This policy was updated 1 July 2012.
This document sets out the types of personal information held by National Prescribing Service Limited (NPS) (ABN 61 082 034 393) and how NPS collects, holds, uses and discloses that information as part of our business to provide independent, evidence-based information and services to health professionals, the community and individuals on the quality use of medicines and medical tests.
NPS is bound by the National Privacy Principles contained in the Privacy Act 1988 (Cth) and relevant state and territory privacy legislation.
What is personal information?
Personal information is any information that identifies you or from which your identity could be reasonably ascertained. The types of personal information that NPS collects will vary depending on your relationship with us.
How types of personal information is collected?
The personal information that NPS collects could include your name, age, gender, the organisation you work for, your postal address, telephone and fax numbers and your email address.
If you are a health professional or health professional student, we may also collect details of your:
- membership of professional associations
- provider and/or prescriber number, and
- professional interests,
In order to:
- provide the appropriate services to you
- conduct research and evaluation programs, or
- report your participation to bodies managing the educational, continuous professional development or quality improvement programs in which you participate.
If you are one of our suppliers or provide services to us, we may collect other information about you that we feel is necessary, such as the nature of the products and services that you provide, quotes that you provide and your direct credit details.
NPS may collect sensitive information–such as health information and information about personal attributes such as ethnic or racial origin–when it relates to the provision of a service or its evaluation. Where you request the provision of specific information relating to health conditions (for example by contacting NPS’ phone line services or requesting educational material), this may result in NPS collecting health information about you. NPS will only collect this information with your consent or otherwise in accordance with the National Privacy Principles and relevant privacy legislation.
Use of de-identified health information
As part of its services, NPS offers health professionals the opportunity to undertake quality assurance activities that require them to collect health information about individuals and disclose it to NPS on a de-identified basis for quality assurance purposes.
Health professionals providing de-identified data are advised what it will be used for and give NPS written consent for the data to be aggregated in feedback material provided to other health professionals or professional bodies. This aggregated de-identified data may also be used in NPS evaluation studies and reports.
Data submitted to NPS is first encrypted using PKI (Public Key Infrastructure) encryption and then transmitted via a secure protocol so that NPS is unable to identify the individual the subject of the data.
Consequences of not providing information
In some instances if all necessary personal information is not provided, NPS may be unable to assess or process your information or provide you with the programs, services, materials or products you require.
How is personal information collected?
On provision of information to us
NPS primarily collects information about you when you use or request a product or service, complete a survey, questionnaire or enrolment form or when you communicate with NPS by email, telephone, in writing or in person. NPS also collects information about you if you are providing services to NPS or, if you apply for employment at NPS, through the staff recruitment and selection process.
From publicly available sources
NPS also collects personal information from the public domain, for example from professional registration boards.
NPS tries to collect personal information about an individual only from that individual, but in some circumstances NPS may obtain personal information from a third party, such as an NPS Facilitator, general practice manager, your health professional, a member of your family, a friend or your carer. If you provide personal information about another person to NPS, we require that you inform that person you have done so.
From the website
When you visit the NPS website, our web server may download a cookie to your computer. A cookie is a small piece of information sent by our server to your browser.
To protect your privacy, your browser only permits a web site to access the cookies it has already sent to you, not the cookies sent to you by other sites. If you do not wish to receive any cookies, you may set your browser to refuse them; go to the browser’s help menu for instructions.
Cookies do not contain personal information about users. However, cookies can identify a user's browser. The cookies transferred by the NPS website are used for such things as capturing information about a user's web browser, controlling a pop-up window or enabling login access to password protected areas of the website.
How is personal information used?
The personal information collected by NPS is used by NPS in accordance with the Privacy Act and the National Privacy Principles to:
- provide information (such as publications, subscriptions, materials and products) to health professionals, health professional students and consumers
- conduct evaluations of NPS products, materials, programs and services
- assist in NPS conducting research
- create individual health stories which are published and/or broadcast to promote the quality use of medicines and/or medical tests and record the background information concerning the subject of the health story (including the individual’s consent to appear in the same)
- record and monitor the participation in and use of educational materials and products by health professionals, health professional students and educational institutions
- report continuing professional development points and/or participation in practice incentive activities where relevant
- promote educational activities including events and conferences
- in the case of the NPS phone line services, provide a health service
- contact individuals for feedback on NPS’ products, materials, programs and services, and
- assist NPS perform its corporate and contractual obligations.
How is personal information disclosed?
Personal information held by NPS is disclosed by NPS in accordance with the Privacy Act and the National Privacy Principles.
Where NPS provides or administers education or participation activities for health professionals or health professional students, NPS may disclose personal information to relevant institutions for the purposes of monitoring the participation and use (against course or institution requirements) and to professional associations for the purpose of recording continuing professional development points.
In some cases, information on the education or participation activity status of health professionals within a practice is provided to a practice manager of that practice.
NPS may disclose your information to contractors to whom NPS out-sources certain functions or which provide services to NPS, such as bodies that assist in conducting or analysing research and print, data capture, mailing and distribution houses. NPS takes all reasonable measures with its contractors to ensure they comply with the privacy standards set out in the Privacy Act 1988 (Cth) and any relevant state and territory legislation. NPS may also disclose your information to its research partners where this is approved by the relevant Human Research Ethics Committee.
Personal information incorporated into health stories may be disclosed to the general public when the health story is published and/or broadcast. The information disclosed in these circumstances would not include an individual’s address, phone number, email address or other contact details.
NPS may also disclose personal information in circumstances where it has statutory obligations or is otherwise required to do so by law.
NPS does not supply, sell or rent the personal information it collects to unrelated third parties for the purpose of marketing those third parties’ products or services.
Customers of our phone line services
NPS operates two phone line services:
- Medicines Line for consumers which is operated by NPS in collaboration with healthdirect Australia.
- Adverse Medicine Events (AME) Line for consumers wishing to report adverse experiences with their medicines.
In delivering the phone line information services NPS may need to collect health information specific to a person in order to deliver the medicines information service requested.
This information may include:
- the relationship the caller has to the patient or person they are calling on behalf of and whether or not consent for making the call has been given. NPS also requires those calling on behalf of someone else and providing personal information about them to inform the patient or person that they have done so
- age, date of birth and gender
- address, postcode, telephone and fax numbers and email addresses
- medicines used or planned to be used
- medical history
- health professional’s contact details.
The information collected by the phone line services is de-identified prior to its use by NPS for any additional purposes such as evaluation.
For consumers wishing to report an adverse drug reaction to the Therapeutic Goods Administration (TGA) via the Adverse Medicine Events Line, identifiable information will only be provided to the TGA with the consumer’s consent. De-identified information may be forwarded to the TGA for assessment and contribution to national medicine safety efforts.
Protection and security
NPS has a privacy officer and a risk committee to oversee the management of personal information in accordance with this policy and privacy legislation.
NPS maintains the confidentiality and security of personal information by restricting access to only those staff and service providers with a legitimate need to access it. Security measures are in place to prevent the misuse, unauthorised access, modification or disclosure of personal information.
NPS has archiving policies and procedures, which provide for the secure, permanent destruction of records of personal information when no longer required, in accordance with National Privacy Principle 4.2. Data collected for research purposes is stored and disposed of in accordance with National Health and Medical Research Council guidelines.
Access and correction
At any time you can advise NPS of changes to your personal information or ask to be removed from our mailing lists by contacting us at our address below.
You have the right to ask for the personal information held about you and to advise of any inaccuracy. There are some exceptions to this set out in the Privacy Act.
If you make an access request, NPS will ask you to verify your identity and specify what information you require. NPS may ask the reason for your request so we can assist you most effectively. However, you are under no obligation to provide a reason if you do not wish to.
NPS takes breaches seriously and has procedures to help identify and resolve a breach, potential breach or complaint as quickly as possible. This includes appropriate escalation processes to the NPS Risk Committee and CEO and notification processes in the event of a breach.
Every complaint is forwarded by the staff member who receives it to the Privacy Officer. You will be notified of the process for dealing with the breach or potential breach. Your complaint will be thoroughly investigated and a suitable resolution negotiated with you.
If you are not satisfied with the resolution of your complaint by NPS you may contact the Office of the Federal Privacy Commissioner who may investigate your complaint and has the power to award compensation against NPS in appropriate circumstances.
For enquiries or feedback about this policy, or for complaints about NPS’s handling of personal information, please email the privacy officer or phone 02 8217 8798. You can also fax your enquiry to 02 9211 7578 or mail to:
NPS Privacy officer
PO Box 1147