Privacy Policy

Kestral and Your Privacy

The Federal Privacy Act (1998) and the Privacy Amendment (Private Sector) Act 2000 outline the obligations of private companies, health service providers, and their employees, in maintaining the privacy of personal and *sensitive information they collect about individuals. As of December 2001, the National Privacy Principles took effect under the Federal Privacy Act of Australia.

**Kestral, in the normal course of its business, does not directly collect personal or sensitive information about individuals. However, Kestral staff may require access to confidential patient information in order to support our clients. As such, our responsibilities in relation to privacy are to protect and maintain the confidentiality of patient information forwarded to us by our clients.

The privacy statement has been developed with reference to the National Privacy Principles to ensure that stringent privacy standards are applied to patient information.

*Sensitive information includes health information, or details of an individual's race, political affiliations, political opinions, religious beliefs and opinions, and memberships of trade unions or other groups and so on.

**An exception to this statement is the Kestral HL7 Connect Product for which personal information is collected. The issue of privacy in relation to the HL7 Connect Product is addressed in a separate privacy statement specifically addressing the issues relevant to the product.

What Information does Kestral Collect?

As indicated above, Kestral does not in the normal course of its business collect personal or sensitive information about individuals. However, Kestral staff may require access to personal and/or sensitive information in order to solve support problems or to develop enhancements for our products. Personal information to which staff may have access include; name, address, telephone number, date of birth and Medicare number. Sensitive information to which Kestral staff may have access includes health information (such as referrals for tests and/or examinations and results of those tests and examinations). Kestral staff may also have access to the bad-debtor status of unpaid invoices.

There are three main sources of personal or sensitive information that may be provided to Kestral staff by our clients for support or development purposes. These include hard copies of reports, client data sets, and correspondence between the customer and Kestral staff utilising KMS (Kestral Management System). Privacy issues in relation to these three sources of information will be discussed individually later in the document.

Obligations of Kestral and Kestral Staff in Relation to Privacy

The obligations of Kestral and Kestral staff in maintaining the privacy of patient information are outlined in the Kestral Privacy Policy and include:

  • Ensure patient information to which we have access is not misused or disclosed inappropriately to others
  • Ensure patient information is stored securely so that no unauthorised access to the information can occur
  • Ensure the quality, and protect the integrity of patient data
  • Encourage customers to use internal system numbers (for example; PLS, RMS or MIIS internal numbers), episode numbers, sample numbers etc. instead of patient sensitive information (such as names, addresses, and or telephone numbers) wherever possible, when forwarding information for troubleshooting purposes, or to illustrate suggested enhancements; and
  • Ensure, wherever possible, the material is destroyed when it is no longer required