1. Introduction
This policy is intended to assist Avant's staff, members and other individuals to understand the purpose of Avant's collection and use of personal information. Rights of access to personal information and the procedure for lodging complaints in relation to alleged breaches of privacy by Avant are also addressed.
Avant acknowledges its responsibilities in the proper handling of personal information it collects and holds. The Privacy Act 1988 (Cth) as amended formalises Avant's existing privacy obligations to individuals whose personal information is held by Avant.
2. Collection of Personal Information
2.1 Avant will only collect information that is necessary for its functions and operation.
Avant collects personal information for the primary purpose of providing:
i. protection and assistance
ii. risk management services
iii. medico-legal and ethical advice; and
iv. education,
to its members.
To assist with this primary purpose, Avant collects and holds personal information of its members and relevant personal information arising from its members' medical practices.
Avant collects personal information from application forms, renewal forms and incident reporting forms and from other transactions involving Avant entities, including Avant Insurance Limited.
2.2 Avant will be fair in the way it collects information.
Avant collects personal information from its members for the above purposes only.
When Avant requires personal information from its members this information will be collected directly from the member or another person authorised by that member, wherever possible.
Where necessary, Avant also collects relevant personal information about the patients of its members. Avant has advised all its members to ensure they have a privacy policy in place in their practices and to display notices which inform their patients that they may from time to time pass on personal information to Avant.
3. Use and Disclosure of Personal Information
3.1 Avant will only use or disclose information for the purpose for which it was obtained.
In providing protection, assistance, risk management and education services to its members, Avant may be required to disclose personal information to third parties, including its reinsurers, solicitors, actuaries, government regulatory bodies, those involved in managing corporate risk and any organisations who manage business and corporate strategies. Information collected may be exchanged between all Avant entities.
Personal information held by Avant will only be disclosed for the purpose of providing the above services. Wherever practicable this personal information will be provided in a de-identified form.
Avant may, as permitted by the Privacy Act 1988 (Cth), disclose your personal information in an emergency, investigation of suspected criminal activity or where Avant is authorised or required by law.
Avant may from time to time provide statistical data to third parties for research purposes. Wherever practicable this information will be de-identified prior to disclosure.
4. Data Quality
4.1 Avant will take reasonable steps to ensure that information is accurate when collected, used or disclosed.
Avant will regularly update personal information to ensure as far as possible that the information it holds is accurate complete and current. Updating personal information will be considered as collection and will be undertaken in accordance with the provisions on collection as contained in Part 2 of this Policy.
5. Data Security
5.1 Avant will keep information secure.
Avant, in accordance with its Data Security and Disposal Policy, protects the personal information it holds by:
i. securing its premises to allow access to staff only;
ii. placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised access, modification and disclosure; and
iii. providing locked cabinets for the storage of physical records.
Avant has provided its staff with information and training on the National Privacy Principles, the privacy implications of the information they handle and Avant's policy on handling of information.
5.2 Avant will dispose of or de-identify any personal information it no longer requires, safely and securely.
Any information that Avant holds, relating to its members or their patients, that is no longer needed for the purposes described in Part 2 of this Policy, will be safely and securely disposed of or permanently de-identified.
6. Openness
6.1 Avant will be open about what kinds of personal information it holds and how it is used.
Avant's policy document is available to anyone who asks for a copy of it at no charge to the individual. On written request by an individual, Avant will disclose in general terms what sort of personal information it holds about the individual, why that personal information is held, how it was collected, and how it is to be used. Any such request should be directed to:
The Privacy Officer
Avant Mutual Group Limited
PO Box 746
Queen Victoria Building NSW 1230
7. Access and Correction
7.1 Avant will, wherever possible, allow access by individuals to the information it holds about them and correct that information if it is wrong.
Any access request should be made in writing, addressed to:
The Privacy Officer
Avant Mutual Group Limited
PO Box 746
Queen Victoria Building NSW 1230
No costs will be associated with this request. Avant will endeavour to respond to requests within 30 days of receipt. Should a request for access be declined, reasons for this will be provided, together with an outline of the procedure to have this decision reviewed.
7.2 Avant will, upon request, correct any information about an individual that the individual considers is not accurate, correct or up to date.
Should an individual find after accessing their personal information that the record is inaccurate in any way they should notify Avant in writing of the inaccuracy. Avant will then either correct the information if appropriate, or include the notified correction with its records.
8. Identifiers
8.1 Avant will not use any identifier assigned by a government agency.
Avant will continue to identify its members by way of member code assigned by Avant upon application and acceptance for membership. Avant will not use or disclose any Tax File Number, Social Security Number, ABN, Medicare number or other such Commonwealth identifier it may hold, except as required by law.
9. Transborder data flows
9.1 Avant will take reasonable steps to protect privacy if it sends personal information overseas.
Avant may be required to transfer personal information it holds to a foreign country. Should this be necessary Avant will endeavour to ensure that the recipient will not hold, use or disclose that information in a manner which is inconsistent with the National Privacy Principles.
10. Sensitive Information
10.1 Avant will limit the collection of sensitive information.
Wherever practicable Avant will not collect sensitive information relating to health, racial or ethnic origin, sexuality, political opinion, religious beliefs or affiliations.
From time to time Avant collects health information from its members relating to their patients. When used for the purposes set out in 2.1 above, it is not generally possible to de-identify this information. However, wherever practicable this information will be de-identified before being disclosed.
11. Breach of the National Privacy Principles and Complaints
An individual who believes that one or more of the National Privacy Principles has been breached by Avant has the right to make a complaint.
In the first instance the complaint should be in writing, directed to:
The Privacy Officer
Avant Mutual Group Limited
PO Box 746
Queen Victoria Building NSW 1230
Upon receipt of a complaint Avant will consider the complaint and attempt to resolve it in accordance with its internal privacy complaints procedure. Should an individual be dissatisfied with Avant's handling of the complaint or the outcome they may have the matter heard in accordance with Avant's external dispute resolution procedure. For further information refer to Avant's internal dispute resolution scheme.
Individuals who are dissatisfied with the outcome of the external dispute resolution procedure may ask the Federal Privacy Commissioner to make a determination in accordance with the Privacy Act 1988 (Cth).
Key Terms Defined
Avant: Avant in this policy means Avant Mutual Group Limited ABN 58 123 154 898 and its subsidiaries, including Avant Insurance Limited (Avant Insurance) ACN 003 707 471, AFSL 238765 and Professional Indemnity Insurance Company Australia Pty Ltd (PIICA) ABN 53 007 383 137, AFSL 238509.
Personal Information: This means any information or an opinion capable of identifying an individual (whether a member or third party), including the individuals name, address, contact telephone numbers, email address and claims history. Any personal information relating to patients of members and which is collected by Avant, whether collected from the members or others and for whatever purpose, will also be personal information.
Health Information: Health Information is broadly defined to include information or opinion about the health or disability of any individual or the nature of health services received or receivable by an individual.
Members: Means all health care practitioners who are members of Avant and all persons and entities who are insured with Avant Insurance or PIICA.
Sensitive Information: In addition to Health Information, sensitive information includes personal information about the political affiliation, religion, sexuality, racial or ethnic origin and any criminal record.
Collection: Collection means the gathering of personal information of any individual and includes the retention of personal information. Collection can be by accident and includes involuntary gathering of personal information.
Use and Disclosure: Use of personal information occurs when information is handled within the organisation of the person collecting the information. Disclosure is made when personal information is released outside the organisation of the person collecting the information.
Primary Purpose: Primary purpose in relation to use and disclosure depends on the nature of the business of the person or organisation collecting the information. It is the main or dominant reason for which information is collected.