Our Privacy Statement

We may collect personal information from you. When we do, we will:

wide arrow dark icon
  • only collect information we need to carry out the functions of the Health Complaints Commissioner under the Health Complaints Act 2016 (Vic) and the Health Records Act 2001 (Vic)
  • ensure you know why we are collecting the information and how we will use the information
  • use and disclose your information only in accordance with the primary purpose or a directly related secondary purpose that you would expect. If we use the information for another purpose, we will ask your permission first (unless we are authorised by law to use the information as required)
  • store your information securely and protect it from unauthorised access
  • retain your information for the period authorised by the Public Records Act 1973 (Vic)
  • give you access to your own information, and ensure you can request corrections to the information.

Personal and health information held by the HCC

You can access and browse our website without disclosing personal information. We will only record your email address, contact details and other personal information if you:

  • send us a message or communicate with our office
  • send us a complaint including these details
  • make a request under the FOI Act
  • register for or enquire about our education programs.

We may use de-identified personal and health information in our Annual Report and education programs.

Complaint Handling

The personal and health information we collect mostly relates to considering and, where appropriate, resolving or investigating complaints under the HCA or the HRA. We will only collect the personal and health information that is necessary to perform these functions. We will ensure any personal and health information you provide will not be disclosed, except when this is consistent with the HCA, HRA, the provisions in the PDPA or any other law.

If you make a complaint to us, that complaint may be forwarded on to another body for appropriate action, including to the organisation that is the subject of the complaint. We may forward your complaint on as part of our investigation or complaint resolution processes, or if the law requires us to do so. If you make a complaint and do not wish your identity to be disclosed (to anyone, or to a specific person or body), you should let us know. All requests for anonymity will be considered. But note that if you ask to be anonymous, we may be unable to resolve or investigate your complaint. By law, we are required to notify the Australian Health Practitioner Regulation Agency (AHPRA) of all complaints involving registered health practitioners and to share a copy of the complaint with AHPRA.

Education programs

We provide educational programs and we collect personal information as part of this process. If you register for or enquire about our education programs, your information may be provided to the individuals or organisations responsible for organising and delivering these programs.

Collection notice

We usually collect personal and health information from you, or from your authorised representative, to help us carry out our functions or activities under the HCA, HRA and other laws. When collecting personal and health information we take reasonable steps to advise you of the information we are seeking and how we will use it. We sometimes collect personal and health information from other people/organisations under specific provisions in the HRA and the HCA.

Staff confidentiality

Our staff are legally obliged to maintain confidentiality of information gained in the course of their employment under s.90 of the HRA and ss 150 – 152 of the HCA. Staff are also subject to the Victorian Public Service Code of Conduct for special bodies.

Data quality and security

We have technology and security policies, rules and measures to protect the personal information we have under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss.

But you should be aware that there are risks in sending information online. While we try to protect this information, we cannot ensure the security of any information sent to us online and individuals do so at their own risk. If you are concerned about sending sensitive material to us over the internet, contact us.

Access and correction

We take reasonable steps to make sure the information we hold is accurate, complete, up-to-date and relevant to our functions and activities by checking information with individuals and organisations at relevant points in the progress of a complaint, investigation or other process. We also rely on you to let us know when your contact details have changed.

We use a number of procedural, physical and hardware safeguards, together with access controls and back-up systems, to protect information from misuse and loss, unauthorised access, modification and disclosure.

You have a legal right to request access or correction of your personal information held by us. Requests are handled under the Freedom of Information Act 1982 (FOI Act). Requests need to be in writing and you need to include the relevant application fee ($28.90) or give evidence of hardship (such as a Centrelink concession card) if you are asking for a waiver. Further access charges may apply where documents are released under the FOI Act unless hardship applies.

Requests should be sent to [email protected] (if no fee is payable) or mailed to the FOI Officer, Health Complaints Commissioner, Level 26, 570 Bourke Street, Melbourne, Vic 3000 with a cheque for the application fee.

Please describe what documents you are requesting access to, and please try to be clear and specific about the document you are seeking access to. If the requested documents are about your personal affairs, you should provide evidence of your identity (e.g. a certified copy of your current drivers licence or other photographic identification).

For further information about making an FOI request, visit the Office of the Victorian Information Commissioner.

Unique identifiers

We will not assign – or adopt from another organisation – unique identifiers for an individual, and we will not ask for unique identifiers unless it is necessary for complaint handling or required by law. Each complaint we receive is given its own record number.

Retention and destruction of personal and health information

We retain and destroy records according to the requirements of the Public Records Act. Destruction of personal and health information takes place by way of a secure shredding process.

Trans-border data flows

Generally, we will not send personal health information outside Victoria without obtaining your consent or as required by law. In the case of prohibition orders about non-registered practitioners, we may send information to other states and territories as part of a national mutual recognition scheme.

Complaints about us

If you are concerned about the manner in which the HCC has handled your personal health information then you can complain to the Commissioner by writing to [email protected].

If the matter is not resolved you can make a complaint about how the HCC has handled your personal information under the Privacy and Data Protection Act 2014 to Victoria's Office of the Victorian Information Commissioner, Privacy and Data Protection.

Part II Statement

The HCC aims to make information and documents easily accessible to members of the public. The statements listed in this part outline the functions of the HCC and provide a non-exhaustive list of the types of information and documents we hold in relation to our functions.

ORGANISATION AND FUNCTIONS

The HCC is an independent body established under the Health Complaints Act 2016 (HCA) to receive and deal with complaints about health service providers and to regulate general health service providers in Victoria. It administers functions and powers in accordance with the HCA and the Health Records Act 2001 (HRA).

Health Complaints Act 2016

Under the HCA, the HCC’s key functions and decision making powers include:

  • facilitating the resolution of complaints about health services in Victoria
  • determining how complaints should be dealt with in accordance with the HCA
  • conducting investigations under Part 4 of the HCA
  • making prohibition orders against health service providers in accordance with the requirements of the Act
  • educating consumers and providers about their rights and responsibilities
  • providing information and education to health service providers about their responsibilities; and
  • monitoring and reviewing trends in complaints data.

Health Records Act 2001

Under the HRA, the HCC’s key functions and decision making powers include:

  • receiving complaints about an act or practice of an organisation that may contravene a HPP, interfere with the privacy of an individual or have an adverse effect on the privacy of an individual
  • giving effect to the resolution of complaint matters by conciliation
  • investigating, conciliating and making decisions about complaints in relation to any interference with privacy under the HRA
  • serving compliance notices on organisations
  • conducting or commissioning audits of records of health information held by an organisation for the purposes of ascertaining whether the records are handled according to the HPPs, and
  • issuing, approving or varying guidelines for the purposes of the Health Privacy Principles (HPPs)

CATEGORIES OF DOCUMENTS

The HCC creates and stores a broad range of documents electronically and in hard copy. These documents include:

  • Policies and procedures
  • Correspondence
  • Reports
  • Briefings
  • Employee records
  • Financial records
  • Training and educational material
  • Images and videos

Documents are organised under the following categories:

  • Administrative
  • Business
  • Training and education
  • Policy
  • Legal
  • Human resources

FREEDOM OF INFORMATION ARRANGEMENTS

The Freedom of Information Act 1982 (FOI Act) provides an individual person the right to request access to documents held by the HCC.

The object of the FOI Act is to extend as far as possible the right of the community to access information in the possession of the Government and other entities constituted under the law of Victoria.

You have a legal right to request access or correction of your personal information held by us under the FOI Act. A request must be made in writing and clearly describe the information or document you are seeking access to. Once we understand what information or document you are seeking, we will process your request and provide you with a decision within the statutory timeframe, being 30 days after the date of your request, or up to 45 days if consultation with third parties is required.

You need to include the application fee ($29.60 from 1 July 2019 to 39 June 2020) or provide evidence of financial hardship (such as a Centrelink concession card) if you are asking for a fee waiver. Further access charges may apply where documents are released under the FOI Act unless hardship applies.

In many instances we will be able to provide you with the information you are seeking without requiring you to make a formal request for access.

Requests under the FOI Act should be:

  • sent to [email protected] if a waiver is sought – copies of documents in support of the waiver request should be also provided; or
  • mailed marked for the attention of ‘The FOI Officer, Health Complaints Commissioner, Level 26, 570 Bourke Street, Melbourne, Vic 3000’ along with a cheque made out to ‘Health Complaints Commissioner’ in the amount of the application fee.

If the requested documents are about your personal affairs, you should also provide us with evidence of your identity (e.g. a certified copy of your current drivers licence or other photographic identification).

PUBLICATIONS

The HCC produces a number of publications which can be accessed and downloaded from our website at: https://hcc.vic.gov.au/resources.

The HCC Service Charter is published at:https://hcc.vic.gov.au/sites/default/files/media/hcc_service_charter_2019.pdf.

RULES, POLICIES AND PROCEDURES

The HCC has a range of policies and procedures that govern its daily operations and support its administrative functions, including policies and procedures around:

  • Conflicts of interest
  • Records management
  • Complaints about the HCC
  • Complaint handling
  • Privacy and confidentiality
  • FOI requests made to the HCC
  • Safety and risk.

The HCC applies policies of the Department of Health and Human Services to the extent they apply.

REPORT LITERATURE

The HCC publishes an annual report each year. These reports can be viewed and downloaded at https://hcc.vic.gov.au/resources/reports.