Privacy Policy

Effective from: 4th April 2024

Consultmed is a user-friendly referral management and automated workflow platform that connects primary health care providers (eg general practitioners) directly to secondary health care providers (e.g. specialists, clinics and hospital networks). It is a cloud-hosted platform that is accessible at https://app.consultmed.co (including any subdomains) or by any online portal, site or platform approved by Consultmed which utilises the public-facing or provider-facing platform; and

Consultlink, is a specialised platform within Consultmed’s ecosystem, focused on facilitating consults, advice & guidance or e-consults. Powered by Consultmed’s core referral management software, Consultlink empowers primary care providers to seek specialist opinions or engage in consults using asynchronous messaging technology. It is also a cloud-hosted platform, available for access at https://app.consultlink.co (including any subdomains), or through any online portal, site, or platform approved by Consultmed that utilises the public-facing or provider-facing platform (“Platform”).

The Platform uses third party links, services and plug-ins as part of the delivery of the Platform, products and services (“Third Party Services”)This may include Microsoft’s Azure OpenAI Service (“Azure OpenAI”), if the ConsultPilot add-on is accessible to the User. Azure OpenAI’s privacy policy and terms of use are accessible at: Azure’s Privacy Policy. By using the Platform, you acknowledge and agree that you have reviewed Azure OpenAI’s terms and agree to be bound by them.

Consultpilot” is an Azure OpenAI powered optional add-on to the Platform to assist a User to enter information into the Platform

This Privacy Policy sets out how ConsultX Pty Ltd trading as Consultmed (“Consultmed”), Consultlink Pty Ltd (ACN 661 722 578) trading as Consultlink (“Consultlink”) and any wholly or partly owned subsidiaries of Consultmed and/or Consultlink (“we”, “us” or “our”) collects, uses, stores, shares and discloses personal and health information via the Platform.

Please read this policy carefully. By accessing and using our Platform, products and services, you agree to and consent to the collection, use, storage and disclosure of personal and health information by us as set out below.

1. Who this applies to

In this Privacy Policy, “you” and “Users” means:

  • Primary and secondary health care providers using the Platform to refer or consult (i.e. a secondary health care provider providing their specialist opinion to a primary health care provider) on a Patient

(each a “Referrer”);

  • specialists, hospitals and other secondary health care providers that receive referrals or consults for Patients via the Platform (each a “Receiver”); and
  • patients who are referred via the Platform (“Patients”).

2. Openness and transparency

We are committed to protecting the privacy of all personal and health information that may be collected by us.

We respect and uphold our obligations under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) as well as all other legislation or regulation that applies to the collection, use, storage or disclosure of health information.

  • Personal information

We collect personal information from Referrers and Receivers who use the Platform.

Personal information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

The type of personal information we collect about Referrers and Receivers includes, without limitation, the following:

  • full name;
  • primary and secondary places of work;
  • work email address;
  • telephone number;
  • work address;
  • details of any specialist practice, qualifications and industry body memberships relevant to the Referrer or Receiver;
  • Medicare provider numbers;
  • AHPRA registration or other Professional association number;
  • details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or online presence or through other websites or accounts from which you permit us to collect information;
  • information you provide to us through customer surveys;
  • billing information; and
  • any other personal information that may be required in order to facilitate your dealings with us.

4. Health Information

We collect the health information of Patients who are referred via the Platform.

Health information” means:

  • information or an opinion about:
    • the health, including any illness, disability or injury, (at any time) of an individual;
    • an individual’s expressed wishes about the future provision of health services to him or her;
    • a health service provided, or to be provided, to an individual; and

that is also personal information;

  • other personal information collected to provide, or in providing a health service to an individual. This includes personal details such as a patient’s name, address, admission and discharge dates, billing information and Medicare number; and
  • genetic information about an individual in a form that is, or could be, predictive of the health of that individual or a genetic relative of the individual.

The types of health information we collect in relation to Patients include:

  • full name;
  • date of birth;
  • Medicare number;
  • health fund details;
  • carer and guardian details;
  • medical history and details of any current illness, injury or condition of the Patient;
  • health services to be provided;
  • primary and secondary diagnoses and presenting complaints;
  • primary reason for referral to secondary care providers ‘Receivers’;
  • social and background history;
  • past medical history;
  • past mental health and psychiatric history;
  • family history,
  • list of current medications;
  • list of current allergies;
  • other specific health information that a Receiver requires from the Referrer in order to accept a referral; and
  • other information that the Referrer, Receiver or Patient deems relevant.

We comply with the Health Insurance Act 1973 (Cth) and Health Insurance Regulations 1975 (Cth) by collecting all information required to make any referral made via the Platform legally valid and able to be billed via Medicare.

5. Collection

Personal Information

We collect personal information through fair and lawful means, ensuring the process is not unreasonably intrusive. Generally, this information is collected directly from Referrers and Receivers and is collected only to the extent necessary to provide our products and services, carry out our administrative functions, and as required by law.

The primary circumstances under which we collect personal information include (without limitation):

  • Account Registration: When Referrers or Receivers register on the Platform, they provide us with personal information which is required to create an account. This information helps us provide personalised services, communicate updates, and offer support.
  • Referral Upload: When Referrers upload a referral onto the Platform (manually or via Consultpilot), they provide certain information about themselves and the Patient. This may include their professional details and any relevant information that would facilitate the referral process.
  • Consult Upload: When Referrers upload a request to consult onto the Platform (manually or via Consultpilot), they provide certain information about themselves and the Patient. This may include their professional details and any relevant information that would facilitate the consultation process.
  • Accessing Referrals: When Receivers access the platform to review a referral, they may need to input or confirm certain personal details to ensure a smooth and secure referral process.
  • Accessing Consult: When Receivers access the platform to review a request for consult, they may need to input or confirm certain personal details to ensure a smooth and secure consultation process.
  • Pre-populating Patient Information: In collaboration with third-party providers, we collect information when Referrers pre-populate patient information in a referral or consult (for example via Consultpilot). This is done to streamline the referral and consult process and ensure the accuracy of the information provided.
  • Updating Information: When Referrers or Receivers update patient or provider information on the Platform (manually or via Consultpilot), we collect and store these changes to maintain up-to-date and accurate records.
  • Patient Consent: When patients provide their consent through the platform as requested by Referrers or Receivers, we collect and document this consent. This consent is usually provided when Referrers or Receivers input Patient details onto the platform, signifying that the Patient agrees to the sharing of their information for referral and consult purposes.
  • Customer Support Interactions: Consultmed may collect personal information when Referrers, Receivers, or Patients interact with our customer support team, either through email, over the phone, or via online chat. This information is used to provide assistance, resolve issues, and improve our services.
  • User Surveys and Feedback: Consultmed may conduct surveys or request feedback to understand user experience and improve our platform. Personal information might be collected during these interactions.
  • Marketing Activities: Consultmed may collect personal information during promotional activities or events, such as webinars or online conferences, for the purposes of marketing communication.

We may also collect personal information from you when you fill in an application form, communicate with us, visit our website, provide us with feedback or complete online surveys.

Health information

We collect health information primarily when a new Patient is registered for referral or consult via our Platform.

The key circumstances under which we collect sensitive health information include (without limitation):

  • Patient Registration: When Patients are registered on the Platform (manually or via Consultpilot), health information is entered into the system. This may include medical history, diagnostic information, prescribed medications, allergies, and other pertinent medical data.
  • Referral Uploads: When Referrers upload a referral onto the Platform (manually or via Consultpilot), they provide detailed health information about the Patient. This information enables Receivers to understand the Patient’s health status and provide appropriate care.
  • Consult Upload: When Referrers upload a request to consult onto the Platform (manually or via Consultpilot), they provide certain information about themselves and the Patient. This may include their professional details and any relevant information that would facilitate the consultation process.
  • Accessing Consult: When Receivers access the platform to review a request for consult, they may need to input or confirm certain personal details to ensure a smooth and secure consultation process.
  • Pre-populating Patient Information: We collect health information when Referrers pre-populate patient information in a referral or consult, which is done in collaboration with third-party providers (for example via Consultpilot). The information helps streamline the referral and consult process and enhance the accuracy of Patient’s health data.
  • Attaching Additional Health Information: Receivers might attach third-party investigations, test results, or other health information to a Report (manually or via Consultpilot). This additional information can provide a more comprehensive view of the Patient’s health status.
  • Adding Exogenous Referrals: Receivers may manually add an exogenous referral to the Platform (manually or via Consultpilot), which could contain sensitive health information about the Patient.
  • Updating Health Information: When Referrers or Receivers update a Patient’s health information on the Platform (manually or via Consultpilot), we collect these changes. This might include updates to diagnoses, treatment plans, or medication changes.
  • Telemedicine Interactions: If telemedicine services are utilised where Patients, Referrers, or Receivers can conduct virtual consultations, we collect health information disclosed during these sessions. This may encompass discussed symptoms, provided diagnoses, proposed treatments, or any notes taken during the consultation.
  • Automated Data Import: Our Platform has the capability to automatically import health data from compatible electronic health records systems, digital health devices, or health tracking applications, provided that the Patient has granted consent for this data sharing.
  • Consent Forms and Agreements: Digital consent forms or agreements signed by Patients for specific treatments or procedures often contain health information, which is then collected and stored securely on our Platform.
  • Communication Between Referrers and Receivers: We collect health information shared in the course of communications between Referrers and Receivers on the Platform. This may include messages, notes, or comments relating to the Patient’s health.
  • Attaching Additional Health Information: Referrers, Receivers or Patients may attach third-party investigations, test results, or other health information to a Report (manually or via Consultpilot) to provide a comprehensive view of the Patient’s health status.
  • Updating Health Information: We collect changes to a Patient’s health data when Referrers or Receivers update this information on the Platform (manually or via Consultpilot). This could for instance encompass modifications to patient details, diagnoses, treatment plans, or medication changes.
  • Patient Self-Reported Information: Our Platform allows Patients to voluntarily provide additional health information, such as symptoms, lifestyle habits, or personal health goals (manually or via Consultpilot). This self-reported information is collected and integrated into their health profile.

We handle all sensitive health information with care and ensure compliance with applicable laws and regulations.

6. What do we do with personal and health information?

Referrers and Receivers

We use and disclose the personal information of Referrers and Receivers for the purposes for which the information is collected, or for a directly related purpose, including:

  • providing our website, products and services to you;
  • verifying your identity and place of work;
  • verifying your qualifications and registration with AHPRA and other professional associations;
  • verifying your medical provider numbers;
  • administering, protecting, improving or optimising our website, products and services (including performing data analytics, conducting research and for advertising and marketing purposes);
  • billing users for our products and services;
  • informing you about our website, products, services, rewards, surveys, or other promotional activities or events sponsored or managed by us or our business partners;
  • responding to any inquiries or comments that you submit to us;
  • to resolve any disputes and enforce our agreements and rights with third parties;
  • any other purpose you have consented to; and
  • any use which is required or authorised by law.

We may disclose the personal information of Referrers and Receivers to:

  • our wholly or partly owned subsidiaries to provide you with additional products or services from these entities;
  • other Referrers or Receivers who are providing or receiving a referral or consult in respect of a Patient;
  • third parties we ordinarily engage from time to time to perform functions on our behalf for the above purposes and for the delivery of any products or services;
  • any person or entity to whom you have consented to us disclosing your personal information to;
  • anyone to whom part of all of our assets or businesses are transferred or sold;
  • our external business advisors, auditors, lawyers, insurers and financiers where necessary; and
  • any person or entity to whom we are required or authorised to disclose your personal information to in accordance with the law.

We do not sell or share personal information with third party marketers.

Patients

We will disclose the health information of a Patient only as directed by the Referrer or Receiver providing health services to that Patient, in accordance with the express consent of that Patient, or as required to do so in accordance with the law.

Third Party Services

You acknowledge and agree that any Third Party Services that are used by you are not under the control of us and we are not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites.  We are only providing these Third Party Services to you as part of the provision of the Platform and out of convenience to you and the inclusion of any Third Party Services does not imply endorsement of any such Third Party Services by us.

Any Personal Information and Health Information that is uploaded or allowed to be accessed or used by these Third Party Services will be subject in all respects to the privacy policy and any terms of use or service of the provider of those Third Party Services.  By using and/or accessing such Third Party Services, you acknowledge and agree that any such use and/or access will be at your own risk and subject to such provider’s privacy policy and their terms of use or service and we are not liable for any breaches of any laws or obligations in respect of the use of such Third Party Services.

Before using any Third Party Services or providing access and/or use or allowing the Third Party Services to access and/or use any Personal Information and/or Health Information, you will be solely responsible for obtaining any and all consents and approvals that may be required by any party to the provision, access and/or use of such information.

7. Access correction and retention

Subject to some exceptions provided by law, you may request access to your personal information or health information in our customer account database, or seek correction of it by contacting us, your Referrer or Receiver.

If you believe that we hold personal information about you that is not accurate, complete or up-to-date then you may request that your personal or health information be amended (see clause 11 for our contact details).  We will respond to your request to correct your personal or health information within a reasonable timeframe. We will need to verify your identity before responding to your request. If we decide to refuse your request, we will tell you why in writing and how to complain.

Following termination of your use of the Platform for whatever reason, your account will be closed and you will no longer be able to send or receive referrals or consults through the Platform.  However, you will be provided access to the Platform for 90 days after the date of termination to view and extract referrals or consults for your records.

We otherwise retain records of health information in accordance with our legal obligations under under applicable State and Commonwealth privacy laws and other contractual arrangements.

Note that we are not a healthcare provider and if we no longer need personal or health information for any of the purposes set out in this Privacy Policy, or as otherwise required by law, we will take such steps as are reasonable in the circumstances to return, destroy or to de-identify such information.

8. Direct marketing

Referrers and Receivers

Where we are permitted by law, we may use your personal information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.

At any time you may opt out of receiving direct marketing communications from us.  You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing (see clause 11 for our contact details).

Patients

No health information will be used to market directly to Patients. As discussed below, all health information is stored securely in an anonymised format, and our staff and service providers will not have access to such information except in very limited, exceptional circumstances.

9. Cookies

The Platform may use ‘cookies’ or other similar tracking technologies on the Platform and our website. which is available at www.consultmed.co, that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but if you do so, you may not be able to fully experience the interactive features of the our website.

10. Security

Transmission of Information

When transmitting personal information via the Platform, you must keep in mind that the transmission of information over the internet is not always completely secure or error-free.

Notwithstanding this, we have implemented industry standard processes to protect personal information and health information from unintended disclosure, misuse and loss. This includes a number of physical, administrative, personnel and technical measures, including by:

  • storing all our cloud information in Australia and on approved servers;
  • storing all health information in an anonymised and encrypted format;
  • restricting the external transmission of personal and health information;
  • adopting measures to protect our computer systems and networks for storing, processing and transmitting personal and health information;
  • adopting procedural and personnel measures for limiting access to personal information by our staff and contractors;
  • restricting our staff and service providers from accessing health information, except in exceptional circumstances and with the oversight of senior management;
  • regularly reviewing and updating our information collection, storage and usage practices;
  • using password protection, multifactor authentication procedures and physical access restrictions to limit unauthorised access;
  • complying with laws applicable to the collection, use, transmission and storage of personal and health information; and
  • regularly testing our systems and networks and assessing security risks.

We may hold your personal or health information in either electronic or (in rare circumstances) hard copy. We take reasonable steps to protect all personal and health information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

Suspected data breach

In the event of a data breach or suspected data breach, we have a comprehensive incident response plan in place to address this potential situation. This plan includes notifying affected individuals and relevant authorities as required by applicable laws.

We have in place and maintain security requirements for all third-party services we employ that may have access to or process your personal or health information.

We retain your personal and health information only for as long as necessary for the purposes for which it was collected, or as required by law. We have secure methods in place to dispose of or de-identify your personal and health information when it is no longer needed.

In the case that your personal or health data needs to be transferred, we will take steps to ensure that the data transfer complies with applicable laws and that the data remains secure during transfer.

Our employees and contractors are regularly trained and updated about our data privacy and security policies to ensure that everyone understands and respects the critical nature of data privacy.

11. Complaints and contact information

If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us at helpdesk@consultmed.co.

You can make a complaint in writing using the details below set out in this Privacy Policy. We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) via the OAIC website, www.oaic.gov.au.

12. Changes to our policies

We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice and amendments will be effective immediately upon publishing of the amended Privacy Policy on our Platform.