MIPS takes your privacy seriously.
MIPS is committed to protecting the privacy of your personal information. Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from information about them. Information or opinion is still treated as personal information whether it is true or not and regardless of whether we have kept a record of it.
Why do we collect personal and sensitive information?
MIPS must collect, use, hold and disclose personal information to carry on its business operations. Types of information that we collect and hold about you could include: your name, postal or email address, telephone numbers, and date of birth or relevant information about your current and past healthcare practice.
We collect this information so that we can:
- identify you, conduct appropriate checks and keep your information up to date
- understand your requirements and provide you with a product or service
- assess, approve, issue and administer membership
- provide assistance, support, legal advice and legal defence
- manage, administer and improve our products, services and systems
- assess and investigate any claims, incidents or notifications
- manage, train and develop our employees and representatives
- manage complaints and disputes, and report to dispute resolution bodies
- comply with legislative or regulatory requirements, and
- tell you about our products or services we think may interest you.
The collection of sensitive information is restricted by the Privacy Act. This includes information about your religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation. It also includes health information and biometric information. Generally, we only collect this type of information if it is necessary to provide you with a specific product or service and you have consented to that collection. This may include, for example, assessing an application for membership or providing assistance in relation to a claim.
If you do not allow us to collect all of the information we request, we may not be able to provide you with a membership benefit or service or deliver all of those services effectively.
How do we collect personal information?
We collect most personal information directly from you. For example, we will collect your personal information when you apply for membership or access a membership benefit or service or lodge a claim. We collect this information in person, over the phone, over a video conference (or other telecommunication means), or electronically via email or when you visit our website.
Sometimes we collect personal information about you from other people or organisations. This may happen without your direct involvement. For instance, obtaining information from your representative or information that is publicly available, for example from public registers or social media, or made available by third parties. Only relevant information is collected for MIPS to undertake its business operations.
How do we hold personal information?
Much of the information we hold will be stored securely and managed by MIPS or specialist external service providers. Some information we hold will be stored in paper files. Personal and sensitive information is currently held in a secure manner in a number of countries including Australia, Canada, France, Germany, Gibraltar, Hong Kong, Singapore, Switzerland, United States of America and United Kingdom. Information disclosed and stored with our service partners is done is a manner consistent with the Australian Privacy Principles and principles such as the US & EU Privacy Shield Framework. Disputes in relation to personal information disclosed to these providers are protected by the independent recourse mechanism.
MIPS uses a range of physical and electronic security measures to protect the security of the personal and sensitive information we hold. For example:
- access to information systems is controlled through strict identity and access management procedures
- appropriate data encryption techniques are applied
- employees are bound by internal information security policies and are required to attest to compliance with policies
- MIPS’ internal information assets are protected by information security and threat detection and response systems
- service agreements with external service providers are required to meet or exceed the minimum requirements outlined by APPs
- all employees are required to complete training about information security, and
- we regularly monitor and review our compliance with internal policies, regulatory and industry guidelines.
Who may we disclose your personal information to, and why?
In order to provide you with MIPS membership benefits and services, MIPS may disclose personal and sensitive information to related entities and external service providers to perform some functions on our behalf. Some of the operations of these service providers are located overseas however where possible providers services are accessed by MIPS via their Australian registered and operated subsidiaries. We only disclose your information to these organisations when it is necessary for the services they provide MIPS.
We will use and disclose your personal and sensitive information for the purposes we collected it as well as purposes that are related to that, where you would reasonably expect us to. For example, we may disclose your personal and sensitive information to:
- MIPS related entities
- service providers of claims administration and policy administration systems
- insurers, reinsurers, brokers, actuaries, assessors or investigators
- a third party claimant or witnesses in a claim
- administrative service providers, consultants and contractors
- accounting, legal and professional advisers or auditors
- government, statutory or regulatory bodies and enforcement bodies
- the Australian Financial Complaints Authority (AFCA) or any other external dispute resolution body
- your personal legal representative or under the instruction of a Power of Attorney, for example after your death for management of your estate, and
- any other organisation or person, where you’ve asked them to provide your personal information to us or asked us to obtain personal information from them.
We may collect and disclose your personal and sensitive information to these persons and organisations during the information life cycle, regularly, or on an ad hoc basis, depending on the purpose of collection.
We may also use your de-identified information for research and statistical analysis.
Our marketing practices
MIPS may utilise personal information to distribute information about MIPS products, services, publications and news that you might be interested in. This distribution may occur via mail, SMS, email, telephone, online or in person.
If we use your information for marketing purposes, we will comply with relevant legislation, for example all electronic activities comply with the requirements of the Spam Act 2003 (Cwlth).
Your personal information is kept confidential and only disclosed to you or those parties permitted by this statement.
Right of access to your information
You have a right to access and correct your personal and sensitive information. Please contact the Privacy Officer on 1800 061 113, or at email@example.com to request your information. There is no charge for the provision of that personal information. If you request access to sensitive information, there may be a delay in providing this information for example, if the information is related to a claim that is still under consideration.
MIPS deals openly and efficiently with complaints, expressions of dissatisfaction and disputes relating to privacy. MIPS has an internal complaint and dispute resolution process which is free. If you have a complaint about privacy, please contact MIPS on 1800 061 113 or at firstname.lastname@example.org.
We will respond to your complaint within 15 business days. If we need to receive more information, or to undertake investigations about your complaint, we will agree reasonable timeframes with you of up to 45 days.
Upon conclusion of the Complaints process, if the matter is still not resolved to your satisfaction you can contact the Office of the Australian Information Commissioner.
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Tel: 1300 363 992
Fax: 02 9284 9666
Contact us - Home (oaic.gov.au)