Privacy

This statement applies to the following Australian Capital Territory (ACT) Government websites and online facilities

Scope

This statement applies to the following Australian Capital Territory (ACT) Government websites and online facilities:

These websites and online facilities are managed by ACT Health.

Information Collected

If you visit the websites and/or online facilities managed by ACT Health to read or download information or conduct an online transaction, ACT Health automatically records the following information in their log files:

  • Your Internet Protocol (IP) address. The IP Address is a unique numerical identifier used by computers and other devices to identify and communicate with each other over a network. ACT Health uses the IP Address to direct requested web pages to you where this is required.
  • Top level domain name (eg: .com, .net, .gov, .au etc)
  • The type of browser and operating system you used
  • Date and time of your visit
  • The previous site visited
  • Which pages are accessed
  • The time spent on individual pages and the site overall
  • Which files were downloaded
  • What keywords you used to search the site

This information may be used to improve these websites and online facilities and to help ACT Health to understand how people are using them. The log files do not collect or store personally identifiable information.

DHR Link website

The ACT Health Digital Health Record (DHR) is an initiative of the ACT Government which will record all interactions between a person and ACT public health services. DHR Link is a web portal that shares certain information from DHR with your treating team members who are external to ACT Health and Canberra Health Services. This may include treating team members such as your general practitioner.

Personal Health Information and Personal Information can be shared with your treating team in accordance with the Health Records (Privacy and Access) Act 1997. The types of information that may be shared include:

  • Results such as pathology or medical imaging results
  • Discharge summaries
  • Other information that forms a part of your medical record

Other than any other uses authorised by or under law, personal information and personal health information will not be shared by members/organisations that are not part of your treating team.

MyDHR website

MyDHR is an online digital service (website and mobile application) run by ACT Health on behalf of the Australian Capital Territory for the ACT Public Health System.

As part of signing up to MyDHR you should understand the health information included in MyDHR may include health information you consider very personal. This may include, but is not limited to information about sexually transmitted and other communicable diseases, drug and alcohol use, HIV/AIDS and mental health services. Personal Health Information and Personal Information stored on MyDHR is a record of your medical treatment and will be collected, stored, used and disclosed in accordance with the Health Records (Privacy and Access) Act 1997. Information will be accessible to you and/or your nominated proxy via MyDHR.

The types of information that may be shared includes:

  • after visit summaries
  • results such as pathology or medical imaging results
  • messages from your health care team
  • other sensitive information that forms a part of your medical record.

MyDHR Mobile App

ACT Health takes your privacy seriously. This Privacy Policy describes how the MyDHR mobile application for iOS and Android collects, uses, share and protects your information.

We may update this policy at any time, and future updates are effective as soon as they are published. Your use of MyDHR apps is also subject to the applicable End User Licence Agreement. If you use MyDHR you agree to the applicable End User License Agreement and consent to the use of your information as described in this policy.

Your personal information

We will not sell or license your information. These are the limited ways we interact with your information in connection with MyDHR:

  • When you choose to add a profile photo to MyDHR, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete MyDHR, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your healthcare organisation – we do not interact with that photo in any way.
  • When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete MyDHR, the identifiers are deleted.
  • When you choose to view documents from your healthcare organisation (such as letters or images) using MyDHR, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session of MyDHR.
  • When you choose to include a photo or video in a message you send to your healthcare organisation using MyDHR, you may select an existing photo or video from your device or take a new photo or video using the camera app on your device. If you use the camera app on your device to take a new photo or video, it will be saved to your camera app. Any photo or video saved to your camera app remains available in your camera app until you choose to delete it.
  • ACT public health service offers telehealth visits using MyDHR, when you join a visit with your provider, we will ask for permission to access your device’s video and audio functionality to make the telehealth visit possible. We do not record or store video of audio data from these visits.
  • Some areas of ACT Health offer automatic appointment arrival and you choose to enable it, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using MyDHR or you disable automatic appointment arrival, the identifiers are deleted.
  • Some areas of ACT Health offer location-based check in for in-person appointments, or allows you to find healthcare providers near you, you may choose to allow MyDHR to interact with your location data for those purposes. We do not store your location data.
  • Some areas of ACT Health allow you to notify front desk staff electronically when you arrive for an appointment, you may choose to allow MyDHR to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
  • While you use MyDHR, we collect non-identifying information so we can ensure the ACT public health system understands how people use MyDHR so we can improve our products. This information includes the time you began using the app, the healthcare organisation you interacted with, any error messages or codes, the model of device used and its operating system, and the version of MyDHR used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
  • You may contact us through https://www.health.act.gov.au/digital/dhr if you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.

Your healthcare organisations

To use MyDHR, you must have an account with a healthcare organisation using Epic’s software. Because of this, your use of MyDHR is also subject to ACT Health’s privacy policy. https://www.health.act.gov.au/privacy

For Android users – required Google Play disclosures for certain health apps

Google has determined MyDHR are subject to their COVID-19 apps requirements. As a result, we are required to provide the following information so we can make MyDHR apps available to you in the Play store.

  • MyDHR apps interact with your microphone only if you choose to use your microphone to navigate the MyDHR apps. MyDHR mobile apps interact with your camera roll only if you choose to add a profile image to a profile in MyDHR. This information is not used in connection with COVID-19.
  • MyDHR apps access, collect, use, and share your information (including video, audio, images, files) as stated above in the section titled, “The Limited Ways We Use Your Information.” We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use MyDHR.
  • MyDHR apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information on file with your healthcare organisation. Your healthcare organization may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using MyDHR. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.
  • Your healthcare organisation may allow you to use MyDHR to conduct telehealth appointments with your healthcare providers. MyDHR only provide the technical support for those appointments to happen. We do not interact with any health information you exchanged during any telehealth appointments.

How we protect your personal information

We use technical controls and safeguards to protect the privacy, security, integrity, and availability of your personal information.

  • We enable the use of multi-factor authentication for users of MyDHR by default. Multi-factor authentication is required when you use MyDHR.
  • We use https for secure communication between servers.
  • When we store data on MyDHR, we store it in app-private storage that cannot be accessed by other apps.
  • Before data is shared from MyDHR, we provide in-app notifications so you can choose if you want to share the data.
  • We disable screen-shot functionality by default for Android devices, and allow Android users to choose if they want to enable the function. We cannot disable this functionality in iOS.
  • We maintain internal policies and processes that limit access to your information to our staff who need to know the information to perform their jobs.
  • We maintain internal data retention and deletion policies to help us ensure we only store information about your use of MyDHR as we describe in this policy.

Each healthcare organization you connect to through MyDHR also uses safeguards to protect your information. Contact them if you have any questions about their safeguards.

You can take other steps to protect your information:

  • Do not share the username and password you use with MyDHR.
  • Change your password immediately if you believe any unauthorised access has occurred.
  • Use the security tools on devices you use with MyDHR.
  • Do not root or jailbreak devices you use with MyDHR. Doing so can create security risks by removing your devices’ built-in security measures and exposing sensitive information on your device.

Contact ACT Health

If you have questions about your information in MyDHR, see the ‘How to Contact Us’ available below.

Check In CBR app

ACT Health will collect  personal information and vaccination status information through the Check In CBR app for contact tracing purposes. ACT Health will not use or disclose your information for any other purpose (unless it is required by or authorised under law to do so).

When using the Check In CBR app, the app uses your device camera to scan Check In CBR QR codes which contain information about the location you are checking into. ACT Health will collect the following information:

  • Your first name, last name, phone number and/or email address;
  • Information about the location you are checking into.
  • The time and date you were there;
  • Details you entered about anyone who was with you
  • Vaccination status of yourself and any guests with linked COVID-19 digital certificate(s)
  • Information about the technology you used to check in

Other than any other uses authorised by or under law, personal information collected by ACT Health via the Check In CBR app will only be used for COVID-19 contact tracing purposes.

Cookies

ACT Health uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies and JavaScript code to enable analysis on usage of these websites and online facilities.

Cookies used by ACT Health’s website do not collect personal information, but may be used to help us tailor advertising that we think may be of interest to users across other channels such as Facebook.

'Cookies' are small pieces of information that are stored by the browser on your computer's hard drive. The data collected about your use of these websites and online facilities is transmitted to and stored on Google's servers. Google uses this data for the purpose of compiling usage reports for ACT Health and providing other services relating to website activity and internet usage.

The reports provided by Google to ACT Health contain only aggregate non-personal data about your use of these websites and online facilities. These reports may contain data relating to pages viewed, files downloaded or the completion of online forms or subscriptions. ACT Health uses the data collected by Google Analytics to improve these websites and online facilities and to help ACT Health to understand how people are using them.

Google may transfer this data to third parties where required to do so by law, or where third parties process this data on Google's behalf.  This may result in disclosure to private persons and organisations and governmental bodies outside of Australia, particularly where the information is stored outside of Australia. This, could be coordinated with information from other sources to allow the identification of the person undertaking browsing activity.

You may refuse the use of cookies by selecting the appropriate settings on your browser, and you can opt out of the collection of IP addresses by downloading the Google Analytics opt out browser add-on. Please note that if you do this, you may not be able to use the full functionality of these websites and online facilities.

By using these websites and online facilities, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Personal information

Personal information is defined as information about an individual whose identity is apparent or reasonably identifiable.

No personal information is collected automatically through this website. All personal information collected and/or stored must be voluntarily provided by you.

ACT Health will only collect personal information about you when you voluntarily participate in an activity that asks for information, such as:

  • Sending an enquiry or feedback
  • Participating in a survey
  • Making a booking
  • Undertaking a payment or other transaction
  • Creating an account
  • Opting in to communication or subscription services
  • Providing health information to assist in your care via MyDHR

ACT Health will collect personal and financial information (e.g. postal address and invoice numbers) where you choose to provide this information. The information requested in each case is required to complete the transaction. The information collected through the online version of the transaction is equivalent to the information collected using the alternate channels.

If you choose not to provide personal information when completing one or more of these activities, you may not be able to complete that activity. If you choose not to participate in these activities, your choice will in no way affect your ability to browse these websites and online facilities.

ACT Health Directorate and Canberra Health Services may disclose your personal information to Shared Services Finance, Chief Minister and Economic Development Directorate for the purposes of invoicing you for goods and services that you have received, and the recovery of any outstanding monies owed by you to the Territory in relation to the provision of these goods and services. The directorate may not provide your requested goods or services if you do not agree to this collection and disclosure.

Use of Your Personal Information

Personal information you provide when sending an enquiry or feedback, participating in surveys, making a booking, undertaking a payment or transaction, creating an account, providing health information via MyDHR or opting in to communication or subscription services is strictly used only for the purpose it was collected and where extra information is required in order to provide the service you have requested.

ACT Health may use your contact details to respond appropriately, for example to advise receipt, address issues you identify, or to seek action from another government agency or other organisation.

Survey information is used only for the purpose designated.

If ACT Health asks you for personal information in order to provide you with a service that you have requested then you will be informed how that personal information will be used if you choose to give it to us. Where your information will be shared with another government agency or other organisation, a link to the relevant agency or organisation's privacy policy will be provided.

ACT Health will not share information about you with other government agencies or other organisations without your permission unless:

  • it is necessary to provide you with a service that you have requested;
  • it is required or authorised by law;
  • where permitted general situations exist, such as to lessen or prevent a threat to life, health or safety; to assist with the location of a missing person; or to investigate suspected unlawful activity or serious misconduct relating to our functions;

Storage and Security of Your Personal Information

Security measures including, but not limited to, authentication, monitoring, auditing and encryption have been integrated into the design, implementation, contractual arrangements and day-to-day practices of the entire ACT Health operating environment as part of its continuing commitment to risk management.

These security measures ensure the privacy of information while it is being transmitted across the Internet and protect your information against loss, misuse and alteration.

Credit card details are submitted directly to the banking system and are not passed or retained by the ACT Government in any form.

Access to and Correction of Personal Information

You can review any personal information collected about you at any time by making a formal request in writing to ACT Health, GPO Box 825, Canberra ACT 2601.

ACT Health will take reasonable steps to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. The obligation to correct information is subject to any applicable limitation in a law that provides a right to require the collection or amendment of documents.

If you believe that your personal information is being used for a purpose other than what was intended when submitted, you may contact ACT Health on 13 22 81. In all cases ACT Health will take reasonable steps to verify your identity prior to granting access to your personal information or making corrections to the information collected.

Privacy obligations for ACT Government agencies

ACT Health is bound by the Information Privacy Act 2014 for the collection, use and disclosure of personal information. To assist with meeting these obligations, ACT Health have developed the ACT Health Directorate Information Privacy Policy.

ACT Health ensures appropriate standards are used when service provision is outsourced to the private sector. 

Additional details on health information are available on the accessing your medical records page.

Disclaimer

These websites and online facilities contain links to third party websites. These include links to websites operated by other government agencies, non-profit organisations and private businesses. When you select a link to another web site, you are subject to the privacy policy of the new site. ACT Health is not responsible for the privacy practices or the content of such websites.

Neither the ACT Government, nor any agency, officer nor employee of the ACT Government warrants the accuracy, reliability or timeliness of any information published by this system, nor endorses any content, viewpoints, products or services linked from this system and shall not be held liable for any losses caused by reliance on the accuracy, reliability or timeliness of such information.

Portions of such information may be incorrect or not current. It is your responsibility to verify all information provided by these websites and online facilities and/or websites linked to or from them. Any person or entity that relies on any information obtained from this system does so at his or her own risk.

How to Contact Us

If you have any comment in relation to any aspect of the collection, use, security of or access to your personal information please contact ACT Health on 13 22 81

If the issue is not resolved to your satisfaction you may wish to contact the Office of the Australian Information Commissioner.

Attachments
Page last updated on: 2 Jul 2023