in which case we will advise you to do so if you contact us in the first instance.

Should you wish to make a complaint about how we have treated your personal data or privacy generally, please contact us as set out above.

Your complaint will be investigated, and a response will be sent to you as quickly as possible. We will endeavour to respond to you promptly, generally within 14 days. We may request additional details from you about your complaint and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your complaint and any resolution.

If you are dissatisfied with the response provided, you can refer the matter to the applicable privacy or data protection authority, for example:

Our website

If you use our website to read, browse or download data, our system may record data such as the date and time of your interaction, the pages accessed, and any data downloaded. This data is processed for statistical, reporting and website administration and maintenance purposes.

Like many other websites, our websites may use ‘cookies’ from time to time. A cookie is a piece of data that allows our system to identify and interact more effectively with your browser. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our websites may not have full functionality in that case.

Our websites may use Google services such as Google analytics from time to time. For more about how Google collects and processes data, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/.

Our websites may contain links to other sites. We are not responsible for the privacy practices or policies of those sites.

Please be aware that there are inherent risks in transmitting data across the internet and we cannot guarantee the security of data sent to us online. If you are concerned about sending data of a sensitive nature to us online, you may prefer to contact us by telephone or mail.

Changes to our privacy policy

We may modify or amend this policy at any time and for any reason, including to address any legislative change. Any material changes to this policy will be posted prior to their implementation.

Updates to this policy will be published on our website (www.medxradiology.com) for our patients and staff.

 

Last updated: June 2022

MED-IDX PTY Limited ACN 646 707 244