1. Our commitment to your Privacy
2. Whose personal information do we collect
Our commitment to privacy covers all persons whose personal information we hold.
3. What personal information do we collect?
Personal information is any information or an opinion about you where your identity is apparent or can reasonably be ascertained. Sensitive information includes, but is not limited to, any information relating to a person’s ethnicity or race, religion, any health information collected or obtained directly from you or through third parties, or for members that participate in our post-natal service.
For the purposes of providing health insurance we collect and hold a range of information, including, but not limited to:
- A record of your name, address, age, dependants and contact details, including telephone and facsimile numbers and email addresses;
- Information relating to a claim for benefits concerning your health and any medical services or hospital treatment, including details of where, when and from whom you have received that medical service or hospital treatment and the nature of it;
- Information concerning your health, medical treatment and medical services provided by our post-natal service including details of where, when and from whom you have received that service or treatment and the nature of it.
- Bank account details;
- Details concerning your premiums and claims (if any) history;
- Medicare numbers of you and your dependants; and
- If you pay your premiums through a payroll deduction scheme, information concerning your employer.
MHF uses its own membership numbers to identify members. While in certain circumstances we are required to collect government identifiers such as your Medicare number, we do not disclose this information other than when it is required or authorised by law, including under the Privacy Act 1988. We do not use your Medicare number to identify you.
4. Why do we collect personal information?
We collect, hold, use and disclose your personal information for a range of functions and activities to provide the products and services you have come to expect from us as a health insurer, including, but not limited to:
- establishing and maintaining your membership, which includes processing applications and related administrative tasks such as changes to contact details or other information;
- processing health and general insurance claims, and paying health benefits;
- updating the terms and conditions of your membership from time to time in accordance with changes to fund rules;
- providing you with information about products and services offered by us and others which we believe may contribute to the overall health of you and your dependants or meet your other insurance requirements;
- providing you with access to the website member portal;
- collecting, compiling and disclosing information to governmental agencies where we are required by law to make such a disclosure;
- enabling you to collect the Australian Government Rebate on private health insurance by using your Medicare number;
- determining cover and eligibility for benefits by using information from your previous health insurer;
- determining waiting periods that may apply by referring to pre-existing ailment information;
- making any other use of disclosure of that information as may be required by law;
- manage and develop health insurance products;
- conduct marketing activities through communication channels such as email, newsletter software or SMS;
- obtain feedback and engage in research projects such as satisfaction and trust surveys; and
- manage and/or resolve any legal, clinical or commercial complaint or issue.
5. When we might disclose personal information
We will only disclose your personal information in order to carry out our business functions and activities. The types of individuals and/or organisations to whom and the purposes for which we disclose your personal information include, but are not limited to:
- The member named as the policy holder (or spouse) under a family cover policy concerning matters relating to the policy including levels of benefits available or paid under the policy;
- our contracted service providers who promote or assist us in administering or providing our products and services such as, for example, printers, mailing-houses, IT companies, internet service providers, newsletter services and other relevant service providers;
- your employer if you are part of a payroll deduction scheme or similar;
- hospitals, medical, post-natal and other health service providers with whom you have had or may have a treatment episode and to whom fees may be payable;
- if we are required to analyse, investigate, pursue and prevent suspected fraudulent activities;
- our professional advisers for example an independent medical adviser to review and validate claims;
- Government agencies, where we are required by law to disclose this personal information; and
- a Delegated Authority.
MHF does not generally disclose information to overseas recipients but on the rare occasion that we are required to do so, we will always ensure that you have consented to such disclosure.
6. How do we collect personal information?
We will collect personal information directly from you or from third parties only where it is necessary for one or more of our functions or activities. We will do this in a lawful and fair manner with the following providing a list of potential sources of information.
- We aim to collect personal information about you from you directly (in writing, in person, via email or telephone) however, in many instances, this may not be practicable and as such we may collect it from family members, especially where a family member is the member named as the policy holder in a family cover policy;
- Hospitals, medical, post-natal and other health service providers;
- Your employer if you are part of a payroll deduction scheme or similar;
- Government agencies;
- Payment system operators and financial institutions; and
- Another health insurer and your co-insured, if you have requested a transfer of your health insurance between that fund and us.
We aim to store your private information securely and have a number of information and physical security controls in place which are designed to protect your personal information. Our employees and contractors receive privacy training. We take responsible steps in order to make sure that the personal information about you is accurate, complete, up to date and relevant.
Any correspondence received by MHF, including via the post, fax or email, is retained and recorded within MHF membership communications. MHF keeps these records in order to maintain the highest possible customer service levels and for any future enquiries. MHF also retains any correspondence MHF sends to you. The retention of these records may also help us in the investigation of potential fraud and violations of the MHF User Agreements. We maintain policies and procedures for the retention of documents and data which governs the use of, and access to such material.
7. How do we collect sensitive information
We will only collect sensitive information (specifically health information) directly from you or from third parties with all necessary consents. Where you are under the age of 16 years, necessary consent may mean the consent of an appropriate adult who is most likely to be the member named as policy holder in respect of any family cover policy where there may be entitlement to benefits if you receive treatment.
By directly supplying sensitive information about yourself or any dependant or through a third party in order to make a claim for benefits you will be taken to have given your consent to the collection of that information.
8. Collection of information via the Mildura Health Fund website
When you visit our website, information about the computer or web device you are using is automatically recorded by our website. This includes your IP address, your domain name, the date and time of your visit to our site, the pages you accessed or downloaded, the last site you visited, your operating system, and the type of browser used.
This information is collected for statistical and administrative purposes, and to improve our web-based services. It does not readily identify individuals, and we will not attempt to identify individuals from the records generated unless it is necessary to do so for law enforcement purposes.
We use third-party services to collect general information about how people use our website (Google Analytics). This anonymous information is aggregated and doesn’t reveal personally identifiable information about anyone who uses our website.
Further details can be found in the Website Terms and Conditions on the MHF website.
When you become a member of MHF, you consent to us using your personal information for direct marketing purposes unless you contact us to withdraw your consent. Marketing will be limited to MHF product and member services, and relevant member information.
We may use your personal information to contact you (including by phone, text message or email) about products, services or information about your policy that we think may be of interest to you or necessary for you to be aware of. This may include our own, or a third party’s products or services.
We may contact you about products and services we think may be of interest to you after you cease to hold a private health insurance policy with us. For example, we might contact you about renewing your old policy, taking out a new policy or completing a survey.
10. How can I opt-out of receiving marketing material
You may opt-out of receiving marketing information from us at any time by:
- calling us on (03) 5023 0269
- emailing us at firstname.lastname@example.org
Please allow five working days for your request to be actioned by us.
11. Security and quality of personal information
MHF takes all necessary and reasonable steps to ensure that the personal information we collect is relevant, accurate, complete and up to date.
All personal information is stored by MHF and reasonable steps are taken to protect your information from interference, misuse, loss, modification or disclosure from unauthorised access, in accordance with the requirements of the Australian Privacy Principles. We have in place a range of information security policies and procedures that aim to protect your information from both internal and external risk of unauthorised access and use.
Once the information collected is no longer required, it will be destroyed or de-identified.
In the unlikely event that security of data is compromised, we will take reasonable steps to confirm any possible breach. If a breach is confirmed and it has the potential to cause you serious harm, we will notify you and provide you with a description of the breach, the kinds of information involved, and any recommended actions you could take to protect yourself.
12. Dealing with us anonymously or with a pseudonym
You can deal with us anonymously or with a pseudonym (false name or alias). You may choose to do this for several reasons, for example, but not limited to, the following situations:
- if you are making a general inquiry about the benefits we pay on a procedure with no need to provide your personal details; and
- if you contact us to obtain a quote for health insurance, you are not obliged to provide us with personal details including your name or address however, the quote may not include any rebate, lifetime health cover or age based discount calculations specific to your circumstances.
If you wish to verify that you are covered for a procedure and whether waiting periods or limits apply, membership details will be required. Further, if you are making a claim or applying to become a member, it is not lawful or practicable for you to deal with us anonymously or through a pseudonym.
13. When and how do we dispose of your personal information
We keep your personal information for as long as we deem it required in order to provide you with products and services or to comply with our business and legal obligations and requirements. When we deem this information is no longer required, we may destroy or de-identify this information. However, if you request access to your old personal information, we may not be able to provide you with your records as they may have been destroyed or de-identified.
14. Requests for access to and correction of personal information
You may request details of the personal information we hold about you, or about any dependant aged less than 16 years or about any dependant of impaired capacity by writing to or contacting us.
We will not charge a fee just because you make a request for access to your personal information. However, we reserve the right to charge a fee for the costs incurred in providing personal information in response to your request.
Depending upon the circumstances of your request for access, we may ask you to complete a personal information request form. The request must be supported by adequate personal identification to prove your entitlement to receive the requested information.
We will provide requested personal information in line with the Privacy Act. Where we are not obliged to provide the requested information, we may refuse your request on the basis that:
- providing access would pose a serious threat (or in the case of personal information other than the health information, a serious and imminent threat) to the life, health or safety of any individual or to public health or public safety; or
- providing access would have an unreasonable impact upon the privacy of other individuals; or
- your request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings involving MHF and would not be accessible by the process of discovery in these proceedings; or
- it is otherwise appropriate for us to refuse your request so that we can meet our obligations to you or others in accordance with the law and the Australian Privacy Principles.
We will respond to your request within 30 calendar days. If we refuse you access to any personal information, we will provide you with a reason for the refusal in writing. We may also consider the use of an agreed intermediary to receive the personal information rather than you if this is appropriate, or we may try to reach an amicable solution that meets the needs of all concerned.
If we become aware that information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading we will take steps to correct the information.
If you are aware that any of your personal information that we hold is inaccurate, incomplete or out of date, please let us know so that we can update our file. If any of your personal information is incorrect, we will correct that information, or if we refuse to do so, you will be provided with a reason for the refusal within 30 days. In any event, if we do refuse to make a correction, we will record a statement from you claiming that the disputed information, in your opinion, is not accurate, complete or up to date.
You may request that we notify any third party to whom we have disclosed the inaccurate information. We will take steps to have the third party correct, to the extent that it is practicable or lawful to do so.
15. Unsolicited personal information
If MHF receives any unsolicited personal information we will take steps to ascertain whether we could or could not have collected this information under Australian Privacy law and related guidelines.
If we could not have collected the information, then we will destroy or de-identify this information as soon as practicable, providing it is reasonable and lawful to do so.
16. Relationship breakdowns
If the policy holder and their partner become divorced or separated, we suggest that the partner be removed from the policy and take out a separate health insurance policy, to prevent privacy breaches. Please inform us promptly if this occurs so that we can take the steps to make relevant changes.
If your child is insured or not-insured under the policy of your ex-partner, we cannot confirm this with you, or provide details about your ex-partner’s policy to you.
You may opt to pay for another person’s policy, but absent from them giving you authority, this does not permit us to otherwise disclose information about the policy to you. However, you can contact us to cease your payments, but need to be aware that if you do this, we will contact the policy holder to advise them that their policy will be or is unfinancial due to a cancelled payment or failed debit.
17. Your right to complain
Within 30 days of confirming receipt of your complaint (or receiving any further information required to investigate the complaint), we will respond in writing to you with the outcome of the investigation of your complaint including, if applicable, how we propose to resolve your complaint.
If you believe, we have not resolved the issue you may refer the matter to the Australian Information Commissioner’s Office.
18. How you can contact us or the Australian Information Commissioner’s Office
You can contact us at Mildura Health Fund:
Address: 79 Deakin Avenue Mildura, VIC 3500
Postal: PO Box 5046 Mildura, VIC 3502
Telephone: (03) 5023 0269
You can contact the Office of the Australian Information Commissioner at:
Address: GPO Box 5218 SYDNEY NSW 1042
Telephone: 1300 363 992