Manage My Care Privacy Policy Statement
Read the Manage My Care Privacy Policy Statement (PDF 215KB).
Last updated: 10 May 2023
1. About this statement
In this Privacy Policy Statement (Policy), ‘we’, ‘us’ or ‘our’ refer to the Western Australian (WA) Health System (Department of Health Western Australia). 'You' and 'your' refer to both you as a patient Account Holder and you as a patient’s Carer Account Holder.
This Policy sets out how we manage your personal information in connection with your access to Manage My Care (the Application).
The Application is an online service which enables patients and their Carers to access certain aspects of their patient records stored and maintained by us and the company contracted to operate the Application on our behalf, NEXA Group Pty Ltd (NEXA).
This Policy contains terms relating to privacy from the Application’s Terms of Use (Terms). It is important to read these Terms in conjunction with This Policy as these Terms form a legal agreement between you and us and they govern the responsibilities of all parties and your use of the Application. These Terms also set out definitions of terminology used in this Policy. The Terms are available at healthywa.wa.gov.au/managemycare
2. How we collect, use, and disclose your personal information
To fulfil the functions of the Application, we need to collect, use, and disclose personal information. We do this as permitted by the Health Services Act 2016 (WA); and NEXA do this as set out in their Products Privacy Policy, which is available at NEXA Products Privacy Policy (external site). This may involve us disclosing the personal information that we collect about you to the following parties:
- Authorised Contacts;
- The contractor who operates the Application (NEXA); and
- The contractor who operates the Outpatient Direct service (Amplar Health - a business of Medibank Health Solutions Pty Ltd).
Linking to a patient record in the Patient Administration System
If you want to use the Application, you will need to link your Manage My Care Account to your WA Health System patient information. This will require NEXA to collect some personal information to verify your identity, including your U/R, name, and date of birth. If you are linking your Manage My Care Account to view the patient information of a patient you care for as their Authorised Contact, NEXA will also collect your name as well as the patient’s U/R, name, and date of birth. This information will not be disclosed to anyone else other than NEXA.
If you wish to link to the patient information of a patient you care for, NEXA will use your personal information provided to notify the patient that you are requesting to link to their patient information. This is to confirm that the patient authorises you to access their personal information as an Authorised Contact.
Further information about how the nature of the Account Holder and/or Patient determines the levels of access the Account Holder has to patient information can be found in the Application’s Terms.
Information in the Application
We collect, use, and disclose the following personal information so that you can use the Application:
Information collected from you – Us and NEXA may collect personal information that you have chosen to provide. This could include information such as a request to reschedule an appointment, a request to update your demographic details (e.g. name, address, phone number) you have chosen to include in the Application. Personal notes you make within the Application are stored on the Device and are not collected by us or NEXA.
Information collected from the Patient Administration System – we will share personal and health-related information from the WA Health System Patient Administration System i.e. your U/R, your demographic details, demographic details of your Contacts, outpatient appointment details (e.g. clinic, appointment time and location) and outpatient referral details (e.g. referrer, triage category, referral priority code) with NEXA.
Information associated with your Manage My Care Account – NEXA will collect, and store information associated with your Manage My Care Account, including your email address, password, and pin. All information collected, stored, and maintained by NEXA is done in accordance with NEXA’s Products Privacy Policy (external site).
We will retain ownership of all data entered into the Application. However, for the purposes of delivering the Application, NEXA collects, stores, maintains, and shares information about you in accordance with its Products Privacy Policy (external site). No data will be extracted for NEXA marketing or analysis purposes unless under our authority. Your personal information and other data, detailed in Sections 4, 5 and 6, will not be provided to any other parties other than detailed in these Terms, or sold or used for marketing or advertising purposes.
Storage and security
The protection of your personal information is something we take very seriously, and we are committed to keeping it secure. We take significant precautions to protect personal information from misuse and loss, and from unauthorised access, modification, or disclosure.
Personal information will be stored in the NEXA-controlled Amazon Web Services (AWS) Australian private cloud environment. The AWS Data Privacy FAQs describes how AWS stores and secures data and is available at Amazon Data Privacy FAQs (external site).
NEXA will maintain control over the content within the AWS environment. The stored data is encrypted using AWS Encryption Keys that are controlled by NEXA, to ensure privacy and data security. AWS is not authorised to use customer content or derives information from it for other purposes such as marketing or advertising.
We ensure us and NEXA have a range of industry standard measures in place to protect information available in the Application including:
- Strong authentication processes to provide access to authorised users only;
- Use of encryption protocols which comply with Australian encryption standards;
- Proactive security measures and rigorous security assurance processes, including regular risk assessments, Vulnerability Assessment and Penetration Testing of the NEXA AWS, and pre-release testing prior to implementation of new system functionality;
- Educating our employees and contractors on their obligations when handling personal information, including compliance and authentication requirements;
- Provision of an audit trail for each Manage My Care Account Holder;
- Established processes to identify and revoke unauthorised access;
- Strong password and PIN management policies that are in line with industry best practice;
- AWS Data Centres rated above Tier 4 and earned Defence Level 4 rating;
- Information will not be stored outside of Australia; and
- Contracted third parties must process personal information in accordance with their obligations under Privacy Act 1988.
3. Privacy and confidentiality
We will treat any personal or health information you provide via the Application in accordance with:
- Health Services Act 2016 (WA)
- DoH Information Management Policy Framework
- DoH Information Communication Technology Policy Framework
- DoH Information Security Policy Framework
- Privacy Act 1988 (Cth)
- Australian Privacy Principles (APPs).
We are responsible for ensuring us and NEXA take reasonable steps to ensure the security of your personal information while it is being collected by, stored, or passing through the Application.
4. Data collected if accessing on a mobile Device
When you access the Application via a mobile Device, we may collect certain information automatically, including, but not limited to, the type of mobile Device you use, your mobile Device unique ID, the IP address of your mobile Device, your mobile operating system, the type of mobile Internet browser you use and other statistics.
5. Location information
We may use and store information about your location if you give us permission to do so. We use this information to provide features on the Application, to improve and customise the Application. You can enable or disable location services when you use the Application at any time, through your mobile Device settings.
6. Cookies
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.
We use cookies to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Application. We send a session cookie to your computer when you log in to your account. This type of cookie helps if you visit multiple pages on the Application during the same session, so that you don't need to enter your password on each page. Once you log out or close your browser, this cookie expires.
We also use longer-lasting cookies for other purposes such as to display your content and account information. We encode our cookies so that only we can interpret the information stored in them. Users always have the option of disabling cookies via their browser preferences. If you disable cookies on your browser, please note that some parts of the Application may not function as effectively or may be considerably slower.
7. Contact Us
If you have any questions about this Policy, please contact us at managemycare@health.wa.gov.au
Last reviewed: 10-05-2023
This publication is provided for education and information purposes only. It is not a substitute for professional medical care. Information about a therapy, service, product or treatment does not imply endorsement and is not intended to replace advice from your healthcare professional. Readers should note that over time currency and completeness of the information may change. All users should seek advice from a qualified healthcare professional for a diagnosis and answers to their medical questions.