Legal

‍

At TCI Health, we strive to empower our customers who trust us with their data. We honour that trust by ensuring their information, privacy and rights are protected.

‍

Who are we and what do we do?

TCI Health Pty Ltd (ABN 18 656 230 278) (“TCI Health”) is a private company which is registered in Australia.  

TCI Health offers secure cloud-based services (“Services”) that allow the safe collection, storage and disclosure of individuals’ personal information (which includes health information) in order to:

Streamline and automate the billing of patients for medical practitioners (“clients”), including by facilitating payment of billings by third party payers (such as Medicare Australia, private health funds, or other regulatory payers);

Provide its patient users (“patients”) a secure platform to pay any gap fees incurred from medical services provided by their practitioners; and

Provide its users with statistical analysis of their invoices, billings and practices, including with respect to their individual patients.

‍

TCI Health is committed to managing personal information (including sensitive information) in accordance with the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws. This policy sets out how we manage your personal information and is referred to as our Privacy Policy. In this Privacy Policy, “we”, “us” and “our” refers to TCI Health and its affiliated companies or related bodies corporate and “you” or “your” refers to any individual about whom we collect personal information. This Privacy Policy tells you how we collect, store, use and disclose your personal information.

‍

‍

What personal information do we collect and hold?

Clients and users

When you become a client or a user of TCI Health’s software (including patients of a client) (“users”), a record is made which may include your personal information. The type of personal information that we collect will vary depending on the circumstances of collection and the kinds of services which have been provided by our clients.

Whenever users visit or interact with our website or application (“Platforms”), we and our third party providers may automatically or passively record their metadata information about how the Platform is accessed and used (“Usage Information”). Usage Information helps us keep our Platforms relevant to users and allows us to tailor our content. Usage Information is generally non-identifying, but if any aspect of it may identify you, we will treat it as personal information.  

We may use third-party advertising services to serve advertisements on our behalf. When you visit our Platforms, the third-party analytics services help us understand and improve the usage of Platforms and the effectiveness of our marketing efforts. The delivery of online advertising to you and others on our Platforms will not result in the disclosure of any of your personal information to those third-parties.

‍

Patients

In addition to the above, we will also collect patients’ personal information which is considered sensitive information within the meaning of the APPs. This includes but is not limited to the collection of patients’ personal health information including patient identifiers, contact information, payment information, Medicare and/or health insurance information, and information about their episode of care (including information such as their surgical procedure, comorbidities and weight, and any notes made by our clients).

Clients are solely responsible for ensuring that all necessary consents have been obtained from patients prior to the uploading of any of their information to our servers, and we do not intend to collect any patient’s personal information without their prior written consent. However, we will take all reasonable steps to ensure that patients are notified that their personal information has been collected to provide billing services. Where patients do not agree to our collection of their personal information or they wish to withdraw their consent to such collection, they may contact us to request deletion of their information in accordance with our policy below.

Why do we collect, hold and disclose your personal information?

We collect your personal information:

• To provide the Services to you and others;
• Identify our users, clients, potential clients, and their representatives;
• Carry out administrative tasks such as billing, entering into contracts with you or third parties, debt recovery activities and managing client relationships;  
• Carry out our quality assurance and complaint handling activities in a professional and efficient manner; and
• For market research purposes and directly marketing to you in accordance with the APPs.

‍

How do we collect your Personal Information?

We generally collect personal information directly from the uploads of our users or their representatives, including via Optical Character Recognition (OCR) from image uploads and PDF or sticker submissions from our clients (where they have obtained or arranged for the obtaining of a patient’s express written consent).

We may also collect certain ancillary information by electronic messages (including email and SMS, or any of our integrated messaging services), and via your usage of our Platforms (including via your mobile Usage Information).

‍

How do we hold, store and secure your Personal Information?

We are committed to providing a highly secure and reliable Platforms to our clients to perform their services. In order to protect the personal information which we hold, we use industry-standard physical, procedural and technical security measures in accordance with our obligations under the APPs, including encryption as appropriate. Our security model and controls are based on international standards and industry best practices, such as ISO 27001, ISO 27018 and OWASP Top 10.

Our systems are hosted on Amazon Web Services. This allows us to provide a reliable service and keeps your data readily available. This data centre employs leading physical and environmental security measures, resulting in highly resilient infrastructure. We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.

‍

How do we use and disclose your Personal Information?

1. Users

If you are an individual whose personal information has been uploaded to the TCI Health database (whether by yourself or by our client with your express informed consent) for the purpose of us providing the Services, we will:

• use and disclose your personal information where this is reasonably necessary for, and relevant to, our delivery of the Services, including disclosures to our clients and other third parties (such as Medicare Australia, third party insurers, or other regulatory payers) for the purposes of delivering and enabling the Services;

• de-identify certain information for the purposes of conducting analytics and obtaining relevant metrics (which may be used for the purposes of providing advertising or other marketing related activities to you or others); and
• any other purpose which we may determine to be appropriate from time to time but consistent with the APPs.

2. Contractors and other service providers

We may disclose information to third parties in order to assist us in providing the Services, including contractors and service providers used for payment processing, data processing or storage, technology providers, information technology services and support, Platform maintenance/development, and email and SMS distribution services who help us supply our products and services.

3. Administration and management

We will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:

• administering billing, payments and debt recovery;
• planning, managing, monitoring and evaluating our services;
• statistical analysis and reporting;
• risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);

• responding to enquiries and complaints regarding our services;
• obtaining advice from consultants and other professional advisers; and
• responding to subpoenas and other legal orders and obligations.

4. Marketing

We may send our clients direct marketing to inform them about products or services, special offers, promotions and events that may be of interest.

Your consent to receive direct marketing communications from us in the above ways will be deemed if you do not opt out when you are offered the opportunity to do so, and will remain current on an ongoing basis unless and until you advise otherwise. If you do not want to receive such offers from us, you can opt out at any time by contacting us using our contact details provided below or by utilising the “unsubscribe” function in electronic communications.  

If the law requires us to provide you with information about our products or services, we will provide that information even if you have elected not to receive information about our products and services generally.

5. Other uses and disclosures

We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.  

We may also use or disclose your personal information where:

• You have consented to the use and disclosure (including to our clients);
• The disclosure is to our business partner for the purposes of providing the Services to you, in which case we will require them to use and disclose the personal information only for the purpose for which it was provided to them;
• The third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business;
• The disclosure is permitted, required or authorised by or under law or ordered by a Court or Tribunal;
• The disclosure is required or appropriate to protect your, our, or other’s rights, property, or safety; or

• We are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, and your information may be disclosed in connection with the negotiation of such transaction, and/or transferred as part of such a transaction as permitted by law and/or contract.  

‍

Do we transfer your personal information overseas?

We will use our best endeavours to ensure your personal information is only stored within Australia, and will not disclose your personal information to any overseas third parties.

‍

Links to Third-Party Websites

Our Platforms may contain links and integrations to third party websites and platforms. This Privacy Policy does not apply to the practices of those third parties, and we are not responsible or otherwise liable for the actions, information, representations and privacy policies of the third parties that operate or interact with those other websites.

In order to use our Services, you may be required to provide those third parties with additional information, such as your credit card information. Any information which you provide to those third parties will not be shared with us and we will not collect or hold that information.

‍

Your Privacy Rights

Certain jurisdictions have specific legal requirements and grant privacy rights with respect to personal information, and we will comply with restrictions and any requests you submit as required by applicable law. You may contact us to access and update any of your information that we hold.

‍

How can you access or seek correction or deletion of your personal information?

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date in accordance with our obligations under applicable privacy regulation.

In instances where we hold your personal information in our database, you may contact us directly to seek an update, amendment or request deletion of your personal information. We will meet this request within a reasonable timeframe.  

After receiving a request from you, we will take reasonable steps to correct your information however we are not liable for the accuracy, completeness or veracity of such information which we have collected from you and any third parties.

To request access to or update your personal information please contact our privacy officer using the contact details set out below. We will respond to your request within a reasonable time in accordance with the Privacy Act 1988 (Cth) and other applicable privacy laws depending on the jurisdiction.  

You will not be charged for making a request to access your personal information, but you may be charged a reasonable fee for our costs and any expenses involved in compiling information in response to your request.

‍

Changes to our Privacy Policy

We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our Platforms regularly to keep up to date with any changes. By continuing to use our Services, you agree to be bound by the Privacy Policy as amended.

‍

Complaints

If you have any concerns or would like to make a complaint, please contact the Privacy Officer (details below). Please include your full name, email address and/or telephone number and clearly describe your concerns or complaint. We will endeavour to investigate your matter and respond to your complaint within a reasonable time after it is made. If you are unhappy with our response, we will provide you with information about further steps you can take.

‍

Contact Us

You can contact our Privacy Officer in the following ways:  

TCI Health Pty Ltd

Attention: Privacy Officer

Email: info@tcihealth.com.au

Postal Address: Suite 212, 45 Glenferrie Road, Malvern VIC 3144

‍