Knowledge and understanding of the law is an important consideration when choosing a call centre, particularly with regard to the Privacy Act 1988. Australia has some of the most rigorous patient privacy and confidentiality laws in the world.
Whether your health services company is big or small, you are bound to the same laws as larger corporations. As of 2019, the maximum penalty for violation increased from AUD$2.1 million to $10 million OR three times the value of “any benefit obtained through the misuse of information,” OR 10 per cent of the breaching entity’s annual Australian turnover.
Given these financial consequences, you can’t afford not to focus on compliance. At Select Voice Com, we pride ourselves on complying with international and overseas laws like Australia’s Privacy Act.
Who Must Comply with The Privacy Act?
The Privacy Act safeguards a person’s private, identifying information, such as:
- Name, address, and phone number
- Medical examination results
- Prescription history
- Minutes from patient-doctor conversations
- Medicare numbers
- Facility admission/discharge data
“APP entities” who must comply with the Privacy Act 1988 include:
- Federal government agencies
- Individual, corporate, partnership, unincorporated, or trust organisations
- Small business operators who turnover $3 million or more; provide health services; hold health information beyond basic employee records; disclose or collect personal data; provide contract services for the Commonwealth; or are a credit reporting body.
What Are the Australian Privacy Principles?
There are 13 key Australian Privacy Principles within the law governing how personal information is to be collected, used, stored, and disclosed. They can be summarized as follows:
- Open and transparent management of personal information – APP entities must implement privacy practices, procedures, policies, and systems to ensure compliance and deal with inquiries or complaints.
- Anonymity and pseudonymity – APP entities must respect the option of anonymity or use of a pseudonym when dealing with their enterprise, except where impracticable.
- Collection of solicited personal information – APP entities may collect personal information only when “reasonably necessary” for one or more legitimate functions or activities, collected directly from the individual to whom it relates with consent.
- Dealing with unsolicited personal information – APP entities that receive unsolicited personal information must determine whether they have the grounds to collect this information to ensure compliance with remaining APPs and must destroy or de-identify unnecessary information.
- Notification of the collection of personal information — APP entities must provide a collection statement, notifying an individual whether information was collected from third parties, the purpose of collection, with whom the personal information is shared, and the process for accessing, correcting, or complaining about the use of their personal data.
- Use or disclosure of personal information – APP entities are prohibited from using or disclosing personal information for any other purpose for which it was collected, except for cases where the individual consents or would reasonably expect their data to be used to protect their health or public safety.
- Direct marketing – APP entities are prohibited from using personal information for direct marketing purposes, except for cases where the individual opts in and explicitly consents to it.
- Cross-border disclosure of personal information – APP entities must take reasonable steps to safeguard information disclosed to an overseas recipient by imposing contractual obligations on the recipient to ensure no breach of APPs.
- Adoption, use, or disclosure of government related identifiers – APP entities are prohibited from using or disclosing government-related identifiers (such as licence, Medicare, passport, or tax filing numbers) unless authorised by law or necessary for verification purposes.
- Quality of personal information – APP entities must take reasonable steps to ensure that all personal information collected is accurate, current, and complete.
- Security of personal information – APP entities must take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure.
- Access to personal information – APP entities are required to provide individuals with access to their personal information.
- Correction of personal information – APP entities must take reasonable steps to correct personal information when it is inaccurate, outdated, incomplete, misleading, or irrelevant, and provide individuals with sufficient reasoning for the correction.
APP entities must notify the Australian Information Commissioner of any known or suspected data breaches that are likely to cause individuals serious harm, so they may take steps to protect themselves.
What Australian Privacy Laws Say About Sensitive Information
Privacy laws place a higher value on protecting “sensitive information” such as:
- Racial or ethnic origin
- Political opinions
- Professional or trade union memberships
- Religious affiliations
- Sexual orientation
- Criminal record
- Health, genetics, and biometrics data
This type of “sensitive information” is more strictly controlled than “personal information.” While consent is not required to collect personal information, sensitive information may only be collected with consent, and may not be used for a secondary purpose, for direct marketing, or for sharing with related bodies corporate.
With Regard to Privacy Laws, Australia Protects Overseas Citizens
The privacy laws Australia has put in place not only extend to citizens in the country, but to travellers, foreign expats, and “any entity with an Australian link.” For APP entities, these laws also apply to any enterprise “with an Australian link” – which means any entities formed in Australia, with central management or control in Australia, or which otherwise carry out business in Australia.
Do You Have Questions About Privacy Legislation?
Select Voice Com is an Australian and American owned and operated company, providing state-of-the-art call centre services around the globe. Our carefully vetted and trained staff members operating out of Cebu City, Philippines represent the best in customer service. We have developed and maintained policies to remain in compliance with the latest privacy legislation affecting your business operations. Contact us to learn more.