Telstra Health Pty LtdPrivacy Policy

This is the privacy policyofTelstra Health Pty Ltd(ABN 38 163 077 236)and sets out how we handle personal information in accordance with the requirements of the Privacy Act and other laws that protect the privacy of individuals.

We come into contact with your personal informationin two scenarios:

  1. Where you are a contact connected with one of our actual and prospectivebusiness customers (a Customer Contact). An example of a Customer Contact is if you are a specialist, general practitioner or an employee of an organisation that acquires our services and provide us with your personal information.
  1. Where you have any other interaction with us, other than as a Customer Contact (aUser). This could be because you are a patient or client of one of our business customers that receives or uses our products or services or because you have downloaded and registered to use the HealthNow app or another product or service we make available from time to time (Telstra Health Products).
  1. How we collect and use ofpersonal information if you are a Customer Contact

This section1 applies to you if you are a Customer Contact.

The kinds of information we collect about Customer Contacts

Depending on the circumstances, we may collect and hold a range of different information about you. The types of personal information we may collect include:

  • your name, date of birth, provider number and contact details (including address, email address, mobile telephone number, landline telephone number, and fax number);
  • qualifications, occupation and speciality;
  • financial and billing information, such as bank account numbers;
  • usernames or passwords used to access our products and services;
  • usage information about your visit to our website and how you use our products and services;
  • any additional information relating to you collected through our online presence; and
  • records of your communications and interactions with us, including your remote desktop connection details when we assist you by providing you with technical support.

How we collect personal information of Customer Contacts

We may collect personal information of Customer Contactsin a number of ways, including:

  • directly from you (such as where you provide information to us when you visit our websites, complete an application form, enter an agreement for one of our services, or contact us with a query or request);
  • from our related entities;
  • from your representatives;
  • when legally authorised or required to do so;
  • from the third parties we list in section3 of this statement, “When we disclose personal information”;
  • publicly available sources of information;
  • professional registers; and
  • our records of how you use our products or services.

You may choose not to provide us with personal information, or you may be offered the option to use a pseudonym when dealing with us in certain contexts (e.g. when submitting blog posts or receiving newsletters). However, if you choose not to provide certain information about you, we may not be able to provide you with the services you require or the level of service on which we pride ourselves.

Why we collect and use personal information of Customer Contacts

We may use thepersonal information of Customer Contacts for a range of different purposes, including:

  • to provide and support our products and services, including secure communications and technology services;
  • to provide information about those products and services and provide better customer service;
  • to facilitate you and your representatives in using secure messaging addresses for sending clinical information;
  • to administer and manage the products and services we provide, to charge and bill for them, and to collect any amounts owing;
  • where appropriate, to verify your identity, registrationand accreditation, and to conduct checks for credit-worthiness or fraud;
  • to assist you with enquiries;
  • to maintain and update our record of your information;
  • to gain an understanding of your needs, to perform research and analysis, and to improve or develop our products and services;
  • to monitor network use, quality and performance,
  • to operate, maintain, develop, test and upgrade our systems and infrastructure; and
  • as authorised or required by law or under funding arrangements.

Direct Marketing

If you are a Customer Contact, we may also use your personal information (but not health information) so that we (and other Telstra group entities and affiliates) can promote and market our health related productsand services that we think will be of interest to you on an ongoing basis, unless you opt out or we are subject to legal restrictions.

Depending on the particular circumstances, we may disclose information about you to enable this type of marketing, including your name, contact details (including practice address, email address, phone number, fax number or mobile telephone number), occupation and provider number.

This marketing may be carried out in a variety of ways (including direct marketing by mail, telephone or electronic message or by customising on-line content and display advertising on our websites) and may continue for a period after you cease acquiring any products or services from us.

In order to opt-out of this type of marketing, please follow the steps outlined in one of our marketing communications or contact us using the contact details set out in the “How to contact us” section of this policy.

We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes.

  1. How we collect and use personal information if you are a User

This section2applies to you if you are a User. Importantly, you acknowledge and agree that we may collect, hold and share sensitive information about you, including information about your health. Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions, as described below.

The kinds of information we collect about Users

Depending on the circumstances, we may have access to your personal informationin the course of providing products or services to our customers, including:

  • your name, provider number, contact details (address, email address, mobile telephone number, landline telephone number and fax number);
  • demographic information about you
  • qualifications and occupation/speciality;
  • your age, sex, nationality, racial or ethnic background;
  • sexual preferences and practices;
  • health information including images and diagnostic information;
  • health identifiers;
  • usernames or passwords;
  • usage information about your visit to our website and how you use our products and services;
  • any additional information relating to you collected through our online presence;
  • financial information such as credit card or bank account numbers;
  • records of your communications and interactions with us; and
  • location information.

How we collect personal information of Users

We may collect personal information of Users in a number of ways, including:

  • directly from you or someone caring for you (such as where you provide information to us when you access a Telstra Health Productor our other websites, complete an application form or enter an agreement for one of our services, or you contact us with a query or request or to resolve an issue you might be facing);
  • from our corporate customers, such as health insurers or employers, who make the service available to you;
  • from your My Health Record;
  • when legally authorised or required to do so;
  • from the third parties we list in the section of this statement with the heading “When we disclose your personal information”;
  • through telephone call recording;
  • through customer surveys and questionnaires which may be undertaken to ensure ongoing high quality of service;
  • from publicly available sources of information;
  • our records of how you use our products or services; and
  • via automatic data collection, such as your device location information. Some of our applications collect real-time information about the location of your device, as permitted by you.

You may choose not to provide us with personal information, or you may be offered the option to use a pseudonym when dealing with us in certain contexts. However, if you choose not to provide certain information about you, we may not be able to provide you with the services you require or the level of service on which we pride ourselves.

Why we collect and use personal information of Users

We access and handle personal information about Users:

  • to provide and support our products and services to our customers, including medical services and secure communications andwhere our customers submit your personal information into the products and services that we provide them for the purposes of processing, transmission or storage;
  • to enable you to monitor your information;
  • to administer and manage the products and services we provide, to charge and bill for them, and to collect any amounts owing;
  • where appropriate, to verify your identity or to conduct appropriate checks for creditworthiness or fraud;
  • to provide, evaluate and support our products and services, including health records management, secure communications and technology services;
  • to help develop complementary or related products or services that you may elect to utilise;
  • to provide information about those products and services and provide better customer service;
  • to maintain and update our record of your information;
  • to assist you with enquiries;
  • to work with our service providers;
  • to gain an understanding of your needs, to perform research and analysis and to improve or develop our products and services, including by us contacting you 6-12 months after you first use the Telstra Health Account (and periodically thereafter) to obtain your feedback on the Telstra Health Account);
  • to monitor network use, quality and performance, and to operate, maintain, develop, test and upgrade our systems and infrastructure;
  • to allow you to receive the benefit of services and products offered by third parties; and
  • as authorised or required by law.

We generally only access such information incidentally when providing technical support to our customers. We may also use de-identified information about you including to provide reports to our customers for benchmarking and other purposes that allow them to improve their services to you.

We do not use that information to send unsolicited direct marketing to patients and clients of our customers.

Direct Marketing

If you are an actual or potentialUser, we may also use your personal information so that we can promote and market our products, and services that we think will be of interest to you on an ongoing basis. This will only be done with your consent.

This marketing may be carried out in a variety of ways (including by direct marketing by mail, telephone or electronic message or by customising on-line content and display advertising on our websites) and may continue for a period after you cease acquiring any products or services from us.

We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes.

You may opt-out of this type of marketing by following the steps in the marketing communication or contact us using the contact details set out in the “How to contact us” section of this statement.

We do not sell or otherwise provide personal information to unrelated third parties for their direct marketing purposes.

  1. How we disclose personal information

We may provide the personal information of Customer Contacts to third parties who provide services to us, including organisations and contractors that assist us in connection with the purposes for which we use that personal information. These services include:

  • customer enquiries;
  • installation, maintenance and repair services;
  • information technology and network services;
  • mailing and delivery operations;
  • obtaining advice, including from legal, accounting, and business consultants;
  • data processing or data analysis services;
  • billing and debt-recovery functions;
  • market research; and
  • marketing and telemarketing services.

In the course of providing these services to us, some third parties may also receive or have access to personal information of Users. Whenever a third party service provider receives or has access to personal information of Customer Contacts or Users, we contractually oblige them to protect the confidentiality and privacy of such information.

We may provide personal information ofCustomer Contacts and Users to collaborating research partners for the purpose of research and analysis to assist us in assessing and improving our products and services. This will be done with your consent unless the information is provided in a way that does not personally identify you.

We may provide the personal information of Users (excluding health or sensitive information) to other health professionals and also to third parties who provide services to us, including organisations and contractors that assist us with the purposes for which we use that personal information. These services include:

  • customer enquiries;
  • information technology and network services;
  • mailing operations; and
  • billing and debt-recovery functions.

If you are a User, we may provide information, including sensitive and health information, about you to your usual medical practitioner. This will be done subject to your consent. Where needed we may also provide information about you in referrals to other healthcare practitioners, such as medical specialists.

We may also share the personal information of Customer Contacts and Users:

  • with the National Health Service Directory (NHSD) (see the NHSD privacy policy at and with third parties that provide services to and assist in the management of the NHSD;
  • with our related entities;
  • with third party vendors;
  • with law enforcement and national security agencies, and other government and regulatory authorities;
  • with third parties who assist us to manage or develop our business and corporate strategies and functions, including our corporate risk or funding functions; and
  • for the purposes of facilitating or implementing a transfer/sale of all or part of our assets or business.

We do not disclose the personal information of Customer Contacts or User to entities outside of Australia without first obtaining your consent.

  1. Storage and security of personal information

We may store personal information in hard copy or electronic format, in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers. These are situated in Australia.

We take the privacy and confidentiality of personal information very seriously, and we take reasonable steps to maintain the security of personal information and to protect it from unauthorised use and disclosure. We have implemented a range of measures to protect that information including, depending on the circumstances:

  • allowing our business customers to retain their data on their own systems for certain products;
  • employing facilities that allow encrypted secure messaging of sensitive data;
  • monitoring and access controls regulating which of our and your representatives can access particular information; and
  • network and premises security.

Information for Users

Users should know that Telstra Health Products are designed with your security and privacy as our highest priority. Telstra understands that your personal information and health details are private and sensitive information and we do our best to ensure it is kept that way including by:

  • designing Telstra Health Products so any user account is only accessible by you (or in certain circumstances, people you authorise);
  • requiring that your account is password protected; and
  • enforcing a strong password policy and non-reversible hashing for storage of passwords.

All data containing any personally identifiable or health information accessed or stored by a Telstra Health Products is always encrypted at rest and in transit.Our security implementation includes strong cryptographic standards (such as TLS 1.2, AES128/AES256 encryption, and SHA512 hashing). Telstra Health Products are subject to various ongoing security programs. For some products, this includes penetration testing and daily security vulnerability testing. Our network and infrastructure is designed with security in mind and is hosted in Australian based data centres.Our hosting service is certified by the Australian Signals Directorate - part of the Australian Government's Department of Defence and meets industry standards (such as ISO27001) for physical security and availability.

If you are submitting information or images over the internet or by email, you should be aware that the internet and email are not always secure, so care should be taken when sending content of this nature. You must be very careful only to send images required for medical consultations and follow the instructions provided by us carefully in transmitting the image to avoid the risk of accidentally transferring the images to the wrong place.You must be very careful to:

  • only transmit appropriate images and in accordance with our instructions;
  • ensure that, where possible, the images do not identify you, by showing your face, physical marking or tattoos;
  • only send images required for your medical consultation; and
  • carefully follow the instructions provided when you use a specific Telstra Health Product when transmitting the image, to avoid the risk of accidentally transferring the images to the wrong place.

If you send information from a system provided by your workplace, you should also be aware of any policies that allow your employer to view your emails and attached documents and images

As a User using our products and services, you might have the option of allowing a third party (such as a friend or family member) to join, for example, a video conference between you and a medical practitioner. If you choose to do so, you acknowledge and agree that the third party will have access to your personal information and health information.

HealthNow app security

The HealthNow app is registered on your device and accessed using your Telstra Health Account username and password. You also have the option to enable fingerprint login on compatible devices.

Data is only accessible by authorised users with their unique username and password.