1. Policy Statement
At Teachers Federation Health Ltd ABN 86 097 030 414 trading as UniHealth (UNI), we recognise the importance of privacy. We observe the privacy obligations under the Privacy Act 1988 (Cth) and other relevant state legislations dealing with privacy and health records, as amended from time to time. The Privacy Act provides for the protection of an individual’s personal and sensitive information.
2. What kinds of personal information does UNI collect?
From time to time, UNI may collect personal information about a member such as name, date of birth, family members, contact details, claims history, income tier and information regarding products and services members inquire about or obtain through UNI so that it can provide insurance cover or other services such as eye care or dental care. UNI may also collect personal information about a prospective member such as name and contact details so that it can discuss providing health insurance cover to that prospective member.
UNI may also collect bank account details, payroll numbers and information in respect of insurance policies in order to provide members with its services.
UNI may collect sensitive information such as a member’s medical procedures, hospital attendances and the provision of ancillary health services, medical history or other health or lifestyle information, or information regarding a membership of a trade union – in order to provide its health insurance services and other services.
UNI may collect details of a member’s union membership including a union membership number and the status of membership – to assess whether a member is eligible for membership of UNI.
UNI may also collect government-issued identifiers such as a member’s Medicare number which is required for reporting purposes.
3.How UNI collects personal information
UNI may collect personal information from a member if the member:
- gives it to UNI directly by visiting the member care centres or health centres, provides information by phone or provides information in writing such as by completing UNI forms;
- uses UNI products and services;
- visits the website at unihealthinsurance.com.au or any other website operated by, or on behalf of, UNI; or
- uses the online or mobile member services.
UNI may also collect personal information from a prospective member from its business development officers visiting educational facilities and events from aggregators, business partners or from member referrals.
UNI may collect personal information from third parties in some situations:
- it may be supplied with members’ personal information from third parties such as from UNI partner organisations such as trade unions, employer organisations, aggregators, hospitals, Medicare, medical and ancillary providers, financial institutions and health care service providers;
- if a member/ customer transfers health insurance to UNI from a previous service provider, it may require personal information from the previous service provider; and
- it may collect some sensitive information about members, such as medical information, from third parties such as hospitals, doctors, dentists, optometrists, or other ancillary providers.
4. Cookies & other technologies
UNI’s website, online services, interactive applications, email messages and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. UNI may use these technologies:
- to better understand user behaviour, by telling UNI which parts of UNI’s website people have visited and to facilitate and measure the effectiveness of advertisements and web searches; and
- to remember personal information when an individual uses UNI’s website, online and mobile services and applications; and
- to improve the online experience for people to UNI’s website; and to customise the user experience based on an individual’s previous usage of the UNI website.
Individuals can disable their web browser from accepting cookies. Certain features of the UNI website will not be available to an individual once cookies are disabled.
UNI gathers some information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data.
UNI uses this information to understand and analyse trends, to administer its website, to learn about user behaviour on the site, to tailor email communications and to gather demographic information about its user base as a whole. UNI may use this information in its marketing and advertising services.
UNI may also use information collected by cookies to display personalised content and advertising (targeted advertising and online behavioural advertising), based on an individual’s internet usage, and to send marketing materials that UNI thinks will be of interest to the individual.
5. How does UNI hold personal information?
Personal information collected by UNI is generally entered into and held in a centralised digital secure repository.
UNI will take reasonable steps to protect all personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure, including a data breach response plan found in the Business Continuity Management Framework and Policy / Crisis Management Plan.
UNI will ensure that appropriate technical and organisational security measures, consistent with standard industry practice, are in place to attempt to safeguard the security and confidentiality of the personal information it collects. Because of the nature of the internet, however, UNI does not guarantee that the website or the online and mobile member services are totally protected from hackers or misuse and it will not be responsible for any breach of security caused by third parties. UNI does not use any form of encryption (encoding software) to protect information a member sends from their computer to UNI over the internet through the use of feedback, enquiry and appointment forms and emails. Encryption software is applied when using online or mobile member services and joining online.
6. What happens if a member does not provide UNI with their personal information?
A member does not have to provide their personal information to UNI. However, if they do not provide personal information which UNI requests from them, UNI will make them aware that it may affects UNI’s service to them, including:
- UNI may not be able to provide insurance or administer the insurance policies;
- UNI may not be able to process, manage or pay out on an insurance claim;
- UNI may not be able to provide health services such as eye care and dental services, and care coordination or disease management services;
- third party service providers such as hospitals, doctors, optometrists, dentists and other allied service providers may not be able to provide the member with services;
- UNI may not be able to properly assess a member’s healthy and lifestyle needs and consequently may not be able to provide health lifestyle or chronic disease programs; and
- members may not be able to access UNI online or mobile member services.
7. Purposes for which UNI collects, holds, uses and discloses personal information
UNI may collect, hold, use and disclose personal information for a number of purposes such as:
- to provide health insurance and related products and services;
- to confirm eligibility to become a member;
- to respond to eligibility checks from hospitals and other medical providers;
- to pay health insurance claims;
- to manage UNI’s relationship with the member;
- for UNI’s own internal and marketing purposes;
- for the purposes related to the reason the member gave the information;
- to manage risks and help identify and investigate illegal activity, such as fraud;
- to provide or arrange for associated services to be provided such as dental services, eye care services, allied services such as physiotherapy or travel insurance and other insurance or health related services;
- to assess a member’s general health and wellbeing needs and to continue to meet those needs through a care coordination or disease management service;
- to provide UNI online and mobile member services; and
- as may be required by law or as permitted under the Privacy Act.
UNI develops programs and initiatives from time to time to assist members with day to day health and wellbeing issues such as diet and exercise, as well as assistance with illnesses suffered by members. Members may choose to sign up to such programs from time to time. Members are not obliged to join any such programs. If they do join any such programs, UNI may use personal and sensitive information already collected from them so that they can get the most benefit from such programs. For instance, if the member suffers from diabetes and chooses to join a program that assists with their diabetes treatment, UNI may use earlier personal and sensitive information collected from them in order to advise them on their treatment program.
UNI may also use a member’s contact details to send information about UNI or its products, services or programs. If a member does not wish UNI to send this information, then UNI should allow the member the opportunity to tell UNI when it collects the personal information. Refer to paragraph 13 of this policy for further details in relation to opting out of UNI direct marketing.
8. Disclosure of personal information
UNI will not sell a member’s personal information to any third party. UNI will not disclose any personal information about a member, except:
- to its related companies, joint venture and business partners such as dental or eye care providers, general insurance providers and providers of wellbeing, chronic disease programs or care coordination services;
- to its suppliers, third party service providers or subcontractors (as necessary to enable them to help provide UNI’s services and any member programs);
- to unions to verify eligibility for membership;
- to hospitals, healthcare providers, Medicare or other government agencies or financial institutions;
- entities established to help identify illegal activities and prevent fraud;
- as required by law or as permitted under the Privacy Act; or
- with a member’s consent.
Some of the programs that a member may join may be administered by third parties in order to provide the best service to the member. To ensure the efficient administration of such programs, UNI may need to disclose a member’s personal information to these third parties. UNI will endeavour to ensure that third party program administrators will not disclose a member’s personal information to any third parties.
If a member joins programs through UNI which are administered by third parties, the member may need to disclose personal information to these third parties. The third parties do not disclose this information to UNI. A member’s disclosure of personal information directly to such third parties would be subject to their privacy policies.
If the UNI membership policy covers the main policy holder as a main contributor and a partner or children, UNI will only contact the main policy holder regarding anyone else covered on the policy.
UNI is not likely to disclose personal information to overseas recipients. However, in some instances UNI’s service providers, for example UNI’s travel and general insurers may disclose personal information to organisations that may be located overseas. The countries in which these service providers and related companies are located may vary from time to time, but include the Singapore, Thailand, Philippines, India, Ireland, the United Kingdom, the USA, Canada, New Zealand, China and countries within the European Union.
Specifically, UNI’s service providers may disclose personal (including sensitive) information to recipients outside of Australia when it is collected for travel, general or health insurance arranged or managed by them and where the policy holder may require medical, travel, or related services.
Where personal information has been disclosed to an overseas recipient, there is a possibility that in certain cases that recipient may be required to disclose it under a foreign law.
9. How is personal information managed when a member receives services from Teachers Health Care Services?
This section applies only to health-related services provided to UNI members by Teachers Healthcare Services (THCS), a subsidiary of UNI. THCS may provide such services to UNI’s private health insurance members including telephonic services, care co-ordination services, chronic disease and health management programs and online health-related services.
THCS may collect and use personal information, including sensitive information, to provide these services to members including:
- to contact the member for management and follow up purposes;
- to manage, review, develop and improve health-related services and business and operational processes and systems;
- to resolve any legal and/or commercial complaints or issues; and
- to perform any of their other services or activities.
If a member uses health-related services, THCS may disclose personal information to UNI in order for it to pay benefits and to review, develop and improve the services provided by UNI and/or its subsidiaries.
In order to perform the above services, THCS may disclose personal information to third parties such as health service providers, persons authorised by or responsible for the member, and to other parties to whom they are authorised or required by law to disclose information including government agencies.
UNI may also use and disclose personal (including sensitive) information:
- to assess from what other services a member may benefit and to facilitate the provision of such services;
- so it may have an integrated view of members and provide a better and personalised service; and
- to contact members (including by telephone call, text message or email) in relation to its health-related services.
Participation in any programs offered by THCS is entirely voluntary and a member may withdraw their consent to the sharing of personal and sensitive information or to being contacted in relation to health-related services by contacting UNI.
To make request to stop receiving direct marketing communications from THCS or to opt out of the program, a member should contact firstname.lastname@example.org or call 1300 367 906. THCS will give effect to the request as soon as reasonably practicable and, in any case, within 30 days of the request being made to THCS.
Participation or non-participation in the program will not affect a member’s claims from, or contributions to, UNI.
If a member requires access to their health-related service records, they may do so by contacting the Clinical Operations Manager directly on (02) 8346 2227 or by email on email@example.com.
10. Dealing with UNI anonymously or using a pseudonym
UNI permits a member to deal with UNI anonymously or by using a pseudonym. If the member chooses to do so, however, UNI will be limited in the products or services it is able to assist the member with.
As a general rule, UNI may allow an individual to contact UNI anonymously in some limited circumstances – for example to enquire generally about its goods and services, or to complete a retail transaction at a health centre by paying for goods in cash.
11. Direct marketing
UNI uses personal information that it holds about a member to identify services and products that may be of interest to them.
UNI may contact a member by email, text message, phone or by post to let them know about promotions or any new or existing products or services. UNI also uses internet-based marketing including targeted online advertising and online behavioural marketing.
UNI may disclose personal information to other related companies such as THCS to tell members about its products or services.
A member may request not to receive direct marketing communications from UNI by contacting it at firstname.lastname@example.org or calling 1300 367 906. UNI will give effect to the request as soon as reasonably practicable and, in any case, within 30 days of the request being made to UNI.
12. Access to and correction of personal information
UNI will take reasonable steps to ensure that all personal information it collects or uses is accurate, complete, up to date and stored in a secure environment and is accessed only by authorised personnel for permitted purposes.
If a member wishes to access or correct any personal information which UNI holds about a member, or requests its removal from UNI records, they should contact the UNI via post, fax or email, in person at one of the member contact centres or over the phone with a member of the contact centre.
If a member requires access to their eye care records, eye test results or dental records, they may do so by contacting the eye care or dental care provider directly.
If a member requires access to their health-related service records managed by THCS, they may do so by contacting the Clinical Operations Manager directly on (02) 8346 2227 or by email on email@example.com (refer to section 11).
UNI will respond to a member’s access request as soon as practicable and, in any case, within 30 days of the request being made to UNI. UNI will either respond by providing the member with the access or amendments they have requested, or by providing them with the reasons for refusing to do so.
If UNI refuse to amend a member’s health information, the member may request that UNI attach to the health information a statement of the amendment sought, and in that case, UNI must take reasonable steps to do so.
There are some available exceptions to accessing personal information, which are:
- UNI reasonably believes that not giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between UNI and the individual, and would not be accessible by the process of discovery in those proceedings;
- giving access would reveal the intentions of UNI in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- UNI has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the its functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; and
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
In some circumstances, UNI may charge a fee to cover administrative costs in respect of retrieving a member’s personal information and providing it to them. UNI will inform the member if there are going to be any such costs involved in retrieving their personal information.
13. Making a complaint
UNI views complaints as an opportunity to maintain and enhance customer loyalty and approval and enhance its competitiveness by continuous review and improvement. UNI has a Customer Complaint Handling and Dispute Resolution Policy in place for handling the complaints it receives. A copy of this policy is available to members at unihealthinsurance.com.au.
If a member would like to make a complaint about a breach of privacy, UNI will make them aware that:
(a) Complaints can be made by contacting the UNI Privacy Officer at:
Address: UNI Privacy Officer
Teachers Health Fund
GPO Box 9812
SYDNEY NSW 2001
Phone: 1300 367 906
(b) The complaint should first be made in writing. UNI will respond as soon as reasonably practicable and, in any case, within 30 days. All complaints are handled in accordance with the UNI Customer Complaint Handling and Dispute Resolution Policy.
(c) In the event that the complainant is not satisfied by UNI’s response, they may take the complaint to the Office of the Australian Information Commissioner (OAIC).
OAIC can be contacted on:
The Office of the Australian Information Commissioner
Phone: 1300 363 992
GPO Box 5218
Sydney, NSW 2001
See also OAIC privacy complaint brochure for further details:
- to corporate information (unless it is also about any identifiable person); or
Updated: March 2017