Privacy Policy for health practitioners
This part of our Privacy Policy applies when you use our services as a health practitioner and your personal and/or practice information is registered and disclosed as part of us delivering and managing the National Health Services Directory (NHSD), or when members of the public provide us with your details to support the provision of further healthcare services.
On this page
- About this Privacy Policy
- What personal information do we collect?
- Why do we collect and use your personal information?
- How do we collect your personal information?
- How do we use or disclose your personal information?
- How long do we retain your personal information?
- How do we protect your personal information?
- How to manage your personal information
- How to contact us
- Scope of and updates to this Privacy Policy
You can also visit our privacy hub or read these frequently asked questions (FAQs).
About this Privacy Policy
Effective as of 7 May 2024
This is the Privacy Policy of Healthdirect Australia Ltd (ABN 28 118 291 044) (Healthdirect) (also variously described as us, we or our throughout this Policy). The Policy covers the following services in our portfolio, except My Aged Care and Head to Health, which are governed by their own Privacy Policies:
- Helpline services
- healthdirect helpline (also known as NURSE-ON-CALL in Victoria)
- healthdirect GP helpline
- Pregnancy, Birth and Baby
- health alert lines
- Digital services
- healthdirect website
- healthdirect mobile app
- Pregnancy, Birth and Baby website
- Digital products (available in some of our digital services)
- User account
- Symptom Checker
- Service Finder
- Risk Checker
- Question Builder
- BMI calculator
- National digital infrastructure
- National Health Services Directory (NHSD)
In this Policy, we describe the kinds of personal and sensitive information (including health information and other types of sensitive information that you provide) we collect, why we collect this information, and how we use, disclose, and protect the information that we hold.
When we use 'you' or ‘your' in this policy, we are referring to the individual reader of this Policy. You may be a member of the public who has used our health services, a health practitioner or integrator, or someone who has engaged with our corporate functions.
For other privacy-related definitions, please see our privacy FAQs.
Healthdirect complies with Commonwealth privacy laws (including the Privacy Act 1988 (Cth)) and for some services, State and/or Territory privacy laws (where appropriate). We also adopt careful and ethical data practices, and embed privacy considerations into the design of our services.
This part of our Privacy Policy applies when you use our services as a health practitioner and your personal and/or practice information is registered and disclosed as part of us delivering and managing the National Health Services Directory (NHSD), or when members of the public provide us with your details to support the provision of further healthcare services.
If you use our services as a member of the public, please go here.
If you are an employee, a job applicant, contractor, stakeholder, such as a representative of a service provider, consultant, shareholder or director of our organisation, please go here.
Please see below for information about how we manage your personal and sensitive information, or read these frequently asked questions (FAQs).
Healthdirect collects health practitioner information to facilitate the provision of healthcare. Primarily, health practitioner data is collected to administer the National Health Service Directory (NHSD). However, some health practitioner data is also collected from members of the public who use health services to support the provision of healthcare, where required.
What personal information do we collect?
Healthdirect collects and holds the personal information of health practitioners, which may include the following:
- identifying information, such as your name
- demographic information such as your sex and languages spoken
- professional and contact information, including your:
- work address
- work phone number
- work email address
- Government identifiers including but not limited to:
- your provider number(s)
- AHPRA registration number
- healthcare provider identifier number
Why do we collect and use your personal information?
Primarily, Healthdirect collects your personal information to administer and operate the National Health Services Directory (NHSD). This includes:
- the holding of personal information collected from health practitioners and/or their representatives, data partners or data publishers and other corporate representatives.
- the publishing (with consent) of personal and professional information on the NHSD to enable members of the public to find information about health services relevant to their needs, and to find information about a health organisation or practitioner they have been referred to;
- the sharing of your personal information:
- to enable other health practitioners to search for suitable service providers on behalf of their patients, including to share information between health services (for example, provision of discharge summaries by a hospital to the patient’s preferred GP);
- to enable other organisations and individuals, such as Primary Health Networks, to use the NHSD for integration with research, planning and reporting programs; and
- with other data clients to ensure data quality and accuracy, such as booking vendors that confirm details about appointments being booked through their services
- quality assurance and service improvement, including seeking feedback on your satisfaction with the NHSD.
Where health practitioner information is not contained within the NHSD, Healthdirect may collect this information from a member of the public for the purpose of sharing their health information with you for the provision of healthcare.
Healthdirect may also use and disclose your personal information for a secondary or related purpose. We will only do this where:
- you have been provided with an additional notice of collection and provided your consent for Healthdirect to use this information for a secondary or related purpose; or
- where you would reasonably expect that this information would be used for a secondary or related purpose; or
- where disclosure to other agencies or organisations is permitted by law.
Some of the secondary or related purposes for which Healthdirect collects, uses and/or discloses your personal information, include:
- dealing with complaints, incidents, and enquiries about the NHSD, for example, when you contact us to request or enquire about the listing of a health service on the NHSD or when your practice manager requests a general practice to be listed on the NHSD;
- reporting and disclosure of personal information to State or Commonwealth government authorities, regulatory bodies and health organisations on matters relating to public health and safety initiatives;
- in compliance with any applicable laws, legal proceedings, enforcement actions, or compulsory reporting to State or Federal authorities.
Public and non-public information
Healthdirect recognises that not all health practitioners may want their personal information to be available to all users of the NHSD. This is why the NHSD supports different levels of publishing of information on the NHSD, namely ‘public’ and ‘non-public’ listings. Where required, we take relevant steps to ensure that health practitioners have consented to any of their personal information being publicly available.
If a health practitioner consents to their personal information being ‘public’ then the information, such as name, sex, contact information and specialty, is searchable on the publicly accessible NHSD and through other Healthdirect digital services, such as the healthdirect helpline. Alternatively, if a health practitioner consents to their personal information being ‘non-public’ then the information is not accessible to the public but is still accessible to health practitioners and organisations, and other data clients such as secure messaging vendors.
Health practitioners can modify their consent choices, and request that their personal information is no longer published on the NHSD by contacting us via the details listed below.
How do we collect your personal information?
From you or your representative
We may collect your personal information either directly from you or from your representative when you complete our NHSD online registration form, or when you contact us to request your practice being listed in the NHSD.
From members of the public
Where health practitioners' information is not contained within the NHSD, Healthdirect may collect your identifying information, such as your name and/or professional contact information, from members of the public who use health services.
From agencies, regulators and registration bodies
We may collect and quality assure personal information of a health practitioner from a government agency, regulator, or registration body, including, but not limited to:
- the Australian Digital Health Agency (ADHA) via Provider Connect Australia (PCA), which is a digital health service provider portal administered by ADHA;
- the Register of Practitioners administered by the Australian Health Practitioner Regulation Agency (AHPRA).
From data integration partners
Healthdirect shares data and integrates the NHSD with various health sector organisations and platforms, such as secure messaging service provider. For example, Healthdirect gives address book functionality to secure messaging service providers by storing secure messaging information and making it available to service provider programs through our Application Programming Interfaces (APIs). To do this, we collect personal information about a health practitioner from their secure messaging service provider, including their name, address, and provider number.
When a healthcare organisation registers with a secure messaging service provider, they are advised of the need for information about their organisation, including their health practitioners, to be published on the NHSD.
How do we use or disclose your personal information?
We publish NHSD data for access via the following channels:
- NHSD and Service Finder web pages: at about.healthdirect.gov.au/nhsd and healthdirect.gov.au/australian-health-services
- healthdirect app: through the healthdirect mobile application developed by us and downloadable by members of the public
- NHSD widget: through third party websites using the NHSD widget (a software application developed by us and provided to website owners to access the NHSD)
- NHSD APIs: through our APIs (a program Healthdirect provides to approved third parties to allow the third parties to integrate the NHSD into their existing programs and websites)
Healthdirect also includes NHSD data as part of the delivery of our services, for example, when Healthdirect provides a member of the public with a summary of triage advice and information via SMS (Encounter Summaries), this can sometimes include the name of a health practitioner, and associated practice and contact details.
De-identified information
De-identification is the process of removing or altering information that identifies an individual or is reasonably likely to enable their identification. Since Healthdirect is publicly funded, it must share some service delivery data with its government funders and other organisations across the health industry to demonstrate value and accountability.
Healthdirect shares data to:
- help improve the healthcare system;
- enable research and statistical analysis; and
- help evaluate healthcare services.
Healthdirect de-identifies data when it shares or reports this data. This usually includes the removal of personal identifiers, and other indirect identifiers, or the aggregation of data so that no single person is identifiable.
We collect and analyse non identifiable website traffic data (including through the use of third-party service providers) on an aggregated basis to improve our services and for statistical purposes.
Overseas disclosures
Healthdirect does not routinely store or disclose NHSD data outside of Australia, however, the NHSD is accessible to members of the public located overseas. For example, the NHSD is available on the internet including where that individual is accessing the internet outside of Australia.
How long do we retain your personal information?
Healthdirect retains any information that you or your representative have provided for inclusion in the NHSD for as long as you wish for us to retain this information.
Upon instruction from you, or where it is brought to our attention that you are no longer providing healthcare services, Healthdirect will identify, confirm and dispose of information that we no longer require.
How do we protect your personal information?
Healthdirect has an obligation to ensure that the personal information that you provide is appropriately protected from misuse, interference and loss, and from unauthorised access, modification, and disclosure.
Healthdirect aligns with the Australian Cyber Security Centre (ACSC) Essential Eight as our baseline for security standards. The Essential Eight is a prescribed list of technical strategies that aim to mitigate threats within our system and networks. More information about these security standards can be found here: Essential Eight (cyber.gov.au).
How to manage your personal information
Accessing or correcting your information
You have a right to request access to the information that we hold about you. You may also request that Healthdirect corrects personal information that it holds about you if you believe it is inaccurate, incomplete or not up to date.
In the first instance, health practitioners should review the listing of the health service to which they are connected at about.healthdirect.gov.au/nhsd. The NHSD uses AHPRA as a system of record for practitioner details. This means the NHSD reflects the information published by AHPRA for a health practitioner. Where a person advises that the name, sex, speciality or location we hold about them is not accurate, we may request the person to seek correction of those details from AHPRA as the source of truth. The changes AHPRA then makes to the data will be represented in the NHSD.
A health practitioner can also request a copy of the information we hold about them by contacting us at nhsd@healthdirect.org.au.
If we refuse to provide you with access to your personal information or refuse to provide you with access to your personal information in the way you have requested, we will provide you with a written notice outlining our reasons for refusal.
If you require access to your personal information and are not on the NHSD, you should contact privacy@healthdirect.org.au.
Deleting your information
If you wish to have your information deleted, you can request this via the NHSD by contacting nhsd@healthdirect.org.au.
Complaints
If you have a privacy complaint or concern regarding how we have handled your personal information, please contact Healthdirect. We will investigate your complaint or concern and endeavour to respond to you within 10 working days.
If you feel we have not adequately resolved your complaint or concern, you may contact the Office of the Australian Information Commissioner at Privacy complaints (oaic.gov.au).
How to contact us
You can contact our Privacy Officer as follows:
Email: privacy@healthdirect.org.au
Postal address:
Privacy Officer Healthdirect Australia PO Box K411 Haymarket NSW 1240 Australia
Scope of and updates to this Privacy Policy
From time to time, we will update this Privacy Policy. The current version is always displayed on our website and supersedes previous versions.
Need more information?
Visit our privacy hub or read these frequently asked questions (FAQs).
Last reviewed: May 2024