DOCTO Privacy Policy

At Docto we take your privacy very seriously. This policy complies with the Privacy Act 1988 and the Australian Privacy Principles, and is intended to inform you about how we handle your personal and medical information in order to give you the highest possible level of care while maintaining confidentiality. We review this policy at least annually, and publish any updates on our website.

What information do you collect?

We commonly collect any or all of the following personal identifiers and medical information (here collectively termed your personal information):

How do you confirm consent?

In the case where a user is engaging with Docto directly, the staged signup process is driven by the user and consent is given at each stage of collection. In the instance of information coming from a 3rd party (such as an Insurer) consent has been granted by user at the time of engaging the Insurer to provide care. Minors (under the age of 16) are required to have a parent or guardian present for consultations and consent from both parties is required prior to consultation.

Personal identifiers:

- Your full name.
- Your date of birth.
- Your gender.
- Your telephone number, email and residential addresses.
- Contact details for your next of kin (particularly for minors < 18 years of age).

Medical information:

- Details of the current illness.
- Past medical history.
- Medications and allergies.
- Details of your usual doctor(s).

NB We do not collect any government identifiers e.g. Medicare numbers.

How do you collect and hold my personal information?

Your personal information could be collected in any or all of the following ways:

- By having you answer an online questionnaire prior to speaking to your doctor.
- By verbal questioning during your consultation with the doctor.
- By requesting medical reports or verbal information from other health professionals who have been involved in your care. This will only be undertaken after receiving your express permission.
- From information provided by another third party, such as your insurance company (if our services are being provided through a policy with them).

If information is collected from any other source we will take reasonable steps to inform you.
Your personal information is encrypted and stored using industry standard software on Australian servers.

Is my consultation with the doctor recorded?

The doctor will make notes during and after your consultation; these will form part of your medical record. However no audio or video recording of your consultation will occur. We also ask that our patients do not make audio or video recordings of their consultation. A written report of your consultation will be sent to you by secure email.

In some situations, (for example, if your consultation is being provided under the auspices of a contract with a corporate client who has requested that recordings be made) we may ask you for your consent to record the consultation. This would be treated as part of your medical record. Without your express consent, no recording will be made.

How do you use my personal information?

Your personal information will form part of our medical record, which when combined with details of your consultation, may be:

- Sent securely to you as a record of the consultation.
- Examined by another of our specialist doctors if you have been referred to them.
- Sent securely to another health professional of your choice (e.g. your general practitioner) after receiving your express permission.

Who can access my personal information?

Strict internal security measures restrict access to your personal information, this being limited to the doctor/s involved in your care and members of our administrative staff where such access forms an essential part of their role.

How can I gain access to my personal information and ensure its accuracy?

You have the right to access your personal information, and if necessary to request its correction. You can do this by contacting our Privacy Registrar at privacy@docto.com.

Can you delete my personal information?

Your personal information will form part of our medical record, which for medicolegal reasons needs to be maintained for a set period (see below). If the information you would like to delete is considered unnecessary to your treatment, deletion can be considered. To request information is deleted please contact our Privacy Registrar at privacy@docto.com.

Do you retain a copy of my personal information?

Like all medical institutions, for clinical and medicolegal reasons we retain a copy of your personal information for at least seven years (or in the case of a person under the age of 18, until they are at least 25 years of age).

How can I obtain a copy of this Privacy Policy?

You can obtain a free copy of this policy by contacting privacy@docto.com. We will send you an electronic copy in Portable Document Format (pdf). If you require a different format (e.g. hard copy), we will do our utmost to accommodate you.

What action can I take if I believe that there has been a breach of the Australian Privacy Principles in relation to my personal information?

If you believe that there has been a breach of the Australian Privacy Principles in relation to your personal information, you may make a complaint in writing to our Privacy Registrar by contacting privacy@docto.com. Our investigation and formulation of a response may take up to 30 days.

If you are not satisfied with our response, you may complain in writing to the Office of the Australian Information Commissioner at http://www.oaic.gov.au/ .

What action can I take if I believe that there has been a breach of the Australian Privacy Principles in relation to my personal information?

If you believe that there has been a breach of the Australian Privacy Principles in relation to your personal information, you may make a complaint in writing to our Privacy Registrar by contacting privacy@docto.com. Our investigation and formulation of a response may take up to 30 days.
If you are not satisfied with our response, you may complain in writing to the Office of the Australian Information Commissioner at http://www.oaic.gov.au/.
Docto is compliant with the National Data Breach Scheme to ensure that any breach scenario is immediately handled to:
- Identify the threat occurring
- Contain the data vulnerability and access
- Assess the level of potential impact to users and the organisation
-Notify relevant parties (including public notification where appropriate).
In support of the commitment to your Privacy, Docto regularly review the strategies for prevention, testing and team training.

Is it possible that my personal information could be disclosed to another party without my permission?

Under certain circumstances it is possible that your personal information could be disclosed without your permission. Examples could include:

- A medical emergency where you are unable to provide consent and your doctor judges such disclosure to be in your best interests.
- Where disclosure is mandated under law, such as the notification of certain diseases under the Australian National Notifiable Diseases Surveillance System.

In this situation we would take reasonable steps to notify you or your nominated next of kin or contact person of any such disclosure.

Does Docto connect to other health services using my data?

For Australian users, the My Health Record system being rolled out through 2018 will be a focus of data synchronicity on request by either patients or doctors.
What is My Health Record?
My Health Record is a secure online summary of an individuals health information, and is available to all Australians. Healthcare providers authorised by their healthcare organisation can access My Health Record to view and add to their patients health information.
This is a national system based on an opt out model which Docto supports for better Healthcare. None of your personal data will be transferred without direct consent.
Find out more about My Health Record here: https://www.myhealthrecord.gov.au/

Is it possible that my personal information could be disclosed to an individual or organisation outside Australia?

Under certain circumstances it is possible that your personal information could be disclosed to overseas third parties. Examples could include:

- A medical practitioner in another country (if you were going to consult them).
- Your insurance company.

This would only be done after receiving your permission.

It is important for you to understand that when your personal information is sent overseas it is no longer protected by the Privacy Act 1988, and as such may not have the same level of security or privacy as afforded by the Australian privacy system. By consenting to such disclosure, you acknowledge and accept that Docto will not be accountable under the Privacy Act 1988 for any breach of your privacy by the overseas recipient.

Can I deal with Docto anonymously or under a pseudonym?

You may deal with us anonymously or under a pseudonym where it is lawful to do so, such as when making an enquiry about our services. However, we cannot offer our medical services unless we can identify the recipient.

Will my personal information be used to send me unsolicited material or for any other purpose related to direct marketing?

Docto does not engage in any form of direct marketing to our individual clients, nor do we provide your personal information to any other party for this purpose.

It is possible that our staff may contact you to check on your wellbeing or to confirm that you are happy with our service to you.

Website links

We may provide links to third party websites. We are not responsible for the content or privacy practices employed by third party websites that are linked from our website.

Do you need more information?

If you have questions pertaining to our privacy policy, please contact us at privacy@docto.com

For further information on privacy in Australia, please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au