Privacy Policy Neuro Touch/Tools

PRIVACY POLICY 
Rule 1
Purpose of collection of health information
(1) Neurotouch may not collect health information unless-
(a) the information is collected for a lawful purpose connection with a function or  activity of Neuro Touch; and
(b) the collection of the information is necessary for that purpose.
(2) If the lawful purpose for which health information about an individual is collected does not require the collection of an individual’s identifying information, Neuro Touch may not require the individual’s identifying information.
Rule 2
Source of health information
(1) If Neuro Touch collects health information, the information must be collected from the individual concerned.
(2) It is not necessary for Neuro Touch to comply with subrule (1) if Neuro Touch believes, on reasonable grounds,-
(a) that the individual concerned authorises collection of the information from someone else having been made aware of the matter set out in rule 3(1); or
(b) that the individual is unable to give their authority and Neuro Touch having made the individual’s representative aware of the matters set out in rule 3(1) collects the information from the representative or the representative authorises collection from someone else; or
(c) that compliance would-
(i) prejudice the interests of the individual concerned; or
(ii) prejudice the purposes of of collection; or
(iii) prejudice the health and safety of any individual; or
(d) that compliance is not reasonably practicable in the circumstances of the particular case; or
(e) that the collection is for the purpose of assembling a family or genetic history of an individual and is collected directly from that individual; or
(f) that the information is publicly available information; or
(g) that the information-
(i) will not be used in a form in which the individual concerned is identified in; or
(ii) will be used for statistical purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(h) that non-compliance is necessary-
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including prejudice to the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the protection of public revenue; or
(iii) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(i) that the collection of the information is in accordance with an authorization granted under section 40 of the Act.
Rule 3
Collection of health information from individual
(1) If Neuro Touch collects health information from the individual concerned, or from the individual’s representative, Neuro Touch must take any steps that are, in the circumstances, reasonable to ensure that the individual concerned (and the representative if collection is from the representative) is aware of-
(a) the fact that the information is being collected; and
(b) the purpose for which the information is being collected; and
(c) the intended recipients of the information; and
(d) the name and address of Neuro Touch
(e) whether or not the supply of the information is voluntary or mandatory and if mandatory the particular law under which it is required; and
(f) the consequences (if any) for that individual if all or any part of the requested information is not provided; and
(g) the rights of access to, and correction of, health information provided by rules 6 and 7.
(2) The steps referred to in subrule (1) must be taken before the information is collected or, if that is not practicable, as soon as practicable after it is collected.
(3) Neuro Touch is not required to take the steps referred to in subrule (1) in relation to the collection of information from an individual, or the individual’s representative, if Neuro Touch has taken those steps on a recent previous occasion in relation to the collection, from that individual or that representative, of the same information or information of the same kind, for the same or a related purpose.
(4) It is not necessary for Neuro Touch to comply with subrule (1) if the agency believes of reasonable grounds-
(a) that compliance would-
(i) prejudice the interests of the individual concerned; or
(ii) prejudice the purposes of the collection; or
(b) that compliance is not reasonably practicable in the circumstances of the particular case; or
(c) that non-compliance is necessary to avoid prejudice to the maintenance of the law by any public sector agency, including prejudice to the prevention, detection, investigation, prosecution, and punishment of offences.
Rule 4
Manner of collection of health information
(1) Neuro Touchmust collect health information only-
(a) by a lawful means; and
(b) by a means that, in the circumstances of the case (particularly in circumstances where personal information is being collected from children or young persons),-
(i) is fair; and
(ii) does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.
Rule 5
Storage and security of health information
(1) Neuro Touch must ensure-
(a) that the information is protected, by such security safeguards as are reasonable in the circumstances to take, against-
(i) loss;
(ii) access, use, modification, or disclosure that is not authorised by Neuro Touch; and
(iii) other misuse;
(b) that, if it is necessary for the information to be given to a person in connection with the provision of a service to Neuro Touch, including any storing, processing , or destruction of the information, everything reasonably within the power of Neuro Touch is done to prevent unauthorised use or unauthorised disclosure of the information; and
(c) that, where a document containing health information is not to be kept, the document is disposed of in a manner that preserves the privacy of the individual.
(2) This rule applies to health information obtained before or after the commencement of this code.
Rule 6
Access to personal health information
(1) An individual is entitled to receive from Neuro Touch upon request-
(a) confirmation of whether the Neuro Touch holds any health information about them; and
(b) access to their health information.
(2) If an individual concerned is given access to health information, the individual must be advised that, under rule 7, the individual may request correction of that information
(3) The application of this rule is subject to-
(a) Part 4 of the Act (which sets out reasons for refusing access to information and procedural provisions relating to access to information); and
(b) clause 6 (which concerns charges).
(4) This rule applies to health information obtained before or after the commencement of this code.
Rule 7
Correction of health information
(1) An individual whose health information is held by Neuro Touch is entitled to request that Neuro Touch correct the information.
(2) Neuro Touch must, on request or on its own initiative, take such steps (if any) that are reasonable in the circumstances to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading.
(3) When requesting the correction of health information, or at any later time, an individual is entitled to-
(a) provide Neuro Touch with a statement of the correction sought to the information (a statement of correction); and
(b) request Neuro Touch to attach the statement of correction to the information if Neuro Touch does not make the correction sought.
(4) If Neuro Touch is not willing to correct the information as requested and has been provided with a statement of correction, Neuro Touch must take such steps (if any) that are reasonable in the circumstances to ensure that the statement of correction is attached to the information in a manner that ensures it will always be read with the information.
(5) If Neuro Touch correct health information or attaches a statement of correction to health information, Neuro Touch must, so far as is reasonably practicable, inform every other person to whom Neuro Touch has disclosed the information
(6) Subrules (1) to (4) are subject to the provisions of Part 4 of the Act (which sets out procedural provisions relating to the correction of personal information).
(7) This rule applies to health information obtained before or after the commencement of this code.
Rule 8
Accuracy, etc, of health information to be checked before use or disclosure
(1) Neuro Touch must not use or disclose that information without taking any steps that are, in the circumstances, reasonable to ensure that information is accurate, up to date, complete, relevant and not misleading.
(2) This rule applies to health information obtained before or after the commencement of this code.
Rule 9
Retention of health information
(1) Neuro Touch must not keep health information for longer than is required for the purposes for which the information may lawfully be used.
(2) Subrule (1) does not prohibit Neuro Touch from keeping any document that contains health information the retention of which is necessary or desirable for the purposes of providing health services or disability services to the individual concerned.
(3) This rule applies to health information obtained before or after the commencement of this code.
Rule 10
Limits on use of health information
(1) When obtaining health information in connection with one purpose, Neuro Touch may not use the information for any other purpose unless Neuro Touch believes on reasonable grounds,-
(a) that the use of the information for that other purpose is authorised by-
(i) the individual concerned; or
(ii) the individual’s representative where the individual is unable to give their authority under this rule; or
(b) that the purpose for which the information is to be used is directly related to the purpose in connection with which the information was obtained; or
(c) that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to use the information; or
(e) that the information-
(i) is to be used in a form in which the individual concerned is not identified; or
(ii) is to be used for statistical purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(g) that the use of the information is in accordance with an authorisation granted under section 30 of the Act.
(3) This rule does not apply to health information obtained before 1 July 1993.
Rule 11
Limits on disclosure of health information
(1) Neuro Touch must not disclose health information unless Neuro Touch believes, on reasonable grounds,-
(a) that the disclosure is to-
(i) the individual concerned; or
(ii) the individual’s representative where the individual is dead or is unable to exercise their rights under these rules; or
(b) that the disclosure is authorised by-
(i) the individual concerned; or
(ii) the individual’s representative where the individual is dead or is unable to give their authority under this rule; or
(c) that the disclosure of the information is one of the purposes in connection with which the information was obtained; or
(d) that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to disclose the information; or
(2) Compliance with subrule (1)(b) is not necessary if Neuro Touch believes on reasonable grounds, that it is either not desirable or not practicable to obtain authorisation from the individual concerned and-
(a) that the disclosure of the information is directly related to one of the purposed in connection with which the information was obtained; or
(b) that the information is disclosed by a Neuro Touch practitioner to a person nominated by the individual concerned or the the principal caregiver or a near relative of the individual concerned in accordance with recognised professional practise and the disclosure is not contrary to the express request of the individual or their representative; or
(c) that the information-
(i) is to be used in a form in which the individual concerned is not identified; or
(ii) is to be used for statistical purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(l) that the disclosure of the information is in accordance with an authorisation granted under section 30 of the act.
(4) Disclosure under subrule (2) is permitted only to the extent necessary for the particular purpose.
(5) Where under section 22F(1) of the Health Act 1956, the individual concerned or a representative of that individual requests the disclosure of health information to that individual or representative, Neuro Touch-
(a) must treat any request by that individual as if it were a health information privacy request under rule 6; and
(b) may refuse to disclose information to the representative if-
(i) the disclosure of the information would be contrary to the individual’s interests; or
(ii) Neuro Touch has reasonable grounds for believing that the individual does not or would not wish the information to be disclosed; or
(iii) there would be good grounds for withholding the information under Part 4 of the Act if the request had been made by the individual concerned.
(6) This rule applies to health information about living or deceased persons obtained before or after the commencement of this code.
(7) Despite subrule (6), Neuro Touch is exempted from compliance with this rule in respect of health information about an identifiable deceased person who has been dead for not less than 20 years.
(8) This rule is subject to rule 12.
Part 3: Miscellaneous
6 Charges
(1) For the purposes of charging under section 66 of the Act in relation to information privacy requests concerning health information, Neuro Touch must not require the payment, by or on behalf of any individual who wishes to make a request, of any charges in respect of a matter referred to in sections 66(1)(b) and 66(2)(b) of the Act except in accordance with this clause.
(2) Where an individual makes an information privacy request to Neuro Touch, Neuro Touch may, unless prohibited by law other than the Act or this code, make a reasonable charge-
(a) where, on a particular day, Neuro Touch has made health information available to that individual in response to a request, for making the same or substantially the same health information available in accordance with any subsequent request within a period of 12 months after that day; or
(3) When Neuro Touch intends to make a charge under subclause (2) and the amount of the charge is likely to exceed $30, Neuro Touch must provide the individual with an estimate of the charge before dealing with the request.
7 Complaints of breach of code
(1) Neuro Touch must designate a person or persons to deal with complaints alleging a breach of this code and facilitate the fair, simple, speedy, and efficient resolution of complaints.
(2) Neuro Touch must have a complaints procedure which provides that-
(a) when a complaint of a breach of this code is received-
(i) the complaint is acknowledged in writing within 5 working days of receipt, unless it has been resolved to the satisfaction of the complainant within that period; and
(ii) the complainant is informed of any relevant internal and external complaints procedures; and
(iii) the complaint and the actions of Neuro Touch regarding that complaint are documented; and
(b) within 10 working days of acknowledging the complaint, the Neuro Touch must-
(i) decide whether it-
(A) accepts that the complaint is justified; or
(B) does not accept that the complaint is justified; or
(ii) if it decides that more time is needed to investigate the complaint-
(A) determine how much additional time is needed; and
(B) if that additional time is more than 20 working days, inform the complainant of that determination and of the reasons for it; and
(c) as soon as practicable after Neuro Touch decides whether or not it accepts the complaint is justified, it must inform the complainant of-
(i) the reasons for the decision; and
(ii) any actions Neuro Touch proposes to take; and
(iii) and appeal procedure Neuro Touch has in place; and
(iv) the right to complain to the Privacy Commissioner.
8 Revocation
The Health Information Privacy Code 1994 is revoked.