1. Policy Statement
At Teachers Federation Health Ltd ABN 86 097 030 414 trading as UniHealth (UH), we recognise the importance of privacy. We observe the privacy obligations under the Privacy Act 1988 (Cth) and other relevant state legislations dealing with privacy and health records, as amended from time to time. The Privacy Act provides for the protection of an individual’s personal and sensitive information.
2. What kinds of personal information does UH collect?
From time to time, UH may collect personal information about a member such as name, date of birth, family members, contact details, claims history, income tier and information regarding products and services members inquire about or obtain through UH so that it can provide insurance cover or other services such as eye care or dental care. UH may also collect personal information about a prospective member such as name and contact details so that it can discuss providing health insurance cover to that prospective member.
UH may also collect bank account details, payroll numbers and information in respect of insurance policies in order to provide members with its services.
UH may collect sensitive information such as a member’s medical procedures, hospital attendances and the provision of ancillary health services, medical history or other health or lifestyle information, or information regarding a membership of a trade union – in order to provide its health insurance services and other services.
UH may collect details of a member’s union membership including a union membership number and the status of membership – to assess whether a member is eligible for membership of UH.
UH may also collect government-issued identifiers such as a member’s Medicare number which is required for reporting purposes.
3.How UH collects personal information
UH may collect personal information from a member if the member:
- gives it to UH directly by visiting the member care centres or health centres, provides information by phone or provides information in writing such as by completing UH forms;
- uses UH products and services;
- visits the website at unihealthinsurance.com.au or any other website operated by, or on behalf of, UH; or
- uses the online or mobile member services.
UH may also collect personal information from a prospective member from its business development officers visiting educational facilities and events from aggregators, business partners or from member referrals.
UH may collect personal information from third parties in some situations:
- it may be supplied with members’ personal information from third parties such as from UH partner organisations such as trade unions, employer organisations, aggregators, hospitals, Medicare, medical and ancillary providers, financial institutions and health care service providers;
- if a member/ customer transfers health insurance to UH from a previous service provider, it may require personal information from the previous service provider; and
- it may collect some sensitive information about members, such as medical information, from third parties such as hospitals, doctors, dentists, optometrists, or other ancillary providers.
4. Cookies & other technologies
UH’s website, online services, interactive applications, email messages and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. UH may use these technologies:
- to better understand user behaviour, by telling UH which parts of UH’s website people have visited and to facilitate and measure the effectiveness of advertisements and web searches; and
- to remember personal information when an individual uses UH’s website, online and mobile services and applications; and
- to improve the online experience for people to UH’s website; and to customise the user experience based on an individual’s previous usage of the UH website.
Individuals can disable their web browser from accepting cookies. Certain features of the UH website will not be available to an individual once cookies are disabled.
UH gathers some information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data.
UH uses this information to understand and analyse trends, to administer its website, to learn about user behaviour on the site, to tailor email communications and to gather demographic information about its user base as a whole. UH may use this information in its marketing and advertising services.
UH may also use information collected by cookies to display personalised content and advertising (targeted advertising and online behavioural advertising), based on an individual’s internet usage, and to send marketing materials that UH thinks will be of interest to the individual.
5. How does UH hold personal information?
Personal information collected by UH is generally entered into and held in a centralised digital secure repository.
UH will take reasonable steps to protect all personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure, including a data breach response plan found in the Business Continuity Management Framework and Policy / Crisis Management Plan.
UH will ensure that appropriate technical and organisational security measures, consistent with standard industry practice, are in place to attempt to safeguard the security and confidentiality of the personal information it collects. Because of the nature of the internet, however, UH does not guarantee that the website or the online and mobile member services are totally protected from hackers or misuse and it will not be responsible for any breach of security caused by third parties. UH does not use any form of encryption (encoding software) to protect information a member sends from their computer to UH over the internet through the use of feedback, enquiry and appointment forms and emails. Encryption software is applied when using online or mobile member services and joining online.
6. What happens if a member does not provide UH with their personal information?
A member does not have to provide their personal information to UH. However, if they do not provide personal information which UH requests from them, UH will make them aware that it may affects UH’s service to them, including:
- UH may not be able to provide insurance or administer the insurance policies;
- UH may not be able to process, manage or pay out on an insurance claim;
- UH may not be able to provide health services such as eye care and dental services, and care coordination or disease management services;
- third party service providers such as hospitals, doctors, optometrists, dentists and other allied service providers may not be able to provide the member with services;
- UH may not be able to properly assess a member’s healthy and lifestyle needs and consequently may not be able to provide health lifestyle or chronic disease programs; and
- members may not be able to access UH online or mobile member services.
7. Purposes for which UH collects, holds, uses and discloses personal information
UH may collect, hold, use and disclose personal information for a number of purposes such as:
- to provide health insurance and related products and services;
- to confirm eligibility to become a member;
- to respond to eligibility checks from hospitals and other medical providers;
- to pay health insurance claims;
- to manage UH’s relationship with the member;
- for UH’s own internal and marketing purposes;
- for the purposes related to the reason the member gave the information;
- to manage risks and help identify and investigate illegal activity, such as fraud;
- to provide or arrange for associated services to be provided such as dental services, eye care services, allied services such as physiotherapy or travel insurance and other insurance or health related services;
- to assess a member’s general health and wellbeing needs and to continue to meet those needs through a care coordination or disease management service;
- to provide UH online and mobile member services; and
- as may be required by law or as permitted under the Privacy Act.
UH develops programs and initiatives from time to time to assist members with day to day health and wellbeing issues such as diet and exercise, as well as assistance with illnesses suffered by members. Members may choose to sign up to such programs from time to time. Members are not obliged to join any such programs. If they do join any such programs, UH may use personal and sensitive information already collected from them so that they can get the most benefit from such programs. For instance, if the member suffers from diabetes and chooses to join a program that assists with their diabetes treatment, UH may use earlier personal and sensitive information collected from them in order to advise them on their treatment program.
UH may also use a member’s contact details to send information about UH or its products, services or programs. If a member does not wish UH to send this information, then UH should allow the member the opportunity to tell UH when it collects the personal information. Refer to paragraph 13 of this policy for further details in relation to opting out of UH direct marketing.
8. Disclosure of personal information
UH will not sell a member’s personal information to any third party. UH will not disclose any personal information about a member, except:
- to its related companies, joint venture and business partners such as dental or eye care providers, general insurance providers and providers of wellbeing, chronic disease programs or care coordination services;
- to its suppliers, third party service providers or subcontractors (as necessary to enable them to help provide UH’s services and any member programs);
- to unions to verify eligibility for membership;
- to hospitals, healthcare providers, Medicare or other government agencies or financial institutions;
- entities established to help identify illegal activities and prevent fraud;
- as required by law or as permitted under the Privacy Act; or
- with a member’s consent.
Some of the programs that a member may join may be administered by third parties in order to provide the best service to the member. To ensure the efficient administration of such programs, UH may need to disclose a member’s personal information to these third parties. UH will endeavour to ensure that third party program administrators will not disclose a member’s personal information to any third parties.
If a member joins programs through UH which are administered by third parties, the member may need to disclose personal information to these third parties. The third parties do not disclose this information to UH. A member’s disclosure of personal information directly to such third parties would be subject to their privacy policies.
If the UH membership policy covers the main policy holder as a main contributor and a partner or children, UH will only contact the main policy holder regarding anyone else covered on the policy.
UH is not likely to disclose personal information to overseas recipients. However, in some instances UH’s service providers, for example UH’s travel and general insurers may disclose personal information to organisations that may be located overseas. The countries in which these service providers and related companies are located may vary from time to time, but include the Singapore, Thailand, Philippines, India, Ireland, the United Kingdom, the USA, Canada, New Zealand, China and countries within the European Union.
Specifically, UH’s service providers may disclose personal (including sensitive) information to recipients outside of Australia when it is collected for travel, general or health insurance arranged or managed by them and where the policy holder may require medical, travel, or related services.
Where personal information has been disclosed to an overseas recipient, there is a possibility that in certain cases that recipient may be required to disclose it under a foreign law.
9. How is personal information managed when a member receives services from Teachers Health Care Services?
This section applies only to health-related services provided to UH members by Teachers Healthcare Services (THCS), a subsidiary of UH. THCS may provide such services to UH’s private health insurance members including telephonic services, care co-ordination services, chronic disease and health management programs and online health-related services.
THCS may collect and use personal information, including sensitive information, to provide these services to members including:
- to contact the member for management and follow up purposes;
- to manage, review, develop and improve health-related services and business and operational processes and systems;
- to resolve any legal and/or commercial complaints or issues; and
- to perform any of their other services or activities.
If a member uses health-related services, THCS may disclose personal information to UH in order for it to pay benefits and to review, develop and improve the services provided by UH and/or its subsidiaries.
In order to perform the above services, THCS may disclose personal information to third parties such as health service providers, persons authorised by or responsible for the member, and to other parties to whom they are authorised or required by law to disclose information including government agencies.
UH may also use and disclose personal (including sensitive) information:
- to assess from what other services a member may benefit and to facilitate the provision of such services;
- so it may have an integrated view of members and provide a better and personalised service; and
- to contact members (including by telephone call, text message or email) in relation to its health-related services.
Participation in any programs offered by THCS is entirely voluntary and a member may withdraw their consent to the sharing of personal and sensitive information or to being contacted in relation to health-related services by contacting UH.
To make request to stop receiving direct marketing communications from THCS or to opt out of the program, a member should contact email@example.com or call 1300 367 906. THCS will give effect to the request as soon as reasonably practicable and, in any case, within 30 days of the request being made to THCS.
Participation or non-participation in the program will not affect a member’s claims from, or contributions to, UH.
If a member requires access to their health-related service records, they may do so by contacting the Clinical Operations Manager directly on (02) 8346 2227 or by email on firstname.lastname@example.org.
10. Dealing with UH anonymously or using a pseudonym
UH permits a member to deal with UH anonymously or by using a pseudonym. If the member chooses to do so, however, UH will be limited in the products or services it is able to assist the member with.
As a general rule, UH may allow an individual to contact UH anonymously in some limited circumstances – for example to enquire generally about its goods and services, or to complete a retail transaction at a health centre by paying for goods in cash.
11. Direct marketing
UH uses personal information that it holds about a member to identify services and products that may be of interest to them.
UH may contact a member by email, text message, phone or by post to let them know about promotions or any new or existing products or services. UH also uses internet-based marketing including targeted online advertising and online behavioural marketing.
UH may disclose personal information to other related companies such as THCS to tell members about its products or services.
A member may request not to receive direct marketing communications from UH by contacting it at email@example.com or calling 1300 367 906. UH will give effect to the request as soon as reasonably practicable and, in any case, within 30 days of the request being made to UH.
12. Access to and correction of personal information
UH will take reasonable steps to ensure that all personal information it collects or uses is accurate, complete, up to date and stored in a secure environment and is accessed only by authorised personnel for permitted purposes.
If a member wishes to access or correct any personal information which UH holds about a member, or requests its removal from UH records, they should contact the UH via post, fax or email, in person at one of the member contact centres or over the phone with a member of the contact centre.
If a member requires access to their eye care records, eye test results or dental records, they may do so by contacting the eye care or dental care provider directly.
If a member requires access to their health-related service records managed by THCS, they may do so by contacting the Clinical Operations Manager directly on (02) 8346 2227 or by email on firstname.lastname@example.org (refer to section 11).
UH will respond to a member’s access request as soon as practicable and, in any case, within 30 days of the request being made to UH. UH will either respond by providing the member with the access or amendments they have requested, or by providing them with the reasons for refusing to do so.
If UH refuse to amend a member’s health information, the member may request that UH attach to the health information a statement of the amendment sought, and in that case, UH must take reasonable steps to do so.
There are some available exceptions to accessing personal information, which are:
- UH reasonably believes that not giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between UH and the individual, and would not be accessible by the process of discovery in those proceedings;
- giving access would reveal the intentions of UH in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- UH has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the its functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; and
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
In some circumstances, UH may charge a fee to cover administrative costs in respect of retrieving a member’s personal information and providing it to them. UH will inform the member if there are going to be any such costs involved in retrieving their personal information.
13. Making a complaint
UH views complaints as an opportunity to maintain and enhance customer loyalty and approval and enhance its competitiveness by continuous review and improvement. UH has a Customer Complaint Handling and Dispute Resolution Policy in place for handling the complaints it receives. A copy of this policy is available to members at unihealthinsurance.com.au.
If a member would like to make a complaint about a breach of privacy, UH will make them aware that:
(a) Complaints can be made by contacting the UH Privacy Officer at:
Address: UH Privacy Officer
Teachers Health Fund
GPO Box 9812
SYDNEY NSW 2001
Phone: 1300 367 906
(b) The complaint should first be made in writing. UH will respond as soon as reasonably practicable and, in any case, within 30 days. All complaints are handled in accordance with the UH Customer Complaint Handling and Dispute Resolution Policy.
(c) In the event that the complainant is not satisfied by UH’s response, they may take the complaint to the Private Health Insurance Ombudsman (PHIO) in the first instance. If the complainant is still not satisfied with the outcome, then the complaint may be taken to the Office of the Australian Information Commissioner (OAIC).
(d) PHIO can be contacted on 1800 640 695 or a member can write to:
Private Health Insurance Ombudsman
Office of the Commonwealth Ombudsman
GPO Box 442
CANBERRA ACT 2601
Phone: 1800 640 695
Fax: (02) 8235 8778
See also PHIO website for further details.
(e) OAIC can be contacted on 1300 363 992 or a member can write to:
The Office of the Australian Information Commissioner
Phone: 1300 363 992
GPO Box 5218
Sydney, NSW 2001
See also OAIC privacy complaint brochure for further details:
- to corporate information (unless it is also about any identifiable person); or
Updated: March 2017