Last Updated: March 2018
Purpose of Policy
Lorica Health Pty Limited (“Lorica Health”, “we”, “us”, “our”) provides software and consulting services that improve the integrity and efficiency of health systems. Lorica Health owns and operates the website, http://www.loricahealth.com and other affiliated websites (together, the “Website”).
Aside from the Website, Lorica Health also owns and operates software which analyses health insurance claims data. This data does not include the names of health fund members.
Scope of the Policy
This policy applies to any person or corporation that engages with Lorica Health and to all Lorica Health Staff, including but not limited to, any full-time, part-time or casual employee or student of Lorica Health, and any consultant engaged in a similar capacity by Lorica Health.
Collection of Information from You
We may directly collect personal or sensitive information which you have provided to us. We may directly collect your personal information in a variety of ways, for example:
- when you visit or use our Website or services;
- when you engage with Lorica Health on social media platforms;
- when you apply for a job at Lorica Health;
- when you sign up to a mailing list or to receive newsletters; or
- when you contact us.
The types of personal information we may directly collect from you includes (but is not limited to) your name, e-mail address, postal address or telephone number.
You are under no obligation to provide us with your information and you may be able to visit our Website and deal with us anonymously or by pseudonym. However, if you choose not to provide us with certain information, we may not be able to provide you with the full services that you seek.
Collection of information from third parties
Lorica Health collects personal information about health care providers from health insurance companies, government agencies and/or hospitals.
Lorica Health also collects data about health fund members from health insurance companies. This data does not include names or street addresses. However, because the information is potentially identifiable, we treat all data as ‘personal information’ and apply privacy protections accordingly.
How we use personal information
Personal information and other data is supplied to us by health insurance companies, government agencies and/or hospitals, so that we might analyse it on behalf of those health insurance companies, government agencies and/or hospitals. Our analysis helps to identify errors in claiming data; analyse the quality of provider services; support payer-provider negotiations and provide consulting services.
We only use personal information and other data in order to provide analysis and reports back to the health insurance companies, government agencies and/or hospitals who supplied the data to us. We may also use personal information to develop our products and services and to perform other functions and activities related to the business of Lorica Health. We do not use personal information or other data for any other purposes.
Do we disclose confidential information to third parties?
Lorica Health may disclose personal information to third parties which may include (without limitation):
- our related entities and affiliates or business partners;
- third party service providers, contractors, suppliers, vendors who we may engage to assist us in the management of our business and the provision of our services to you and our clients, in the management of our databases and in the operation of our Website. For example, business support services such as website hosting services and information storage services;
- third party service providers who assist us in the distribution of marketing and promotional materials and email updates about the Website and our services, for example mailing houses;
- to government or regulatory bodies and agencies, law enforcement bodies (such as the police), courts of law, if required or authorised to do so by law. For example, in response to a subpoena or legal order, to investigate, prevent or take action regarding suspected illegal activities, fraud or potential threats or to exercise legal rights or defend against claims such as intellectual property infringement; or
- as otherwise permitted or required by law.
Lorica Health may also collect, use and disclose other, non-personal information on our server log files, including, for example, your IP address, browser type and your usage of our Website. We may collect this information using cookies or similar technologies.
When you visit, or use the Website, your web browser may store cookies (files of data) on your computer that may be retrieved when you revisit the Website in order to store your preferences in navigating and using our Website so as to customise your experience on our Website. These cookies do not contain personal information, although they may record and send us your IP address which allows our servers to recognise your preferences on our Website. You may delete or prevent cookies from being saved on your computer by changing your internet browser settings and may still use and visit our Website without accepting the cookies. However, if you reject or delete the cookies, you may not be able to take full advantage of certain features on our Website.
We may also collect or use this non-personal information to help us monitor and analyse our Website usage and traffic and this non-personal information may be disclosed to third parties who assist us in conducting the analysis. This information is disclosed in aggregate and to the fullest extent possible, will be de-identified before it is disclosed to third parties. However, please be aware that you IP address may be linked to any personal information that you submit.
Lorica Health takes steps to secure your personal information
Lorica Health is committed to protecting the security of your personal information and we take all reasonable precautions to secure and protect the integrity of personal information from misuse, interference and/or loss and unauthorised access, modification and/or disclosure.
Lorica Health uses firewalls and secure server software (SSL) to encrypt information before it is sent to us by our clients. However, any such provision of information is at your own risk or the responsibility of the third parties who provide us with personal information for the purposes of providing our services to them.
Lorica holds your information on secure servers
We use the top tier, third party data hosting provider Amazon Web Services (AWS) for ‘cloud’ hosting. Australian client’s data is hosted across AWS servers and a secure data centre based in Sydney. AWS servers in the US will host all data for US customers. AWS instances are set up such that client data is never taken offshore.
The servers on which personal information are stored are kept in a controlled environment. While we take reasonable efforts to guard your personal information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others such as hackers.
Third party links
How can you access or correct your personal information?
Lorica Health takes such steps as are reasonable to ensure that the personal information we collect about you is accurate, up-to-date and complete. However, we rely on the accuracy of the personal information that is provided to us by you or by third parties.
You may seek access to, or request the correction of, the personal or sensitive information that we may hold about you by submitting a request for access or correction of your personal or sensitive information by contacting us at firstname.lastname@example.org and providing us with details of your request.
Once we receive your request, we will endeavour to respond to that request within a reasonable period after your request is made. There are some exceptions, specified by law, where we may refuse your requests. If one of these circumstances applies, we will provide you with a written explanation of the reasons for the refusal, unless it would be unreasonable to do so
How can you make a complaint about a breach of your privacy?
If you have any concerns about our handling or treatment of your personal or sensitive information or if you believe that your privacy has been breached, please contact us by sending us an email at email@example.com or using the contact details below, and set out the nature of your complaint.
We will investigate your complaint and endeavour to provide you with our response within a reasonable time of receiving your complaint. If after receiving our response, you still consider that your privacy complaint has not been resolved, you may refer your complaint to the Australian Privacy Commissioner at http://www.oaic.gov.au/.
Lorica Health Pty Limited
Level 3, 55 Harrington Street
The Rocks, Sydney, NSW 2000
Phone: 1 800 LORICA (1 800 568 422)