Need to talk? Call 1800 882 436.
It's a free call with a maternal child health nurse. *call charges may apply from your mobile

Is it an emergency? Dial 000
If you need urgent medical help, call triple zero immediately.

beginning of content

Privacy policy

Healthdirect — your trusted source of quality health information and advice

Healthdirect’s mission is to help Australians actively manage and improve their health by providing trusted information and virtual services anywhere and anytime. We work together to make a daily difference in the lives of others.

To achieve our mission, we collect and handle personal information about health consumers and others. We are committed to being transparent about the data we collect about you, how it is used and with whom it is shared.

This Privacy Policy applies when you use Healthdirect services via any channel — including helplines, video call solutions, websites, service finders, mobile applications and social media networks. If you have any concerns about how we manage your privacy, please feel free to contact us at the details set out below.

On this page


About this privacy policy

Effective 11 May 2022

This is the Privacy Policy of Healthdirect Australia Ltd (ABN 28 118 291 044) (Healthdirect) (also variously described as us, we or our throughout this policy).

In this policy, we describe what kinds of personal and sensitive information we collect, why we collect this information, and how we use, disclose and protect the information that we hold, including:

  • When we deliver health services and information to members of the public via helplines, video call solutions, websites, symptom checkers (and our other digital health service tools), service finders, mobile applications and social media networks.
  • In our corporate functions, such as when we engage with contractors, representatives of service providers and stakeholders, job applicants and other people.

In this policy when we use 'you' or ‘your' we are referring to the individual reader of this Policy, and/or the consumer of the services and information that has been described above.

‘Personal information’ refers to information or an opinion about an identified individual or an individual who is reasonably identifiable. ‘Sensitive information’ is a subset of personal information, the most common types of sensitive information that we collect about you, may include:

  • racial or ethnic origin
  • sexual orientation
  • health information
  • details relating to your pregnancy or child (such as your estimated due date, child’s name and birthdate)
  • genetic information

We must comply with Commonwealth privacy laws and for some services, State and/or Territory privacy laws as well. We also endeavour to adopt careful and ethical data practices and to embed privacy considerations in the design of our services.

If you have any concerns about how we manage your privacy, please feel free to contact us at the details set out below.

BACK TO TOP

Collecting personal information

General

We may collect your personal information through your interactions with us, including:

  • when you contact us, through telephone, video call solutions or through our websites to utilise any of our services or information
  • when you deal with us as part of managing our day-to-day business activities
  • as part of procuring goods and services from you, or in the provision of your providing such services on our behalf
  • when you are a current, former, or potential employee or contractor; or
  • when you make an enquiry or complaint to us

Wherever possible, we will collect personal information directly from you. Where it is impracticable or unreasonable to do so we may collect your personal information from a third party with your consent or where authorised under an Australian law. For example, there are times when it is necessary to collect personal information from another person, such as where a patient permits or has authorised another person to conduct their affairs (such as a spouse or guardian), is unconscious, incapacitated or is a minor.

Within a Healthdirect user account (which is available via the website) people can add family members, and tag, and add their health events into the app. This means that we may collect personal information about people from their family members in user accounts. We have designed user accounts to encourage nicknames to be used to limit the collection of identifiable information. More information about our user accounts is provided below.

BACK TO TOP

Collecting personal information for health services

If you use our health services, we may collect:

  • your name
  • age
  • gender
  • date of birth
  • contact details (such as your address, email address and phone number)

With your consent, we may also collect sensitive information about your illnesses, symptoms you have experienced, any existing disabilities, or other health services you are receiving or are to be provided in the future. If it is clinically relevant, we may also request your consent to collect sensitive information about your ethnic background, sexual practices, or details relating to your pregnancy (such as your estimated due date, child’s name and birthdate). You always have the choice not to provide this consent to collect this information, but if you choose not to provide your consent, we may not be able to provide you with our services.

When you access some of our services, such as healthdirect and After Hours GP, you will be offered a copy of your care advice, which is a summary of the advice received. To send this to you, we need your mobile phone number.

If someone calls Healthdirect on another’s behalf, we may collect their name and contact details as well.

BACK TO TOP

Call recordings

We make and store audio and video recordings for auditing and quality purposes of services, these recording may contain the personal information described above. If you want further information about call recordings, please contact our Privacy Officer.

BACK TO TOP

Dealing with us anonymously

When you use our health services (except for After Hours GP), you can choose to deal with us anonymously, or by providing a pseudonym. If you wish to do this, please advise the call operator assisting you.

(After Hours GP) is a call-back service and we, therefore, need to identify you to provide the service. You will not be able to receive this service if you choose to remain anonymous or provide a pseudonym.

If you provide your personal information (or use a pseudonym), Healthdirect can SMS you a secure link to a summary of your call, and on request we can give you a contact record reference number which allows you, and other authorised persons, to retrieve information about that call later. A summary of your call is not available currently for our Pregnancy, Birth and Baby service.

BACK TO TOP

Collecting personal information for digital services — websites and mobile applications

We have a range of digital offerings, including services and tools on our website and the Healthdirect user account for web browser.

BACK TO TOP

Using services and tools on our website

Most services and tools on our website can be used without having to give us any personal information. These include:

Whenever you use these services and tools, you can do so anonymously.

However, if you ask for your results to be sent to you, we will collect your name and/or email address which may identify you.

We make no attempt to identify anonymous users or to link the activities of people browsing or using services on our website unless we are required or authorised by law to do so.

BACK TO TOP

Healthdirect user account for web browser

You can set up a Healthdirect user account for web browser. This will enable you to create a profile, save your interactions, set information and notification preferences, and return to your information at any time.

You can choose not to receive some communications or messages from us. This includes general communications material or information sent by us

There are some notifications or messages that you cannot opt-out of. For example, where it relates to your privacy or the security of your personal information.

If you set up a user account, we will collect the following personal information from you:

  • your name
  • age
  • sex at birth
  • date of birth, and
  • contact details (phone number and email address).

We will also collect health information about you, such as your symptoms when you use Symptom Checker or our other digital services and tools while signed into your user account.

You can choose to set up your user account with a pseudonym if you choose, such as a nickname. No attempt will be made to identify users unless we are required or authorised by law to do so.

BACK TO TOP

Pregnancy, Birth and Baby

Our Pregnancy, Birth and Baby (PBB) service is also available via our website. PBB enables you to set up a user profile and have notifications served to you which relate to your pregnancy and your baby.

When you use PBB, we will collect details relating to your pregnancy (such as your estimated due date, information about your ovulation cycle and child’s name and birthdate).

BACK TO TOP

Third-party websites and social media

Our digital services may have links to other websites that are not controlled or owned by us. Similarly, you may access our services or products via social media platforms (e.g., Facebook, Messenger, Twitter etc).

In these situations, any personal information you provide on these platforms will be handled under the privacy policies of those platform providers. We encourage you to check those privacy policies prior to use. For more information please see our Social Media Acceptable Use Policy.

BACK TO TOP

Collecting personal information in our corporate functions

We rely on and engage with people every day to operate and deliver our services. In doing so, we collect personal information about people including contractors, representatives of service providers and stakeholder organisations, job applicants and others.

The personal information we collect may include:

  • name
  • job title, and
  • contact details (phone number, email address and office address).

We collect this information primarily to communicate with you or your organisation.

If you have applied for a job with Healthdirect, we may also collect information included in your cover letter and resume and/or provided through background checks. This may include opinions from referees and criminal background checks which are obtained with consent. Some of this information may be sensitive information.

BACK TO TOP

Using and disclosing personal information

General

These are the main ways in which we use and disclose personal information (including health information and other types of sensitive information you provide):

  1. To provide healthcare services.
  2. To send a recipient of healthcare services information about the services they have received or topics they may be interested in or have requested.
  3. To seek feedback on a person’s satisfaction with the services they have received.
  4. To improve our services. For example, we may use audio recordings of telehealth consultations for audit and training purposes to help ensure that it meets the highest standards of safety and quality in health care. Healthdirect also uses ‘in-app’ feedback to identify where improvements can be made in our digital services.
  5. To consult, with consent, with a person’s health service provider (this usually occurs in a health session while the person is still on the line).
  6. To engage with a person’s representative, for example, where a patient permits or has authorised another person to conduct their affairs (such as a spouse or guardian), is unconscious, incapacitated or a minor. We will deal with the person responsible for their welfare and this will include disclosing personal information about the patient to that person. This also applies where a user account holder has set up a profile for a family member.
  7. To receive IT support from IT service providers in Australia and overseas for the purpose of providing health services. Healthdirect uses IT service providers in Australia and in the United States (we ensure that your personal information is in secured storage which conforms to Australian privacy requirements).
  8. For health research purposes, including data linkage projects.
  9. In dealing with individuals (including employees and contractors) as part of the day to day running of Healthdirect, including where we may be dealing with current, former, and future employees.
  10. In dealing with people who supply goods and services to us, or to you on our behalf.
  11. To deal with complaints and enquiries made about our services or information.

BACK TO TOP

Occasional disclosures

At times, Healthdirect discloses personal information to Commonwealth, State or Territory health services to assist them in providing health services to an individual or to address issues you may raise with them.

Healthdirect may also use and disclose your personal information to third parties and services providers that are partnering with us to deliver our services and information, including to also ensure standards of safety and quality of our services. Where information is disclosed to any third party, we ensure that your personal information is in secured storage which conforms to Australian privacy requirements.

Healthdirect may also use and disclose personal information (but not sensitive information such as health information) where:

  • it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety and it is unreasonable or impracticable to obtain the individual’s consent to the use or disclosure. For example, Healthdirect may share relevant personal information with health services and/or Government bodies in the event of a national, State or Territory health disaster so that an appropriate health response can be provided.
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in and the use or disclosure is necessary for us to take appropriate action in relation to the matter
  • we believe that use or disclosure is reasonably necessary to assist with locating a missing person
  • it is necessary for the establishment, exercise or defence of a legal or equitable claim
  • it is necessary for the purposes of a confidential alternative dispute resolution process
  • we transition our services to another provider, in which case personal information may be transferred to them for continuity.

BACK TO TOP

Reporting using de-identified information

Healthdirect is publicly funded and therefore, it is required to share service delivery data with its funders, to demonstrate value and accountability and to drive improvements in the healthcare system. We may also share de-identified information with other organisations for research and statistical purposes.

When we share or report this data, it is de-identified, which means we have taken steps to remove personal information so that it does not reveal information about any one individual.

BACK TO TOP

Protecting your personal information

We have a range of security controls in place designed to protect your personal information from unauthorised use and disclosure.

These physical, technical and procedural safeguards include:

  • Data encryption: All data, including data that is personally identifiable, is always encrypted at rest and in transit.
  • Continuous monitoring: Our website and app are subject to penetration testing and ongoing security monitoring and vulnerability testing.
  • Data storage: We store your personal information in secured storage which conforms to Australian privacy requirements.
  • Username and password: Where you set up a user account on the website, you will set a username and password.

BACK TO TOP

Storing your personal information — our record keeping obligations

Depending on which State or Territory the service was delivered to you in, we are obliged under health records legislation to retain records of your health or digital service delivery for up to 15 years from the last occasion on which health services were provided to you.

In the case of patients under the age of 18, your records must be kept until you are at least 25 years of age, and in some States or Territories, 28 years of age.

We retain records of non-clinical advice and services we provide for shorter periods, of time, depending on the service type.

After these periods, if the information is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will securely destroy or de-identify it.

BACK TO TOP

How to access or correct your personal information

You have a right to request access to and/or seek correction of the personal information that we hold about you.

Before we give you access, or change your personal information, we may need to confirm your identity.

We will not charge you for making an access request, but we may ask you to pay a reasonable fee for the work involved in providing you with this information and for associated costs such as photocopying. You will be notified of any costs before your request is processed.

If we refuse to provide you with access to your record or to update your record in the way you request, we will provide you with written reasons.

If we refuse to correct or update your information, we will make a note on your record of your request for correction.

Click here to access the Healthdirect Personal Records Access or Change Request Form.

BACK TO TOP

How to make a complaint

If you have a privacy complaint or concern relating to the way that we have handled your personal information, please contact Healthdirect. We will investigate your complaint or concern and endeavour to respond to you within 10 working days.

If you feel we have not adequately resolved your complaint or concern, you may contact the Australian Information Commissioner at www.oaic.gov.au.

BACK TO TOP

How to contact us

Email: privacy@healthdirect.org.au

Postal address:
Healthdirect Australia
PO Box K411
Haymarket, NSW 1240
Australia

BACK TO TOP

Scope of and updates to this privacy policy

From time to time, we will update this Privacy Policy. The current version will always be displayed on our website and supersedes previous versions.

BACK TO TOP

Last reviewed: May 2022

Call us and speak to a Maternal Child Health Nurse for personal advice and guidance.

Need further advice or guidance from our maternal child health nurses?

This information is for your general information and use only and is not intended to be used as medical advice and should not be used to diagnose, treat, cure or prevent any medical condition, nor should it be used for therapeutic purposes.

The information is not a substitute for independent professional advice and should not be used as an alternative to professional health care. If you have a particular medical problem, please consult a healthcare professional.

Except as permitted under the Copyright Act 1968, this publication or any part of it may not be reproduced, altered, adapted, stored and/or distributed in any form or by any means without the prior written permission of Healthdirect Australia.