Collection of personal information
The Pharmacy Programs Administrator may collect personal information via:
- The receipt of patient data submitted as part of a claim by a service provider
- Direct collection of personal information from service providers during the general and program registration processes.
Personal information collected by the Pharmacy Programs Administrator will vary depending on individual program rules and service provider type. Information that the Pharmacy Programs Administrator may collect includes:
- Telephone numbers
- Email addresses
- Date of birth
- Job titles
- Bank account details.
We also may collect sensitive information, for example:
- Health, medical or similar information
- Ethnic origin, Aboriginal and Torres Strait Islander status
- Australian Health Practitioner Regulation Agency (AHPRA) number.
Direct collection of personal information may occur via online and hard copy forms filled out by individuals, face to face meetings, email messages and/or telephone conversations. If an individual contacts us we may keep a record of that contact. It is generally not practical to remain anonymous or to use a pseudonym when dealing with the Pharmacy Programs Administrator as usually the personal information is needed to fulfil specific administration duties which relate to or involve specific individuals. If an individual believes that information the Pharmacy Programs Administrator holds is incorrect or out of date, or if an individual has concerns about how the Pharmacy Programs Administrator are handling personal information, they can contact the Support Centre to resolve these concerns.
Purposes for which personal information is collected, held and used
The purpose for which the Pharmacy Programs Administrator collects, holds, uses and discloses personal information will vary depending on the function and activity being undertaken and may include one or more of the following:
- To provide our community pharmacy program administration services
- To respond to an individual’s request
- To maintain contact with clients
- For general management and reporting purposes, such as invoicing and account management
- Other purposes related to our business.
Disclosure of personal information
The Pharmacy Programs Administrator does not disclose personal information to other organisations unless:
- Use or disclosure is permitted by this policy
- Personal information has been collected in the course of delivering services under contract for a third-party organisation and that organisation requests that information be transferred to them
- To protect the rights, property or personal safety of any member of the public or end user of the Pharmacy Programs Administrator or the interests of the Pharmacy Programs Administrator
- Some or all of the assets or operations of the Pharmacy Programs Administrator are or may be transferred to another party as part of the sale of some or all of the Pharmacy Programs Administrator’s business
- An individual provides consent
- Such disclosure is otherwise required or permitted by law, regulation, rule or professional standard or under the terms of our Service Agreement with the Australian Government Department of Health.
The Pharmacy Programs Administrator does not disclose personal information to individuals or organisations located outside of Australia.
Access to personal information
The Pharmacy Programs Administrator will provide access to personal information upon request by an individual, except in the limited circumstances in which it is permitted for us to withhold this information (for instance, where granting access would infringe another person’s privacy). When a request to access personal information is made, for instance through the Pharmacy Programs Administrator Support Centre, the Pharmacy Programs Administrator will require the individual to provide some form of identification (such as an AHPRA number and date of birth) so we can verify the person to whom the information relates.
If at any time an individual would like to know what personal information we hold about them, then a request may be made in writing to: Privacy Request Pharmacy Programs Administrator Locked Bag 3 Collins Street East VIC 8003 firstname.lastname@example.org In circumstances where we have refused an individual access to, or correction of, their personal information, we will give them a written notice that sets out the reasons for the refusal where it is reasonable for us to do so and the way in which they may make a complaint about such refusal.
What is a Cookie?
Cookies are comprised of small bits of data or code that often include a de-identified or anonymous unique identifier. Websites, apps and other services send this data to your browser (on your computer or mobile device) when you first request a web page and then store the data on your computer so that such websites, apps and other services can access information when you make subsequent requests for pages from that service. They are widely used in order to make websites work, or work in a better, more efficient way. For example, they can recognise you and remember important information that will make your use of a website more convenient (e.g., by remembering your user preferences).
What Cookies do we Use?
Different Cookies have different specific purposes but in general they are all used so that we can improve your experience in using our sites and interacting with us. Some of the purposes of different Cookies we use are described below:
- Some Cookies are essential to the Site in order to facilitate our log-in process and enable you to move around it and to use its features. Without these Cookies, we may not be able to provide certain services or features, and the Site will not perform as smoothly for you as we would like.
Vulnerability disclosure policy
Australian Healthcare Associates welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect, what you can expect from us.
Systems in Scope
This policy applies to any digital assets owned, operated, or maintained by Australian Healthcare Associates.
Out of Scope
Assets or other equipment not owned by parties participating in this policy.
Vulnerabilities discovered or suspected in out-of-scope systems should be reported to the appropriate vendor or applicable authority.
When working with us, according to this policy, you can expect us to:
- Respond to your report promptly, and work with you to understand and validate your report;
Strive to keep you informed about the progress of a vulnerability as it is processed;
- Work to remediate discovered vulnerabilities in a timely manner, within our operational constraints; and
- Extend Safe Harbor for your vulnerability research that is related to this policy.
In participating in our vulnerability disclosure program in good faith, we ask that you:
- Play by the rules, including following this policy and any other relevant agreements. If there is any inconsistency between this policy and any other applicable terms, the terms of this policy will prevail;
- Report any vulnerability you’ve discovered promptly;
- Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience;
- Use only the Official Channels to discuss vulnerability information with us;
- Provide us a reasonable amount of time to resolve the issue before you disclose it publicly;
- Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope;
- If a vulnerability provides unintended access to data: Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept; and cease testing and submit a report immediately if you encounter any user data during testing, such as Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card data, or proprietary information;
- You should only interact with test accounts you own or with explicit permission from the account holder; and
- Do not engage in extortion.
Please report security issues via email@example.com, providing all relevant information. The more details you provide, the easier it will be for us to triage and fix the issue.
When conducting vulnerability research, according to this policy, we consider this research conducted under this policy to be:
- Authorized concerning any applicable anti-hacking laws, and we will not initiate or support legal action against you for accidental, good-faith violations of this policy;
- Authorized concerning any relevant anti-circumvention laws, and we will not bring a claim against you for circumvention of technology controls;
- Exempt from restrictions in our Terms of Service (TOS) and/or Acceptable Usage Policy (AUP) that would interfere with conducting security research, and we waive those restrictions on a limited basis; and
- Lawful, helpful to the overall security of the Internet, and conducted in good faith.
You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our Official Channels before going any further.
Note that the Safe Harbor applies only to legal claims under the control of the organization participating in this policy, and that the policy does not bind independent third parties.