Privacy Statement |

PRIVACY STATEMENT

ABOUT KABISA MEDICAL

Kabisa Medical is a patient focused health data system providing a central repository for pathology and medical testing record from participating providers. The service allows seamless and timely access to vital health information for the health professionals providing care.

Kabisa Medical Ltd Pty is an Australian owned and registered company. It is bound by the Privacy Act 1988 and the Australian Privacy Principles (APPs), upon which Kabisa Medical Pty Ltd base their practice.

For more information about the services provided by Kabisa Medical Pty Ltd, please visit our website: www.kabisamedical.com.au

KEEPING INFORMATION SECURE

All of Kabisa Medical databases are stored on cloud servers that are physically based within Australia, none of the data is shared with overseas organisations. Only commercial servers with the highest level of security are used. The Kabisa Medical database uses the latest software and database architecture to maximize data security.

When healthcare providers (e.g. Pathology Provider) send health data to Kabisa Medical, only secure, dedicated, health communication messaging services are used.

Kabisa Medical encrypt all data transferred between personal devices (e.g. laptop or smart phone) and on our servers. Firewalls, intrusion detection systems and virus scanning tools are used to protect against unauthorised persons and viruses accessing our systems. Access is limited by requiring use of passwords and/or smartcards. Staff are trained and regularly updated of their obligations with regard to the security and privacy of your information.

A log of every healthcare provider who has accessed the medical data is kept in Kabisa Medical. This log can be viewed once Kabisa Medical have activated our patient portal. When viewing the data log please bear in mind that during an in-patient stay in hospital or visit to a hospital outpatient department, there may be many healthcare professionals involved in patient care some of whom the patient will not have met e.g. radiologists, junior doctors, afterhours doctors or pharmacists. For more information about the health data log please visit our website.

No hard copies of patient data are kept by Kabisa Medical.

Patients

INFORMATION WE COLLECT

If a patient registers to have medical test results collected and stored by Kabisa Medical, Kabisa Medical will need to collect personal details including identity, address, date of birth and Medicare number. This information is used to accurately identify and match the patient with the correct historical medical test results.

CONSENT TO COLLECT YOUR INFORMATION

Registration with Kabisa Medical involves signing an electronic consent form which includes consent to collect and store your past medical test results as well as the ongoing collection of your medical test results until consent is withdrawn. Consent can be withdrawn at any time by visiting the Kabisa Medical website and following the Opt Out process.

Every healthcare provider that accesses medical test results via Kabisa Medical is asked to confirm that they have consent to do so. Patents can give consent to healthcare providers verbally, electronically or in writing. They can also imply their consent. An example of implied consent would be where a radiologist (specialist at interpreting x-rays) viewed data as part of interpreting and reporting x-rays. Although the patient would never have met or spoken to the radiologist it is reasonable to assume the radiologist has implied consent to view the data to deliver health care.

If records become inactive for 12 months, as evidenced by no results being sent to Kabisa Medical or none of the treating medical practitioners accessing medical test results, then Kabisa Medical will ask for renewed consent prior to allowing further access to the medical test results. For more information about consent please visit our website.

INFORMATION COLLECTED FROM OTHERS

Kabisa Medical will collect personal information, which is provided by healthcare providers, including identity, address, date of birth and Medicare number. This information is used to accurately identify patients and match with the correct historical medical tests. The health care provider will confirm your consent to providing this information to Kabisa Medical for this purpose.

Kabisa Medical will also collect sensitive information from others, primarily medical testing facilities such as pathology and radiology companies. For example, if a blood test has been obtained from a participating test provider, Kabisa Medical will collect a copy of the result. Some of this information may be collected from health professionals as well. Information may be collected that is publicly available, for example from public registers or information made available by third parties. This information is made available to be viewed by health care providers via the Kabisa Medical service, only for the provision of health care.

Kabisa Medical do not collect results which the original requesting doctor has marked as ‘confidential’ nor is data collected from corporate medical testing (e.g. work related drug screening).

How is personal information used?

All the health data collected about patients will only be used for the delivery of healthcare to those patients.

Kabisa Medical uses patients’ personal information for the sole purpose of accurately establishing identity, matching medical test results correctly and making medical test results available to health care providers. Kabisa Medical will collect, use and exchange personal data with other health service providers such as pathology and radiology companies. Health information will never be divulged to third parties without specific, expressed consent.

Kabisa Medical will communicate with patients from time to time via SMS or email for the purpose of confirming your consent to collect, store and make available medical test data. Kabisa Medical may also use SMS or email to communicate important changes to the Kabisa Medical service.

From time to time employees of Kabisa Medical may need to access the database storing your health data solely for the purpose of administering and maintaining the database.

UNDER 14S AND SPECIAL NEEDS

For patients under 14 years old or with special needs, information will be shared with the parent or legal guardian or any person appointed to manage their affairs.

Accessing, updating and correcting information

CAN I ACCESS MY INFORMATION?

Yes! Kabisa Medical have an online portal where patients have access to their medical test records for the purpose of controlling their own health care. Please write to us by email at info@kabisamedical.com.au to request access to information. Information will be made available within 30 days of a written request in normal circumstances. However, before information is provided, patient identity will need to be confirmed.

All the health data we collect about patients will only be used for the delivery of healthcare to those patients.

We use patients’ personal information for the sole purpose of accurately establishing your identity and matching your medical test results to you, and making medical test results available to your health care providers. We will collect, use and exchange personal data with other health service providers such as pathology or radiology companies. We will never divulge any of your health information to third parties such as insurance companies without your specific expressed consent.

How do we use healthcare providers’ personal information?

We use the personal information we collect about healthcare providers to accurately identify them and ensure they are currently registered with the Australian Healthcare Practitioners Regulatory Agency (AHPRA – their regulatory body). We will not collect, use and exchange any healthcare provider’s personal data with other third parties other than health service providers for the purpose of accurately identifying that provider. We may gather data about health practitioners’ requesting patterns for various medical tests and use this to tailor the services we offer to medical practitioners or in other ways for optimising the delivery of healthcare to their patients.

Keeping your information secure

All of our databases are stored on cloud servers that are physically based within Australia and we do not share any of your data with overseas organisations. We only use commercial servers with the highest level of security. The Kabisa Medical database uses the latest software and database architecture to maximize data security.

When healthcare providers (e.g. Pathology Provider) send us health data we only use secure, dedicated, health communication messaging services.

We encrypt all data transferred between your personal device (e.g. laptop or smart phone) and on our servers. We also use firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems. We limit access by requiring use of passwords and/or smartcards. We train and remind all our staff of their obligations with regard to the security and privacy of your information.

We keep a log of every healthcare provider who has accessed your medical data. You will be able to view this log once we have activated our patient portal. When viewing your data log please bear in mind that during an in-patient stay in hospital or visit to a hospital outpatient department, there may be many healthcare professionals involved in your care some of whom you will not have met e.g. radiologists, junior doctors, afterhours doctors or pharmacists. For more information about your health data log please visit our website.

We do not keep any hard copies of your data.

Accessing, updating and correcting your information

CAN I AS A HEALTHCARE PROFESSIONAL ACCESS MY INFORMATION?

Yes! At Kabisa Medical we encourage healthcare professionals to keep their personal details, work address and provider numbers up to date. If you wish to update any of your details simply login and update your details within your account.

CAN I REQUEST ACCESS TO MY INFORMATION BY WRITING TO KABISA MEDICAL?

Please write to Kabisa Medical at Unit 75 Wexford Medical Centre, 3 Barry Marshall Parade, Murdoch, WA 6150, or email info@kabisamedical.com.au to request access to your information. Information will be made available within 30 days of a written request in normal circumstances. However, before information is provided, patient identity will need to be confirmed.

CAN MY REQUEST FOR ACCESS BE DENIED OR LIMITED?

Kabisa Medical will not limit access to your own medical data. However, in certain rare circumstances requests can be denied, or access to some data limited. For example, patients may not be provided access to commercially sensitive information. In these rare circumstances an explanation will be provided by email or in writing.

Deleting or removing information from Kabisa Medical databases

CAN I REMOVE OR CORRECT MY INFORMATION?

The current Australian medical records storage legislation and guidelines suggest Kabisa Medical retain all patient health data for a minimum of seven years after their last contact with Kabisa Medical or until the patient is 25 years old, whichever is longer. Kabisa Medical appreciates all the medical test data held by Kabisa Medical primarily belongs to the patients and therefore patients should maintain control of it as much as possible. Patients can therefore electronically shred (completely erase) all medical test data stored by Kabisa Medical simply by visiting our website and following the Opt Out process. Kabisa Medical retains a data audit trail after the electronic shredding process.

Patients can also write to Kabisa Medical at Unit 75 Wexford Medical Centre, 3 Barry Marshall Parade, Murdoch, WA 6150, or email info@kabisamedical.com.au to request corrections to or withdrawal of medical test records from the database at any time.

WHAT IF WE DISAGREE THAT THE INFORMATION SHOULD BE CORRECTED?

All Kabisa Medical health data is linked to an individual by at least five unique identifiers (e.g. first and surname, date of birth, gender and Medicare Number) to prevent misidentification. The accuracy of the data Kabisa Medical stores about a patient is primarily limited by the data supplied to Kabisa Medical by medical test providers (e.g. pathology companies). If Kabisa Medical cannot resolve any disagreement about the accuracy of information, Kabisa Medical may refer the patient to the source of the data (e.g. pathology companies).

Healthcare Practitioners

INFORMATION COLLECTED ABOUT HEALTHCARE PRACTITIONERS

For the purpose of this policy, healthcare practitioner is used to include doctors, their juniors and allied health team, and clinical administrators. Clinical administrators are not permitted the same access as doctors, junior doctors and allied health professionals.

To register with and use Kabisa Medical as a healthcare provider personal details are collected, including identity, practicing address(es), date of birth, provider numbers, public hospital identity number and AHPRA registration number. This information is used to accurately identify practitioners and ensure they are a registered healthcare provider. Information may be collected that is publicly available, for example from public registers or information made available by third parties.

To register as a clinical administrator personal details are collected, including identity, practicing address(es) and date of birth as well as the identifying information of the healthcare providers worked with.

Information will be collected about interactions with Kabisa Medical, for example when Kabisa Medical services are used to check a patients’ results, phone Kabisa Medical or visit any of our websites. When Kabisa Medical website or mobile applications are used, information may be collected about user location or activity including IP address and telephone number. Some of this website information collected may use Cookies. A log of every healthcare practitioner’s activity is kept in Kabisa Medical and patients have the right to view the log of all those who have accessed their medical data.

How is a healthcare practitioner’s personal information used?

The personal information collected about healthcare practitioners is used to accurately identify them and ensure they are currently registered with the Australian Healthcare Practitioners Regulatory Agency (AHPRA – their regulatory body) in the case of healthcare practitioners. Kabisa Medical will not collect, use and exchange any healthcare practitioner’s personal data with other third parties other than health service providers for the purpose of accurately identifying that them. Data may be gathered about health practitioners’ requesting patterns for various medical tests and used to tailor the services offered to medical practitioners or in other ways for optimising the delivery of healthcare to their patients.

Consent to collect, store and access patient medical test data

Kabisa Medical are the keepers of patients’ most personal information. As a healthcare practitioner of Kabisa Medical responsibilities must be understood, when it comes to managing patients’ privacy. Healthcare practitioners can only access patient’s medical test data when they have their consent to do so. That consent can be provided verbally, in writing of electronically. Kabisa Medical will only collect data of a patient that has signed an electronic consent form which can be sent to the patient by SMS or email, as well as the patient being able to sign the consent form using the computer where any user is logged into Kabisa Medical.

Patients can also imply their consent to access their medical test data, where their actions or behaviour can be interpreted as implied consent. An example of implied consent would be where a radiologist viewed a patient’s medical test data via Kabisa Medical as part of interpreting and reporting their x-rays. Although the radiologist would never have met or spoken to the patient, it is reasonable to assume the radiologist has the patient’s implied consent to view their data to deliver health care them. A log of every healthcare practitioner’s activity is kept in Kabisa Medical and patients have the right to view that log if they wish to do so.

If a patient’s records become inactive for 12 months, as evidenced by no results being sent to Kabisa Medical or none of the treating medical practitioners accessing the medical test results, then Kabisa Medical will ask healthcare practitioners to renew the patient consent prior to allowing further access to the medical test data. For more information about consent please visit our website.

Healthcare practitioners can only use patient medical test data for its primary purpose i.e. delivery health care to that patient. If a user intends to use the medical test data for any other purpose (e.g. research) patient’s expressed consent is needed for this other purpose. Any queries please see our website for further information.

Data accuracy and integrity

All Kabisa Medical health data is linked to an individual by at least five unique identifiers (e.g. first and surname, date of birth, gender and Medicare Number) to prevent misidentification. The accuracy of the data Kabisa Medical stores about a patient is primarily limited by the data supplied to Kabisa Medical by medical test providers (e.g. pathology companies). Kabisa Medical strongly recommends that healthcare practitioners refer to the original source of the medical data (e.g. by contacting the medical test provider directly) if there is any concern about the accuracy of the data provided by Kabisa Medical prior to making clinical decisions.

Can I as a healthcare practitioner access my information?

Yes! At Kabisa Medical healthcare practitioners are encouraged to keep their personal details, work address and provider numbers up to date. To update any details simply login and update details within your account. Activity log can also be viewed through account details. If access is required to any of your information stored by Kabisa Medical please email info@kabisamedical.com.au to request access. Information will be made available within 30 days of a written request in normal circumstances. However, before information is provided, identity will need to be confirmed.

Can I request access to my information by writing to Kabisa Medical?

Can you deny or limit my request for access?

Kabisa Medical will not limit access to your own data. However, in certain rare circumstances requests can be denied, or access to some data limited. For example, access may not be provided to commercially sensitive information. In these rare circumstances an explanation will be provided to by email or in writing.

Making a privacy complaint