This Privacy Policy outlines the manner in which Clinic Online ("we", "our", or "us") collects, uses, maintains, and discloses personal information obtained from users ("you" or "your") of our telehealth services.

1. Personal Information Collection

We may collect personal information from you when you register for our telehealth services or interact with our platform. Personal information may include but is not limited to:

• Name
• Contact Information (e.g., email address, phone number)
• Date of Birth
• Gender
• Medicare Number under the Human Services (Medicare) Act 1973
• Medical History
• Next of Kin
• Payment Details

We collect personal information in accordance with applicable Australian laws, including:

• Privacy Act 1988 (Cth)
• National Health Act 1953 (Cth)
• Personally Controlled Electronic Health Records Act 2012 (Cth)

2. Use of Personal Information

We utilize personal information for purposes related to our telehealth services and platform, including:

• Providing, administering, and improving telehealth services
• Facilitating consultations between patients and independent healthcare professionals
• Issuing medical certificates, prescriptions, referrals, pathology and radiology requests
• Contacting you regarding appointments or service updates
• Processing payments and refunds
• Verifying your identity
• Recruiting, training, and managing staff and healthcare professionals
• Conducting quality assurance and service improvement activities
• Meeting legal and regulatory obligations
• Preventing fraud and protecting lawful interests

Consult notes and medical records are accessible to authorised healthcare practitioners and approved personnel for continuity of care.

We may provide marketing communications unless you opt out. We do not use health information for direct marketing purposes.

We retain and process personal information only for as long as necessary for these purposes and in accordance with applicable laws.

3. Disclosure of Personal Information

Your personal information may be disclosed to:

• Healthcare providers involved in your care
• Third-party service providers supporting our platform
• Accreditation bodies and IT providers
• Medicare, insurers, and funding bodies for billing
• Legal authorities where required by law
• Emergency services where necessary to prevent serious harm
• National digital health systems (e.g., My Health Record, where applicable)
• Other professional service providers (e.g., legal, accounting, auditing, cloud services)

We only disclose information where necessary and ensure appropriate safeguards are in place.

4. Data Storage, Security and Encryption

Data Storage Location

Your personal and health information is securely stored on servers located in Australia via Amazon Web Services (AWS Australia). We take reasonable steps to ensure that data is not transferred outside Australia unless permitted by law.

Regulatory Alignment

Our systems and practices are designed to align with applicable standards and guidance from the Australian Digital Health Agency (ADHA), including secure handling of health information and interoperability with national digital health infrastructure where applicable.

Security Measures & Encryption

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit using TLS 1.2+
• Encryption of data at rest using AES-256 or equivalent standards
• Role-based access controls and authentication safeguards
• Secure data storage environments compliant with Australian privacy requirements
• Regular monitoring and security reviews

Despite these measures, no system is completely secure, and we cannot guarantee absolute security.

5. Accessing and Updating Personal Information

You may access and update your personal information through your Clinic Online account.

If you require assistance or wish to access additional information we hold about you, please contact us.

You may also request correction or deletion of your personal information in accordance with Section 6 below.

6. Data Retention and Deletion

Data Retention

We retain personal and health information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy and to comply with legal obligations.

• Health records are retained for a minimum of 7 years from the date of last entry
• For patients under 18, records may be retained until age 25
• Account and non-health data are retained while your account is active and for a reasonable period thereafter

Data Deletion

You have the right to request deletion of your personal information.

• To request deletion, you may contact us at: support@cliniconline.com.au
• We will respond within a reasonable timeframe (typically within 30 days)
• Where permitted, we will delete or de-identify your data

Important: Due to healthcare regulations, we may be legally required to retain certain health records. In such cases:

• Data will be securely stored
• Access will be restricted
• Data will not be actively used beyond compliance requirements

7. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on our website and will apply to all personal information held by us at the time.

8. Contact Us

If you have any questions or concerns regarding our Privacy Policy or the handling of your personal information, please contact us by email at support@cliniconline.com.au or by phone on 1300 077 786

This Privacy Policy was last updated on 20/03/2024