Royal Flying Doctor Service of Australia’s policy for the collection, storage and disclosure of personal information.
The Royal Flying Doctor Service provides emergency and aeromedicine, primary health, dental services and medical chests to our patients. As a not-for-profit organisation, we also manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, fundraise, handle feedback, and report to our funders. The RFDS collects personal information from our patients, their carers, representatives, family and friends; employees and volunteers including those applying to work with us; our supporters (donors); and others.
We are committed to meeting our legal requirements under the Privacy Act 1988 (the Act), Australian Privacy Principles (the Principles) and any other legislation.
We take all reasonable efforts to safeguard all personal information.
In general we:
- Ensure fair, open and transparent management of information;
- Collect information lawfully and through fair means;
- Collect, use and disclose only the information we need for its intended purpose or to comply with the law;
- Take reasonable steps to ensure accuracy of information;
- Collect information about a patient from them direct (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if the patient is unable to give us the information, or has given consent for someone else to do this for them);
- Regulate access and correction;
- Ensure appropriate storage and security;
- Destroy or de-identify information not needed for the intended purpose as soon as we can;
- Ensure all of our staff are aware of privacy expectations
- Acknowledge that people with vision or hearing impairments, and culturally and linguistically diverse people, may require special consideration.
What information do we collect, and why?
We collect identity and contact details, health and sensitive details (facts and opinion), to deliver appropriate care and treatment to our patients and to let their next of kin know how they are doing. Some of this information may come from a third party (eg: representative, hospital or referring doctor). Patients can choose not to provide a specific detail and this may reduce our ability to provide services – although we will always do our best regardless. Clinical images may be taken during an episode of care for that primary purpose. An image will not be used for education and training purposes unless written consent is obtained. We use patient contact details to seek their feedback. Any further contact is subject to them opting in (and they can opt-out later). At times, we seek to share a patient’s personal experience publicly via media, social media, our newsletters or website. We only do this when we have their express written permission. Otherwise we have protocols in place to ensure de-identification and only reporting of a general nature for an incident that generates media interest.
We collect information from people applying to work with us, and during their employment for these purposes. This includes identity, contact, employment and education history, referee details and opinion, medical details, criminal history, finance (banking, tax and superannuation) and other details.
We usually collect identity, contact and financial information (such as credit card) when a donation is made. We are guided by the Fundraising Institute of Australia Code of Conduct and use contact details to let supporters know about events and other fundraising campaigns by mail, email and SMS/MMS (they can opt-out at any time using our simple mechanism). If they choose not to provide identity or contact information, we cannot provide a receipt or details about upcoming events and opportunities.
Anyone attending an RFDS event or base may be filmed or photographed. For individuals, we seek to obtain written consent prior to using their image for promotional purposes. For crowd scenes, in a public place, it would be impractical to seek consent and we may use these images and not include any personal details (such as name, even if known). All RFDS bases have security CCTV cameras in external and public access areas.
We do not disclose personal information overseas unless:
It is to the person themselves
Consent has been provided
Information is de-identified
It’s a permitted general situation or authorised by Australian law (eg: offshore payment or data processing such as credit cards).
How can you access your personal information? Who else has access?
We disclose patient information:
For the primary purpose of providing a health and medical service
When we have the patient’s, or their representative’s, consent
To other health professionals (in an emergency, this may be done without notice or express consent)
When legally required (eg: mandatory reporting of certain diseases, abuse, warrant or subpoena)
Unlawful activity or to prevent a serious and imminent threat to life, health or safety (to an individual or the public);
As de-identified data for research, compilation of statistics, and public health;
During a formal quality review;
To our government funders.
You can access other personal information we hold about you by giving a written request which we will respond to within 10 business days. We will need to confirm your identity before providing access and we may charge a reasonable fee. There are some instances under the Act where we can deny a request such as impacting on another person’s privacy. If we deny a request, we advise the reasons in writing. Please note that information is not provided over the phone, unless we are certain the enquirer is the individual or the legal or nominated representative. If a detail we hold is incorrect or outdated, you can let us know at any time and we will change it. At times we may not agree to remove or change it (eg: medical opinion) but they can add separate information to the file.
Unsuccessful employment applications are held for a period of time in case they may be suitable for any similar opportunities that become available. We will destroy any application, and no longer consider it as part of the recruitment pool, on request from the Applicant. Whilst our employees do not have a legal right to access under the Privacy Act, they can make a written request to their manager and review their file contents. They cannot make any changes to their records but may add a note to their file if they wish.
Supporters and Others
Our website may contain links to other sites of interest. We cannot control, or be responsible for, their content or privacy practices. Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible. However, everyone should be aware that there are inherent risks associated with the transmission of information over the internet including by email or by facsimile. While all reasonable efforts are made to secure information transmitted to this website, there is a possibility that information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold the RFDS liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur.
From time to time, we contact our regular supporters directly to update or confirm their personal or credit card details. When we do this, we provide you with sufficient information from our existing database (including, where appropriate, the last four digits of your credit card) for you to be satisfied that the caller is our representative. If you receive a request for your full credit card number and CVV number, you should consider this a hoax, disregard and report the contact to www.scamwatch.gov.au or contact our us at firstname.lastname@example.org as soon as possible.