This Policy describes how Precedence Health Care Pty Ltd (Precedence), and any company which it owns or controls, manages personal information for which it is responsible, specifically personal information which is accessible via the Inca platform, including the MediTracker mobile app.
Kind of Personal Information Collected by Precedence
Precedence’s Integrated Care Platform, Inca, is a cloud-based network of digital health and wellness services, including MediTracker mobile application services. A description of the Inca platform is set out on the Precedence website, precedencehealthcare.com/inca
Personal information which may be accessible via Inca embraces:
- contact details and other registration information provided by medical practitioners and other healthcare providers;
- medical histories and contact details of patients; and
- contact details for guardians and carers of some patients.
Personal information provided by Inca users is stored in a secure database and managed by Precedence. This information may be sourced in a number of ways. The information may be provided by:
- a medical practitioner or other healthcare provider registered in Inca, or someone acting on their behalf; or
- directly by the patient, or a guardian acting on the patient's behalf.
Precedence cannot verify and does not take responsibility for identifying persons entering information into Inca, nor can it verify or take responsibility for the accuracy of such information. Inca is a tool, or intermediary, enabling patient information to be accessed by the patient and to be shared between medical practitioners and other healthcare providers. It is necessarily dependent upon the quality and integrity of input. Users are required to acknowledge this feature at the time of registration.
Personal information stored in the Inca database is handled by Precedence in accordance with the requirements of the Privacy Act 1988(Cth), the Health Records Act 2001(Vic) and any other privacy, data protection or medical records legislation which may be applicable in particular circumstances.
Personal information is collected from medical practitioners and other healthcare providers when they register to use the service.
A patient is required to provide informed consent for the collection and sharing of their health information and for the creation and electronic storage of their record in Inca. This is a verbal consent given to the healthcare provider and recorded electronically in Inca. In addition, consent is requested (but not required) for the use of de-identified data for the purposes of conducting research and assisting in the management of health services.
The following additional information is available from the Precedence website:
- Inca Privacy FAQ: precedencehealthcare.com/privacyfaq
- Informed Consent: How Inca Collects and Shares Health Information: precedencehealthcare.com/informedconsent
All information in the Inca database is protected by logical, physical and operational security measures of high commercial standard and the data storage facility is professionally managed.
Precedence has implemented appropriate technology and security policies, rules and other measures to protect personal information in the database from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss.
Account information is located on a secured server in an accredited Australian facility behind a firewall. When sensitive information is entered, it is encrypted using Secure Socket Layer (SSL) technology.
Precedence's security policy and practices are regularly reviewed and updated. They are subject to audit procedures by suitably qualified external organisations.
Where it is lawful and practicable to do so, individuals may remain anonymous or use a pseudonym, but Precedence cannot accept responsibility for any loss or damage suffered by the individual as a consequence.
The Inca platform uses per-session cookies to identify a user's browser during the time that the user is logged into Inca. By temporarily storing this cookie on the user's computer, Precedence avoids having to re-authenticate the user on every secure page each time the user visits the Inca site. The cookie is deleted when the user logs out of Inca and does not contain any personally identifiable information. If a user's browser is set to disallow per-session cookies, or if the user rejects the cookie, it will not be possible to use the relevant websites.
Although it is intended that all information entered into Inca will be retained in the Inca database for at least as long as is minimally required for healthcare purposes, there may be unforeseen or unanticipated occasions when this may not occur. For example, there may be a technical reason the data is not saved, such as internet connectivity failure prior to saving. Users are encouraged to review their data inputs to confirm that the information has been properly saved in the database for future retrieval.
Purpose of Collection
Information held in the Inca database is used only for the following purposes:
- to generate care management plans and team care plans, to track a patient's care against these plans, and to help the patient adhere to these plans by sending them reminders and alerts when considered appropriate;
- to enable the sharing of a patient's health information with other members of the patient's care team, as approved by their medical practitioner or other healthcare provider;
- to enable the sharing of a patient's health information with some hospitals and emergency services for the purpose of providing appropriate health services to the patient;
- to enable a patient to have direct access to their health records;
- to create aggregated data about groups of Inca members in order to analyse usage trends and improve the Inca platform. Aggregated data is non-identifiable information about a number of users or groups which informs Precedence about the usage of the Inca platform in general for the purpose of designing and implementing future enhancements and efficiencies in the service;
- to analyse de-identified data for the purpose of conducting research and assisting in the management of health services generally, whether by Precedence or a third party.
A patient's personal information will only be disclosed to their registered medical practitioner, other healthcare provider or to the individual patient, unless disclosure to someone else is mandated and in compliance with the Australian Privacy Principles including, for example, if:
- the disclosure is for a secondary purpose which is directly related to the primary purpose of collection;
- the disclosure is required or authorised under an Australian law or court order; or
- the disclosure is necessary to prevent the death or serious injury of any individual.
A guardian's or carer’s personal information will only be disclosed to a person other than the patient's care team, if such disclosure is required or authorised by law.
A healthcare provider's personal information will only be disclosed to a person other than the patient's other healthcare providers where such disclosure is required or authorised by law.
In all other cases, the disclosure of personal information to a third party requires the individual's written and informed consent.
Access and Correction
Individuals may access their personal health information in the Inca database at any time, subject to the exercise by Precedence of its statutory right to refuse access in certain circumstances.
Registered users can obtain access by login into the system via the Inca website. Alternatively, individuals can contact the Precedence Privacy Officer at the contact numbers below. Subject to adequate identification of an individual making a request, that individual will be provided with a copy of the information sought.
An individual may, at any time, manually correct, update or delete any personal information contained in the Inca database. However, there may be some personal health information about a patient that can only be changed or updated by the healthcare professional who created it.
An account may be de-activated at any time by contacting Precedence. If a patient de-activates their account, their health record will no longer be accessible to the patient, their carer/s or any healthcare providers.
If Precedence discovers any misuse or unauthorised handling of personal information held in the Inca database, any individuals who are potentially affected will be notified and Precedence will take immediate steps to contain the problem and prevent further occurrences.
Offshore Disclosure of Personal Information
De-identified data may be shared with international collaborators for quality improvement and research purposes for ethically approved studies.
An individual who believes that Precedence is in breach of the Australian Privacy Principles may contact the Precedence Privacy Officer on (03) 9023 0800 or send an email to email@example.com.
Alternatively, an individual can contact (as appropriate) the Privacy Commissioner or Health Services Commissioner in their local area.
Privacy Questions or Concerns About Inca
For privacy questions or concerns about Inca please contact the Precedence Health Care Privacy Officer on (03) 9023 0800 or send email to firstname.lastname@example.org.
Updated 11 June 2019