Privacy Notice for NSW Certificate of Capacity

 

Contents
1. Introduction
2. The facts and circumstances of collection
3. If the collection is required or authorised by law
4. The purposes of collection
5. The information collected
6. The consequences for the individual if personal information is not collected
7. Data storage and retention
8. Likely cross-border disclosures of the personal information
9. Other APP entities, bodies or persons to which the personal information is usually disclosed
10. Managing privacy and security risk
11. Security protections
12. Access and correction Requests
13. Your right to complain

 

(1) Introduction 

This Privacy Notice forms part of the Clanwilliam Health Privacy Policy. In this Privacy Notice “Clanwilliam Health” refers to Konnect Net Ltd, Healthlink Group Ltd and / or Healthlink Group PTY Ltd.

Please read our Privacy Policy as it contains additional information on:

  • Why personal information is being collected
  • What personal information is collected
  • How we handle personal information, including security, storage and data
    retention
  • How to contact us should you need to access, correct or make a complaint about
    your personal information

 

(2) The facts and circumstances of collection

Clanwilliam Health offers a secure digital claim form that integrates into a general practitioner’s practice management system. GPs use this to create, complete and submit a medical certificate on a consumer’s behalf. They may print this certificate and then deliver it to an insurer directly, or they may choose to deliver the digital version through our secure platform.

In making this digital form available to insurers and GPs, Clanwilliam Health’s solution collects personal information on behalf of the insurers that process medical certificates for workers compensation claims or Compulsory Third Party (CTP) motor accident injury claims; and for GPs completing these claim forms.

Clanwilliam Health will never sell your information to another party.

 

(3) If the collection is required or authorised by law

Clanwilliam Health collects this information on behalf of insurers and / or their agents who are authorised by the Workers Compensation Act 1987 and / or the Motor Accident Injuries Act 2017 to do so. General practitioners’ use of the form is in compliance with the Clanwilliam Terms and Conditions.

 

(4) The purposes of collection

Clanwilliam Health collects personal information, as outlined in Section 5 below, relevant to providing digital claim forms for GPs and insurers. All personal information collected is reasonably necessary for processing medical certificates for workers compensation claims or Compulsory Third Party (CTP) motor accident injury claims in the state of New South Wales.

The purpose of collecting:

  • Delivering our services to assist insurers and GPs
  • A secure digital means of creating, completing and securely transferring medical
    certificates between the parties
  • product improvement and analysis.

 

(5) The information collected

Clanwilliam Health only collects the minimum amount of personal information necessary to enable the authorised purpose, and this information is only retained for
the minimum amount of time required for meeting the purpose.

The personal information collected through a medical certificate could include:

  • Full name
  • Date of birth
  • Phone number
  • Address
  • Diagnoses, capacity for work and other medical notes relevant to the claim,
    which can contain sensitive data as required by the insurer
  • Other information relevant to the claim

 

(6) The consequences for the individual if personal information is not collected

Clanwilliam Health provides a secure method of transferring personal information between a general practitioner and the insurer processing a medical certificate as part of a workers compensation or Compulsory Third Party (CTP) motor accident injury claim.

If the personal information isn’t collected and provided to the insurer, they may not be able to proceed with the claim.

 

(7) Data storage and retention

Clanwilliam Health only store and retain data on the instruction of GPs which is for a period of 90 days.

 

(8) Likely cross-border disclosures of the personal information

Clanwilliam Health manages personal information in accordance with the Privacy Laws and Australian Privacy Principles. We operate all our offices in Australia or outside of Australia in accordance with the Australian Privacy Laws and Australian Privacy Principles.

 

(9) Other APP entities, bodies or persons to which the personal information is usually disclosed

Clanwilliam Health will only disclose personal information for the purpose for which it has been collected.

On completion of the medical certificate, Clanwilliam Health can only provide personal information to the organisation selected by the general practitioner to receive the medical certificate in relation to that organisation’s authorised purpose.

 

(10) Managing privacy and security risk

Clanwilliam Health take our responsibilities for handling personal information and complying with the Privacy Act very seriously and we have implemented procedures to effectively manage risk, to ensure all personal information which we store is kept secure and handled in full compliance with the Privacy Act.

 

(11) Security protections

Our measures to securely protect sensitive information include:

  • Regular security tests from independent third-party experts
  • Challenge-response authentication
  • Authenticated users
  • Encryption
  • Virus scanning
  • Audit logs
  • Web application firewall (WAF)

 

(12) Access and correction requests

The Privacy Principles grant you rights to request access to your data which we handle and seek correction in the event you believe the data we handle is incorrect. Requests should be forwarded to privacy@healthlink.net or privacy@konnectnet.com.

 

(13) Your right to complain

If you wish to make a complaint in relation to Clanwilliam Health’s data handling practices, in the first instance please contact us via privacy@healthlink.net or privacy@konnectnet.com.

If you are not satisfied with the outcome from our response, you are entitled under the Privacy Act to raise the complaint to the Office of the Australian Privacy Commissioner, following the link below:

Privacy Complaint

 


V2.0 May 2023