cohealth (cohealth, we, us, our) is committed to the protection of your personal information.
This Privacy Statement outlines cohealth’s policy on how we will collect, use, disclose, store and protect personal information collected from you (you or your). This Privacy Statement also describes the way in which you may access or correct the personal information we hold about you, and how to contact us if you have any complaints in relation to your privacy.
We will handle your personal information in accordance with applicable privacy laws. cohealth is bound by the Australian Privacy Principles (APPs) contained in the Commonwealth Privacy Act 1988 (Cth). cohealth is also bound by the following laws when handling health information:
cohealth will review and update this Privacy Statement to take account new laws and technology, changes to cohealth’s operations and practices and to make sure it remains current.
This Privacy Statement applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history or the health services you have received). Sensitive information also includes a person’s: religious beliefs; sexual preferences; political views; racial or ethnic origin; membership of a professional or trade association; and criminal record.
The information you provide us forms the basis of your health record. Your health record is updated when you see us.
We may collect personal information from you so that we can provide services to you, or where this is otherwise necessary, for our functions or activities. In particular, we may collect your personal information:
You are not required to disclose your personal information to us. However, if you do not provide the information requested, we may not be able to provide you with appropriate services or treatment, or provide you with relevant information regarding our services.
If you are a cohealth client, it may not be practicable for you to be treated on an anonymous basis or for you to use a pseudonym, because this would prevent us from being able to provide you with appropriate care. Services provided under Medicare require identification prior to service. People wishing to remain anonymous or use a pseudonym may not be eligible to claim Medicare or (funding) and may be required to make full payment for the services provided. In addition, due to some of our project and funding requirements, we may not be able to accept pseudonym names due to the collection of personal information requirements as stated in the agreements.
We collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.
We only collect your personal information where you have consented, or otherwise in accordance with the law.
We usually collect your personal information directly from you through your interactions with us.
We may also collect your personal information from third parties where authorised under the privacy laws, such as from other health service providers and health professionals, pathology and diagnostic imaging service providers for the continuation of your health care, and from family members, guardians or other persons you have authorised to provide your personal information to us.
When we collect your personal information, we will as soon as practicable take reasonable steps to notify you of the details of the collection, such as the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and also notify you that this Privacy Statement contains details on how you may access or correct your information, or raise any complaints.
We may collect personal information (including sensitive information) about you, such as:
We may also collect personal information from individuals who are not clients to enable us to work or transact with them. These persons may include:
Generally, we will only collect sensitive information with your consent or where required by law.
If you are a cohealth client, we generally use your personal information for the following main purposes:
If you are a job applicant, staff member, student, volunteer or contractor/consultant service provider, we may use your personal information to manage our relationship with you or work or transact with you, for example to assess and (if successful) to engage an applicant, staff member or contractor.
Other specific purposes for which cohealth uses job applicants, staff members and contractor’s personal information include:
Where cohealth receives unsolicited job applications, they will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
We may also use your personal information for purposes permitted under the applicable privacy laws, which may include the following:
cohealth is committed to LGBTIQA+ health equity. With client’s consent, cohealth asks and collects information about LGBTIQA+ identity. This ensure people have an opportunity to affirm their identity, and that cohealth provide the best service possible.
Some of your personal information may be used for your referrals. cohealth uses a clinical software that ensures only relevant information is included on referrals.
We may disclose your personal information to:
where this is necessary for your ongoing care and support. If you tell us you do not wish for your personal information to be disclosed to a particular health professional or organisation, we will not do so without your consent.
Subject to you providing all necessary consents or us otherwise being authorised under the privacy laws to do so, we may also disclose your personal information to:
We will not otherwise disclose your personal information to any third parties unless you have consented, or we are otherwise permitted or required to do so by law. This may include disclosure of your personal information in the following circumstances:
If you are a job applicant, staff member, student, volunteer or contractor/consultant service provider, we may disclose your personal information to manage our relationship with you or work or transact with you.
The Family Violence Information Sharing Scheme under the Family Violence Protection Act 2008 (Vic)Part 5A) makes us responsible to request and share information to assess and manage family violence risks.
The Child Information Sharing Scheme under the Child Wellbeing and Safety Act 2005 (Vic) (Part 6A) makes us responsible to request and share information to promote the safety and wellbeing of children.
Information will only be shared, received and handled by cohealth under these Schemes in accordance with the terms of the relevant legislation. Information cannot be shared under these Schemes unless it is for a permitted purpose, being:
Sharing information is important so we can work better to keep perpetrators in view and keep you (and your children) safe. We will only share confidential information about you (or your children) with other services that are legally allowed to receive that information, and only.
We may use video surveillance for security purposes and the footage will be used only by cohealth and by the providers of our security services for security purposes, and in accordance with the applicable privacy laws and surveillance devices laws. Surveillance videos are not used by cohealth for other purposes and the footage is not publicly available but may be supplied to law enforcement agencies when required or authorised to do so by law. Surveillance cameras are not located in any bathrooms or change room facilities.
We prioritise your privacy and confidentiality.
If your provider is working remotely during any consultations, it will always be done in a private space.
Before engaging in any real-time audio/visual recording, duplication, or storage of consultations, whether they occur in person, via telehealth, or remotely, we will always seek your consent.
We will only disclose your personal information to a recipient that is located interstate or overseas with your consent and in accordance with the requirements of the APPs and HPPs.
It may be necessary to disclose your personal information to persons or organisations outside of Victoria/Tasmania, or overseas to provide you with ongoing care and treatment (for example, where a referral is made to a health professional located interstate or overseas).
We will only disclose your personal information outside of Victoria/Tasmania or overseas if:
We may collect your personal information through the cohealth website, such as your email address or other contact details when you seek information regarding our services or make another enquiry with us. We will deal with this personal information in accordance with this Privacy Statement and the privacy laws.
You can prevent the use of these through adjusting your browser settings to block, reject or delete these functions, but this may affect your ability to use the full functionality of the website and it may not function in an optional manner.
We may also use analytics tools to collect data about your interaction with our websites, and to track use of our websites and to maintain and improve those sites.
Information collected could include:
cohealth’s staff are required to respect the confidentiality of personal information and the privacy of individuals.
cohealth has in place steps to protect the personal information cohealth holds from misuse, interference and loss, and from unauthorised access, modification, and disclosure. We use various physical and technological security measures to protect the personal information we hold, including locked storage of paper records and passworded access rights to computerised records.
We store your information securely and where possible, we keep it in an electronic file.
We have a data breach response plan, which we would follow in the unlikely event of a privacy or data breach. We are also required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act. The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.
An ‘eligible data breach’ occurs when:
An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act.
When your personal information is no longer required (and in the case of your health information, the information has been retained for the required periods under the HPPs or otherwise under law) we will take steps to securely destroy the information or to ensure that the information is permanently de-identified. Note that under law we are generally required to hold your health information for a minimum of seven years from the date of last entry for an adult, and for any clients who are children until they would have reached 25 years old.
cohealth will take reasonable steps to ensure that the personal information it holds is accurate, complete, up-to-date, relevant and not misleading.
You have a right to request access to the personal information that we hold about you.
To request access to medical records or other health information, you will need to complete a Request for Access to Medical Records Form, available from reception at any cohealth service or click here to download the form. You are required to provide proof of your identity to staff when applying. We may charge a fee (as allowed under legislation) for photocopying and sending the information. If fees apply, you will be contacted to discuss those fee’s prior to release.
You may otherwise request access to the personal information that we hold about you, using our contact details below.
cohealth may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, cohealth may charge a reasonable fee to retrieve and copy any material. If the information sought is extensive, cohealth will advise the likely cost in advance.
In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.
If you believe that the personal information we hold about you requires correction or updating (e.g. because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected by contacting the Site Manager or Privacy Officer of cohealth at any time.
cohealth will make a decision on your request to access or correct records within 30 days of your request. If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.
cohealth will store all feedback separately to a client’s electronic health record. Your feedback will be kept confidential and only those involved in the complaint handling will have access to the details.
cohealth follow the Complaint Handling Standards of the Health Complaints Commissioner, in accordance with the Health Complaints Act 2016 (Vic). This Act also provides that consumers can make a complaint to the Health Complaints Commissioner about the way a complaint is handled by a health service provider.
If you would like further information about the way cohealth manages the personal information it holds, please contact the Privacy Officer. If you have any concerns, complaints or you think there has been a breach of privacy, or you wish to access or correct your personal information, then also please contact the Privacy Officer who will first deal with you usually over the phone.
If you are not satisfied with our response your privacy enquiry or complaint, we will seek to meet with you to discuss further.
If you are not satisfied with our response, or in any case you do not wish to deal with us directly, you may at any time raise your enquiry or complaint to any of the following:
Office of the Australian Information Commissioner via:
Office of the Victorian Information Commissioner via:
Health Complaints Commissioner via:
For further information, you can request access to cohealth policy documents from the Privacy Officer or learn more about the Victorian Charter of Human Rights and Responsibilities, and/or the Australian Charter of Healthcare Rights, at:
We may revise this Privacy Statement from time to time. We will update you on any changes to this Privacy Statement through our website at cohealth.org.au, and we will make the most current version of this Privacy Statement will be available when you receive services from us, or on your request.
Date last reviewed: January 2024.
Next review date: January 2025.
cohealth is a not-for-profit community health organisation. We provide essential health and support services in Melbourne’s CBD, and northern and western suburbs.