1. Policy Statement
At Nurses & Midwives Health Pty Limited ABN 70 611 479 237 (NMH), NMH recognise the importance of privacy. NMH observes the privacy obligations under the Privacy Act 1988 (Cth) and other relevant state legislations dealing with privacy and health records, as amended from time to time. The Privacy Act provides for the protection of an individual’s personal and sensitive information.
2. What kinds of personal information does NMH collect?
From time to time, NMH may collect personal information about a member such as name, date of birth, family members, contact details, claims history, income tier and information regarding products and services members inquire about or obtain through NMH so that it can provide insurance cover or other services such as eye care or dental care. NMH may also collect personal information about a prospective member such as name and contact details so that it can discuss providing health insurance cover to that prospective member.
NMH may also collect bank account details, payroll numbers and information in respect of insurance policies in order to provide members with its services.
NMH may collect sensitive information such as a member’s medical procedures, hospital attendances and the provision of ancillary health services, medical history or other health or lifestyle information, or information regarding a membership of a trade union - in order to provide its health insurance services and other services.
NMH may collect details of a member’s union membership including a union membership number and the status of membership - to assess whether a member is eligible for membership of NMH.
NMH may also collect government-issued identifiers such as a member’s Medicare number which is required for reporting purposes.
3. How NMH collects personal information?
NMH may collect personal information from a member if the member:
- gives it to NMH directly by visiting the Teacher Health Fund member care centres or health centres, provides information by phone or provides information in writing such as by completing NMH forms;
- uses NMH products and services;
- visits the website at nmhealth.com.au or any other website operated by, or on behalf of, NMH; or
- uses the online or mobile member services or other application.
NMH may also collect personal information from a prospective member from its business development officers visiting hospital facilities, industry events, aggregators, business partners or from member referrals.
NMH may collect personal information from third parties in some situations:
- As NMH has outsourced the management and operations of the Nurses & Midwives Health Fund to TFHL, NMH may receive members personal information from TFHL;
- it may be supplied with members personal information from third parties such as from NMH partner organisations such as trade unions, employer organisations, aggregators, hospitals, Medicare, medical and ancillary providers, financial institutions and health care service providers;
- if a member/ customer transfers health insurance to NMH from a previous service provider, it may require personal information from the previous service provider; and
- it may collect some sensitive information about members, such as medical information, from third parties such as hospitals, doctors, dentists, optometrists, or other ancillary providers.
4. Cookies & other technologies
NMH’s website, online services, interactive applications, email messages and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. NMH may use these technologies:
- to better understand user behaviour, by telling NMH which parts of NMH’s website people have visited and to facilitate and measure the effectiveness of advertisements and web searches; and
- to remember personal information when an individual uses NMH’s website, online and mobile services and applications; and
- to improve the online experience for people to NMH’s website; and
- to customise the user experience based on an individual’s previous usage of the NMH website.
Individuals can disable their web browser from accepting cookies. Certain features of the NMH website will not be available to an individual once cookies are disabled.
NMH gathers some information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data.
NMH uses this information to understand and analyse trends, to administer its website, to learn about user behaviour on the site, to tailor email communications and to gather demographic information about its user base as a whole. NMH may use this information in its marketing and advertising services.
NMH may also use information collected by cookies to display personalised content and advertising (targeted advertising and online behavioural advertising), based on an individual’s internet usage, and to send marketing materials that NMH thinks will be of interest to the individual.
5. How does NMH hold personal information?
Personal information collected by NMH is generally entered into and held in a centralised digital secure repository. TFHL manages NMH’s information pursuant to a Management and Services Agreement (MSA) on behalf of NMH.
NMH will take reasonable steps to protect all personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure, including a data breach response plan found in the Business Continuity Management Framework and Policy.
NMH will ensure that appropriate technical and organisational security measures, consistent with standard industry practice, are in place to attempt to safeguard the security and confidentiality of the personal information it collects. Because of the nature of the internet, however, NMH does not guarantee that the website or the online and mobile member services are totally protected from hackers or misuse and it will not be responsible for any breach of security caused by third parties. NMH does not use any form of encryption (encoding software) to protect information a member sends from their computer to NMH over the internet through the use of feedback, enquiry and appointment forms and emails. Encryption software is applied when using online or mobile member services and joining online.
6. What happens if a member does not provide NMH with their personal information?
A member does not have to provide their personal information to NMH. However, if they do not provide personal information which NMH requests from them, NMH will make them aware that it may affects NMH’s service to them, including:
- NMH may not be able to provide insurance or administer the insurance policies;
- NMH may not be able to process, manage or pay out on an insurance claim;
- third party service providers such as hospitals, doctors, optometrists, dentists and other allied service providers may not be able to provide the member with services;
- NMH may not be able to properly assess a member’s health and lifestyle needs and consequently may not be able to provide healthy lifestyle or chronic disease programs; and
- members may not be able to access NMH online or mobile member services.
7. Purposes for which NMH collects, hold, uses and discloses personal information
NMH may collect, hold, use and disclose personal information for a number of purposes such as:
- to provide health insurance and related products and services;
- to confirm eligibility to become a member;
- to respond to eligibility checks from hospitals and other medical providers;
- to pay health insurance claims;
- to manage NMH’s relationship with the member;
- for NMH’s own internal and marketing purposes;
- for the purposes related to the reason the member gave the information;
- to manage risks and help identify and investigate illegal activity, such as fraud;
- to provide or arrange for associated services to be provided such as dental services, eye care services, allied services such as physiotherapy or travel insurance and other insurance or health related services;
- to assess a member’s general health and wellbeing needs and to continue to meet those needs through a care coordination or disease management service;
- to provide NMH online and mobile member services; and
- as may be required by law or as permitted under the Privacy Act.
NMH develops programs and initiatives from time to time to assist members with day to day health and wellbeing issues such as diet and exercise, as well as assistance with illnesses suffered by members. Members may choose to sign up to such programs from time to time. Members are not obliged to join any such programs. If they do join any such programs, NMH may use personal and sensitive information already collected from them so that they can get the most benefit from such programs. For instance, if the member suffers from diabetes and chooses to join a program that assists with their diabetes treatment, NMH may use earlier personal and sensitive information collected from them in order to advise them on their treatment program.
NMH may also use a member’s contact details to send information about NMH or its products, services or programs. If a member does not wish NMH to send this information, then NMH should allow the member the opportunity to tell NMH when it collects the personal information. Refer to paragraph 11 of this policy for further details in relation to opting out of NMH direct marketing.
8. Disclosure of personal information
NMH will not sell a member’s personal information to any third party. NMH will not disclose any personal information about a member, except:
- to THFL under the MSA;
- to its related companies, joint venture and business partners such as dental or eye care providers, general insurance providers and providers of wellbeing, chronic disease programs or care coordination services;
- to its suppliers, third party service providers or subcontractors (as necessary to enable them to help provide NMH’s services and any member programs);
- to unions to verify eligibility for membership
- to hospitals, healthcare providers, Medicare or other government agencies or financial institutions;
- entities established to help identify illegal activities and prevent fraud;
- as required by law or as permitted under the Privacy Act; or
- with a member’s consent.
Some of the programs that a member may join may be administered by third parties in order to provide the best service to the member. To ensure the efficient administration of such programs, NMH may need to disclose a member’s personal information to these third parties. NMH will endeavour to ensure that third party program administrators will not disclose a member’s personal information to any third parties.
If a member joins programs through NMH which are administered by third parties, the member may need to disclose personal information to these third parties. The third parties do not disclose this information to NMH. A member’s disclosure of personal information directly to such third parties would be subject to their privacy policies.
If the NMH membership policy covers the main policy holder as a main contributor and a partner or children, NMH will only contact the main policy holder regarding anyone else covered on the policy.
NMH is not likely to disclose personal information to overseas recipients. However, in some instances NMH’s service providers, for example NMH’s travel and general insurers may disclose personal information to organisations that may be located overseas. The countries in which these service providers and related companies are located may vary from time to time, but include Singapore, Thailand, Philippines, India, Ireland, the United Kingdom, the USA, Canada, New Zealand, China and countries within the European Union.
Specifically, NMH’s service providers may disclose personal (including sensitive) information to recipients outside of Australia when it is collected for travel, general or health insurance arranged or managed by them and where the policy holder may require medical, travel, or related services.
Where personal information has been disclosed to an overseas recipient, there is a possibility that in certain cases that recipient may be required to disclose it under a foreign law.
9. How is personal information managed when a member receives services from Teachers Health Care Services?
This section applies only to health-related services provided to NMH members by Teachers Healthcare Services (THCS), a subsidiary of TFHL. THCS may provide such services to NMH’s private health insurance members including telephonic services, care co-ordination services, chronic disease and health management programs and online health-related services.
THCS may collect and use personal information, including sensitive information, to provide these services to members including:
- to contact the member for management and follow up purposes;
- to manage, review, develop and improve health-related services and business and operational processes and systems;
- to resolve any legal and/or commercial complaints or issues; and
- to perform any of their other services or activities.
If a member uses health-related services, THCS may disclose personal information to NMH in order for it to pay benefits and to review, develop and improve the services provided by NMH and/or its related companies.
In order to perform the above services, THCS may disclose personal information to third parties such as health service providers, persons authorised by or responsible for the member, and to other parties to whom they are authorised or required by law to disclose information including government agencies.
NMH may also use and disclose personal (including sensitive) information:
- to assess from what other services a member may benefit and to facilitate the provision of such services;
- so it may have an integrated view of members and provide a better and personalised service; and
- to contact members (including by telephone call, text message or email) in relation to its health-related services.
Participation in any programs offered by THCS is entirely voluntary and a member may withdraw their consent to the sharing of personal and sensitive information or to being contacted in relation to health-related services by contacting NMH.
To make request to stop receiving direct marketing communications from THCS or to opt out of the program, a member should contact firstname.lastname@example.org or call 1300 344 000. THCS will give effect to the request as soon as reasonably practicable and, in any case, within 30 days of the request being made to THCS.
Participation or non-participation in the program will not affect a member’s claims from, or contributions to, NMH.
If a member requires access to their health-related service records, they may do so by contacting the TFHL Clinical Operations Manager directly on (02) 8346 2227 or by email on email@example.com.
10. Dealing with NMH anonymously or using a pseudonym
NMH permits a member to deal with NMH anonymously or by using a pseudonym. If the member chooses to do so, however, NMH will be limited in the products or services it is able to assist the member with.
As a general rule, NMH may allow an individual to contact NMH anonymously in some limited circumstances – for example to enquire generally about its goods and services, or to complete a retail transaction at a health centre by paying for goods in cash.
11. Direct marketing
NMH uses personal information that it holds about a member to identify services and products that may be of interest to them.
NMH may contact a member by email, text message, phone or by post to let them know about promotions or any new or existing products or services. NMH also uses internet-based marketing including targeted online advertising and online behavioural marketing.
NMH may disclose personal information to other related companies such as TFHL and THCS to tell members about its products or services.
A member may request not to receive direct marketing communications from NMH by contacting it at firstname.lastname@example.org or calling 1300 344 000. NMH will give effect to the request as soon as reasonably practicable and, in any case, within 30 days of the request being made to NMH.
12. Access to and correction of personal information
NMH will take reasonable steps to ensure that all personal information it collects or uses is accurate, complete, up to date and stored in a secure environment and is accessed only by authorised personnel for permitted purposes.
If a member wishes to access or correct any personal information which NMH holds about a member, or requests its removal from NMH records, they should contact the NMH via post, fax or email, in person at one of the member contact centres or over the phone with a member of the contact centre.
If a member requires access to their eye care records, eye test results or dental records, they may do so by contacting the eye care or dental care provider directly.
If a member requires access to their health-related service records managed by THCS, they may do so by contacting the TFHL Clinical Operations Manager directly on (02) 8346 222 or by email on email@example.com (refer to section 10).
NMH will respond to a member’s access request as soon as practicable and, in any case, within 30 days of the request being made to NMH. NMH will either respond by providing the member with the access or amendments they have requested, or by providing them with the reasons for refusing to do so.
If NMH refuse to amend a member’s health information, the member may request that NMH attach to the health information a statement of the amendment sought, and in that case, NMH must take reasonable steps to do so.
There are some available exceptions to accessing personal information, which are:
- NMH reasonably believes that not giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between NMH and the individual, and would not be accessible by the process of discovery in those proceedings;
- giving access would reveal the intentions of NMH in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- NMH has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the its functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; and
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
In some circumstances, NMH may charge a fee to cover administrative costs in respect of retrieving a member’s personal information and providing it to them. NMH will inform the member if there are going to be any such costs involved in retrieving their personal information.
13. Making a complaint
NMH views complaints as an opportunity to maintain and enhance customer loyalty and approval and enhance its competitiveness by continuous review and improvement. NMH outsources customer complaints and disputes resolution to TFHL under the MSA.
If a member would like to make a complaint about a breach of privacy, NMH will make them aware that:
- Complaints can be made by contacting the NMH Privacy Officer at:
Address: NMH Privacy Officer
C/- Teachers Federation Health Limited
GPO Box 9812
SYDNEY NSW 2001
Phone: 1300 344 000
- The complaint should first be made in writing. NMH will respond as soon as reasonably practicable and, in any case, within 30 days.
- In the event that the complainant is not satisfied by NMH’s response, they may take the complaint to the Private Health Insurance Ombudsman (PHIO) in the first instance. If the complainant is still not satisfied with the outcome, then the complaint may be taken to the Office of the Australian Information Commissioner (OAIC).
- PHIO can be contacted on 1800 640 695 or a member can write to:
Private Health Insurance Ombudsman
Office of the Commonwealth Ombudsman
GPO Box 442
CANBERRA ACT 2601
See also PHIO website for further details.
- OAIC can be contacted on 1300 363 992 or a member can write to:
The Office of the Australian Information Commissioner
Phone: 1300 363 992
GPO Box 5218
Sydney, NSW 2001
See also OAIC privacy complaint brochure for further details:
- to corporate information (unless it is also about any identifiable person); or