• Privacy Policy

    Epworth complies with its obligations under all applicable privacy and health records laws, including the Health Services Act 1988 (Vic), the Privacy Act 1988 (Cth) (and its Australian Privacy Principles) and the Health Records Act 2001 (Vic) (and its Health Privacy Principles). Where Epworth provides public health services, those service arrangements may also require Epworth to comply with public sector privacy obligations under the Privacy and Data Protection Act 2014 (Vic) from time to time.

    Epworth recognises that the privacy principles under those laws apply to our relationship with patients, employees and service providers. Epworth requires that all health professionals and organisations doing business with us will similarly adhere to those privacy principles.

    This Privacy Policy explains how Epworth manages the personal information that we collect, use and disclose; it also describes how you may contact us if you have any questions or complaints about your privacy or would like to access the personal information we hold about you.

    This Privacy Policy applies to all of the hospitals and health services operated by Epworth.

    What personal information does Epworth collect?

    Epworth collects personal information from patients so that we can provide health services to them.  The personal information that we collect from you if you are, or will become, a patient includes: name, date of birth, address, contact details, financial details, ethnic background, health and medical history, lifestyle history, family history, details regarding your current health issue and details regarding your treating doctors (such as your general practitioner).

    We collect personal information from other individuals, such as employees, contractors, students, job applicants, and service providers, to enable us to assess, work with or transact with them.  The personal information we may collect from those individuals in those circumstances includes: name, contact details, qualifications, education, financial details, employment history and immunisation history.

    If you do not provide to us any of your personal information that we require, we may be unable to provide you with the services you are seeking or to otherwise work or transact with you.  If you are a patient at Epworth, you cannot choose to be anonymous or use a pseudonym because this would prevent us from being able to treat you appropriately.

    If you attend the private clinic of a doctor at an Epworth site, that doctor may maintain and keep their own separate medical record about you.

    How Epworth collects personal information

    We will ordinarily collect your personal information from you directly.  Occasionally we may need to collect personal information about you from a third party such as your general practitioner, another health service provider or your family or carer.  However, we will only do so if you have given us your permission, if we cannot reasonably obtain the information from you and we require the information for your care and treatment or if the law otherwise permits us to do so.

    If we receive personal information about you from someone else that we have not requested and we determine that we would not have been permitted to collect that information under privacy law, we will ordinarily destroy or de-identify the information.

    We may also collect personal information about someone else from you where that information forms part of your family, social and medical history and it is necessary for us to collect that information in order to provide your care and treatment.

    How Epworth uses and discloses personal information

    Epworth will use and disclose your personal information for the particular purpose for which we have collected it.

    Generally, if you are a patient of Epworth we will use and disclose your personal information for the purpose of providing health care services to you.  Your personal information will be used by and disclosed to the health professionals and other staff involved in your care and treatment at Epworth.  We may use your information to refer you to external services providers for diagnostic tests or to other health professionals during your care and treatment or after you are discharged.  We will share your personal information with these other providers for the purpose of your care and treatment.

    We may also use and disclose personal information we collect in the following circumstances:

    • To contact patients to send them a reminder for an appointment or follow up care, to check pre-admission details or to inform patients of out of pocket expenses.  We may use patients’ information to give them a follow up call from our Patient Service Centre.
    • We may provide general information about a patient’s condition to their family, near relative or carer, unless the patient has requested that we do not do so.
    • We will ordinarily send a discharge letter or summary which will include details of a patient’s care and management at Epworth to their general practitioner or the specialist who referred the patient to Epworth, unless the patient requests that we do not do so.  If appropriate, we may send a letter to other health professionals and individuals involved in a patient’s post discharge care – for example, to a physiotherapist or home nursing service.
    • To communicate with Medicare and other government agencies (for example, Department of Veterans’ Affairs, WorkCover, TAC) involved in funding a patient’s health care.
    • To communicate with a patient’s private health insurer.
    • We may use a patient’s personal information to ask them to participate in a patient survey, quality improvement activities, a clinical trial or research.  We may disclose personal information to a service provider who assists us with these activities.  A patient has the right to decline to participate in these activities.
    • To manage a patient’s account with us and to charge the patient (or a third party) for the services we provide.
    • We will disclose certain information where we are required by law to do so about patients who have specific conditions to the Victorian or Commonwealth Government, their departments or agencies.  We will also disclose certain information to organisations that maintain a health or disease register where we are required by law to do so.
    • We may disclose personal information to an approved government agency, safety and quality body or law enforcement agency where required or permitted by law, for example in relation to locating missing persons, service of documents, census information collection or specified quality and safety purposes.
    • We may disclose to and collect personal information from another health service for one or more specified quality and safety purposes with the appropriate Ministerial authorisation.
    • Where we are contracted to provide public health services, we will disclose personal information in accordance with our contractual obligations to the relevant public health service providers and public sector privacy laws.
    • For certain activities and functions related to Epworth’s business and operations, such as quality assurance and improvement, patient satisfaction assessments, audit (clinical and non-clinical), accreditation, service planning, service funding, risk assessment and management and claims investigation and management.  We may disclose an individual’s personal information to our insurer and to other people or organisations we engage to assist us with these activities.  We may also use personal information for training and educating our staff.  Where possible, we will endeavour to remove information that identifies any individual when using it for these activities.
    • From time to time, external suppliers that we engage to provide certain services to Epworth may have access to the personal information we collect – for example, external information technology providers or couriers.  Where we engage such external suppliers, such persons and organisations must agree to manage any personal information they may access according to privacy laws.
    • We may disclose an individual’s personal information to a third party where we are legally required to do so – for example, if we receive a subpoena.
    • We may use and disclose the personal information of job applicants and individuals undertaking work experience or a student or trainee placement to assess and manage their engagement or employment, for insurance purposes and to comply with our legal obligations.
    • We may use and disclose the personal information of health professionals that seek accreditation to practice at Epworth to assess their application, to manage our relationship with them, for insurance purposes and to comply with our legal obligations.
    • If you are a service provider, we may use or disclose your personal information to manage our relationship with you.
    • Where you have been provided with an opportunity to opt-out of receiving contact from Epworth Medical Foundation (EMF) in relation to fundraising support and you have not opted-out of receiving such contact, we may disclose your name and contact details to EMF. Further information is provided below as to how your personal information is disclosed to and used by EMF.

    Ordinarily, Epworth will not transfer your personal information to any person or organisation outside Australia, without your permission.  However, Epworth may enter into arrangements with service providers who may store some of Epworth’s data (which may include personal information) overseas.  If we do, we will ensure we comply with any privacy law requirements that relate to cross border disclosures of personal information.

    By becoming or remaining a patient of Epworth or by providing your personal information to us, you consent (to the extent that we require your consent under privacy laws to do these things) to Epworth collecting, using and disclosing your personal information in accordance with this Privacy Policy.

    Fundraising Support

    Epworth is a not-for-profit hospital group which relies on the generosity of its community to assist it to continue to deliver excellence in treatment and care.  As part of your hospital admission process, you will be asked on your admission form whether you do not wish to be contacted by our fundraising trust Epworth Medical Foundation (EMF) in relation to fundraising support for Epworth. Where you have not opted-out of such contact on the admission form by ticking the relevant box, we will disclose your contact information to EMF. EMF may contact you to seek your support or to ask you to participate in Epworth’s fundraising activities.

    Where you have not opted-out of receiving fundraising contact from EMF, you may be contacted by a representative of EMF or by an external fundraising agent engaged by EMF. In either circumstance, only your contact details are available to the person or organisation who will contact you, and no information regarding your medical treatment or condition is disclosed by us to them. External fundraising agents will inform you as to who they are, why they are calling and that the contact relates to fundraising for EMF or Epworth. If you are not provided with this information, please advise EMF through the contact details provided on the EMF website www.emf.org.au.

    Should at any time you wish to opt-out of fundraising contact, you may contact Epworth’s Privacy Officer on the contact details set out below or use the opt-out mechanism provided under EMF’s Community Charter  on the EMF website www.emf.org.au.

    How we protect your personal information

    Epworth has implemented measures to protect your personal information from misuse, interference, loss, unauthorised access, modification and disclosure.  We store all of the information we collect from patients on their medical record which may be in hard copy and electronic format.  Every time a patient attends Epworth, information is added to their medical record.

    When it is not required for your care, your hard copy medical record is stored securely in our health information services department.  We use various procedures and technologies to protect your privacy, including access control procedures, audit trails, network firewalls and physical security.  Only authorised staff or contractors have access to your records and we monitor any access to electronic records.

    Epworth will destroy or permanently de-identify any of your information which we no longer require for the purpose for which we collected it, provided we are not required under law or otherwise to retain the information.

    How you may request access to or correction of your personal information

    You may request access to the personal information we hold about you by contacting us at the details set out below.  You may access your personal information by viewing it or by requesting a copy of your personal information.

    You may also request that we correct the personal information we hold about you if you believe that it is inaccurate by contacting us at the details set out below.
    Epworth will consider your request for access or correction and respond within the time required by law.

    We will ordinarily charge you for giving you access to your personal information in accordance with the fees and charges we are permitted to charge under the applicable laws.

    Queries and complaints regarding your privacy

    If you have any queries regarding how Epworth handles your personal information or wish to make a complaint about how we may have handled your personal information, you may contact us at the details set out below.  We will consider your complaint promptly and provide a written response on the outcome.

    Our contact details

    You may contact us in any of the following ways:

    By letter

    Privacy Officer, Legal Services,
    Epworth HealthCare Corporate Office,
    c/- 89 Bridge Road, Richmond VIC 3121

    Online

    Through the feedback form on the Patient Feedback page of our website.

    If you would prefer to make your complaint to an external complaint body, or you are not satisfied with the handling or outcome of the Epworth complaints process, you may contact the following organisations to lodge a complaint:

    Australian Information Commissioner

    Online: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

    Health Complaints Commissioner (Victoria)

    Online: https://hcc.vic.gov.au/make-complaint

    Your use of our website

    We will only collect personal information through our website if you voluntarily provide it – for example, if you submit information via a web page form or you send us an email.  Any personal information you provide to us through our website will be handled in accordance with the principles described in the preceding sections of this Privacy Policy.

    Epworth cannot ensure that any information transmitted over the internet is secure and you transmit such information at your own risk.  However, once we receive a transmission of personal information, we take all reasonable steps to ensure that the information is secure on our systems.

    When you access our website, we will keep a record of your visit.  We may collect the following information that does not identify you in relation to your use of our website: your computer address, the date and time of your visit, the type of browser you use, the pages you visit, the information you request and the country from which you request information.  We collect this information for statistical purposes and to monitor and improve our web site and services.

    We use cookies.  A cookie is a small data file that is stored on your browser or device and allows our computer server to identify your computer or device.  This information allows our website content to load and function as intended when you access it and to monitor various statistics on use of our website.  Most browsers will allow you to control whether the browser will accept or reject all, or certain, cookies.  Further, you should be able to delete most cookies – you should check your browser for instructions on how to do this.

    Our website may contain links to third party websites unrelated to Epworth.  This Privacy Policy has no application to third party websites.  Epworth makes no representation regarding, and is not responsible for, the content or the privacy practices of third party websites and has no knowledge of whether cookies or other tracking devices may be used by those sites.

    Current as at 24 May 2022

    Access the Privacy Policy Flyer (PDF, 40KB), or
    Click the blue print icon in the bottom left hand corner of this web page to print the complete Privacy Policy.

  • Privacy Policy - Digital

    Facebook ads

    Epworth uses the Facebook pixel, an analytics tool to measure the effectiveness of our advertising. Epworth uses the pixel to serve related content to users based on their use of the Epworth website and to optimise advertising based upon a user's likeliness to be interested in Epworth services. Additionally, the Facebook Pixel is used to inform targeting, by creating lookalike audiences with interests similar to those who've already visited the Epworth website. Opt-out: you can opt-out of Facebook's use of the pixel by visiting https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen or https://www.facebook.com/ads/about.

    Google ads

    Epworth uses Google Ads to serve interest-based ads, and to personalise advertising based on a user's engagement with the Epworth website. Opt-out: You can opt-out of personalised ads from Google by visiting https://support.google.com/ads/answer/2662922?hl=en-AU or http://optout.networkadvertising.org/?c=1.

  • COVID-19 Privacy Policy Supplement

    What is the purpose of this privacy supplement?

    Epworth HealthCare and its related entities (Epworth) is committed to protecting the privacy and confidentiality of your personal information, including in the specific circumstances of the ongoing COVID-19 pandemic due to the severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). This document supplements our Privacy Policy (available at https://www.epworth.org.au/who-we-are/privacy-policy) and applies in respect of the personal information we collect in connection with a COVID-19 related purpose, including COVID-19 related health information that we collect from you or that you provide to us. To the extent our Privacy Policy applies to your personal information collected by Epworth, our Privacy Policy will continue to apply to this information except to the extent a narrower restriction is set out in this supplement.

    By providing your COVID-19 related personal information to us, you consent (to the extent that we require your consent under privacy laws to do these things) to Epworth collecting, using and disclosing your personal information in accordance with this privacy supplement.

    What additional personal information does Epworth collect regarding the COVID-19 pandemic?

    The personal information that we may collect from employees, contractors, students, job applicants, service providers, patients, VMOs, other staff, volunteers, visitors, and others in connection with COVID-19 includes:

    • the results of any recent COVID-19 tests you have undertaken
    • information about whether you have been potentially exposed to a positive COVID-19 case 
    • your vaccination status (no vaccination, one dose, two doses and third or booster doses) and vaccine type
    • information about any bookings or appointments you have made to receive a COVID-19 vaccine
    • a copy of your vaccination certificate
    • if you provide us with evidence of a medical exemption from receiving the vaccine (if applicable), a copy of that evidence and the reason for the medical exemption
    • contact tracing information including information about who you may have been in close contact with while at our premises, and
    • a scan of your temperature (if it is above the acceptable range prescribed by the relevant health authorities we will note this).

    Depending on your answers (and where temperature scanning is conducted, your result), or if you do not provide the requested information to us, you may be directed not to enter or remain on our premises or not to interact with us in-person at this time. For Epworth Personnel who are not vaccinated or who do not provide this information to us, please refer to the Epworth COVID-19 Staff Vaccination Protocol for further information.

    Where we ask if you have been in contact with a confirmed COVID-19 case, we will generally only be asking for you to provide information that does not identify the person who is the confirmed COVID-19 case. If you provide us with personal information relating to another person (such as a next of kin), you warrant that you have informed that person of the information set out in the relevant collection form and this supplement and obtained their consent to disclose their information to us for use in accordance with our Privacy Policy and this supplement.

    How Epworth uses this personal information

    Epworth will use the personal information noted in this supplement to allow us to (as relevant):

    • comply with health and safety obligations and any legal requirement to collect this information
    • ensure the health and safety of individuals including our staff, contractors, patients and visitors, as well as the security of our premises
    • manage our facilities and staff rostering, while adapting to the constantly changing working and regulatory environments brought about the COVID-19 pandemic
    • make appropriate decisions in respect of rostering and work allocation in the safest reasonable manner
    • inform a third-party employer if we have refused one of their personnel entry to our premises
    • contact you (and your employer where you are providing third party services to, or at, Epworth), and report information including your contact details to appropriate health authorities, for COVID-19 contact tracing purposes, and
    • verify your COVID-19 test results, vaccine appointment bookings, vaccination status, vaccination certificate or medical exemption.

    We may also use this personal information to create aggregated data sets, generally on an anonymised basis, to provide to health authorities and other third parties. We may analyse this aggregated data to help make decisions about our business and our workforce in a way that allows us to continue our work while protecting the health and safety of our people and our patients.

    Who Epworth discloses this personal information to

    Epworth may disclose this personal information to:

    • health authorities, to report to and assist health authorities to undertake contact tracing for COVID-19
    • other entities who are part of the Epworth group
    • other persons as necessary to enable contact tracing or to assist compliance with occupational health and safety obligations 
    • your employer (where you are providing third party services to, or at, Epworth), to inform them if we have refused you entry to or permission to remain on our premises
    • our third-party technology service providers who provide the capabilities for us to collect, and securely store and manage this COVID-19 related personal information, or
    • other third parties as set out in our Privacy Policy or if required by law.

    We may also disclose de-identified, aggregated data sets publicly, for example to publicly disclose the percentage of vaccinated employees, workers, patients or visitors.

    Will your personal information be transferred or disclosed overseas?

    Ordinarily, Epworth will not transfer your personal information to any person or organisation outside Australia, without your permission. However, Epworth may enter into arrangements with service providers who may store some of Epworth’s data (which may include personal information) overseas. If we do, we will ensure we comply with any privacy law requirements that relate to cross border disclosures of personal information.

    How we protect your personal information

    Epworth has implemented measures to protect your personal information from misuse, interference, loss, unauthorised access, modification and disclosure as set out in our Privacy Policy.

    We may retain your personal information for as long as necessary to fulfil the purposes we collected it for, unless a shorter or longer period is required by law, and except as specified below. Epworth will destroy or permanently de-identify any of your information which we no longer require for the purpose for which we collected it, provided we are not required under law or otherwise to retain the information.

    Please note that all retention periods may be extended where required by law, where advised or requested by health authorities, or where we need to preserve and use personal information for the purposes of bringing or defending a legal claim. 

    Our contact details

    If you have any questions about this privacy supplement, you may contact us in any of the following ways:

    By letter

    Privacy Officer, Legal Services,
    Epworth HealthCare Corporate Office,
    c/- 89 Bridge Road, Richmond VIC 3121

    Online

    Through the feedback form on the Patient Feedback page of our website.

    Current as at 14 October 2021