PRIVACY POLICY STATEMENT

1.0 PURPOSE

The purpose of this document is to outline the HAMB Systems Limited Policy in relation to Privacy
 

2.0 SCOPE

This policy has application to all employees working with HAMB Systems Limited.
 

3.0 POLICY

HAMB Systems Limited has a privacy policy in place that ensures compliance with the Privacy Act and the National Privacy Principles.  The Privacy Policy Statement is published below and is also noted on the HAMB Systems Limited web site at www.hambs.com.au.
 
HAMB Systems Limited's Privacy Commitment
 
Hamb Systems Limited ('HSL') is committed to the protection of individuals' personal and sensitive information in accordance with the NPPs.
 
This Privacy Policy Statement ('Policy') is prepared in accordance with the National Privacy Principles ('NPPs') prescribed in the Commonwealth Privacy Act 1988 ('Act').  The NPPs set out minimum standards for the way in which organisations deal with individuals' personal information and sensitive information. Under the Act, personal information includes information from which an individual's identity is apparent or is reasonably ascertainable and sensitive information includes, amongst other things, health information about an individual.
 
About this Policy
 
This Policy explains how HSL collects, stores, uses and discloses personal and sensitive information, and the rights of individuals to gain access to information held about them by HSL.   The Policy does not apply to all personal information collected, stored, used or disclosed by HSL; for instance, this Policy does not apply to employee records HSL maintains in relation to its employees.
 
Collection of Information
 
HSL only collects personal and sensitive information which is necessary in connection with its business purposes. The purposes for which HSL collects personal and sensitive information include:
 

• providing database services for HSL's client health industry organisations, including health funds;
  
• responding to specific issues addressed to HSL by a health fund provider;
• analysing and processing information for product development, marketing and research purposes and to improve and extend HSL's range of products and services; and
• facilitating the conduct of business transactions and operations between HSL and its client health fund providers.

 
HSL may also collect and store personal information ((including sensitive information) about applicants who apply for employment with HSL.
 
The specific types of sensitive and personal information collected, stored, used and disclosed by HSL varies according to the purpose for its collection. However, in general this information typically includes:
 

• individuals' names, addresses, contact details (eg; telephone number, facsimile number and email address), bank account details and some credit information;
•   information about transactions or dealings between individuals, their health service providers and health fund providers;
•   information about the provision of health services to individuals; and
•   information collected in the course of providing a health service.

 
Given the nature of its business systems, HSL collects most of the personal and sensitive information it requires directly from individuals' health fund providers, under contracts for the provision of HSL's services to those health fund providers.  As such, HSL is required to observe the privacy standards of the health fund providers to which it contracts its services, in addition to this Policy.  From time to time HSL may also collect personal information about an individual from other third party sources such as government agencies and health service providers including hospitals, doctors and other medical and related professionals.
 
HSL collects sensitive information about individuals from heath fund providers on the basis that the health fund providers to which HSL has contracted its services have made appropriate privacy-related disclosures to the individual and obtained their consent to the disclosure of their sensitive information to, and its collection by, HSL.
 
Where a third party person or entity provides HSL with personal information about another individual (including sensitive information), that third party must ensure that the other individual is aware of:
 

• the disclosure of their information to HSL and the purposes for which the information is collected by HSL;
• the existence of this Policy; and
• the individual's ability to request access to the personal information held about them by HSL, and to advise HSL if they think the information is inaccurate, incomplete or out-of-date.]

 
It is important that HSL collects the all necessary information it requires about an individual in order to provide relevant services.  If it is unable to collect all the information it requires, HSL may be unable to properly and effectively provide its services, or it may not be able to supply its services at all.
 
Use and Disclosure of Information
 
HSL may use and disclose an individual's personal or sensitive information for the primary purpose for which the information was collected (see Collection of Information), as well as other reasonably expected secondary purposes, where the individual has consented, and otherwise in accordance with the NPPs, including:
 

• to provide services strictly in accordance with the terms and conditions of contracts with health fund providers to which HSL has contracted its services;
• where required or authorised by law;
• to address information technology requirements, systems maintenance and development issues;
• to ensure that HSL's website at www.hambs.com.au remains relevant to HSL's clients and users;
• to provide information to agents, contractors and service providers engaged by HSL to deliver goods and services or otherwise act on behalf of HSL, or to provide goods and services to HSL, the identity of which may change from time to time;
• to investigate and resolve complaints concerning the provision of services by HSL or others associated with HSL; and
• o provide clients with updates and other information from time to time about HSL's services and activities.
• HSL will only transfer personal or sensitive information outside of Australia in accordance with the NPPs including:
• with the individual's consent;
• where HSL is under a contractual obligation to do so, or there is some other identifiable benefit to the individual; or

 
where HSL is satisfied that the recipient of the information will uphold principles for the fair handling of personal information, and will not deal with the personal or sensitive information in a manner inconsistent with the NPPs and this PPS.
 
HSL is required to collect, store and in some cases disclose certain information, from time to time, in accordance with Australian health industry legislation.
 
Data Quality, Storage and Security
 
HSL strives to ensure that all personal and sensitive information held in its records is accurate, complete and up-to-date.
 
Personal and sensitive information is held in electronic form on database systems located at HSL's facilities in South Australia.  All Electronic information is protected by password security and other industry standard data protection measures.
 
Some hard copy information is stored in secure office facilities, including locked filing cabinets at HSL's premises.
 
Access to personal and sensitive information is restricted in accordance with HSL's procedures to those personnel whose job functions require access to such information.   Certain administrative functions may from time to time be contracted out to third parties, and in these cases appropriate security measures are implemented to ensure the security and integrity of all personal and sensitive information.
 
Government Identifiers
 
Although the nature of HSL's business services require it to collect, store, use and disclose certain identifiers created or issued by the Commonwealth Government (such as Medicare numbers and pension numbers), HSL's business systems are configured such these identifiers are not used as a means of identifying the individual.
 
Access and Correction
 
Individuals may obtain access to the information held about them by HSL by written request to HSL's Privacy Officer as detailed below.
 
In accordance with the NPPs, HSL may deny access to requests for access to information in certain circumstances, including where:
 

• providing access would have an unreasonable impact upon the privacy of another individual;
• n HSL's opinion, the request is frivolous or vexatious; or
• providing access to the information would be unlawful, or the law permits HSL to deny access.

 
HSL will correct any personal or sensitive information which it becomes aware is inaccurate, incomplete or out of date.
 
HSL is entitled to charge an administrative fee for providing an individual with access to information held on HSL's systems.  HSL may also require certain administrative procedures be followed in order to substantiate an individual's request for access.  The relevant administrative process and any fees will be advised when a request is made.
 
Changes to PPS
 
This Policy is current as at 31 March 2007.  HSL may review and update this Policy from time to time to reflect changes in the law or HSL's business practices and procedures, as well as the community's changing privacy expectations. Changes to this Policy will not be notified to individuals, but the latest version of this Policy will be posted on HSL's website at www.hambs.com.au, and is available from HSL's Privacy Officer at any time.
 
Point of Contact
 
To request access to personal or sensitive information held in HSL's records, to make a privacy related complaint, to obtain more information about HSL's Policy or to enquire about privacy matters generally, please contact HSL's General Manager as follows:
 
The General Manager
HAMB Systems Limited
1st Floor 375 Payneham Road
MARDEN
SA  5070
 
Facsimile: 08 8334 0344
Email: admin@hambs.com.au