Approval Date: March 2014
Review Date: Under Review
Review By: Board of Directors
1. Protecting your privacy
RACMA is committed to maintaining the highest standards of privacy protection.
This Policy outlines how RACMA collects, uses, discloses and handles Personal Information and describes the practices, procedures and systems it has in place for protecting privacy.
RACMA may be subject to the Privacy Act 1988 (Cth) and bound by the Australian Privacy Principles. Where RACMA conducts activities outside Australia, it or its Members may also be subject to privacy laws of the jurisdiction in which they are operating. For example, RACMA Members who handle Personal Information in New Zealand may be subject to the New Zealand Privacy Act 1993. However, even where RACMA is not bound by the privacy law of a jurisdiction, it strives to act consistently with the privacy principles and laws that apply wherever it operates.
In this Policy, unless the context indicates otherwise:
- 'Personal Information' means information about an identified individual, or an individual whose identity is reasonably identifiable, whether the information or opinion is true or not or recorded in a material form or not. A reference to 'Personal Information' includes Sensitive Information and Health Information.
- 'Sensitive Information' is Personal Information about an individual's health, racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, sexual preferences and practices or criminal record.
- 'Health Information' includes information about an individual's physical or psychological health, health services provided to the individual, or an individual's expressed wishes about the future provision of health services.
- 'RACMA Member' includes a Fellow, Honorary Fellow, Associate Fellow, Candidate, Affiliate, and in this Policy also includes a trainee.
- RACMA Staff includes individuals who are employees or contractors of RACMA.
2. This Policy applies to all Members and Staff
RACMA Members and RACMA Staff must:
- at all times be aware of and support RACMA's commitment to the protection of privacy;
- comply with this Policy, and with any privacy laws that apply in the relevant jurisdiction, when handling Personal Information about RACMA Members or RACMA Staff, or carrying out RACMA related functions or activities; and
- provide such assistance as RACMA may require to deal with inquiries and complaints about privacy.
3. RACMA's collection of Personal Information
RACMA needs to collect a range of Personal Information to meet its objects and serve the needs of its Members.
RACMA therefore collects Personal Information about:
- RACMA Members and people applying to become RACMA Members;
- RACMA Staff and applicants for employment;
- service providers, contractors and other individuals who perform functions for or on behalf of RACMA;
- people associated with RACMA Members or applicants for membership (such as referees, supervisors and colleagues); and
- business partners, consumer representatives and other stakeholders.
What Personal Information does RACMA collect?
The types of Personal Information RACMA collects will depend on the type of service being provided and/or the function(s) being performed.
For example, when a person applies to:
- become a RACMA Member;
- be accepted into a training program;
- become a Fellow or Associate Fellow;
- participate in a RACMA education or training program; or
- attend a RACMA event—
RACMA is likely to need to collect a range of Personal Information in order to consider the application and manage the membership or program. The information RACMA needs to collect may include:
- personal and business contact details;
- banking and/or credit card details;
- names and contact details of referees and previous employers;
- education and training history;
- qualifications, specialisations and interests;
- information about professional memberships; and
- information about Medical Board or other relevant registration.
If a person seeks a reduction in subscriptions or fees on the basis of special circumstances, RACMA may require financial and/or health information to be provided as evidence of the person's entitlement.
From persons attending events or participating in education or training activities, RACMA may collect information about dietary requirements and travel needs.
For persons who are, or are applying to become RACMA Staff, or service providers or contractors, RACMA needs to collect Personal Information relevant to the appointment or engagement. RACMA will also collect information about business partners and stakeholders to the extent necessary for the purpose of its relationship or dealings with them.
Where it is practicable to do so, RACMA will allow individuals to deal with it anonymously or using a pseudonym. However, this will usually only be possible in the case of very general or preliminary inquiries.
RACMA may collect information from Members who participate in surveys or provide feedback. Some of these activities are carried out on an anonymous basis and some are not, depending on the nature of the survey.
RACMA tries only to collect Personal Information to the extent that it needs to do so to carry out its functions or activities. Therefore, if the Personal Information RACMA asks for is not provided, RACMA may not be able to progress an application, provide services to its Members or otherwise provide the assistance being sought.
4. How RACMA collects Personal Information
Most of the Personal Information RACMA needs to collect about Members and applicants for membership is collected directly from the individual concerned.
However, RACMA may also collect Personal Information from third parties, such as referees, employers or colleagues of the Member or applicant for membership. RACMA will only do this with consent. Usually consent will be required as part of the application process. If consent is not provided, RACMA may not be able to process the application.
RACMA may also collect Personal Information about people associated with Members and applicants for membership, for example when an applicant or Member provides us with, names and contact details for referees or supervisors. In this situation the applicant or Member must ensure that they only provide Personal Information about a third party with the knowledge and consent of that third party.
If RACMA receives a complaint or has reason to review or investigate the conduct of a Member, it may need to collect information about the conduct from other persons involved in the training or supervision of the Member. RACMA may be permitted by privacy law to do this without consent (for example, where it is necessary to lessen or prevent a serious threat to health or public safety, or to investigate unlawful activity or serious misconduct). Except where collection is required or authorised by the Privacy Act or another law, RACMA will only do so with consent.
RACMA may collect Personal Information in person, in writing, by email, by telephone and through its website. For Members and applicants for membership, the means by which RACMA collects information will depend on the circumstances. For example, Personal Information may be collected through annual renewal processes, change of details forms, participation in programs and events and direct dealings with our staff. RACMA also provides a facility which enables Members to update some Personal Information on-line directly into RACMA's membership database.
5. What do we tell people when we collect Personal Information?
If RACMA collects Personal Information, it is required to take reasonable steps to ensure that the individual is aware of certain details relating to the collection. This applies whether the information is collected directly or indirectly.
Most RACMA forms include a notice setting out that information, either printed on the form or displayed on the on-line portal through which the information is collected.
This notice will usually either include, or provide a link to, information about:
- the purposes for which we are collecting the information in the particular circumstances;
- the types of individuals or organisations to which such information may be disclosed;
- the consequences of RACMA not being able to collect the information;
- any law that requires the information to be collected;
- whether the information is likely to be disclosed to recipients outside Australia, and if practicable, the countries where they are located;
- obtaining access to Personal Information RACMA holds; and
- making a privacy complaint.
6. Use and disclosure of Personal Information
RACMA uses Personal Information about Members and applicants for membership for a range of purposes, including:
- processing applications for Membership or categories of membership;
- updating, maintaining and administering our membership base;
- providing training, professional development and accreditation services and programs;
- monitoring professional performance and investigating complaints;
- monitoring, evaluation and quality assurance of RACMA programs and services; and
- procuring funding and other forms of support for RACMA's services and activities.
Personal Information about people other than RACMA Members (including staff, service providers and stakeholders) is used for a range of corporate purposes, such as employment and management of staff, contracting and procurement and stakeholder relations.
RACMA discloses Personal Information about Members and applicants to a range of external bodies, and in limited cases to the public generally, for purposes that are related to the services it provides.
RACMA publishes on its website a list of Fellows and Associate Fellows, together with the jurisdiction with which they are associated.
RACMA may be asked from time to time to provide information about Members, together with information about their professional qualifications and experience and/or position or standing within RACMA to organisations for a range of purposes relating to the role and activities of the Member. Such purposes may include:
- regulatory activities carried out by AHPRA or other regulatory bodies;
- credentialing or quality assurance activities;
- recruitment of medical administrators or related professionals;
- sourcing expert advice or consultancy services or particular skills; or
- identifying candidates for appointments or awards.
RACMA will only disclose this information with the Member's consent unless it is required or authorised by law to do so without consent.
Where RACMA needs to contact or collect information about a member from a third party (for example referees or professional colleagues) Personal Information about the member or applicant may be disclosed to that person. We only do this with the consent of the member or applicant.
If you subscribe to RACMA's mailing list, we may use your contact details to send you news and information about RACMA and details of services that we think may be of interest. If at any time you decide that you no longer wish to receive this sort of information, let us know and we will remove your details from the mailing list.
RACMA may also disclose Personal Information:
- when required or authorised to do so by court order or other legal requirement, for example; for the purpose of dealing with a risk to health or safety, to investigate suspected unlawful activity or serious misconduct and other purposes authorised by law;
- to its business partners, external service providers (including IT contractors), professional advisers and other entities who assist it in administering its membership base and providing services; and
- to Government agencies responsible for funding and overseeing training and other programs in which RACMA Members participate. This information is generally provided in de-identified form. RACMA will not provide identifying information without consent.
7. Disclosing information to persons outside Australia
RACMA has Members based in Australia, New Zealand and Hong Kong, and conducts activities in those jurisdictions. Personal Information about RACMA Members based in one jurisdiction may be disclosed to RACMA Members and other persons in another jurisdiction for the purpose of RACMA activities and programs.
RACMA participates in various international organisations that represent and provide services to medical administrators, and may from time to time disclose Personal Information to such organisations in connection with international events and activities.
RACMA does not use data centres, cloud computing providers or other IT services which would require disclosure of Personal Information to persons outside Australia.
8. How does RACMA hold and protect Personal Information?
RACMA holds Personal Information in hardcopy files and in electronic databases. RACMAs information systems and files are protected by a range of security measures. For example:
- Electronic systems are password protected and email systems use encryption software to limit the risk of unauthorised or accidental disclosure.
- Graduated access controls are used to limit access of RACMA Members and RACMA Staff to those areas of the network to the extent necessary for them to perform their role, with levels of access being determined by senior managers.
- RACMA maintains its own network of secure servers, with back up services provided by a an external service provider with industry standard security measures in place.
- RACMA Staff must close computers when not in use and must maintain hard copy records containing Personal Information in locked filing cabinets.
RACMA makes every effort to ensure that the Personal Information it holds remains up-to-date and is used and disclosed appropriately. We provide Members with the opportunity to update or correct personal details when renewing Membership and other routine communications, and through direct on-line access to RACMA's membership database.
RACMA periodically reviews its files and databases to ensure that the information it holds about Members is up-to-date and accurate. Information that is not required for operational purposes is archived. Records containing Personal Information are retained for 7 years and then culled.
RACMA Members, RACMA Staff and any other person involved in training and assessment activities must comply with the following requirements:
- Appropriate standards of confidentiality must be maintained at all times when dealing with Personal Information about trainees and candidates. Personal Information must not be accessed, used or disclosed except to the extent necessary to carry out the activity for which the information is required.
- Any issues relating to the conduct or performance of a trainee or candidate must be treated with the utmost sensitivity. Any performance issues, breaches of standards or breaches of RACMA policies or codes of conduct must be handled as far as practicable in a manner which ensures confidentiality.
When reviewing, for quality assurance and evaluation purposes, files or other documents relating to the handling of complaints or appeals about training or assessment, samples files and other documents shall be provided to reviewers in a form that, so far as is practicable, prevents the individuals involved being identified.
9. Accessing and correcting Personal Information held by RACMA
Subject to any legal restrictions, RACMA will let you know what Personal Information it holds about you if you ask. If your request is particularly complex, or requires detailed searching of records, there may be a cost to you in order for us to provide this information.
If you believe there are errors in our records about you, we will investigate and correct any inaccuracies. All requests for access to Personal Information held by RACMA should be made to RACMA's Privacy Officer (contact details below).
If you want to access Personal Information on behalf of another person, you will need to obtain the consent of that person prior to making a request.
10. Dealing with RACMA on-line
This Policy also applies when you use RACMA's website or provide information to RACMA via the internet. There are inherent risks in transmitting information across the Internet. RACMA cannot ensure the security of Personal Information sent to it via on-line channels. However, once we receive Personal Information on-line, we take steps to protect that information in accordance with this Policy. If you are concerned about conveying Personal Information to RACMA over the Internet, you may prefer to contact us by telephone, fax, mail or in person.
RACMA undertakes surveys from time to time using Survey Monkey or similar technologies. Some surveys are conducted anonymously. However, when you submit a survey response using this technology, a record is made of the IP address for the computer used to complete the survey. RACMA does not attempt to identify survey respondents from this information.
11. Complaints and further information
If you believe your privacy has been interfered with and wish to make a complaint, you should contact RACMA's Privacy Officer (contact details below). Any complaint will be investigated in accordance with RACMA's complaints procedures, which are available on its website.
If the complaint indicates that there has been an interference with privacy by a person other than RACMA, the complaint may be referred to or discussed with that other person in an attempt to resolve it. You may also make a privacy complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au).
If you would like further information or have questions or concerns about RACMA's handling of Personal Information, please contact RACMA's Chief Executive Melanie Saba.