This web browser is no longer supported by Surgeonline for security and performance reasons.
This web browser will soon be unsupported by Surgeonline for security and performance reasons.
Please upgrade to a newer version or download e.g. Chrome, Firefox or Opera.
Register

Privacy Policy

1. Introduction:

  • 1.1. Surgeonline Pty Ltd (ABN 40 110 251 815) (“Surgeonline”) is committed to the protection of a person’s personal, sensitive and health information (as defined in the Privacy Act 1988). Various rules, legislation and regulations in the health industry govern Surgeonline’s business, including Surgeonline’s own policies and procedures.
  • 1.2. Surgeonline’s policies and procedures include this Privacy Policy, which forms part of Surgeonline’s Terms and Conditions. This Privacy Policy has been designed to ensure that a person’s personal, sensitive and health information is protected and handled in accordance with the Privacy Act 1988 (Cth).
  • 1.3. A person’s utilisation of this site constitutes their consent and confirms their agreement to be bound by:
    • (a) the terms and conditions of this Privacy Policy;
    • (b) their compliance with the Privacy Act 1988 (Cth), and the National Privacy Principles; and
    • (c) all other principles, laws and regulations governing the protection and security of personal, sensitive and health information in the health industry.
  • 1.4. This Privacy Policy contains important information for persons accessing and using the Surgeonline web site, web pages contained within the web site and/or participating in services offered by Surgeonline. This Privacy Policy deals with the following key areas:
    • (a) Collection of personal, sensitive and health information;
    • (b) Use of personal, sensitive and health information;
    • (c) Disclosure of personal, sensitive and health information;
    • (d) Security of personal, sensitive and health information
    • (e) Access, correction or update of personal, sensitive and health information;
    • (f) Patient Information; and
    • (g) How to contact Surgeonline.

2. Definitions:

  • 2.1. Services: The services collectively outlined below are referred to in this Privacy Policy as the "Service(s)". The Services are as defined in the Surgeonline Terms and Conditions. The Services are accessible and used by persons at the Surgeonline web site located at www.surgeonline.com. (the "Site") The Site includes other web site pages accessed beneath the home page. The Services include:
    • (a) The forwarding of personal information to the Registered Health Benefits Organisations (RHBOs) of Australia, for the purpose of provider registration and direct provider payments.
    • (b) The electronic transmission of patient invoices relating to services provided within an approved hospital facility; and
    • (c) other services with persons who may access the Services, including the provision of information about Surgeonline and other health companies and products, and the provision of content and delivery of third party health and medical information by email, bulletin boards, and news updates.
  • 2.2. Persons: Services are offered to medically approved practitioners who register with Surgeonline to access, use and participate in the Services and programmes offered by Surgeonline ("Registered Users"). The Registered Users access, use and participate in the Services to facilitate the submission of patient invoices to the Registered Health Benefits Organisations of Australia. ("RHBOs")
  • 2.3. Information: 'Information' collectively hereto refers to the following:
    • (a) Personal Information: Personal Information refers to any information recorded about yourself as a Registered User collected at registration and recorded by Surgeonline for the provision of the Services. Personal Information may be supplied by you at other times in participating in Surgeonline's surveys and other programmes offered by Surgeonline. The Personal Information will assist Surgeonline to identify and verify your identity. Personal Information collected includes your name, address, phone and facsimile numbers, email address, provider number, ABN, medical registration number and AMA number.
    • (b) Sensitive Information: Sensitive Information refers to 'customisation preferences' and tracked information that is recorded by Surgeonline in relation to a Registered User. Sensitive Information is not used to identify you as an individual Registered User.
    • (c) Tracked Information: Tracked information refers to information collected by Surgeonline in relation to your use of the Services.
    • (d) Customisation Preferences: Customisation preferences (where available) refers to information concerning Service preferences selected by yourself.
    • (e) Medical Information: Surgeonline does not collect any information or opinions about your health.

3. Collection of Information:

  • 3.1. When you register to use the Service, your Personal Information will be collected with your consent and will be held in the strictest confidence at all times by Surgeonline in accordance with and subject to the Privacy Act 1988 (Cth).
  • 3.2. Surgeonline will not collect any Information that is not required for the delivery of our Service.
  • 3.3. Surgeonline will not collect Information from you that may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or details of health, disability or sexual activity or orientation and other similar Sensitive Information and Personal Information, except:
    • (a) where you have given express consent to Surgeonline to do so;
    • (b) where it is reasonably suspected that unlawful activity has been or may be engaged in;
    • (c) the collection is required by law or reasonably necessary to enforce the law; or
    • (d) when the Information is necessary for the establishment, exercise or defence of a legal claim.

4. Use of Your Information:

  • 4.1. The Personal Information that you provide to Surgeonline during registration for the Service is primarily used for identification purposes and will assist in the administration and operation of the Service to you.
  • 4.2. The Sensitive Information gathered from your use of the Services enables Surgeonline to provide better personalised Services that are tailored to your needs.
  • 4.3. The Information collected will be used for various secondary purposes, including:
    • (a) Surgeonline aggregates the Information that is gathered when you use the Services for analytical purposes. Personally identifiable characteristics are removed and you remain anonymous, unless you have given prior specific consent for Surgeonline to recognise your personalised details. The additional Information provided (if any) to Surgeonline and/or collected by Surgeonline is used to:
      • (i) examine Service usage and product usage trends;
      • (ii) compile user demographics to help Surgeonline offer you improved online products and Services; and
      • (iii) purposes connected with the operation, administration, development and enhancement of the Service provided to you;
    • (b) direct marketing and promotion purposes (by any mechanism) as offered by Surgeonline and by its affiliated partners that relate to special offers and information relating to Surgeonline, and information relating to other products and services that may be of interest to you, unless you have previously advised us that you do not wish to be contacted for this purpose; and
    • (c) for other secondary purposes other than the purposes specified in the paragraphs above if:
      • (i) you would reasonably expect us to use the Information for that other purpose; and
      • (ii) that other purpose is related to the purposes specified above. For example, using your email address to alert you to any new essential services and/or changes to the Service which may affect our delivery of, or your ability to use this Service, and using and disclosing your information to deliver products and services under the program.
  • 4.4. Surgeonline may use your Information for the purpose of direct marketing and promotional activities (as specified in paragraph 4.3.(b)) where it is impracticable for us to obtain your prior express consent. However, when Surgeonline does this, Surgeonline will provide an express opportunity when we first contact you (by any mechanism) to decline receiving any further marketing communications from Surgeonline, via an opt-out mechanism. You may let us know at any time that you do not want us to contact you for direct marketing purposes.
  • 4.5. Surgeonline will not use any of your Information for any purpose other than those specified above, unless:
    • (a) You have consented to the use of the Information (unless impractical to do so); or
    • (b) there is reasonable grounds to believe that the use is necessary to lessen or to prevent a serious or imminent threat to life, health or safety to an individual; or
    • (c) Surgeonline reasonably suspects that unlawful activity is or has been engaged in and uses the Information to investigate the suspected unlawful activity; or
    • (d) the use is authorised by law or reasonably necessary to enforce the law. These uses may include where Surgeonline is required to provide information in response to subpoenas or warrants or other legal or regulatory processes.

5. Disclosure of your Information:

  • 5.1. You are solely responsible for the use of the Service offered by Surgeonline. As part of this responsibility, you must not disclose your Information and login particulars to any other party.
  • 5.2. The Information Surgeonline collects from you is strictly confidential. Surgeonline will not reveal, disclose, sell, distribute, rent, licence, share or pass that Information on to any third parties, other than those parties who are contracted to Surgeonline to provide the Service, and who Surgeonline will procure to keep the Information confidential.
  • 5.3. Surgeonline will not disclose Information about you for a purpose other than the primary purpose of the collection unless:
    • (a) both of the following apply:
      • (i) the secondary purpose is related to the primary purpose of collection and, if the Information is Sensitive Information, directly related to the primary purpose of collection;
      • (ii) you would reasonably expect Surgeonline to disclose the Information for the secondary purpose; or
    • (b) you have consented to the disclosure in accordance with this Privacy Policy; or
    • (c) if the Information is not Sensitive Information and the disclosure of the Information is for the secondary purpose of direct marketing:
      • (i) it is impracticable for Surgeonline to seek your consent before that particular use; and
      • (ii) Surgeonline will not charge you for giving effect to a request by yourself to Surgeonline not to receive direct marketing communications; and
      • (iii) you have not made a request to Surgeonline not to receive direct marketing communications; and
      • (iv) in each direct marketing communication with you, Surgeonline draws to your attention, or prominently displays a notice, that you may express a wish not to receive any further direct marketing communications; and
      • (v) each written direct marketing communication by Surgeonline with you (up to and including the communication that involves the use) sets out a number or email address at which Surgeonline can be directly contacted electronically; or
    • (d) Surgeonline reasonably believes that the disclosure is necessary to lessen or prevent:
      • (i) a serious and imminent threat to an individual's life, health or safety; or
      • (ii) a serious threat to public health or public safety; or
    • (e) Surgeonline has reason to suspect that fraud or unlawful activity has been, is being or may be engaged in, and discloses the Information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
    • (f) the disclosure is required or authorised by or under law; or
    • (g) Surgeonline reasonably believes that the disclosure is reasonably necessary for one or more of the following by or on behalf of an enforcement body:
      • (i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
      • (ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
      • (iii) the protection of the public revenue;
      • (iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
      • (v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

6. Security of Your Information that You May Send to or Receive from Using the Service:

  • 6.1. Surgeonline will take reasonable steps to ensure that all Information collected will be protected from misuse and loss and from unauthorised access, modification or disclosure. Surgeonline will also take reasonable steps to ensure that the Information used or disclosed is accurate, complete, up-to-date and stored in a secure environment accessed only by authorised persons. Transmissions sent to or from Surgeonline through the Service are routinely monitored for quality control and systems administration and are encrypted using 256bit AES encryption methods. If your browser is suitably configured, it will advise whether the information that you are sending us will be secure (encrypted) or not secure (not encrypted).
  • 6.2. Surgeonline regularly reviews developments in security of its Service and its encryption technologies. Unfortunately, no data and/or Information transmission over the Internet can be guaranteed to be 100% secure. While Surgeonline strives to protect your Information from misuse, loss and unauthorised access, Surgeonline cannot guarantee the security of any Information you transmit to or receive from Surgeonline in the provision of its Service. These activities are conducted at your own risk. Once Surgeonline receives your transmission, Surgeonline takes reasonable steps to preserve the security of Information in our systems.
  • 6.3. Surgeonline will take reasonable steps to destroy or permanently de-identify Information if it is no longer needed for any purpose for which the Information was obtained or if requested to be destroyed by you.

7. How to Access, Correct or Update Your Information:

  • 7.1. You will always have indirect access to the Information and content that you provide to Surgeonline by contacting Surgeonline at info@surgeonline.com and access to the Information or requesting changes to be made, unless it is mandatory information required for your registration application, except where:
    • (a) providing access will pose a serious and imminent threat to life or health of any individual or pose an unreasonable impact on the privacy of an individual;
    • (b) your request for access is frivolous or vexatious;
    • (c) the Information relates to existing legal proceedings between Surgeonline and you and the Information would not be discoverable in the process of those legal proceedings; or
    • (d) providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of laws, or denying access is specifically authorised by law; or
    • (e) an enforcement body asks Surgeonline not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
  • 7.2. You will need your user name and password to access and modify your registration information when you contact us.
  • 7.3. If you wish to access or modify Information which you have provided, but you cannot access the Information at the site mentioned above, please send an email using the feedback mechanisms on the Service or at info@surgeonline.com.
  • 7.4. If Surgeonline does not allow you to access your Information, Surgeonline will provide you with the reasons for their decision. If you believe that the Information collected, used or disclosed is inaccurate, incomplete or not up to date but Surgeonline does not agree with you, Surgeonline will post a statement of your claim where that Information is kept and accessed.

8. Unsubscribe and Opt-out:

  • 8.1. Surgeonline provides Registered Users with the opportunity to unsubscribe at any time by notifying Surgeonline in writing. Registered Users may also opt out of receiving marketing and promotional material from Surgeonline and our affiliated partners at any time.
  • 8.2. If you wish to unsubscribe or opt-out, contact us with your request at:

9. Changes to Surgeonline's Privacy Policy:

  • 9.1. If fundamental changes are made to the way that Surgeonline deals, uses, discloses and secures the Information and patient information, then Surgeonline will undertake to notify Registered Users via email, and/or via a notice on the home page of the Services or notice at Registered Users' next log-in session, and await consent to the changes from Registered Users.

10. Information on Patients:

  • 10.1. A Patient's health information is defined as a combination of a Patient's personal information and sensitive information, transmitted and stored through the provision of the Services, actioned by the Patient's referring medical practitioners (i.e. yourself as the Registered User) transmitting a Patient invoice. Personal information on a Patient includes the Patient's name, date of birth and referring medical practitioner (i.e. Registered User). The sensitive information on Patients may include patient demographics, medicare number, medicare item numbers.
  • 10.2. Surgeonline in providing its Services to Registered Users, manages the flow (the transmission via the Internet and storage on its secured Services) of personal, sensitive and medical information with respect to Patients, that is passed through the Services between yourself and the relevant RHBOs.
  • 10.3. Surgeonline does not create, modify, use, disclose, deal with or collect the personal, sensitive and medical information with respect to Patients as third parties, for any other purpose other than for ensuring the accurate and timely delivery of the personal, sensitive and medical information, as a data communications network facilitator for the provision of its Services to the relevant RHBOs in Australia.
  • 10.4. Surgeonline does not consolidate patient information and does not support any form of master patient identifier. Although Surgeonline may receive a unique identifier for a Patient from a specific Service actioned by yourself as the Registered User, each identifier is unique for that transaction and Registered User does not enable use to consolidate patient records across multiple Registered Users.
  • 10.5. Any patient information, if stored by Surgeonline on its system, is securely stored and may only be accessed by the Registered User that actioned the patient information transmission. Surgeonline will not disclose patient information to any other third person, affiliated partner or to the Patient directly. A Patient will not receive confirmation nor will be given access by Surgeonline to patient information for a particular transaction transmission that may be stored in Surgeonline's system. Patients seeking patient information shall be referred to their medical practitioner who is the Registered User that provided the initial health care service to that particular Patient that resulted in the transmission and collection of the patient information.
  • 10.6. You as the Registered User in accepting this Privacy Policy accept and acknowledge that you have taken reasonable steps to inform your patients of the following matters listed in paragraph 10, namely:
    • (a) you in providing health care services to your Patient(s) have obtained their consent to disclose their respective patient information to Surgeonline, for their information to be transmitted and stored in the provision of the Services to yourself;
    • (b) Surgeonline is not authorised and shall not provide access to the patient information to any other person (including the Patient itself) other than yourself as the Registered User and that Patients are to consult you and/or your clinic to gain access to, to correct and update their respective patient Information; and
    • (c) you comply with the Privacy Act 1988 (Cth)

11. Affiliated Partners:

  • 11.1. Surgeonline in the provision of its Services provides links to other sites and services of its affiliated partners. You should be aware that Surgeonline is not responsible for the privacy practices or the content of any referenced web sites if you rely on the content or use any link offered within the Surgeonline Services from time to time. You are encouraged to read the privacy policy of any linked site as the policies of that company or organisation operating that linked web site will apply to any information you provide about yourself and your patient once you have entered that link. Surgeonline does not share any Information with its affiliated partners or any third party for any purpose.
  • 11.2. Surgeonline does not warrant and is not responsible for any loss or damage suffered by your use or dealings with products and services offered by affiliated web sites. Surgeonline does not accept responsibility for affiliated partners' web sites and/or resources. Surgeonline does not endorse or regulate the content of affiliated partners web sites and/or resources to which it provides links to and from.

12. What Else You Should Know About Privacy:

  • 12.1. Keep your web browser up-to-date by applying security updates whenever they are made available by the vendor. Remember to close your browser when you have finished your login session. You must not permit others access to your Information and login details and you must not share a computer with someone else and give others access to the Service using your login details. You as the Registered User are responsible for the security of and access to your own computer, Information and the Service.
  • 12.2. Ultimately, you are solely responsible for maintaining the secrecy of your user name, passwords, account information, patient information and your Information. Please be careful and responsible whenever you are using the Internet and the Service.
  • 12.3. For further information concerning privacy, please refer to The Australian Privacy Commissioner's Web Site at www.privacy.gov.au.

13. How to Contact Us:

  • 13.1. If you have any concerns or questions in relation to this Privacy Policy, please contact Surgeonline by telephoning (03) 9815 1152 during ordinary business hours or send your questions and comments via email to info@surgeonline.com or facsimile (03) 9853 4310. You should also refer to Surgeonline's Terms and Conditions for further information.
Back to top