Clinivid Privacy Policy

Infomedix Pty Ltd (ACN 093 160 653) is an Australian technology Company based in Melbourne. Infomedix is a leader in the field of digital medical records management and secure clinical communication. Infomedix products are used in public and private healthcare settings by hospital and community service managers, medical practitioners, clinical staff and health information managers. Clinivid is an Infomedix product. It is a secure clinical communications application that operates across multiple platforms (Webapp, android and iOS). As agreed, and arranged with our health service clients, Clinivid integrates with a multitude of clinical software products to support seamless information flow at the point of care.

At Infomedix we are committed to managing personal information, including sensitive personal information responsibly and in accordance with the thirteen Australian Privacy Principles contained in the Privacy Act 1988 and applicable State and Territory privacy laws. A copy of the Privacy Principles can be found at https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines

This Clinivid Privacy Policy explains how personal information is collected and handled by Infomedix, its customers and their authorised users when using Clinivid. Under our contractual arrangements with our customers, they and their authorised users are required to also ensure the protection of personal information entered on to Clinivid and comply with applicable privacy law.

The Clinivid Privacy Policy is reviewed annually. In between these regular reviews the policy will also be updated as needed to take account of changes to the privacy legislation, new products or services and changes to our technology.

If you have any questions about the Clinivid Privacy Policy, or questions about how Infomedix handles the collection or handling of your data in the Clinivid application, please contact us at [email protected] .

1. Collection of personal information – Clinivid authorised users.

Users are authorised to use Clinivid to support clinical care delivery by the health service in accordance with their policies. Authorised users are required to provide some personal information to Infomedix in order to use the Clinivid product. This is restricted to information that Clinivid requires to provide the service.

The type of information about authorised users that is required by Clinivid may include:

• Personal details such as name and title
• Contact details, including email address, telephone number
• Date of birth
• Demographic information for example an address or postcode
• Relevant professional registration information (for example AHPRA)
• Staff contact details in order to enable communication between Clinivid users within an organisation
• Usage details such as information about the use of the Clinivid Product, for example information about attendance at multidisciplinary team and other clinical meetings. We collect usage information through the use of cookies which is described in more detail later in this privacy policy.
• Google Analytics enables users to access contacts from their device for the purposes of secure communications. No personal information about the contact is stored or used in any other way by Clinivid.

Any personal information provided to Infomedix by users of our Clinivid product is used or shared for strictly limited purposes, including enabling information sharing between members of the clinical team on the secure platform, obtaining technical support or enabling the secure transmission of data to other health service providers, for example pathologists or radiologists.

Clinivid will use and disclose the personal information of authorised users for the following purposes:

• To provide access to the Infomedix Clinivid product
• To enable the application to share information between clinical users
• To correspond with users if necessary to maintain the service
• To undertake quality assurance processes, including assessing the product performance
• To monitor, detect and respond to cyber-security or privacy incidents
• Where required or authorised by or under an Australian law or a court/tribunal order.

2. How we protect information about patients that is stored in Clinivid

Clinivid stores information about patients that is entered by authorised users. Patient consent is required to be obtained and documented by the authorised user and/or hospital and health service before this information can be entered into the Clinivid application.

The type of patient personal information entered by users that Clinivid may store and share with other authorised users includes:

• the patient’s name, age and gender.
• the patient’s relevant health information including health history, diagnosis and treatment. The information collected may include video and images.

Patient information that is held in Clinivid will be used and disclosed only for purposes relating to the patient’s clinical assessment and care, communication between authorised user clinicians about the patient’s care and planning and delivery of treatment. Patient information may also be used or disclosed for the following purposes:

• to monitor, detect and respond to cyber-security or privacy incidents
• where required or authorised by or under an Australian law or a court/tribunal order.

3. Use of Third-Party companies to deliver services

In order to deliver the service Clinivid uses third-party service providers. Third-party companies and individuals are contracted by us to:

• facilitate the delivery of our service to users
• provide parts of the service on our behalf
• perform service-related services
• assist us in analysing how our service is being used.

The third-party companies and individuals may have access to personal or sensitive information where it is essential to their ability to provide the service to us. Our agreements with the companies and individuals require that they comply with the Australian Privacy Principles, other applicable privacy law and the Clinivid Privacy Policy.

4. Cross-border disclosure

Infomedix stores Clinivid data in highly secure Australian data centres, ensuring that all personal data stays in Australia.

On infrequent occasions, for the specific purpose of providing technical support to Infomedix, data held in Clinivid may be disclosed by us to Infomedix contracted software developers located in India. Infomedix contracts with the developer requires them to comply with the requirements of the Australian Privacy Principles.

5. Authorised user responsibilities

Authorised users of Clinivid have the following responsibilities related to their use of the application:

• obtain the patient’s consent to post, upload, publish, transmit, store, or otherwise use or disclose the patients’ personal information using the Clinivid application
• confirm the required consent in the appropriate section of the Clinivid application
• only post, upload, publish, transmit, store, or otherwise use or disclose information to other registered health practitioners directly involved in the care of the patient, ensuring that the information is used solely for the purposes for which it was collected, and for which consent was provided.

6. Access to information held in Clinivid

Clinivid users may request details of personal information that we hold about them. We will provide this information in accordance with the requirements of the Privacy Act. We will acknowledge the request promptly and aim to respond within 30 days.

If a user has a query or concern about our privacy policy or the management of their personal information, they may contact us by email at [email protected] and we will address any concerns they may have.

Patient information is integrated with the patient’s medical record and is held by the health service. Requests from patients about information that is held about them on Clinivid will be referred back to the relevant health service customer and their authorised users.

7. Deleting user accounts

The relevant health service or Clinivid user can delete a user account when authorisation is no longer approved or required. Health service organisation administrators can remove authorisation using the Clinivid application. Clinivid users may delete their accounts using the delete account function on the application. If a user’s account is deleted, they will no longer be able to upload, view or publish information. They will not be able to be contacted by other users. Patient information submitted by the user prior to the deletion of the account remains associated with the patient medical record and is stored by the health service. Information about user’s account creation, application uses and deletion is permanently retained for audit purposes only.

8. Security of data

We maintain physical, administrative and technical safeguards to protect data used by the Clinivid application. Personal information (including all data entered by users about patients) is encrypted in transit and at rest.  Any information exchanged as a Clinivid case is encrypted and only accessible to the sender and recipient(s).
Privacy incidents related to Clinivid are managed through our incident-handling process, including compliance with the Privacy Act’s Notifiable Data Breaches scheme as required.

9. Our use of Cookies and Web Beacons

Clinivid does not use cookies directly as part of the application. We do use third party software that uses cookies (Google Analytics) and web-beacons (Google Analytics).

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to a user’s browser from the websites that they visit and are stored on the internal memory of the user’s device.

Cookies are used to identify traffic coming in and out of the Clinivid application, including the time and date and duration of the user’s visit. We use Google Analytics in connection with the Clinivid application and they may set cookies on your browser or use cookies that are already there. We use this data to improve the user’s experience of the Clinivid application. Cookies can be disabled by a user, but this may affect the performance of the Clinivid application.

Web-beacons are small pieces of data installed in web pages and emails that monitor a user’s behaviour and collect data about how they are viewing the Clinivid product pages. Web-beacons are used as part of the Google Analytics service. We use this information to improve the user’s experience.

Whenever a problem or error occurs when using the Clinivid application we collect log data and information through the use of these third-party products (Google Analytics). This data can help us identify the causes of problems and make improvements in the Clinivid product.

10. Concerns or complaints

Concerns about our handling of personal information and personal information entered into the Clinivid product, should be promptly advised to us, using the contact details provided below. We will acknowledge receipt of complaints promptly. We take complaints seriously and will endeavour to ensure that all complaints are promptly addressed and resolved.

If we are unable to resolve the complaint it can be referred to the Office of the Australian Commissioner (OIAC) at Privacy complaints - Home (oaic.gov.au)

11. Infomedix Clinivid Privacy Contact Information

Queries or requests for information about how Infomedix manages Privacy can be sent by email to [email protected]