Privacy policy

At Melbourne IVF our primary concern is providing you with treatment and healthcare of the highest quality.  This requires a relationship of trust and confidentiality – one where we treat your personal health information appropriately and respect your privacy. 

As such, we will handle your personal information in accordance with this Privacy Policy and in compliance with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and, to the extent applicable, the European Union's General Data Protection Regulation (GDPR). 

Our fertility specialists, nurses, scientists, counsellors and administration staff work together to provide your fertility treatment.  They may need access to your personal health information to make sure we provide the most appropriate care. 

You are entitled to know what personal information is held about you, how you can access it, why it is held, to whom we may disclose it, and when we need your consent to do this.  This Policy explains all these details.  You can discuss any issue relating to the privacy of your information with your doctor or any staff member, at any time. 

Collecting information

Our fertility specialists and staff collect information that helps us provide the level of advice, care and management you need, or where there is a statutory requirement for collection. 

This information may include: 

  • contact details and date of birth
  • relationship status
  • medical history
  • family medical history
  • symptoms, diagnosis and recommended treatment
  • ethnicity
  • Medicare/private health fund details, and
  • billing or account details. 

We normally collect this information directly from you, but we may need to get it from other sources – for example, from other medical practitioners, health funds or health providers and, with your consent, from family members.

 

Purposes for handling your information

To ensure we provide you with the most appropriate treatment, our fertility specialists and staff may collect, hold, use and disclose your personal information for any of the following purposes:

  • sharing your information within the treatment team;
  • communicating with the referring medical practitioners;
  • referrals to other medical practitioners, hospitals or health providers;
  • referring specimens to external laboratories for analysis;
  • accounts and billing, including Medicare and private health insurance claims;
  • managing our practice – including quality assurance, practice accreditation,  market analysis and keeping our records up to date;
  • complaints and incident handling, and notifications to our insurers;
  • disclosure, where legally required, to third parties – for example, in response to a court subpoena or for mandatory reporting of specific diseases;
  • disclosure to our service providers, where doing so is necessary for your treatment or for our management and administrative purposes;
  • providing a small sample of case-notes for confidential review as part of annual Code of Practice audits by the national Reproductive Technology Accreditation Committee (RTAC), or its agents, in compliance with regulatory requirements;
  • sharing your information with our clinical review committee (which has members who are not part of the Virtus Health Group), if necessary, so that they can determine if you meet our treatment guidelines; and
  • submitting a summary to the Australia and New Zealand Assisted Reproduction Database (ANZARD) of every treatment we perform. This information may be further supplied to other government and statutory bodies, all in compliance with regulatory requirements. In all these cases we remove any information that personally identifies you. 

We may also use non-identifying information from your medical file for data analysis and research. 

From time-to-time, we may send you information regarding operational updates, and about our products and services that may be of interest to you. You will be able to opt out of receiving these communications when you receive them or you can contact our privacy officer.

If you request us to send materials related to your treatment to another country we will be required to disclose your personal information to people in that country.

We use secure services, hosted in the United States, to manage communications and events. Accordingly, some of your personal information may be securely held by that service in the United States. We use globally hosted (country of storage changes intermittently) secure servers to process some patient and client information for market analysis purposes.

The diagnosis and treatment of infertility often involves more than one person (for example, your partner, donors or surrogates). Where you are undergoing treatment with a partner, it is our policy to share all your information with your partner UNLESS you tell us not to disclose your information to your partner.

 

Overseas transfers of personal information

We may disclose personal information between our related bodies corporate in Ireland, the United Kingdom, Denmark and Singapore, where permitted under the Privacy Act.

 

Data quality and security

We take all reasonable steps to ensure the personal information we collect, use, hold or disclose is accurate, complete, up-to-date and relevant to the functions and services we provide. You can help us achieve this by providing correct and up-to-date information, as described in our Patient Rights and Responsibilities document. When we exchange your personal information internally, we will do so via encrypted emails where possible. If you ask us to exchange your personal information with an external party, we may send your personal information by unencrypted (ie, normal) email to ensure that the external recipient can access this information.

We store your personal information securely and protect it from unauthorised access, modification or disclosure. 

 

Access and correction

In all but a few rare cases, you can access the personal information we hold about you, in part or in full, or ask us to provide it to a third party such as another healthcare provider. 

We may require you to make this request in writing. There may be an administration fee for this service, depending on the nature of access required. 

If you feel any of the personal information we hold about you is inaccurate or incomplete, please let us know.  It is our policy to note your corrections and add them to your records.  In accordance with good clinical practice, we do not erase the original record. 

 

Our website

Our website uses "cookies", which are pieces of data that are stored on your hard drive containing details about your use of our website.  Cookies do not provide us with information about you that can be used to identify you, rather, they anonymously track usage of our website, so that we can enhance users' experience of our website.  You may elect to reject cookies and still use our website, however in doing so, you may be unable to access certain pages.

 

Remarketing with Google Analytics

Virtus Health websites use analytics data and the double click cookie to serve ads based on a user’s prior visits to our website. You have the ability to opt out of the double click cookie by visiting the Google advertising opt-out page or by opting out of Google Analytics by visiting the Google Analytics opt-out page.

If you would like to know more about remarketing you can view Google’s Remarketing Privacy GuidelinesPolicies and Restrictions pages.

 

For what purposes do we collect, hold, and use your personal and health information?

Your personal and health information is collected and used to ensure you can be informed about the services that we provide, that you receive the best possible care if you become a patient of Melbourne IVF, and for us to manage the health services we provide to you effectively. It will also be used to:

  • send communications (including results) to you and your treating doctors
  • provide information and advice
  • conduct business processing functions
  • update our records and keep your contact details up to date
  • respond to any complaint made by you
  • comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority

It will also be used for the administrative, marketing, planning, product or service development, quality control and research purposes of Virtus Health Pty Limited and its related bodies corporate (as that term is defined in the Corporations Act 2001 (Cth)).

 

Retention of records

To ensure we comply with regulatory requirements, it is our policy to keep your medical records for at least seven years. 

 

Complaints

We want to make sure your expectations about your privacy protection are the same as ours.  If you have any concerns, please discuss them with your doctor or any member of our staff. If, after this discussion, you still have concerns, you can contact our Privacy Officer.

If you are still not satisfied, you may complain to:

Privacy Commissioner

Office of the Australian Information Commissioner

Level 8, Piccadilly Tower, 133 Castlereagh Street, Sydney NSW 2000

GPO Box 5218, Sydney NSW 1042

Privacy hotline 1300 363 992   Website www.privacy.gov.au

or

The Office of the Health Ombudsman

Call: 133 OHO (133 646)

Email: Health service complaints: [email protected]

Visit our Make a complaint page for more information on making a health service complaint.

General enquiries or questions:

[email protected]

Write:

PO Box 13281 George Street
Brisbane Qld 4003

Fax: (07) 3319 6350

or

Health Care Complaints Commission

Level 13, 323 Castlereagh Street, Sydney NSW 2000

Locked Mail Bag 18, STRAWBERRY HILLS NSW 2012

T: (02) 9219 7444   Website www.hccc.nsw.gov.au

or

Office of the Health Services Commissioner

Level 30 570 Bourke Street Melbourne VIC 3000

T: (03) 8601 5200   Website www.health.vic.gov.au/hsc/ 

 

Additional rights of European residents

Compliance with the GDPR

We are committed to ensuring we comply with the European Union's General Data Protection Regulation (GDPR).

Our Privacy Policy explains how we handle personal information under Australian law. We also have some clients and other contacts who are located in the European Union (EU Residents) who have additional rights in respect of their Personal Data. All rights referred to in the Privacy Policy extend equally to EU Residents, and the term "personal information" (as used in the Privacy Policy) should be considered interchangeable with the term Personal Data (as used in this section on additional rights of European residents).

Under the GDPR, we are primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of our GDPR compliance, we ensure that:

  • Personal Data is: 
    • processed fairly, lawfully and in a transparent manner; and 
    • collected and processed only for specified and lawful purposes. 
       
  • Processed Personal Data is: 
    • adequate, relevant and not excessive; 
    • accurate and, where necessary, kept up to date; 
    • kept secure, and not longer than necessary; 
    • not transferred to countries outside the European Union without adequate protection; and 
    • treated in accordance with individuals’ legal rights.

Access and control

While we endeavour to provide all customers with appropriate access and control over their data, EU residents may also have the following additional rights:

  • the right to have your data erased (“the right to be forgotten”). You can ask for your personal data to be deleted where your personal data is no longer required for the purpose for which it was collected, or if your consent for processing your personal data is withdrawn, or if your personal data has been unlawfully processed;
  • the right to restrict processing of your personal data. You can request a temporary halt to the processing of your personal data;
  • the right to data portability. You have the right to ask for any personal data supplied to us to be provided  in a structured, commonly used and machine-readable format for transfer to another provider;
  • the right to object to the processing of your personal data. This applies in situations where your personal data is processed in a manner that is inconsistent with the primary purpose for which it was collected; and
  • the rights related to automated decision making, including profiling. Here, you have the right to not be subject to a decision based solely on automated processing.

We will allow and assist EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).

 

Changes to this Privacy Policy

We may make changes to this Privacy Policy at any time without notice to you.  At any time, our current Privacy Policy is available on our website.