NeferHealth Privacy

Neferheatlh regards protection of Personal Health Information (PHI) as important and fully respects compliance with data protection requirements under both Australian and USA legislation, regulations and principles.

This is our Privacy Policy. It relates to the policies and practices we employ in obtaining, holding and using information that comes to us in the course of providing services to clients who register with us and also practitioners who register with us.

Our primary principle is to only obtain or hold or use data that is reasonably necessary for the provision of our services.

NeferHealth is Nefer Health Pty Limited, an Australian private company (ABN 68 640 262 951).

Neferhealth provides the technology platform and related services for clients to register for the opportunity to request consultations with practitioners offering services as part of the NeferHealth community. Registered clients may also access such information, supply of goods and supply of resources as NeferHealth agrees to make available. NeferHealth does not itself provide health care consultations or advice. This is provided by any of the practitioners with whom, being registered on this same technology platform, you may choose to form a professional practitioner/client (patient) relationship.

Healthcare professionals of from all disciplines, including medical, non-medical and specializations, may register with NeferHealth to be service practitioners/providers as part of the NeferHealth community.

What data is covered?

This policy refers to information that we may obtain in providing services to clients and practitioners who register with NeferHealth. It also applies to our website www.neferhealth.com and to web enabled messages sent in connection with our software.

Information about a client or practitioner will be stored in one or more databases that are managed by NeferHealth under licence from Visual Outcomes. Visual Outcomes is a software platform, and so this policy applies to information that comes to be obtained or stored in Visual Outcomes data environment in the course of a practitioner and client deploying the software in practice. Please refer to www.visualoutcomes.com for information concerning that organization.

Information Collected by NeferHealth

As part of our commitment to providing quality healthcare it is necessary for us to maintain files pertaining to a client’s health. The type of information kept in these files includes:

• Information that may identify you such as your name, residential and postal address, date of birth, Medicare number, Private Health Insurance number, email address and telephone numbers. If you are acting for dependents in providing information to us, such information will also be retained in files pertaining to those dependents.
• Information that is or may be sensitive, such as:

• Your health history including family health and social histories.
• Your health goals and priorities.
• Notes made by us in the course of your appointments and consultations.
• Reports and referrals that may be provided to or viewed by other health service providers.
• Results and reports received from other health service providers or organizations including test results and health records.

We collect information from you when you interact with us in the course of our business together or in the course of your actions in connecting with our public facing sites. You may also authorize us to retrieve and import information from another user or other third party.

Sensitive Information

We may collect sensitive information about a client or practitioner such information is reasonably necessary for us to provide our services to you and to carry out our business activities.

We will only collect sensitive information (as that term is defined under the privacy law) if a client or practitioner voluntarily provides it to us or otherwise consents to us collecting it. We will only collect sensitive information about a person from that person or at the instruction of that person. Where a person provides us with sensitive information, this will constitute the person’s consent. We will not collect sensitive information from parties other than yourself without your consent unless we decide that there is an urgent medical need to do so.

Financial Information

We may also collect financial information, including credit or debit card account information, or other forms of payment. By submitting such information, including when you enter details to pay online, you expressly consent to the sharing of your information with third-party payment processors and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties). The third party services that we utilize are obligated to keep your information secure and confidential (refer next paragraphsl. These third parties may store your information for future use with us.

The online credit card service that we use is provided by Stripe, a leading international online payment service with approved PCI standards. NeferHealth does not hold your credit card details itself, these are SOLELY held by Stripe.

Stripe will respond to messages from NeferHealth where, based on your recorded consent, an amount you owe for a NeferHealth service or supply is due for payment. You will be notified by communication with you.

Please refer to https://stripe.com/docs/security/stripe for details of how Stripe operates and

Using and Disclosing Information

We are aware that your file is to be accessed or viewed only where there is a need to do so. This will extend to professional health practitioners and to para-professional, administrative or clerical staff who have a relevant need to address files in the running of a health practice. Staff are bound by these confidentiality requirements as a condition of employment. In the course of the practice operations, it may also be necessary to allow external organisations access to view personal information. In any such case, we will make best efforts to ensure that such organisations preserve the requirement of state and federal privacy legislation pertaining to your information.

Where information concerning a person has been collected for a particular purpose, the information will not be used or disclosed for another purpose without that person’s consent, provided that if it could reasonably be expected that NeferHealth may use or disclose the information for the other purpose.

Information and data will continue to be held by NeferHealth after the term of any contract or other legal relationship between the parties. The purposes may be for records management or, compliance if required by any regulatory authorities or by law.

As a client or practitioner you consent and agree that information obtained by Neferhealth may be used for marketing and research purposes related to the activities of NeferHealth, provided that any information is de-identified, used in aggregated terms and provided that such use of information will not result, based on reasonable assumption, in the identification of any individual person.

We will not release your file contents without your consent, except in a case where we are required by law to do so. Examples are…where we are required to respond to a subpoena or an order from State or Federal authorities; or where there is serious imminent threat to somebody’s life or health.

As a client of the practice you can request a copy of any information we hold in relation specifically to you. Much of this will be available to you through your portal access.

Dealing with Information

If information is received which we did not request or seek out, it is our decision as to whether this information was collected within the terms of your consent, or not. If not, the information will be de- identified or destroyed.

If NeferHealth becomes aware that a client’s or practitioner’s information has become available by unauthorizes means, all reasonable steps as determined by NeferHealth will be promptly taken to protect against misuse or disclosure of the information.

Client or Practitioner information that is no longer required to be held by NeferHealth in accordance with this Privacy Policy will be destroyed as soon as is reasonably practicable by secure electronic destruction.

Website

Cookies must be enabled in order to use certain web based software products offered by NeferHealth. Cookies can be disabled on browsers.

“Cookies” are small data files that may be downloaded to your computer when you visit a website, which may be used to track your use of that website.

Cookies may

• track your usage of software products;
• impact experience on software products;
• improve access to software products;
• authenticate access to software products; and/or
• recognise returning users to the website.

Access to Customer Information

You have the right under the Privacy Act to seek access to your personal information and. If you wish to exercise this right, or if you believe that the information is incorrect, incomplete, or out of date, you should advise us in writing, at info@neferhealth.com, of the alleged error.

NeferHealth, within a reasonable period, will acknowledge and comply with any reasonable request exercising the right to access information under Privacy law. NeferHealth will allow such access, other than where there is an exception to access stated in the Australian Privacy Principles. Access may be denied where:

• to provide access would create a serious threat to the life, health or safety of an individual, or to public health or public safety;
• the access would unreasonably impact on the privacy of another;
• the request is frivolous or vexatious;
• the information relates to anticipated or actual legal proceedings and the individual would not be entitled to access the information in those proceedings; or
• giving access would be unlawful.

Data Hosting

Data pertaining to you is held in secure database infrastructure provided by Amazon Web Services (AWS) in Australia for Australian clients or in the USA for American clients.  All reasonable steps are taken to prevent any unlawful interference with electronic records, which are accessible only by authorized personnel engaged by us or by AWS in the course of carrying out relevant security procedures. Our personnel are well versed in the principles and importance of confidentiality.

Enquiries and Complaints

• Information about the Privacy Act and the Australian Privacy Principles is available from the Federal Privacy Commissioner.
• Enquiries or complaints should be addressed to these contact details

Email to Info@neferhealth.com

Tel Aust - +61 466 342 863

Mail to PO Box N434 Grosvenor Place, NSW, Australia 1220; OR to 3494 Camino Tassajara #142 Danville, CA USA 94506

Changes to this Privacy Policy

Neferhealth may make changes to this Privacy Policy from time to time in the light of changes to relevant laws, changes in technology, changes to its business operations and practices and general changes to the external business environment.