We only collect personal information that is reasonably necessary to provide you with the services you have elected to receive. This includes information such as your name, contact details, gender and marital status and basic medical information (allergies, medications and emergency contact details).
When you use the HealthEngine platform, we also collect some technical information such as IP addresses, login data and cookies to provide you with an optimal experience.
We use your personal information for the primary purpose for which it was collected, to provide the services you have elected to receive.
We may also use your personal information for secondary purposes, such as where:
You have provided your express consent for us to do so
It might reasonably expected for us to do so, for example, auditing or using de-identified and aggregated personal information to identify insights into the Australian health care sector.
It is required or authorised by law or court order.
When you book an appointment on HealthEngine while logged into your account, you can see which practices your information is sent to and when, via your Data & Privacy settings in your account.
You can be assured that everyone at HealthEngine is committed to protecting and respecting your privacy.
HealthEngine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements.
When providing its services, HealthEngine minimises the amount of data transmitted between our servers and a healthcare provider’s practice management software (PMS). Data is always transmitted using Transport Level Security on an as-needed basis. Sensitive data is encrypted at rest, within the database.
HealthEngine does not sell user databases to third parties, please refer to “How does HealthEngine use my data” for more information.
HealthEngine has access to My Health Record as a View Only Portal operator, the lowest level of access to MHR as possible. Accordingly, HealthEngine is permitted to operate an electronic interface that facilitates access to the system and cannot view, copy, store or record any data. HealthEngine does not have any arrangement or agreement in place in which HealthEngine provides user data to My Health Record.
A user who wishes to have their account and personal information deleted must send a request to the HealthEngine Privacy Officer at firstname.lastname@example.org. The user must provide certain details to confirm their identity.
Once we have verified that the identity of the individual, we will then action the request.