Privacy Statement - Medical Panels Victoria
Medical Panels are established under the Workplace Injury Rehabilitation and Compensation Act 2013 (Vic) and the Wrongs Act 1958 (Vic). The Office of Convenor of Medical Panels (MPV) consists of the Convenor, 2 Deputy Convenors and employees provided to support operations.
Where there is disagreement or uncertainty about aspects of an injury or medical condition, a Medical Panel may be convened to answer referred questions and provide a legally conclusive and binding opinion on the medical issue/s in dispute.
- A Medical Panel may be asked to provide an Opinion where there is disagreement or uncertainty about aspects of a WorkCover related injury or medical condition.
- A Medical Panel may be asked to provide a Determination where there is disagreement or uncertainty about the degree of impairment resulting from an alleged Wrongs Act injury.
Each Medical Panel has the status of a Tribunal and Medical Panel's Opinions and Determinations on a medical question must be accepted as final and binding.
The Victorian privacy laws
The Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) impose obligations on us in relation to the collection, use, disclosure and handling of personal, sensitive and health information.
When collecting personal or health information Medical Panels Victoria will take reasonable steps to advise you of what information is being sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information
Three different types of information are protected by the privacy laws:
- Personal information means 'information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion'.
- Sensitive information is a type of personal information. It includes information about a person's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices and criminal record.
- Health information is a type of personal information that relates to the health or disability of an individual, the provision of health services to the individual or the individual's expressed wishes about the provision of health services. It also includes information collected to provide or in providing, a health service or in connection with organ donation.
- Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) contained in the privacy laws apply to:
- our collection of personal and health information
- our use and disclosure of the information
- the quality and security of the information we hold
- the information we give to people about our collection and handling of personal and health information
- an individual's right to access the information we hold about them
- our use of identifiers assigned by organisations to individuals
- our transfer of information to organisations outside Victoria
- the transfer of health records.
Other laws that apply to our handling of personal information
A number of other Acts affect the way we collect, use and handle personal information.
- The Workplace Injury Rehabilitation and Compensation Act 2013 (Vic) and the Wrongs Act 1958 (Vic) allows Medical Panels Victoria to request participating parties to a referral, to produce documents or provide information that may be relevant to the resolution of a dispute. Medical Panels Victoria may make any documents or information available to any other party to the referral. That Act also generally prohibits Medical Panels Victoria and staff from using or disclosing information for purposes not connected with official duties or functions.
- The Freedom of Information Act 1983 creates a general right of access to the information we hold. That right is subject to a number of limitations, including where disclosure would involve the unreasonable disclosure of information relating to the personal affairs of another person. The Act also gives individuals the right to have information held about them corrected.
Exemption – Section 10 of the Privacy and Data Protection Act 2014 and Section 14 of the Health Records Act ("the Acts").
A Medical Panel is convened by the Convenor and has the status of a Tribunal.
Section 313(2) of the Workplace Injury Rehabilitation and Compensation Act 2013 (Vic) provides that the Medical Panel to whom a medical question is so referred must give a certificate as to its opinion and a written statement of reasons for that opinion.
Each Medical Panel is generally exempt from the requirements of the Acts and the IPPs and HPPs.
Nothing in the Acts applies to a Medical Panel in respect of collection, holding, management, use, disclosure or transfer of personal information which relate to the quasi-judicial functions of a Medical Panel.
In addition, nothing in the Acts applies to any staff, with respect to collection, holding, management, use, disclosure or transfer of personal information which relates to or supports the quasi-judicial functions of a Medical Panel.
How we apply the privacy laws
This section sets out in a general way the requirements of the privacy laws and how we apply them. The following section sets out how those laws affect our handling of personal and health information when we perform different functions.
The Privacy and Data Protection Act 2014 (PDPA) establishes Information Privacy Principles (IPPs) which guide Medical Panels Victoria in the collection and handling of personal information.
Principle 1: Collection
We only collect personal and health information that is necessary for one or more of our functions. We generally only collect sensitive or health information with the consent of the individual, or where the collection is otherwise authorised by law. We try to ensure that information is collected lawfully, fairly and not in an unreasonably intrusive way. Where reasonable and practicable, we collect information directly from the individual concerned or their nominated representative.
We also try to ensure that the individual to whom the information relates is made aware of our identity and how to contact us, the fact that the individual can gain access to his or her information, the purpose for which the information is collected, the organisations or types of organisations to which the information may be disclosed, any law that requires the information to be collected, and the main consequences (if any) for the individual if all, or part, of the information is not provided.
Where personal information is not collected directly from the individual, we try to ensure that the information is collected in accordance with the privacy laws, and that the individual is made aware of the collection, and of the matters set out in the previous paragraph.
Principle 2: Use and disclosure
We are required not to use or disclose personal or health information about a person for a purpose other than the purpose of collection, except where the use or disclosure is:
- for a purpose that is related to the purpose of collection (or in the case of sensitive and health information, directly related) and the individual would reasonably expect the information to be used or disclosed for that purpose
- made with the express or implied consent of the person to whom the information relates
- necessary to prevent imminent threat to a person's welfare, or a threat to public welfare
- necessary for reporting suspected illegal activity
- required or authorised by, or under, law
- necessary for certain purposes relating to national security and law enforcement
- necessary for the conduct of proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
If we use or disclose information for some of these purposes, we are required to keep a record of that fact.
We require our staff to use or disclose personal and health information only in the course of their official duties, and only for purposes that are related to the purpose for which the information was collected, unless the consent of the individual has been obtained, or the use or disclosure is authorised or required under one of the above exceptions.
Principle 3: Data quality
We are required to take reasonable measures to ensure that personal and health information we hold is accurate, complete and up to date, and that it is protected from misuse, loss and unauthorised access. We correct errors or omissions that are brought to our attention.
Personal and health information we collect is held by us in hard copy and electronic form. We retain information for as long as we need it, although in some cases this may require us to retain information for some time for possible future reference. Some official records are required by the Public Records Act to be retained for longer periods.
Principle 4: Data Security
We require our staff and contractors to observe appropriate security at all times when they are handling personal information. What are reasonable security measures varies according to the circumstances. All information is stored in secure premises. Files are stored in secured areas and in cabinets when not in use. Our security measures also apply to information stored and handled electronically. All our databases are password protected. Persons are only permitted access to databases to the extent necessary for them to perform their functions and duties. We conduct periodic reviews of our physical and electronic security arrangements to ensure that these requirements are being complied with.
Principle 5: Openness
Principle 6: Access and Correction
We are not required to give access to information to the extent that:
- providing access would pose a serious threat to the life or health of any individual
- providing access would have an unreasonable impact on the privacy of other individuals
- the request for information is frivolous, or vexatious
- the information relates to existing legal proceedings between us and the individual
- providing access would be unlawful
- denying access is either required or authorised by, or under, law
- providing access would likely prejudice an investigation of possible unlawful activity
- providing access would prejudice effective law enforcement, negotiations with the individual, the protection of public revenue, the prevention, detection, investigation, or remedying of serious improper conduct or the preparation or conduct of proceedings before a court or tribunal, or the implementation of the orders of a court or tribunal, by or on behalf of a law enforcement agency.
If we refuse to provide access to or to correct information we hold, we will give you reasons, except where the information is held for certain law enforcement purposes.
Principle 7: Unique Identifiers
A unique identifier is a number assigned to an individual in order to identify the person for the purposes of the organisation's operations. We will not use or disclose an identifier we assign unless it is necessary for us to fulfil our functions or our obligations to another organisation or where the disclosure is otherwise required or authorised by law.
Principle 8: Anonymity
We are required to give individuals the opportunity to deal with us anonymously where it is lawful and practicable. However, in most circumstances, it is necessary for us to ascertain the identity of individuals with whom we deal. We only collect personal or health information that we believe is necessary for us to discharge our functions and responsibilities.
Principle 9: Transborder data flows
We may disclose information about an individual outside Victoria where one of the parties to a dispute is outside Victoria or when necessary to carry out our functions. We will only disclose personal information outside Victoria where there is consent to do so, or that disclosure is authorised by law and where we reasonably believe that the personal information we send will be handled in a way that is consistent with the IPP's.
Principle 10: Sensitive Information
The Medical Panel does not collect sensitive information without parties consent. Sensitive information can be racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups, including membership of a professional or trade association, trade union or criminal records.
Collection and use of information in particular situations
Requesting and conducting a Medical Panel
We collect personal and health information from people who are referred to a Medical Panel, other parties to the referral and any other person whose information is necessary to conduct the referral.
We collect personal and health information that a party provides when a matter is referred to the Medical Panel. In the course of processing and managing the referral to the Medical Panel and conducting the Medical Panel, we may also collect personal and health information from the other parties to the referral and any other person whose information is necessary to conduct the Medical Panel. This could include people such as employers, co-workers, medical and health services providers, legal representatives, and family members. We will generally do this in writing, or face to face during the conduct of the Medical Panel.
We try to ensure that only personal and health information that is necessary for the purpose of the referral to the Medical Panel is collected. However, the information may also be used for other purposes related to the Medical Panel process, for example, evaluating our Medical Panel processes to better manage them in the future.
Personal and health information in relation to a Medical Panel referral may be disclosed to a number of different people and organisations, including a legal practitioner or family member (if nominated by an individual to assist them with the Medical Panel), other parties to the referral, courts or tribunals where they are authorised to obtain it, and other persons authorised by the individual or by law to receive it.
Medical Panel Members information
We also collect and hold personal information of Medical Panel members and applicants for positions as a Medical Panel member.
We collect personal information for the purposes of processing and assessing applications for appointment as a Medical Panel member. We also collect and retain personal information about Medical Panel Members for a range of employment related purposes, including training, performance assessment, remuneration employment related travel, resignation and retirement. We may also use and disclose personal information in a dispute that arises in relation to a person's appointment or in the performance of their responsibilities as a Panel Member.
We generally collect personal information directly from the individual, although some information may be collected, with the consent of the individual, from third parties such as referees, and from police records. Information is usually collected from applications for appointment as a Panel Member and in the course of our induction program. Information may also be collected in the course of performance assessment processes. We may also collect personal information in the course of monitoring Panel member e-mail and Internet use.
We may disclose personal information about Panel Members to superannuation, taxation and insurance related organisations. We only do this with the consent of the person concerned, or if we are otherwise required or authorised to do so by law.
If an applicant for employment is not appointed to a position with us, we may retain his or her information for up to one year and use it, where appropriate, to consider the person for other positions. If the person is employed or appointed, the information will be retained as part of their employment record with us for the duration of their employment and for at least seven years thereafter.
Complaints about privacy
If you have a complaint about an infringement of privacy or about our treatment of your personal information or health information you should contact:
Medical Panels Victoria
Level 6, 485 La Trobe St, Melbourne, VIC 3000
GPO Box 2709 Melbourne 3001
Facsimile: (03) 8256 1550
You can also make a complaint to the Commissioner for Privacy and Data Protection (if the complaint relates to our treatment of personal or sensitive information) or to the Health Services Commissioner (if it relates to our treatment of health information.)
The Commissioner for Privacy and Data Protection
GPO Box 5057 Melbourne 3001
Level 6, 121 Exhibition Street Melbourne
Phone: (03) 8684 1660
The Health Services Commissioner
Level 30, 570 Bourke Street Melbourne 3000
Phone: (03) 8601 5216