Empowered Health Analytics Privacy Policy

Empowered Health Analytics is data science and analytics company which aims to provide health care organisations (both payers and providers) with analytical products, services and insights to enable improved decision making, drive better outcomes for business, patients and the broader industry and leverage off complex client and publicly available data to drive analytically based decision-making processes.

 

Our goal is to enable all our clients with the best data, in a format that is meaningful and insightful, to allow for executive and operational managers to make decisions based on actionable insights and information tailored to their needs.

This Privacy Policy (Policy) relates to Empowered Health Analytics (ACN 681 570 436). Its purpose is to describe how we collect and use data, including any personal information in the course of our business and through our website, and to show how we comply with applicable privacy laws.

 

We are committed to protecting individuals’ privacy, and any information collected by us is done by lawful and fair means in accordance with this Policy. If you have any questions regarding the contents of this Policy or how we handle your data, we invite you to contact us.

 

This Policy does not apply to our clients, partners or other third parties. Each client and partner of EHA is responsible for providing and complying with its own privacy policy and complying with all privacy and data protection laws applicable to them. Please refer to the privacy policy, statement or notice of the entities with whom you engage, or whose internet sites, mobile applications and other online services you access, to learn how they collect and use information.

Any time we use the term “personal information” or “sensitive information” in this Policy, we are referring to the Australian legal definition of that term. That is: •

 

• ‘Personal information’ is information or an opinion about an individual who is identified or is reasonably identifiable, whether or not it is true; and

• ‘Sensitive information’ includes information or an opinion about an individual’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional association, trade association or a trade union, sexual orientation and sex life, criminal record, and certain biometric data. Sensitive Information also includes health and genetic information about an individual.

EHA works with a range of clients in the health care industry. Examples include research organisations, private hospital providers, private health insurers, other health providers, public health networks and other government agencies.

 

Our core business involves the provision of data analytics and consulting services to our clients where we primarily use our client’s own data in combination with other publicly available data. Where EHA receives data from a client into its own systems, EHA implements rigid technical standards and operational policies to protect and secure this data. It remains EHA’s client’s responsibility to ensure they have obtained the appropriate permissions and consents before disclosing any data to EHA.

 

Where data relates to individuals, EHA does not store or consume any personally identifiable information and manages this through its ingestion process and procedures. EHA only accepts data from clients in agreed formats. Where these formats include PII, EHA provides clients with local tools and scripts to cleanse this information from data files prior to submitting to EHA. To safe guard against inadvertent receipt of PII, EHA conducts secondary cleanses of these data files to ensure all PII has been correctly removed and cleansed. This ensures that EHA does not store or hold individual PII data. It remains EHA’s client’s responsibility to ensure all data is cleansed of PII prior to transmission to EHA.   

 

In exceptional circumstances, where EHA may agree to work on client engagements that involve analysis of personal information held by our clients, we ensure that such work is done in accordance with strict protocols and safeguards to comply with relevant privacy and data protection laws, and to mitigate associated risks. Where these engagements require that EHA store customer PII data from clients, this data will be stored in isolated data environments from our de-identified data and will have additional safeguards, protocol and controls in place to reduce the risk associated with a data breach of this data. At the completion such an engagement, EHA will destroy all associated data containing PII.

 

Should EHA become aware that it has received any personal information from a client in error (including where any information we receive from our client can re-identify an individual), EHA will notify the client within 24 hours and will promptly delete such information.