This Policy describes how Precedence Health Care Pty Ltd (Precedence), and any company which it owns or controls, manages personal information for which it is responsible, specifically personal information which is accessible via the Inca platform, including the MediTracker mobile app.
Precedence's Integrated Care Platform, Inca, is a cloud-based network of digital health and wellness services, including MediTracker mobile application services. A description of the Inca platform is set out on the Precedence website, precedencehealthcare.com/inca.
Personal information which may be accessible via Inca embraces:
Personal information provided by Inca users is stored in a secure database and managed by Precedence. This information may be sourced in a number of ways. The information may be provided by:
Precedence cannot verify and does not take responsibility for identifying persons entering information into Inca, nor can it verify or take responsibility for the accuracy of such information. Inca is a tool, or intermediary, enabling patient information to be accessed by the patient and to be shared between medical practitioners and other healthcare providers. It is necessarily dependent upon the quality and integrity of input. Users are required to acknowledge this feature at the time of registration.
Personal information stored in the Inca database is handled by Precedence in accordance with the requirements of the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic) and any other privacy, data protection or medical records legislation which may be applicable in particular circumstances.
Personal information is collected from medical practitioners and other healthcare providers when they register to use the service.
A patient is required to provide informed consent for the collection and sharing of their health information and for the creation and electronic storage of their record in Inca. This is a verbal consent given to the healthcare provider and recorded electronically in Inca. In addition, de-identified data is only used for internal analysis and improvements to features offered by Inca, and not provided to any third-parties without consent from the patient and healthcare providers.
The following additional information is available from the Precedence website:
Personal information may be accessed by a patient's medical practitioner, other members of the medical practitioner's practice (as authorised by the patient's medical practitioner), the patient's care team and possibly some hospitals and emergency services for the purpose of providing health care. Personal Information can also be accessed by the patient. Otherwise, the only persons with incidental access to the Inca database will be technical personnel who may be involved with Precedence's host website or who are engaged to maintain Precedence's web-based health tools and to provide other customer services. To the extent that such consultants may have limited access to any personal information in the Inca database, they are required to provide an undertaking to comply with the terms of this privacy policy and other internal privacy protection procedures, as well as give an undertaking to limit their access to the minimum extent necessary for the performance of their obligations.
All information in the Inca database is protected by logical, physical and operational security measures of high commercial standard and the data storage facility is professionally managed.
Precedence has implemented appropriate technology and security policies, rules and other measures to protect personal information in the database from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss.
Account information is located on a secured server in an accredited Australian facility behind a firewall. When sensitive information is entered, it is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.
Precedence's security policy and practices are regularly reviewed and updated. They are subject to audit procedures by suitably qualified external organisations.
Where it is lawful and practicable to do so, individuals may remain anonymous or use a pseudonym, but Precedence cannot accept responsibility for any loss or damage suffered by the individual as a consequence.
The Inca platform uses per-session cookies to identify a user's browser during the time that the user is logged into Inca. By temporarily storing this cookie on the user's computer, Precedence avoids having to re-authenticate the user on every secure page each time the user visits the Inca site. The cookie is deleted when the user logs out of Inca and does not contain any personally identifiable information. If a user's browser is set to disallow per-session cookies, or if the user rejects the cookie, it will not be possible to use the relevant websites.
Although it is intended that all information entered into Inca will be retained in the Inca database for at least as long as is minimally required for healthcare purposes, there may be unforeseen or unanticipated occasions when this may not occur. For example, there may be a technical reason the data is not saved, such as internet connectivity failure prior to saving. Users are encouraged to review their data inputs to confirm that the information has been properly saved in the database for future retrieval.
Information held in the Inca database is used only for the following purposes:
A patient's personal information will only be disclosed to their registered medical practitioner, other healthcare provider or to the individual patient, unless disclosure to someone else is mandated and in compliance with the Australian Privacy Principles including, for example, if:
A guardian's or carer's personal information will only be disclosed to a person other than the patient's care team, if such disclosure is required or authorised by law.
A healthcare provider's personal information will only be disclosed to a person other than the patient's other healthcare providers where such disclosure is required or authorised by law.
Individuals may access their personal health information in the Inca database at any time, subject to the exercise by Precedence of its statutory right to refuse access in certain circumstances.
Registered users can obtain access by login into the system via the Inca website. Alternatively, individuals can contact the Precedence Privacy Officer at the contact numbers below. Subject to adequate identification of an individual making a request, that individual will be provided with a copy of the information sought.
An individual may, at any time, manually correct, update or delete any personal information contained in the Inca database. However, there may be some personal health information about a patient that can only be changed or updated by the healthcare professional who created it.
An account may be de-activated at any time by contacting Precedence. If a patient de-activates their account, their health record will no longer be accessible to the patient, their carer/s or any healthcare providers.
If Precedence discovers any misuse or unauthorised handling of personal information held in the Inca database, any individuals who are potentially affected will be notified and Precedence will take immediate steps to contain the problem and prevent further occurrences.
An individual who believes that Precedence is in breach of the Australian Privacy Principles may contact the Precedence Privacy Officer on (03) 9023 0800 or send an email to privacy@precedencehealthcare.com.
Alternatively, an individual can contact (as appropriate) the Privacy Commissioner or Health Services Commissioner in their local area.
For privacy questions or concerns about Inca please contact the Precedence Health Care Privacy Officer on (03) 9023 0800 or send email to privacy@precedencehealthcare.com.
Updated 21 June 2023