myNurse is committed to protecting all personal information and ensuring that the handling of personal information provided by job seekers, staff, clients & participant and others with whom we deal complies with Australian Privacy laws. This includes Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Commonwealth) (Privacy Act) and any applicable state or territory legislation.
This policy outlines how we collect, use, disclose, store and manage personal information in accordance with these Australian Privacy Laws.
myNurse will manage all personal information in accordance with Australian Privacy laws including
(but not limited to):
- Privacy Act 1988 (Cth), and APPs
- Privacy and Personal Information Protection Act 1998 (NSW)
- Freedom of Information Act 1982
- Health Records and Information Privacy Act 2002 (NSW)
- SPAM Act 2003 (Cth)
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Information or an opinion about:
- The health or a disability of an individual;
- An individual’s expressed wishes about the future provision of health services to
- A health service provided or to be provided to an individual that is also Personal Information;
- Other Personal Information collected to provide, or in providing a health service;
- Other Personal Information about an individual collected in connection with the donation, or intended donation by the individual of his/her body parts, organs or body substances;
- Genetic information about an individual in a form that is or could be predictive of the health of the individual or a genetic relative of the
Sensitive information is a subset of personal information and refers to information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions or membership of a political association;
- membership of a professional or trade association or a trade union;
- religious beliefs or affiliations,
- philosophical beliefs,
- sexual preferences or practices,
Employee Record is a record of Personal Information relating to the employment of a member of staff. Employee records will include such details;
- The employee’s personal and emergency contact details;
- The employee’s performance or conduct;
- The employee’s criminal record status as obtained through a National police check or
working with children check;
4. Guiding Principles
myNurse believes that individuals and communities have a right to privacy, dignity and confidentiality. This right will be upheld at all times through practices of sharing and providing information in a discrete manner and on a need-to-know basis. myNurse will always be guided by the Australian Privacy Principles. Where myNurse operates databases or information systems, the relevant policies and procedures are to be followed for the appropriate use of Personal Information within these systems. myNurse aims to create a workplace which is respectful, ethical and professional in all matters pertaining to confidential or private information held about an individual.
5. Policy Commitments
6. Performance Indicators
myNurse holds a zero-tolerance policy in relation to the breach of confidentiality. All myNurse employees and contractors must have read the confidentiality policy, understand it’s contents and sign the declaration.
7. Collection of Personal Information
myNurse will only collect personal information that is necessary for delivery of our services The type of information that we collect includes, but is not limited to:
- Employment records including your name, address and contact details, job resume, work performance indicators, bank account details for payroll, information from references and criminal records Along with any other details which may be required for employment purposes.
- Client/Participant’s personal details including name, address and contact Next of kin and consultant information, current and past medical history, Advance Care Directive. Personal health and medical information is collected to facilitate appropriate care of the client. Personal Information and Health Information may be collected directly from the client, his or her relatives and other authorised personnel such as a Power of Attorney, General Practitioner, an Aged Care Assessment Service or hospital through observations and assessments undertaken as part of the care process, or through another third party referral service where you have consented to that service providing your information to us.
- In cases where individuals, employees or potential employees withhold information or are unwilling to provide information as requested, myNurse as a result may be unable to provide them with the services or employment they
myNurse collects information through a variety of ways including:
- Electronic or face to face interactions;
- Through our website;
- Requests for information;
- From third party referral services; and
- Through provision of services
8. Use and Disclosure of Information
We may use or disclose personal information collected from employees or prospective employees, with consent, to:
- obtain references from former employers or give references to potential employers;
- verify qualifications with educational or vocational organisations;
- conduct background and criminal records checks
- Personal information limited to the employee’s name may be shared with clients and
their family members/guardians for the purposes of service provision;
- Personal information may be shared within organisational departments for the purpose of service provision, performance management and general operations;
- Personal information may be shared as part of mandatory inspections or investigations by the ATO, Fair Work, WorkSafe/SafeWork, police, government departments, Commissions or their
When dealing with employee personal information, myNurse will endeavour to:
- Limit the collection of information & provide notice to individuals about the potential collection, use and disclosure of their personal information
- Keep employee’s personal information secure, accurate, complete and up to date
- Provide employees access to their personal information
Disclosure to third party service providers
We may disclose client Personal Information to third party contractors and service providers that help us to deliver services to clients, such as, Allied Health providers, payment system operators, financial institutions, debt collectors, accountants, solicitors, business advisors and
referral services (including to enable the referral service to verify whether a client was referred to us by that service).
Disclosure to relatives and guardians
There are certain instances where myNurse may need to share or disclose an individual’s Personal Health Information to a person who is responsible for the individual (i.e. a parent, child, sibling, relative, guardian or power of attorney). We may do so, in accordance with Health Privacy Principle 2, if:
- the individual is incapable of giving consent or communicating consent;
- myNurse Management or Coordination staff are satisfied that the disclosure is necessary to provide appropriate care or treatment, is made for compassionate reasons or for the purposes of undertaking a quality review of our services; or
- the disclosure is not contrary to any wish previously expressed by the individual which the organisation is aware of, or of which the organisation could reasonably be expected to be aware, and the disclosure is limited to the extent reasonable and necessary for providing care or
- A client’s confidential information will never be disclosed to other clients, unauthorised personnel or personal relations of the client or employee or any other person in the community.
Disclosures required or permitted by law
In some circumstances we are authorised or required by law to disclose certain personal information. For example: disclosure to various government departments and agencies such as the Australian Taxation Office, Centrelink, Child Support Agency, or disclosure to courts under subpoena; and disclosure permitted under Health Privacy Principle 2, where myNurse:
- reasonably believes that disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
- has reason to suspect unlawful activity and uses or discloses the Personal Information as part of our investigation of the matter or in reporting our concerns to the relevant authorities; or
- reasonably believes that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal
myNurse will take reasonable steps to protect Personal Information that we hold from misuse, interference, loss or unauthorised access or disclosure.
Employee records are all computerised with access limited to appropriate staff. Electronic records of employees and clients are held on a password protected secure database. Any paper files are kept securely in a locked cabinet until a time that they are scanned to the computer. Once actioned, documents are then either shredded or put in locked confidential waste bin that is destroyed by an authorised business.
We will retain records of information for a period of seven years after the last occasion on which a service was provided to the client/by the employee.
Personal and Health Information may also be held within a client’s home as part of their health care record.
Access to Personal Information
Individuals may request access to their own Personal Information kept by myNurse. Where reasonable and practical to do so, and in accordance with the provisions of the Privacy Act and Health Records Act, myNurse will provide access to an individual’s personal information. There may be instances where we cannot grant you access to the Personal Information or Health Information we hold. For example, we will refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you can request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
myNurse will not disclose personal information overseas.
When we collect Personal Information directly from an individual, we will take all reasonable steps to ensure that they are aware of the collection of their Personal Information. If information is collected from a 3rd party, reasonable steps will be taken to notify the individual or otherwise ensure that the individual is aware that the information will, or may, be passed on to us.
Under the Notifiable Data Breaches Scheme (Part IIIC of the Privacy Act 1988), myNurse has an obligation to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) about an ‘eligible data breach’ which is likely to cause serious harm to any of the individuals to whom the information relates. An ‘eligible data breach’ occurs if all three of the below criteria are met:
- there is unauthorised access to, or unauthorised disclosure of, personal information, or loss of personal information that myNurse
- this is likely to result in ‘serious harm’ to one or more individuals (‘serious harm’ may
include serious physical, psychological, emotional, financial or reputational harm);
- myNurse has not been able to prevent the likely risk of serious harm with remedial action.
Examples of a data breach could include, but are not limited to:
- loss of a computer or data storage device containing personal information
- unauthorised access to personal information as a result of a hacking attack or data breach
- employees or contractors accessing or disclosing personal information outside the bounds of their employment
- emailing, sending or simply providing personal information to the incorrect people In the event of a data breach, myNurse will:
- identify if an eligible data breach has occurred;
- investigate suspected security incidents to determine if an eligible data breach has occurred so that it can be reported;
- assess the risk of serious harm to affected individuals if personal information is disclosed or lost;
- review any contracts with third parties who hold personal information on behalf of the entity and ensure that adequate contractual provisions are in place to manage compliance with the notification regime
- Complete an incident form as soon as practicable to ensure a record is maintained of how the breach or suspected breach was
Data Breach Notification Obligations
- In the event of an eligible data breach, myNurse will notify the Office of the Australian Information Commissioner (OAIC) using the online Notifiable Data Breach Statement Form and affected individuals as soon as practicable after becoming aware that there are reasonable grounds to believe that there has been an eligible data
9. Privacy Online
Online data collection and use is when myNurse website is accessed, anonymous technical information may be collected about user activities on the website. This may include information such as the type of browser used to access the website, the date of the visit, time spent on the site and the pages visited.
This information is used by myNurse to make decisions about maintaining and improving websites and online services. This information remains anonymous and is not linked in any way to personal identification
10.Making a Complaint
Privacy Law is regulated by the Australian Information Commissioner. Further information about privacy legislation can be obtained from the Office of the Australian Information Commissioner website at
myNurse takes all complaints seriously. Anyone who wishes to make a complaint about the way
myNurse has managed their Personal Information may make that complaint verbally or in writing by
setting out the details of the complaint to any of the following: Grace Ryan
Phone: 1300 868 334
- Alternatively, complaints may also be referred to:
Office of the Australian Information Commissioner.
– By phone: 1300 363 992
- In writing to Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001
11. Review and Improvement
myNurse will review this policy annually or as required.