Privacy statement

MIPS takes your privacy seriously.

How we collect, use, hold and disclose information is governed by the Privacy Act and the Australian Privacy Principles (APPs). This privacy statement applies to Medical indemnity Protection Society (ABN 64 007 067 281) and to all its related subsidiaries including MIPS Insurance (ABN 81 089 048 359).

MIPS is committed to protecting the privacy of your personal information. Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from information about them. Information or opinion is still treated as personal information whether it is true or not and regardless of whether we have kept a record of it.

Why do we collect personal and sensitive information?

MIPS must collect, use, hold and disclose personal information to carry on it business operations. Types of information that we collect and hold about you could include: your name, postal or email address, telephone numbers, and date of birth or relevant information about your current and past healthcare practice. We collect this information so that we can:

  • identify you, conduct appropriate checks and keep your information up to date;
  • understand your requirements and provide you with a product or service;
  • assess, approve, issue and administer membership;
  • provide assistance, support, legal advice and legal defence;
  • manage, administer and improve our products, services and systems;
  • assess and investigate any claims, incidents or notifications;
  • manage, train and develop our employees and representatives;
  • manage complaints and disputes, and report to dispute resolution bodies;
  • comply with legislative or regulatory requirements; and
  • tell you about our products or services we think may interest you.

The collection of sensitive information is restricted by the Privacy Act. This includes information about your religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation. It also includes health information and biometric information. Generally, we only collect this type of information if it is necessary to provide you with a specific product or service and you have consented to that collection. For example, assessing an application for membership or providing assistance in relation to a claim.

If you do not allow us to collect all of the information we request, we may not be able to provide you with a membership benefit or service or deliver all of those services effectively.

How do we collect personal information?

We collect most personal information directly from you. For example, we will collect your personal information when you apply for membership or access a membership benefit or service or lodge a claim. We collect this information in person, over the phone or electronically via email or when you visit our website.

Sometimes we collect personal information about you from other people or organisations. This may happen without your direct involvement. For instance, obtaining information from your representative or information that is publicly available, for example from public registers or social media, or made available by third parties. Only relevant information is collected for MIPS to undertake its business operations.

How do we hold personal information?

Much of the information we hold will be stored securely and managed by MIPS or specialist external service providers. Some information we hold will be stored in paper files. Personal and sensitive information is currently held in a secure manner in Australia, Canada, France, Germany, Gibraltar, Hong Kong, Singapore, Switzerland, United States of America and United Kingdom. Information disclosed and stored with our service partners is done is a manner consistent with the Australian Privacy Principles and principles such as the US & EU Safe Harbor Privacy Principles. Disputes in relation to personal information disclosed to these providers are protected by the independent recourse mechanism.

MIPS uses a range of physical and electronic security measures to protect the security of the personal and sensitive information we hold. For example:

  • access to information systems is controlled through strict identity and access management procedures;
  • appropriate data encryption techniques are applied;
  • employees are bound by internal information security policies and are required to attest to compliance with policies;
  • service agreements with external service providers are required to meet or exceed the minimum requirements outlined by APPs;
  • all employees are required to complete training about information security; and
  • we regularly monitor and review our compliance with internal policies, regulatory and industry guidelines.

Who may we disclose your personal information to, and why?

In order to provide you with MIPS membership benefits and services, MIPS may disclose personal and sensitive information to related entities and external service providers to perform some functions on our behalf. Some of the operations of these service providers are located overseas however most providers services are accessed by MIPS via their Australian registered and operated subsidiaries. We only disclose your information to these organisations when it is necessary for the services they provide MIPS.

We will use and disclose your personal and sensitive information for the purposes we collected it as well as purposes that are related to that, where you would reasonably expect us to. For example, we may disclose your personal and sensitive information to:

  • MIPS related identities;
  • insurers, reinsurers, brokers, actuaries, assessors or investigators;
  • a third party claimant or witnesses in a claim;
  • administrative service providers, consultants and contractors;
  • accounting, legal and professional advisers or auditors;
  • government, statutory or regulatory bodies and enforcement bodies;
  • the Financial Ombudsman Service or any other external dispute resolution body;
  • your personal legal representative or under the instruction of a Power of Attorney, for example after your death for management of your estate; and
  • any other organisation or person, where you’ve asked them to provide your personal information to us or asked us to obtain personal information from them.

We may collect and disclose your personal and sensitive information to these persons and organisations during the information life cycle, regularly, or on an ad hoc basis, depending on the purpose of collection.

Use of this website

When you use this website you provide information to MIPS, for example aggregate information such as the number of pages visited or personal information such as when you complete an online form. If your browser is suitably configured, it will advise you whether the information you are sending us will be secure (encrypted) or not secure (unencrypted). If secure transmission is indicated, MIPS currently supports TLS encryption. For security and audit purposes MIPS may collect your IP address for your interaction with various parts of the MIPS website. Your IP address is the identifier for your computer when you are using the internet. This site may also use ‘cookies’ to provide you with better and more customised service and a more effective website. Some of the content appearing on the MIPS website may be supplied by third parties. Our webpages may contain links to third party websites for informational or other purposes. These websites are not covered by this Privacy Statement. MIPS is not responsible for the privacy practices or content of any third party website.

Our marketing practices

MIPS may utilise personal information to distribute -including via mail, SMS, email, telephone, online or in person; information about MIPS products, services, publications and news that you might be interested in. When we do so we comply with relevant legislation, for example all electronic activities comply with the requirements of the Spam Act 2003 (Cwlth).

Your personal information is kept confidential and only disclosed to you or those parties permitted by this statement.

Right of access to your information

You have a right to access and correct your personal and sensitive information. Please contact us on 1800 061 113 to request your information. There is no charge for the provision of that personal information. If you request access to sensitive information, there may be a delay in providing this information for example, if the information is related to a claim that is still under consideration.

Complaints

MIPS deals openly and efficiently with complaints, expressions of dissatisfaction and disputes relating to privacy. MIPS has an internal complaint and dispute resolution process which is free. If you have an enquiry or complaint about privacy or any other matter contact MIPS on 1800 061 113.

We will respond to your complaint within 15 business days. If we need to receive more information, or to undertake investigations about your complaint, we will agree reasonable timeframes with you of up to 45 days. If the complaint is not resolved to your satisfaction you can contact the MIPS Dispute Manager, who will examine your complaint and our decision and advise you in writing within 10 business days of the action MIPS proposes to take about the complaint.

If the matter is still not resolved to your satisfaction you can contact the Office of the Australian Information Commissioner.

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Tel: 1300 363 992
TTY: 1800 620 241
Fax: 02 9284 9666
enquiries@oaic.gov.au