Privacy Policy

Purpose

Navigator Group (‘Navigator’) is committed to protecting the privacy of patients and customers in the way personal and health information is collected, stored and shared. Navigator is bound by the Privacy Act 1998 (Cwth), complies with the Australian Privacy Principles (March 2014) and are committed to protecting your personal information.

Navigator holds two types of information that are covered by this policy: personal information and organisational information. Navigator recognises the need to be consistent, cautious and thorough in the way that information about patients, customers and stakeholders is collected, stored and shared.

All individuals have legislated rights to privacy of personal information. In circumstances where the right to privacy may be overridden by other considerations (for example, child protection concerns), staff act in accordance with the relevant policy or legal framework, or both.

Navigator is committed to ensuring that information is used in an ethical and responsible manner

Commencement

This Policy will commence on 10th May 2023. It replaces all other Privacy and Confidentiality policies (whether written or not).

Definitions

In this Policy, the following terms are defined as: 

Personal Information’ refers to information or an opinion about patients or employees from which an employee’s identity can reasonably be ascertained. This includes any personal information or opinions about the person, whether true or not, no matter how the information or opinions are recorded. Navigator only collects Personal Information that it needs for a Relevant Purpose.  

Sensitive Information’ is a special category of Personal Information and includes information about a person’s health, race or ethnic origin, political or religious beliefs, membership of a trade union or association, sexual preference, medical information or criminal record. 

Relevant Purpose’ is a purpose related to healthcare and rehabilitation services delivered by Navigator Group. 

Confidentiality ensures that information is accessible only to those authorised to have access and is protected throughout its life-cycle. Confidential information may be marked as such or deemed confidential by its nature; for example, it is information that is not available in the public domain. 

Protecting Personal Information 

Navigator takes steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include reasonable physical, technical and administrative security safeguards for electronic and hard copy or paper records as identified below. 

These steps include: 

 Reasonable physical safeguards include: 

  • Locking filing cabinets and unattended storage areas 

  • Physically securing the areas in which the personal information is stored 

  • Not storing personal information in public areas 

  • Positioning computer terminals and fax machines so that they cannot be seen or accessed by unauthorised people or members of the public 

Reasonable technical safeguards include: 

  • Using passwords to restrict computer access, and requiring regular changes to passwords 

  • Using multi factor authentication 

  • Establishing different access levels so that not all staff can view all information 

  • Ensuring information is transferred securely where possible 

  • Installing virus protections and firewalls 

Navigator has a requirement to notify individuals and the Australian Information Commissioner about 

‘eligible data breaches’ in accordance with the NDB (Notifiable Data Breaches) scheme in Part IIIC of the 

Privacy Act.  

An ‘eligible data breach’ occurs when the following criteria is met: 

  • There is unauthorised access to, or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur) 

  • The breach is likely to result in serious harm to any of the individuals to whom the information relates 

  • The entity has been unable to prevent the likely risk of serious harm with remedial action 

Employee Obligations

  • Information protection is a requirement of all team members. All team members must not: 

  • Discuss patient or customer information with each other in a trivial manner 

  • Share or use another person’s log on details to access systems 

  • Discuss personal information about patients with their own circle of friends, families or other people not professionally associated with Navigator 

  • Pass on information, or discuss information with another affiliated service provider that is not factual, relevant or without consent 

  • Provide information over the telephone, about a patient or their family to unauthorised persons 

  • Discuss behavioural information or addresses of patient’s homes to unauthorised persons 

  • Leave any patient information in unsecured public places

Collection of Personal Information

We may collect the following types of personal information from you: 

  • Name 

  • Address 

  • phone number, fax number and email address 

  • personal information about your health, work history, personal history, medical history and your insurance claim 

  • information from enquiries you have made 

  • communications between us

How Navigator Collects Information 

The nature and extent of personal information collected by Navigator varies depending on the interaction with Navigator. 

Navigator collects information through various means, including telephone and in-person interviews, appointments, forms and questionnaires. 

Navigator may obtain personal information from a third-party source such as an insurance company, scheme agent or corporation responsible for managing a claim. If information is collected in this way, we will take reasonable steps to contact the person the information relates to, to ensure they are aware of the purposes for which we are collecting the personal information. 

If the information collected is required to be disclosed to an organisation to which we may disclose the information to (subject to any exceptions under the Act) we will advise the person, the information relates to. 

Some phone calls may be recorded for the purpose of internal training, quality and research purposes. You will be notified at the beginning of the call if the call is to be recorded. Please advise the Navigator staff member if you do not want the call to be recorded and the recording will be deleted immediately upon completion of your call. 

Website 

When you visit our website, certain information may be collected such as browser type, and operating system however it is not possible to identify you personally.  

Information is only collected when an enquiry form within our website is completed and submitted.  

Our website may from time to time contain links to other websites. Navigator stresses that when an online user accesses a website that is not our website, it may have a different privacy policy. To verify how that website collects and uses information, the user should check that particular website's policy.  

Navigator will never knowingly send electronic messages without consent. Refer to the Spam Act 2003 for more information.  

As is very common for companies, we use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. We use cookies to improve the experience of people using our website.  

Providing Personal Information  

Navigator may be required to provide personal information to external organisations, however, Navigator will only provide an individual’s personal information to a third party when one of following applies: 

  • The individual has consented 

  • It is otherwise required or authorised by law 

  • It will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety 

  • It is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities 

  • It is reasonably necessary to assist in locating a missing person 

  • It is reasonably necessary to establish, exercise or defend a claim at law 

  • It is reasonably necessary for a confidential dispute resolution process 

  • It is necessary to provide to a health service e.g. to your treating doctor and insurer. 

  • It is reasonably necessary for the enforcement of a law conducted by an enforcement body 

 Providing Information Externally  

We will take all reasonable steps to provide access to the information requested within 14 days of receiving the request. In situations where the request is complicated or requires access to a large volume of information, we will take all reasonable steps to provide access to the information requested within 30 days.  

When a request for information is received, Navigator ensures the following prior to releasing the information: 

  • That consent to release information has been given by a person who is authorised to give that consent prior to collecting the information. 

  • The requestor of the information is authorised to receive the information requested 

  • The information provided only contains the information needed 

  • The information provided does not contain any information relating to any other person 

  • The information collated to be provided is approved by a General Manager or a member of the executive leadership team prior to release 

 Due to the nature of our service delivery, healthcare records may contain information about other persons involved in activities or such matters. In this case, Navigator will provide a summary or redacted report to ensure we are protecting the identify of those people. 

Accessing and Correcting Personal Information 

Access to Personal Information  

Requests for information can be requested by contacting admin@navigatorgroup.com.au or by phone on (02) 8243 5600

If an individual requests access to the personal information we hold about them, we will allow access unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information. 

Correction of Personal Information 

If an individual requests a change be made to the personal information we hold about them, we will make the change unless we consider that there is a sound reason under the Privacy Act or other relevant law to not make the change. 

Requests for correcting personal information can be requested by contacting admin@navigatorgroup.com.au or by phone on (02) 8243 5600

Confidentiality and Maintenance of Records  

Maintenance of records 

Navigator is required to keep patient records for ten (10) years from the date on which an entry is made.  

Non-disclosure 

Employees are not permitted to disclose Confidential or Personal Information which is collected by Navigator about its customers, agents including customers of agents or contractors to unauthorised third parties. If an employee is not sure whether information is Confidential or Personal, they must check. 

Confidential and Personal Information is information that is not in the public domain. It includes, but is not limited to, the following types of information: 

  1. any Personal Information about an individual which has been collected by Navigator; 

  1. any information about a supplier, customer, agent or contractor of Navigator; 

  1. any information about Navigator’s business affairs or business systems. 

Disclosure of your personal information overseas 

All Navigator Group information is stored within Australia. We will not disclose your personal information to recipients in jurisdictions outside of the Commonwealth of Australia and its territories, except to comply with a Court order. 

Variations 

Navigator reserves the right to vary, replace or terminate this policy from time to time.