PSR is a small agency within the Commonwealth Health portfolio. PSR is responsible for providing administrative support to the Director of PSR, PSR peer review Committees and the Determining Authority in performing their respective functions under Part VAA of the Health Insurance Act 1973.
3. The Privacy Act
The Privacy Act regulates how APP entities such as PSR collect, hold, use and disclose ‘personal information’ which is a defined term in the Act. ‘APP entity’ is also a defined term and includes Commonwealth agencies as well as many organisations in the private sector. The Privacy Act also provides for individuals to seek access to, and correction of, their personal information.
Personal information is information or opinion in any form that identifies, or enables identification of, a living person. The complete definition in the Privacy Act is:
'Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.'
4. Compliance with the Privacy Act
PSR is required to comply with the Privacy Act and, in particular, the thirteen APPs which regulate the collection, storage, use and disclosure of personal information.
5. PSR's Personal Information Handling Practices
5.1 Collection of personal information generally
PSR only collects personal information which it needs in order to perform its functions and activities under the Health Insurance Act 1973. PSR only collects personal information in a limited range of categories.
These categories include:
- information about medical and other health practitioners and when Medicare requests PSR to review their provision of services under the Medicare program and the Pharmaceutical Benefits Scheme;
- personal information about individuals who have received services under the Medicare and dental benefits programs and the Pharmaceutical Benefits Scheme from or on behalf of practitioners who are the subject of a review by PSR;
- personal information collected by contracted service providers in compliance with contractual measures as required by the Privacy Act; and
- personal information collected from employees, job applicants, contractors and others in relation to employment at PSR.
PSR collects personal information only in accordance with the Privacy Act.
PSR routinely provides a privacy notice as required by APP 5 when it solicits personal information. However, PSR is not routinely required to provide a notice under APP 5 where personal information is solicited from individuals and/or third parties as part of a PSR review process.
Occasionally, individuals or organisations may provide personal information to PSR on an unsolicited basis. PSR does not normally give an APP 5 privacy notice in these circumstances because of the unsolicited nature of the information received.
In all cases where personal information is received, it is handled according to the particular circumstances and in compliance with the Privacy Act.
PSR collects personal information through a range of different channels including:
- paper-based and electronic forms (including online forms)
- face to face meetings
- telephone, email, and facsimile communications
- from persons under review and third parties under Notices issued pursuant to section 89B and s 105A of the Act
- PSR’s websites (including online portals).
5.2 Kinds of personal information collected and held
PSR collects and holds various kinds of personal information including:
- records relating to personnel, payroll matters, recruitment, disciplinary and counselling matters for the PSR's staff, contractors and job applicants including security clearances and police record checks;
- records relating to occupational health and safety matters including accident and injury records, compensation and rehabilitation case files;
- applications, correspondence (including decision letters), instruments of appointment and other records relating to the performance of the PSR's legislative and administrative functions and activities;
- correspondence, invoices, receipts and other records relating to goods and services supplied to PSR;
- correspondence, invoices, receipts and other records relating to services provided by PSR or publications purchased from PSR;
- correspondence, curricula vitae, remuneration and travel records and other records, including membership lists, relating to PSR's statutory office holders and peer review committees;
- distribution and mailing lists relating to the dissemination of PSR publications, reports, newsletters and other information of interest to individuals;
- correspondence and other documents relating to contracts, grants, allocations, funding agreements, requests for tenders and other procurement processes;
- correspondence, reports and other records relating to internal and external audits, allegations of fraud and compliance investigations;
- correspondence and other records (including medical records) from individuals, organisations, medical practitioners and third parties;
- correspondence to the Ministers and Ministerial staff including background and briefing material;
- correspondence and other documents relating to complaints and other feedback provided to PSR;
- requests for access to documents held by PSR including requests under the Freedom of Information Act 1982 (FOI Act) and related correspondence; and
- correspondence and other documents relating to requests for legal advice.
5.3 Sensitive Information
Where the above kinds of personal information include sensitive information such as:
- information about an individual’s racial or ethnic origin;
- health information such as details of an individual’s medical history, including details of specific medical conditions, disabilities and medication history; or
- information about an individual’s membership of a professional association,
this information is given the higher level of protection required by the APPs.
5.4 How PSR holds personal information
Personal information held by PSR is stored either on an electronic document and records management system or on paper files. Depending on the nature and purpose of the document, the same information is sometimes stored in both formats.
PSR stores and disposes of personal information in accordance with the Archives Act 1983.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.
5.5 Purposes for which personal information is collected, held, used and disclosed
The purpose for which PSR collects, holds, uses and discloses personal information will vary depending on the function and activity being undertaken and may include one or more of the following:
- performing personnel functions including work health and safety obligations in relation to PSR’s staff and contractors;
- recruiting and engaging staff and contractors;
- providing secretariat services to the PSR's statutory office holders and peer review committees;
- undertaking compliance with legal obligations under portfolio and other legislation;
- maintaining appointment and officer details and making decisions in relation to portfolio appointments;
- investigating and responding to reports of inappropriate practice within Medicare and the Pharmaceutical Benefits Scheme;
- contract management;
- managing and responding to correspondence and enquiries from individuals and organisations; and
- support for the Director in performing their functions under the Health Insurance Act 1973.
5.6 How to seek access to and correction of personal information
An individual has a right of access under the Privacy Act to personal information about himself or herself held by PSR.
Alternatively, individuals may make a request for access to documents containing their personal information under the FOI Act, and by emailing PSR’s FOI Coordinator at email@example.com. Under the FOI Act, PSR is entitled to refuse access or only give access to certain information. For example, where the personal information is contained within a document that is commercially sensitive. If PSR denies an FOI request, in whole or in part, PSR will set out its reasons in writing.
PSR will try to make personal information available within 30 days after receiving an individuals’ request. There is no charge for PSR providing the individual’s personal information under a request or under the FOI Act. However, some charges may apply to requests under the FOI Act that extend to additional documents.
For more information on accessing, or correcting, personal information held by PSR, please contact PSR using the details set out at section 7.1 below.
Further information about making FOI requests (including when fees and charges may apply) is available on PSR's FOI web page (at https://www.psr.gov.au/psr-agency-corporate-information/freedom-of-information-foi) or by telephoning (02) 6120 9100.
5.7 Disclosure of personal information
Other than where required for the purpose of performing its functions under the Health Insurance Act or in circumstances such as unlawful activity or serious threats to health and safety, PSR does not share personal information with other government agencies. If an individual approaches PSR about an issue that needs to be dealt with by another agency, PSR will provide the individual with the necessary details to enable the individual to make contact with the other agency themselves.
PSR does not disclose personal information to overseas recipients except where required by law.
If an individual wishes to make a privacy complaint against PSR, he or she also has the option of complaining directly to the Australian Information Commissioner.
The Australian Information Commissioner’s details are set out below:
Telephone: 1300 363 992
Post: Australian Information Commissioner
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
7. How to contact PSR
PSR can be contacted by telephone on (02) 6120 9100 or by email at firstname.lastname@example.org
(Policy revised and endorsed June 2018).