Mantle Health Privacy Policy
This privacy policy (Privacy Policy) explains how HB MANTLE PTY LTD t/a Mantle Health (ABN 67 664 039 703) and our related entities (Mantle Health, we, us or our) handle and manage your personal information we collect about you as a:
- psychiatrist, psychologist, psychiatry practice, psychology practice, hospital or clinical staff (including general practitioners) or other medical/health professional (Clinician) using or interested in using our mental health software (Platform) and/or referring health information to us;
- patient of a Clinician or other medical and/or health practitioner using the Platform (Patient);
- visitor to our website accessible at the domain https://mantlehealth.com.au (Website) and/or subscriber to our newsletter (Visitor); and/or
- contracted service provider, business partner or health professional, medical specialist, hospital or clinical staff (Partner).
We are bound by and adhere to the Privacy Act 1988 (Cth), relevant State Privacy Laws and the Australian Privacy Principles under that Act (Privacy Act) and this Privacy Policy.
By subscribing to our newsletter, registering to use the Platform, visiting the Website, using any of our services or otherwise providing us with any personal information you agree that you are 18 years of age or older and consent to our collection, use, holding and disclosure of your personal information in accordance with and as set out in this Privacy Policy.
If you are under 18 years of age, we will only permit you to use this Website and the Services if we receive the consent of your legal guardian and/or parent to you using this Website and the Services and agree to the Terms of Service on your behalf. We will keep all information you provide to us confidential and secure at all times. However, we may provide your confidential information to a third party in the following circumstances:
- if disclosure is required by Law or ordered by a court;
- if we identify or are advised of an imminent threat of harm to yourself or another person;
- if you (or your parent or legal guardian if you are under 18 years of age) have given express permission for us to discuss or provide your information to another person;
- if disclosure of your personal information is to that third party (e.g your GP) for a purpose which is directly related to the primary purpose for which your personal information was collected (e.g., if you decide to change psychologists, your clinical file comprising notes of and information regarding your sessions will be shared with the new psychologist as part of your clinical file. Your clinical records are kept confidential and are accessible only to authorised individuals involved in your care).
PROVIDING OTHER PEOPLE’S PERSONAL INFORMATION
If you (whether as a Referring Health Professional, which is defined below, or otherwise) provide us with the personal information (including sensitive information) of another individual (e.g., a Patient), you warrant that you have complied with your obligations under the Privacy Act and relevant State and Territory legislation relating to the collection and disclosure to us of personal information, sensitive information and health records and have obtained the individual’s prior consent: (i) for you to disclose such to us; and (ii) to our collection, holding, use and disclosure of their personal information in accordance with this Privacy Policy.
DEFINITIONS
All terms used in this Privacy Policy that are defined in the Privacy Act have the meanings given to them in the Privacy Act.
WHAT PERSONAL INFORMATION WE COLLECT, WHEN AND HOW
For Clinicians (including Referring Health Professionals)
As a Clinician, we collect your personal information either:
- directly, when you supply, buy or register for products or services to or from us, request information about us or our products or services, refer a Patient or prospective Patient to us, provide feedback, respond to a survey, fill in a form or a request for services (including an application for an account with us), fill in a form on our Website (including a registration form to register as a Clinician) or otherwise provide it to us via the Website, over the phone, via email or in-person; or
- from your employer or another Clinician who registers you with us on your behalf.
We may collect personal information about you such as your name, gender, date of birth and contact details (including your address, phone numbers and emails, whether personal or for work), credit card, bank account, provider number or other details to facilitate payments.
For Patients
If you are a Patient or prospective Patient, we may be provided with and thus collect personal information (including sensitive/health information) about you including physical, mental or psychological health or disability of you or your wishes about the provision of health services.
The types of information collected can typically include (this list is not exhaustive):
- Contact details (name, address, telephone number, email address, next of kin).
- Age, date of birth, gender, marital status.
- Driver’s licence number, Medicare number.
- Medical history, medical notes, treatment records, images, photographs, family medical histories.
- Patient Reported Outcome Metrics (PROMs), Patient Reported Experience Metrics (PREMs) and other feedback you may supply to us.
- Referrals to and from practitioners and their reports.
- Ethnic origin (for example, to assess your eligibility for free health services).
- If payments or co-payments are required, banking/credit card details.
Clinicians (including Referring Health Professionals) may provide mental health treatment plans, pathology reports and other relevant information to enable Clinicians to understand the patient’s condition, treatment plan and inform their own diagnosis and approach (Information Package).
For Visitors
As a Visitor we collect your personal information (such as your name, email address and phone number) if/when you provide it to us on the Website. We also use cookies on our Website, which are discussed below.
For Partners
We collect and hold personal information about individuals and individuals at businesses who supply goods and services to Mantle Health and other individuals to facilitate our business activities and carry out our services. We may collect personal information about you such as your name, gender, date of birth and contact details (including your address, phone numbers and emails, whether personal or for work).
For everyone
We may also collect personal information about you via third parties including from our suppliers, merchants, direct mail, exhibition and trade events or online marketing.
If you choose not to provide your personal information to us, we may not be able to undertake certain activities for you such as providing you with requested information, products or services.
HOW WE USE YOUR PERSONAL INFORMATION
For Clinicians (including Referring Health Professionals)
As a Clinician/Referring Health Professional, we use the personal information that we collect about you for the purpose of managing our relationship with and providing the Platform and associated services to you, including:
- to provide you with a trial of the Platform and associated services;
- to provide support and helpdesk services;
- to analyse and improve the Platform and other services we provide;
- to provide you with a Clinician/Referring Health Professional account; and
- to manage your Clinician/Referring Health Professional account, including invoices and payments, collecting overdue amounts, and managing fraud and risks.
For Patients – Consultation, diagnosis and treatment
The Information Package contains personal and health information when we collect it from your Referring Health Professional and it is treated as such by us (and your Referring Health Professional). Clinicians using the Platform use the Information Package for analysis, consultation, and to assist diagnosis and treatment as requested by your Referring Health Professional.
Clinicians using the Platform perform analysis on and add to the health information we receive from the Referring Health Professional as part of the Information Package from time to time. Our consultations, findings, associated observations, diagnosis and treatment plans may be used by your Referring Health Professional to assist their clinical decision-making. Our analysis may also highlight other relevant areas of interest for your Referring Health Professional to consider.
For Patients – Product/service development
If we (including using contractors or suppliers to assist us) wish to undertake any research product/service development or to improve our software using your data we will de-identify your personal information and, only once de-identified, use the resulting de-identified datasets for such. When we say de-identify, as regards the Information Package, we mean that we will permanently delete or permanently de-identify all unique individual identifying information. Once de-identified, not even your Referring Health Professional (nor anyone else) will be able to look up who the de-identified information relates to via any identifying information (as this will have been de-identified or removed). We have controls in place to ensure that the data is truly de-identified and cannot be re-identified prior to our use for these purposes.
Occasionally we may use or share de-identified information with research institutions/bodies for academic and clinical research purposes but will only do so under strict contractual obligations governing their use of the de-identified data and prohibiting re-identification.
For Visitors
We use your personal information for the purposes set out in this Privacy Policy and for which you provide it to us as a Visitor. If you subscribe to our mailing list, we will use your contact details to provide you with news and updates about our company and our activities. If you send us a query via our Website, we will use your personal information to reply to your query.
We may also use your personal information to:
- personalise and customise your experiences on our Website; and
- help us research the needs of our customers.
Personal information may be collected through the use of “cookies” on our Website. Cookies are small text files that a website can use in order to recognise Visitors who revisit a website so as to facilitate their ongoing access to and use of the Website. They enable usage behaviour to be tracked and aggregate data to be compiled to facilitate more informative content on our Website. Typically, cookies involve the assigning of a unique number to the Visitor. You can prevent the use of cookies by setting up your web browser to block them.
For Partners
If you are a Partner we will use your personal information for our business and service dealings with you, including to contact you in relation to:
- products or services we are ordering or receiving from you; and
- to provide you with information, products or services you have requested.
For everyone
We may also use the personal information we collect about you:
- to notify relevant organisations (such as medical insurers and/or legal advisors) of an incident/accident, including when a claim is made against Mantle Health;
- to undertake quality assurance activities, customer satisfaction surveys, statistical analysis and complaint handling;
- to conduct research for the purposes of improving existing products or services or creating new products or services;
- to provide you with ongoing information about us and our activities;
- to allow us to provide third party information and offers in which we believe you may be interested;
- to use aggregated or de-identified information for the purposes of data analysis, research and reporting; and/or
- for other purposes as required or authorised by law.
SHARING YOUR PERSONAL INFORMATION (DISCLOSURE)
For Patients
As a Patient, Mantle Health will share your personal and health information with:
- your Referring Health Professional(s), employees and other health professionals in your Referring Health Professional’s clinic or hospital where they are working and any other health professional that your Referring Health Professional has asked us to share your personal information with;
- healthcare professionals providing support and therapy to you who are working on Mantle Health platforms;
- support team members for the purpose of completing Medicare claims, billing, managing appointment bookings, resolving service issues, etc;
- overseas entities for the purpose of data entry into Mantle Health platforms, resolving service requests, managing appointments, medicare claims/billing, etc (in accordance with their respective privacy policies);
- between our group companies (including Call To Mind Pty Ltd and Mantle Pty Ltd and other companies that are part of the Mantle Health for the purpose of facilitating the practice of integrated care for you; and
- verified consultant medical specialists or other registered health professionals involved in your ongoing health care who have been requested to provide further advice on your medical condition.
For Visitors
We may disclose your personal information to our Website host or service providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner. To the extent that we do share your personal information with a service provider, we would only do so if that party has agreed to comply with its obligations under the Privacy Act or our privacy standards as described in this Privacy Policy.
For everyone
We may share your personal information:
- with our professional advisers (such as auditors and legal advisers);
- with Mantle Health’s related bodies corporate within our corporate group structure; and
- for other purposes as required or authorised by law.
You can contact the Mantle Health Privacy Officer at the contact details below if you have any questions about the disclosure of your personal information.
Mantle Health will use personal information to carry out evaluations of our service quality and timeliness, internally. If we require other parties to assist us with these activities, we will provide de-identified information to these other parties.
MARKETING COMMUNICATIONS
For Clinicians (including Referring Health Professionals)
If you are a Clinician/Referring Health Professional, we may use your personal information to provide you with direct marketing materials if you would reasonably expect us to or if you consent to receive direct marketing materials. We will seek your consent to provide you with direct marketing materials if we have obtained your personal information from a third party. Direct marketing material may include promotional material about us or the products or services we offer.
We do not sell your personal information to third parties for marketing purposes.
You may opt out of receiving direct marketing material by contacting us in any of the ways specified in the direct marketing materials.
Please click ‘unsubscribe’ in any of our messages or inform us if you do not wish to receive marketing communication from us and we will remove you from our mailing list.
ACCESS TO AND CORRECTION OF YOUR INFORMATION
For everyone
You may request access to personal information we hold about you, including reports of any mental health services provided by Mantle Health. If you ask for a copy of a report of any mental health services provided by Mantle Health, we may request personal information (such as your requesting doctor, date of birth, mobile number or email address) from you to verify your identity before providing the requested information. In some instances, charges may apply to provide copies. We will tell you about any costs before they are incurred. In some limited circumstances we may refuse your request but will provide you with our reasons. You may complain about our refusal (see ‘Complaints’ section below).
Mantle Health endeavours to ensure that the personal information we collect, use and disclose is accurate, up-to-date and complete. The accuracy and completeness of that information depends on the information you provide to us. Please let us know:
- if there are any errors in the information we hold; and
- of any changes to your information (such as your name, address, phone number or Medicare number).
DATA SECURITY
We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Records are held securely for future retrieval in accordance with applicable laws and good business practice. If Mantle Health no longer needs, or is no longer required, to retain Personal Information, Mantle Health will destroy or de-identify your personal information.
In particular, we have security controls in place with our cloud provider including redundancy protection and monitoring, strict access controls, in-transit and at-rest encryption and industry-standard authentication protocols. We also have a Data Breach Response Plan (DBRP) which identifies and explains the specific responsibilities and actions employees are required to take when a breach occurs.
INFORMATION WE RETAIN
Your personal information is retained in order to document what happens during sessions and enables the Service Provider to provide a relevant and informed Service to you. When you first contact Mantle Health (either by phone, email or through the platform), you will generally provide information like your name, phone number, address, Medicare and payment details. You may also provide some background information relating to your need for the Services. This information is held in our secure database and, if you proceed to make a booking, will be made available to your Service Provider.
NOTICES
We may provide notices or other communications to you regarding this agreement or any aspect of the website, by Text to the Text number that we have on record, by Email to the email address that we have on record or via the client portal in the Mantle Health platform. The date of receipt shall be deemed the date on which such notice is given.
COMPLAINTS
If you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this Privacy Policy, the APPs and/or the Privacy Act in respect of your personal information, or for any other queries, problems, complaints or communication in relation to this Privacy Policy, please send your complaint to the Mantle Health Privacy Officer at the address below. The complaint will be investigated, and a response will be sent to you as quickly as possible (generally within 30 days of our receipt of your complaint). If you are not satisfied with the response, you can contact the Office of the Australian Information Commissioner (OAIC).
CONTACT DETAILS
Mantle Health Operations Pty Ltd
Attention: Privacy Officer
Suite 110, Level 1, 53 The Corso, Manly, NSW 2095
Email: [email protected]
FURTHER INFORMATION
For further information about the Privacy Act or to make a complaint to the Privacy Commissioner, please see the website of the OAIC at www.oaic.gov.au.
CHANGES TO THIS PRIVACY POLICY
2024 Privacy Policy – effective 22nd January 2024. From time to time we make changes to our policy, processes and systems in relation to how we handle your personal information, including to take into account new laws, regulations and technology. Please visit our website (https://mantlehealth.com.au/disclosure-of-personal-information/) to obtain a copy of the latest version of this Privacy Policy at any time. Your continued use of the Platform and/or the Site, requesting our services or the provision by you of further personal information to us after this Privacy Policy has been revised will be deemed to be your acceptance of and consent to the revised Privacy Policy.