Privacy Policy

Who should read this privacy policy?

The Minister for Health and Wellbeing (SA Health) has contracted Healthengine Limited (Healthengine, we or us) to deliver the SA Health procured appointment management system (SAH appointment management system) to support the COVID-19 vaccination rollout.

You should read this privacy policy if you elect to use the SAH appointment management system service.

Healthengine provides a range of services that are primarily offered through our website and associated bookings mobile applications (Healthengine Network) or through our customers’ websites and mobile applications. These services are governed by a separate privacy policy which is available here.

Our commitment to your privacy

Healthengine is committed to protecting the privacy of your personal information. We take our responsibility for handling personal information seriously and we have put measures in place to maintain the integrity of personal information, and provide full transparency on our handling and use of personal information. We are bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act) about how we handle your personal information.

This Privacy Policy sets out how and why Healthengine collects, stores, uses and discloses your personal information if you elect to use the SAH appointment management system, and how to contact us if you have any questions about how we handle your personal information or would like to access the personal information we hold about you.

The SAH appointment management system service includes:

  • an online booking system which we have been contracted by SA Health to deliver to manage appointments with health professionals, including but not limited to South Australian government health agencies, and other organised or incorporated bodies that provide health services (health professionals); and
  • Healthengine user accounts for patients using the SAH appointment management system that will store and enable a patient to access relevant health details they have provided and their COVID-19 vaccine appointment records.

We are constantly evolving our services, and new services may be offered from time to time.

Where Healthengine has collected personal and sensitive information through the SAH appointment management system, it will:

  • handle your personal and sensitive information in accordance with:
    • the Privacy Act and the Australian Privacy Principles; and
    • Healthengine’s privacy commitments as outlined in its agreement with SA Health (SA Health Vaccine Management Agreement);
  • disclose your personal and sensitive information to the relevant health professional that you have elected to make a booking with (or their affiliates and service providers);
  • seek assurances from SA Health that it will handle your personal information in accordance with applicable privacy laws;
  • disclose your personal information to SA Health for the purposes of healthcare management, as well as supporting the monitoring and progress of vaccinations in Australia including the COVID-19 vaccination rollout through the SAH appointment management system service, and
  • not otherwise use, disclose or have control over your personal and sensitive information as detailed below unless permitted under the SA Health Vaccine Management Agreement.

To learn more about how SA Health will collect, hold, use and disclose your personal information, you should read SA Health’s privacy notice for the SAH appointment management system.

What information does Healthengine collect?

The personal information we collect depends on which of our services you use and the information you choose to provide.

When you use the SAH appointment management system for appointments with health professionals, or for creating your personal profile, you may choose to provide to Healthengine, and we may collect personal information such as:

  • your name;
  • your date of birth;
  • your contact details (e.g. address, email address, mobile number);
  • your Medicare number and details;
  • whether you are of Aboriginal and/or Torres Strait Islander background;
  • health information as defined under the Privacy Act which includes but is not limited to information about your health, illness or disability, a health service you have had or will receive, your medical records and your medications;
  • de-identified technical data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Healthengine Network; and
  • web analytics data which we may collect directly or use third-party analytics tools, to help us measure traffic and usage trends for our products and services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our products and services. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user.

If you are a health professional using the SAH appointment management system, we will collect information about you and your practice for the purpose of facilitating and managing bookings.

Usually, we collect your personal information directly from you. Healthengine may collect your personal information from you in various ways, including via telephone and email.

We may also collect information from third parties, such as:

  • family members, legal guardian/s and/or a person you have authorised to provide your personal information to us; and
  • health professionals and their practices, in relation to the management of appointments you have made and your requested health services.

We use cookies and similar technologies (such as web beacons) on the SAH appointment management system to analyse trends, administer the service, diagnose problems, improve the quality of the service, track users’ movements around the SAH appointment management system, and to gather demographic information about our user base as a whole.

A cookie is a small text file that Healthengine may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of the SAH appointment management system for any of your future visits to the SAH appointment management system. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the SAH appointment management system. You may refuse to use cookies by selecting the appropriate settings on your browser or the settings section of your mobile or tablet device. However, please note that if you do this, you may not be able to use the full functionality of the SAH appointment management system.

You do not have to use the SAH appointment management system. However, if you choose to use the SAH appointment management system, we will require that you provide us with personal information for the purpose of facilitating the service. If you do not provide your personal information to Healthengine, we may be unable to provide you with the SAH appointment management system.

Why does Healthengine collect and use your personal information?

The reason Healthengine uses your personal information is to provide the services you have elected to receive.

Healthengine may also use your personal information:,/p>

  • to facilitate communications between you and health professionals and their practices/clinics such as to remind you of an upcoming appointment, to confirm a booking, to request you to complete a pre-vaccination screening questionnaire, or to provide you with information regarding your Covid-19 vaccination;
  • on a de-identified basis for analysis and quality assurance purposes;
  • to report to health professionals and their practices/clinics about the use and functionality of the SAH appointment management system;
  • for de-identified data analytics to help us improve our service and products, and our users’ experience, including by monitoring aggregate metrics such as total number of visitors, traffic, and demographic patterns;
  • for security measures to implement access controls, monitor activity that we think is suspicious or potentially fraudulent, and to identify violations of this Privacy Policy or our Terms of Use; and
  • for other purposes that are notified to you at the time we collect your information, which you give your consent to, or which are authorised or required by law.

Who does Healthengine disclose personal information to?

When you use the SAH appointment management system for appointments with health professionals, we will disclose your personal information (and that of a person making the booking on your behalf) to the health professionals that you have selected and their practices/clinic for the purpose of arranging appointments, including rearranging the date and time of your appointment.

Your health professional may use your personal information for clinical purposes and/or to monitor the progress of the rollout within South Australia. SA Health may also use your information with their other clinical datasets for this purpose, in line with the South Australian Information Privacy Principles and its confidentiality obligations under the Health Care Act 2008 (SA) and the South Australian Public Health Act 2011 (SA).

>

Your health professional may use your personal information for practice management and record keeping purposes. This may include using the information for the purposes of reporting into the Australian Immunisation Register (AIR).

Your personal information may also be shared with other SA Health-procured systems for managing vaccinations including the COVID-19 vaccine rollout in South Australia. We do this to reduce the number of times you provide your personal information and to streamline your health professional’s processes at your appointment. We will only do this where your health professional is using other SA Health-procured systems for managing vaccinations such as SA-VAX as part of the COVID-19 vaccine rollout.

Each health professional must comply with applicable privacy laws with regards to their use of your personal information. However, where they collect personal information for their own purposes, we have no control over, and are not responsible for how the health professional uses your information. To learn more about how a health professional may use your information, you should review their privacy policy.

If your health professional is a provider that has more than one site, your information may be provided to multiple sites.

If you are a health professional using the SAH appointment management system, we will make the information you provide available to Healthdirect for inclusion in the National Health Services Directory. Healthdirect will make the information publicly available on the Healthdirect website and mobile applications for eligible patients making a booking for a COVID-19 vaccination at your vaccination site. Healthdirect’s privacy policy can be found on their website.

Healthengine may also disclose your personal information to other persons, such as:

  • third party service providers (such as IT and software service providers, Adobe Analytics for analysis and quality assurance purposes, security entities that minimise risks and block suspicious behaviour such as Google reCAPTCHA, and our professional advisers such as lawyers and auditors), but only for the purpose of providing goods or services to us. We require our third party service providers to agree to appropriate privacy restrictions, and only permit them to access personal information to the extent needed to provide goods or services to us;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • other persons notified to you at the time we collect your personal information, who you give your consent to, or to whom we are authorised or required by law to make such disclosure.

Data quality and security

Healthengine will take reasonable steps to ensure that your personal information which we may collect, use or disclose is accurate, complete and up-to-date. However, we rely on the accuracy of the personal information as entered by you or provided to us by third parties.

Healthengine will take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. Healthengine implements security measures including:

  • physical security such as security procedures for access to our business premises; and
  • IT security procedures including password protection, network firewalls, encryption, intrusion detection and site monitoring.

We store your personal information on secure servers located in Australia in an encrypted, electronic format.

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or for legal purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Access to, deletion of and correction of your personal information

Where Healthengine has collected personal and sensitive information through the SAH appointment management system on behalf of SA Health, Healthengine will return, retain or destroy that personal information in accordance with the SA Health Appointment Management System Agreement.

If you created a Healthengine user account while using the SAH appointment management system, Healthengine will retain that personal and sensitive information in accordance with Healthengine’s data retention policies.

You have a right to request:

  • access to your personal information; or
  • that we correct inaccuracies relating to your information.

In some circumstances, we may not be able to comply with a request that you make in respect of your personal information. For example, we may be required to retain certain information that you ask us to delete for various reasons, such as where there is a legal requirement to do so. Where these reasons to refuse a request in respect of your personal information exist, we will advise you of those reasons at the time you make your request.

If we do agree to your request for the deletion of your personal information, we will delete your data but will generally assume that you would prefer us to keep a note of your name on a register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to notify us accordingly.

If you request that your personal information is changed, and if Healthengine does not agree to change your personal information, we will enclose your statement of the requested changes with your personal information.

If you would like to obtain access to, delete or request changes to your personal information you can ask our Privacy Officer (details below).
Healthengine can charge a reasonable fee for the time and cost of collating, preparing, and photocopying material for you if you request access to your personal information.

Where we have obtained your consent to handle your personal information, or consent to send you information, you may withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to, unless there is a legal or regulatory reason to justify our continued handling of your personal information for this purpose, in which case we will inform you of this condition.

Complaints

If you have questions about this Privacy Policy, if Healthengine does not agree to provide you with access to your personal information; or if you have a complaint about our information handling practices, you can contact our Privacy Officer on the details below.

In particular, if you wish to make a complaint about how we have handled your personal information, you should forward a written complaint to our Privacy Officer.

We will respond in writing within 30 days of receipt of a complaint. If you are not satisfied with our decision, you can contact us to discuss your concerns.

If the complaint remains unresolved, you have the option of notifying the Office of the Australian Information Commissioner (OAIC). Contact details can be found at OAIC’s website: www.oaic.gov.au

By letter: Privacy Officer, Healthengine Pty Limited, PO Box 7754, Cloisters Square, WA 6850, Australia.

By email: privacyofficer@healthengine.com.au

Get a Free Demo

Get in touch today for more information about Healthengine products, services, and pricing.

Our Practice Consultants are on hand to answer any questions you may have. Simply fill out the form to request a free demo, or call us direct on 1300 377 639.



By submitting this form you are consenting to receive marketing communications from Healthengine in future, on the understanding that you have read and agree to our Privacy and Data Collection Statement and that you can opt-out at any time.

Want to know more? Go to  Healthengine privacy

This form is for practices interested in Healthengine software. Are you looking to book an appointment?

Yes, search appointments