This policy explains how we manage any personal information which we collect, hold, use and disclose. It also explains how to contact us if you have any further queries about our management of your personal information.
This policy applies to you, and only to the extent of your personal information collected and handled by us that is subject to the Privacy Act.
Under the Privacy Act 1988 the Privacy Amendment (Notifiable Data Breaches) Bill 2016 introduced mandatory data breach notification laws requiring incidents to be reported to the Office of the Australian Information Commissioner and affected parties.
1 Policy reviewed and approved by the Board 26/09/2019
Review and Approval
This Data Breach Response Plan was last reviewed and adopted by the Board at the 26 September 2019 meeting. This plan is subject to a bi-annual review, or as required in the event of a breach or material changes to:
- Privacy Laws.
- Computer hardware and software.
- Third party IT providers who access CDH information.
TABLE OF CONTENTS
- Introduction 4
- What is personal and sensitive information? 5
- What kind of information do we collect? 5
- How do we collect your personal information? 6
- How do we hold your personal information? 6
- For what purposes do we collect, hold and use your information 6
- Who do we disclose your information to? 7
- What if you don’t want to give us your personal information? 7
- Marketing 8
- Are we likely to disclose your information to overseas recipients? 8
- Contact us about your personal information 9
Hunter Health Insurance (HHI, the Fund) has been proudly operating as a not-for-profit health fund since 1952. As a member owned private health insurer, we strive to offer the best quality cover and service to our members.
It’s up to you who you share your personal information with, and we are committed to protecting your privacy.
It’s our job to keep your private personal information safe and we’re 100% committed to the Privacy Act and Australian Privacy Principles.
We only collect information that we need to give you access to health services, and we don’t collect personal information unless we ask you first. We protect your personal details and we’ll only share your information if it’s needed to provide our services.
At HHI we are very careful with the way we collect, use, store and share personal information about our members and other partners associated with our business such as health providers.
The law (Privacy Act 1988) has set out some important principles about how we manage personal information and we have included them in our everyday processes, and the way we communicate with our members.
- Never collect your personal information unless we ask for it first.
- Always tell you why we need this information i.e. claims processing, billing purposes, updating new products, legal reasons.
- Only share personal information to organisations that have strict privacy policies in place and for the purposes of carrying out our business i.e. ATO, banks, superannuation companies, other service providers.
- Have the most up to date information technology to make sure your personal information is secure.
- Let you know how to contact us if you have any concerns about us not following this policy.
2 What is personal and sensitive information?
Personal information is any information or any opinion (regardless of its accuracy or form) about you from which your identity is reasonably identifiable. It includes your name, age, gender and contact details, as well as your health information (which is also sensitive information for the purposes of the Privacy Act). In this policy, a reference to personal information includes sensitive information.
3 What kind of information do we collect?
Hunter Health Insurance can only collect personal information about you which is reasonably necessary for our functions or activities and can vary depending on the type of relationship you have with us.
The type of personal information which we collect and hold can include, but is not limited to:
- Your name.
- Your age and date of birth.
- Contact details such as your (and any other member(s) on your policy) phone number, residential address, mailing address and email address.
- Government related identifiers such as your Medicare number.
- Financial information such as your bank or credit card details (either directly or through third party payment processors).
- Historical information such as your insurance claims history.
- Call recordings and notes taken during conversations and interactions between you and the Fund.
- Details of products and services we have provided to you and/or that you have enquired about, and our response to you.
- Your browser session and geo-location date, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour.
- Information about your access and use of our Site, including through the use of internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
- Additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information.
Any other personal information requested by us and/or provided by you or a third party.
4 How do we collect your personal information?
Hunter Health Insurance only collects personal information about you in the manner permitted by the Privacy Act.
We may collect your personal information from you in a number of ways including in person, by phone, through our website or by email.
We may also collect your personal and sensitive information from:
- Other members listed on your policy, or other persons who have been granted the authority to provide information on your behalf.
- Third parties, such as from hospitals and health service providers.
- Organisations engaged by us to carry out functions on our behalf such as claims administration.
- Another health fund, if you are looking to transfer your membership.
5 How do we hold your personal information?
When holding your personal information, we are required by the Privacy Act to take reasonable steps:
- To ensure that your personal information that we collect, hold, use and disclose is accurate, complete and up to date.
- To protect your personal information from misuse, interference and loss, as well as from unauthorised access, modification or disclosure.
- To destroy or permanently de-identify your personal information if we no longer require that information for any purpose that is permitted by the Privacy Act.
6 For what purposes do we collect, hold and use your information
We collect, hold and use your personal information for the following purposes:
- To provide our products and services including private health insurance.
- To perform the functions and activities related to our business such as processing your claims and paying your benefits.
- In order to comply with any legislative and regulatory provisions.
- To assist members to comply with their taxation obligations.
- To investigate and resolve complaints.
- Marketing initiatives.
- To maintain, manage and develop operational processes and systems.
- To develop health insurance products.
- Analyse, investigate and prevent suspected fraudulent activities.
- To provide information to agents, service providers and external advisors, to deliver products and services to you.
- To manage our relationship with you including by contacting you about products or services, news or community events which we think may be of interest to you.
7 Who do we disclose your information to?
In order to carry out the above mentioned purposes, we may disclose your personal information to the following persons or organisation including, but not limited to:
- Health service advisors.
- Our professional advisors.
- Other persons covered by your membership, where they have been given authority from you.
- Payment system processors.
- System and technology operation partners.
- Government agencies.
- Regulatory bodies.
- Third parties with whom we have retained to improved membership and offerings.
- Other health funds, service providers or third parties who assist in the detection and investigation of fraud.
- Your employer if you have a corporate arrangement with us.
- Other parties to whom we are authorised or required by law to disclose information.
We may also disclose your personal information to the organisations, such as health service providers, from whom we collect your information.
8 What if you don’t want to give us your personal information?
You’re not required to give us your personal information. However, we may not be able to provide you with the products or services that you request of us. For example, it is a legislative requirement that all Private Health Insurance memberships hold a current residential address.
When you contact us, you generally have the right not to identify yourself, where it is lawful and practical for us to allow it. However, in not providing us with your personal identifying information we may not be able to assist you or aid in answering your query.
Hunter Health Insurance may use your personal information for marketing initiatives (including social media and Google) for the purpose of providing you with updates about products and services. This may include the products and services of affiliated third parties.
We may use your personal information to contact you (including by phone, text message or email) about products or services which we think may be of interest to you. This may include our own, our related body corporate or a third-party products or services.
In particular, we may contact you about products and services we think may be of interest to you after you cease to hold a private health insurance policy with us. For example, we might contact you about renewing your old policy or taking out a new policy.
How can you opt-out of receiving marketing material?
You may opt-out of receiving marketing information from us by:
02 4990 1385
10 Are we likely to disclose your information to overseas recipients?
No, we are not likely to transfer your personal information to overseas recipients. However, there may be occasions where we are required to do so in order to provide you with our products or services or manage our relationship with you. If we transfer your personal information outside Australia, we will comply with the requirements of the Privacy Act which relate to trans-border data flows.
11 Contact us about your personal information
We will give you access to your personal information if practicable and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
We may refuse you access to, or we may refuse to correct, your personal information in certain circumstances permitted by the Privacy Act. In such a case, we will provide you with written notice of the reasons for our decision. We do not charge a fee to give you access to your personal information. However, we reserve the right to do so depending on the nature and extent of your request.
If you wish to contact Hunter Health Insurance to access your personal information, to seek to correct it, or to make a complaint about privacy, you can:
PO Box 183
CESSNOCK NSW 2325
For independent advice about privacy issues, the Office of Australian Information Commissioner can be contacted by:
Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001