Privacy Policy
Updated January 2024
Smart Billing Plus Pty Ltd (ACN 673 067 073) trading as Smart Billing Plus (Smart Billing Plus) is committed to providing quality services to our clients. This policy outlines our ongoing obligations to individuals in respect of how we manage the personal information about them that we collect in order to provide those services. Smart Billing Plus has adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of individuals’ personal information.
A copy of the Australian Privacy Principles is available on the website of the Office of the Australian Information Commissioner at https://www.oaic.gov.au/ .
What is personal information and why do we collect it?
Personal information is information or an opinion that identifies an individual. Examples of personal information Smart Billing Plus collects include names, date of birth, addresses, telephone and identification numbers such as Medicare registration, and Private Health Insurance details. We collect personal information for the primary purpose of providing medical billing services to our clients. We may also use individuals’ personal information for secondary purposes closely related to the primary purpose, in circumstances where they would reasonably expect such use or disclosure, such as to provide service updates. Clients whose personal information we hold may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
This personal information is obtained in a number of ways including from individuals via our website where people can ask us to contact them, or by telephone or email. We also obtain personal information from third parties, mainly medical practitioners or their rooms but also hospitals and other providers of services to patients.
When we collect personal information directly from individuals we will, wherever possible, explain why we are collecting it and how we plan to use it. We expect that medical practitioners who use our billing services will have obtained their patients’ consent to collect personal information about them, including health and any other sensitive information sought. We also expect that practitioners will have explained to individual patients why they are collecting the patient’s personal information and how the practitioner plans to use it, including for billing purposes. This might occur when general information is provided on how to understand what an episode of medical treatment might cost. This is known as an ‘informed financial consent’ between a patient and their doctor.
Sensitive Information
Sensitive information is defined in the Privacy Act to include information or an opinion about such things as an individual's racial or ethnic origin, religious beliefs or affiliation, and health information.
We will use sensitive information only:
for the primary purpose for which it was obtained, or
for a secondary purpose that is directly related to the primary purpose,
with the individual’s consent; or
where required or authorised by law.
If personal or sensitive information that we have not sought or do not require in order to deliver our services is provided to us, we will dispose of it.
Third Parties
Given the nature of our business, most of the personal information we collect is provided by third parties rather than the individual that the information is about. Where the information is provided by third parties, such as medical practices, we take reasonable steps to ensure that individuals have been made aware that the personal information may be provided to us by the third party.
Please note that we do not guarantee the security or accuracy of any websites or policies of third parties that we deal with.
Our Website and Use of Cookies
Cookies (HTTP cookies, web cookies or browser cookies) are small data files that are placed (or ‘dropped’) on a user's device (e.g. PC, phone or tablet) by a user’s web browser when a user first visits a website, and are then used to recognise and store information related to that user's device. This information is not personal information without other means to identify an individual. When combined with information collected from other sources it may become personal information.
Currently we do not collect website user data. However, in future we may use it in aggregated form to assist our website administration and marketing. Our Privacy Policy will be updated with further details at that time.
Disclosure of Personal Information
We may disclose individuals’ personal information in a number of circumstances as permitted by the APPs, including:
if consent to disclosure has been obtained; or
for a purpose related to the primary purpose of collection. or
where required or authorised by law.
In order to process bills we disclose personal information to other entities that participate in the billing process, such as Medicare and private health funds. Sometimes we need to undertake data matching when working with such entities, to verify identity or for other purposes associated with processing bills. Smart Billing Plus also obtains some services from external service providers and where necessary and permitted, personal information will be provided to those organisations. The kinds of services we obtain externally include information technology support. Our business is not likely to disclose personal information to overseas recipients.
We seek to ensure that all our external service providers understand and comply with the APPs when handling personal information. Our external service providers are only authorized to use personal information for the purpose for which Smart Billing Plus supplied it, and not for their own purposes.
Security of Personal Information
Personal information that Smart Billing Plus has collected is stored in a manner that reasonably protects it from misuse, interference and loss and from unauthorised access, modification or disclosure. We have engaged an external IT service provider to provide secure virtual private network cloud-based storage located in Australia for our data. Access to this data is password protected and restricted to our staff who need to use it for their work, and to the provider’s staff for maintenance purposes.
When individuals’ personal information is no longer needed for the purpose for which it was obtained or required by law to be retained, we will take reasonable steps to destroy or permanently de-identify it.
Access to individuals’ personal information
Individuals may access the personal information we hold about them and request that we update and/or correct it, subject to exceptions. Anyone who wishes to access their personal information should contact us in writing at the address shown below.
Smart Billing Plus will not charge any fee for individuals’ access requests, but may charge an administrative fee for providing a copy of their personal information. Identification may be required before the requested information is released.
Maintaining the quality of personal information
It is important to us that the personal information we hold is up to date. We will take reasonable steps to make sure that the personal information about individuals that we hold is accurate, complete and up-to-date, for example by checking it against records held by hospital accounts departments. Any individuals or clients who find that the information we hold is not up to date or is inaccurate should advise us as soon as practicable, so that we can update our records and ensure we can continue to provide quality services.
Policy Updates
This Policy may change from time to time and is available on our website.
Privacy Policy Enquiries and Complaints
If you have any queries about this Privacy Policy or how we manage personal information please contact us at:
The Privacy Officer
Smart Billing Plus
59 Wattletree Road
Armadale VIC 3143
contact@smartbillingplus.com.au
Telephone: 1 800 966 364
If you believe that Smart Billing Plus may have breached the APPs by mishandling your information, you may lodge a written complaint addressed to the Privacy Officer, whose contact details are set out above. Please include your name, email address and/or telephone number and clearly describe your complaint. We will investigate your complaint and respond to you within 30 days.
If following investigation your complaint is not resolved, you can contact the relevant regulator as follows:
Office of the Australian Information Commissioner
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au