Precedence’s Coordinated Care Platform, cdmNet, is a cloud-based network of digital health and wellness services, including MediTracker mobile application services. A description of the cdmNet online service is set out on the Precedence website, http://precedencehealthcare.com/cdmnet/
Personal information which may be accessible via cdmNet embraces:
- contact details and other registration information provided by medical practitioners and other healthcare providers;
- medical histories and contact details of patients; and
- contact details for guardians and carers of some patients.
Personal information provided by cdmNet users is stored in a secure database and managed by Precedence. This information may be sourced in a number of ways. The information may be provided by:
- a medical practitioner or other healthcare provider registered in cdmNet, or someone acting on their behalf; or
- directly by the patient, or a guardian acting on the patient’s behalf.
Precedence cannot verify and does not take responsibility for identifying persons entering information into cdmNet, nor can it verify or take responsibility for the accuracy of such information. cdmNet is a tool, or intermediary, enabling patient information to be accessed by the patient and to be shared between medical practitioners and other healthcare providers. It is necessarily dependent upon the quality and integrity of input. Users are required to acknowledge this feature at the time of registration.
Personal information stored in the cdmNet database is handled by Precedence in accordance with the requirements of the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic) and any other privacy, data protection or medical records legislation which may be applicable in particular circumstances.
Personal information is collected from medical practitioners and other healthcare providers when they register to use the service.
A patient is required to provide informed consent for the collection and sharing of their health information and for the creation and electronic storage of their record in cdmNet. This is a verbal consent given to the healthcare provider and recorded electronically in cdmNet. In addition, consent is requested (but not required) for the use of de-identified data for the purposes of conducting research and assisting in the management of health services.
The following additional information is available from the cdmNet website:
- cdmNet Privacy FAQ http://precedencehealthcare.com/cdmnet/help/faqs/faqprivacy/
- Informed Consent: How cdmNet Collects and Shares Health Information http://precedencehealthcare.com/docs/cdmnet/help/privacy/Informed%20Consent.pdf
Personal information may be accessed by a patient’s medical practitioner, other members of the medical practitioner’s practice (as authorised by the patient’s medical practitioner), the patient’s care team and possibly some hospitals and emergency services for the purpose of providing health care. Personal Information can also be accessed by the patient. Otherwise, the only persons with incidental access to the cdmNet database will be technical personnel who may be involved with Precedence’s host website or who are engaged to maintain Precedence’s web-based health tools and to provide other customer services. To the extent that such consultants may have limited access to any personal information in the cdmNet database, they are required to provide an undertaking to comply with the terms of this privacy policy and other internal privacy protection procedures, as well as give an undertaking to limit their access to the minimum extent necessary for the performance of their obligations.
All information in the cdmNet database is protected by logical, physical and operational security measures of high commercial standard and the data storage facility is professionally managed.
Precedence has implemented appropriate technology and security policies, rules and other measures to protect personal information in the database from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss.
Account information is located on a secured server in an accredited Australian facility behind a firewall. When sensitive information is entered, it is encrypted using Secure Socket Layer (SSL) technology.
Precedence’s security policy and practices are regularly reviewed and updated. They are subject to audit procedures by suitably qualified external organisations.
Where it is lawful and practicable to do so, individuals may remain anonymous or use a pseudonym, but Precedence cannot accept responsibility for any loss or damage suffered by the individual as a consequence.
The cdmNet system uses per-session cookies to identify a user’s browser during the time that the user is logged into cdmNet. By temporarily storing this cookie on the user’s computer, Precedence avoids having to re-authenticate the user on every secure page each time the user visits the cdmNet site. The cookie is deleted when the user logs out of cdmNet and does not contain any personally identifiable information. If a user’s browser is set to disallow per-session cookies, or if the user rejects the cookie, it will not be possible to use the relevant websites.
Although it is intended that all information entered into cdmNet will be retained in the cdmNet database for at least as long as is minimally required for healthcare purposes, there may be unforeseen or unanticipated occasions when this may not occur. For example, there may be a technical reason the data is not saved, such as internet connectivity failure prior to saving. Users are encouraged to review their data inputs to confirm that the information has been properly saved in the database for future retrieval.