top of page
PP - Transparent.png

Privacy Policy

1.  About this Privacy Policy

This Privacy Policy sets out how Vanguard Consulting and Services (ABN 19 133 444 041) (we, us, our) collects, holds, uses and discloses personal information in connection with the Patient Power service (Service), including the website patientpower.com.au (Website).

Patient Power is an Australian service that helps people who have already received a quote for cataract surgery to compare that quote against Patient Power’s view of a reasonable price in their area, and, if they choose, to be referred to a participating ophthalmologist.

We are committed to protecting your privacy. We handle personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act, and the Office of the Australian Information Commissioner’s (OAIC) Guide to Health Privacy. Although Vanguard Consulting and Services Pty Ltd may qualify as a small business operator by annual turnover, the Privacy Act applies to us in full because we provide a health service and hold health information (section 6D(4)(b) of the Privacy Act).

This Policy should be read together with our Terms and Conditions and any collection notice we give you at the point we collect your information.

2.  Who we are and how to contact us

Patient Power is operated by Vanguard Consulting and Health Pty Ltd. Where this Policy refers to “we”, “us” or “our”, it means Vanguard Consulting and Services Pty Ltd trading as Patient Power.

You can contact our Privacy Officer about this Policy, any concerns, or to make a request about your personal information, using the details in section 16 (Contact us).

3.  The information we handle

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Health information is a special category of personal information under the Privacy Act. It includes information about your health or a disability, a health service that has been or will be provided to you, and other personal information collected in connection with providing a health service. Because of the nature of the Service, much of the information we handle is health information, which is treated as sensitive information under the Privacy Act.

3.1  Categories of information we collect

When you use the Service we may collect the following categories of information about you:

  • Identity and contact details — your full name, date of birth, postal or residential address, email address and telephone number.

  • Health information — that you have been diagnosed with, or are being treated for, cataracts; the name of the ophthalmologist who gave you your existing quote; the amount of that quote (including any out-of-pocket component); and any clinical details you choose to share with us to help us arrange a referral.

  • Insurance and funding information — whether you hold private health insurance, the name of your insurer, your level of cover if you tell us, and whether you are currently on a public waiting list.

  • Referral and booking information — the name of the participating ophthalmologist you are referred to, the date of the referral.

  • Correspondence and feedback — emails, chat messages, phone call records, survey responses and any other communications between you and us.

  • Technical and usage information — your IP address, device type, browser type, referring pages, pages viewed, and the date and time of your visits. This is collected through standard web server logs, cookies and similar technologies.

3.2  Children

The Service is intended for adults. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information about a person under 18, please contact us so we can delete it.

3.3  Anonymity and pseudonymity

Under APP 2 you may deal with us anonymously or under a pseudonym where it is lawful and practicable to do so — for example, when browsing the Website or making a general enquiry. However, we cannot arrange a referral to a specialist without your full name, contact details and other information needed by the specialist to provide a health service to you.

4.  How we collect your information

We generally collect personal information directly from you when you:

  • fill in a form on the Website (including the intake form, the price-comparison calculator, or the referral request form);

  • communicate with us by email, telephone, SMS or through the Website chat;

  • respond to a survey after your consultation; or

  • interact with the Website (through cookies and web analytics — see section 13).

 

There may be circumstances where we collect your personal information from someone other than you — for example, from your general practitioner if they use Patient Power to refer you, or from a participating ophthalmologist to confirm an appointment. Where practicable, we will tell you if this has happened and the kinds of information we received.

 

Under APP 3, we will only collect sensitive information (including health information) from you with your consent, unless an exception in the Privacy Act applies (for example, the collection is required or authorised by law, or it is reasonably necessary for us to provide a health service to you under the permitted health situation in section 16B of the Privacy Act). By choosing to use the Service and providing the information requested, you consent to us collecting the health information described in section 3.1.

5.  Why we collect, hold, use and disclose your information

We collect, hold, use and disclose your personal information for the following primary purposes:

  • to verify that you are eligible to use the Service and that you already have an ophthalmology quote;

  • to compare your existing quote against our benchmark understanding of a reasonable price for cataract surgery in your region;

  • to arrange a referral from Patient Power to a participating ophthalmologist who is willing to provide care at or near that benchmark price, if you choose to proceed;

  • to communicate with you about your enquiry, the referral and any follow-up survey;

  • to manage and improve the Service, including handling complaints; and

  • to comply with our legal obligations, including under the Privacy Act and the Notifiable Data Breaches scheme.

 

We may also use or disclose your personal information for a secondary purpose where that purpose is related to the primary purpose (or, for sensitive information, directly related) and you would reasonably expect us to do so, or where another exception in APP 6 applies — including use or disclosure with your consent, or where required or authorised by law.

6.  Who we share your information with

6.1  The participating ophthalmologist (your referral clinician)

If you decide to proceed with a referral and pay the $299 fee, we will pass your personal and health information to the participating ophthalmologist we refer you to, so that the ophthalmologist can contact you, confirm your appointment and provide the health service. This is the core disclosure we make and is the reason you are using the Service.

 

We do not sell your personal information to clinicians. We do not share your identifying personal information with ophthalmologists who you are not being referred to.

6.2  Service providers

We disclose personal information to third parties that help us operate the Service, including:

  • our website and hosting provider, which stores the Website content and form submissions;

  • our email, SMS and telephony providers, which deliver our communications;

  • our analytics and advertising partners (see section 13);

  • our IT, cyber-security, back-up and professional advisers; and

  • our insurers and auditors, where relevant.

We put in place contractual arrangements requiring these providers to handle your information consistently with this Policy and with the Privacy Act.

6.3  Other disclosures

We may also disclose your personal information:

  • with your consent;

  • to your nominated general practitioner where you have asked us to confirm that a referral has been made;

  • to a person or body that is required or authorised by Australian law to receive it, including in response to a subpoena, court order, or a request from a regulator such as the OAIC, AHPRA or the Australian Taxation Office;

  • where we reasonably believe it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety; or

  • where a “permitted general situation” or “permitted health situation” under the Privacy Act applies.

6.4  De-identified pricing data

A central purpose of the Service is to build a better understanding of the true cost of private specialist care in Australia. We may use information about the quote you received and the price ultimately charged by a participating ophthalmologist, together with information from other users, to develop de-identified pricing insights. These insights may be used to:

  • improve our price benchmark and the Service;

  • publish aggregated reports about specialist pricing in Australia (for example, average cataract-surgery out-of-pocket costs by region or insurer); and

  • share aggregated information with participating clinicians, researchers, policy makers, insurers, media and the public.

Before information is used for these pricing-insight purposes, it is de-identified in accordance with section 6 of the Privacy Act and OAIC guidance, meaning it is no longer information about an identified individual or an individual who is reasonably identifiable. We will not publish pricing data in a way that could reasonably identify you or your treating doctor without separate consent.

7.  Direct marketing

From time to time we may use your contact details to send you information about the Service, related health services operated by Vanguard Health, or campaigns about specialist pricing that we think will interest you. We will only do this where APP 7 allows us to, and where required we will ask for your consent before sending you direct marketing about sensitive or health-related matters.

Every direct marketing communication we send will include a simple way to opt out (such as an unsubscribe link). You can also contact us at any time to ask us to stop sending you marketing. We will action your request within a reasonable period and in any event within the timeframes required by the Privacy Act and the Spam Act 2003 (Cth).

8.  How we keep your information accurate and secure

Under APP 10 we take reasonable steps to make sure the personal information we collect, use and disclose is accurate, up to date, complete and relevant. Please let us know if any of your details change so we can update our records.

Under APP 11 we take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include:

  • storing information on secure servers that are physically located in Australia;

  • restricting access to personal information to staff and contractors who need it to perform their role;

  • using encryption in transit (HTTPS/TLS) for information submitted through the Website and sent over our networks;

  • maintaining access controls, audit logs and password management for our systems;

  • training our staff and contractors on their privacy obligations; and

  • having a written data breach response plan.

 

No system can be made completely secure. If you are concerned about the security of a communication with us, please contact our Privacy Officer.

We retain personal information for as long as we reasonably need it for the purposes described in this Policy, or for longer where we are required to do so by law (for example, under tax, health-records or corporate-records laws). When we no longer need it, we will take reasonable steps to destroy or de-identify it in accordance with APP 11.2.

9.  Storage location and overseas disclosure

We store personal information on servers located in Australia. We do not routinely disclose personal information to overseas recipients.

If in future we engage an overseas service provider (for example, a cloud provider based outside Australia), we will update this Policy to disclose the countries in which those recipients are likely to be located, and we will take the steps required by APP 8 before sending any personal information overseas, including putting contractual protections in place and ensuring an equivalent level of protection applies.

10.  Access to and correction of your information

Under APP 12 and APP 13, you have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading.

To make a request, please contact us using the details in section 16. We will ask you to verify your identity before acting on the request. We will respond to access requests within 30 days and will normally provide the information free of charge (although a reasonable cost-recovery fee may apply where the request is very large or complex). If we refuse access or correction, we will tell you why in writing and explain how you can complain.

11.  How to make a privacy complaint

If you believe we have handled your personal information in a way that breaches the Privacy Act, the APPs or this Policy, please make a complaint to us using the details in section 16.

We ask that complaints be made in writing where possible. We will acknowledge your complaint within 7 days and aim to respond substantively within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):

  • Online: www.oaic.gov.au

  • Phone: 1299 363 992

  • Post: GPO Box 5288, Sydney NSW 2001

 

Depending on where you live, you may also be able to complain to your State or Territory privacy or health-complaints regulator (for example, in Queensland the Office of the Information Commissioner or the Office of the Health Ombudsman).

12.  Notifiable data breaches

We are subject to the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act. If we have reasonable grounds to suspect an eligible data breach has occurred, we will assess the situation within 30 days. If we confirm that an eligible data breach has occurred — that is, an unauthorised access to, unauthorised disclosure of, or loss of, personal information that is likely to result in serious harm to one or more individuals — we will:

  • notify affected individuals and the OAIC as soon as practicable;

  • describe the breach, the kinds of information involved and what we recommend you do in response; and

  • take reasonable steps to contain and remediate the breach.

13.  Website, cookies, analytics and chatbot

Our Website uses cookies and similar technologies so that the site works properly, so we can understand how it is used, and so we can serve advertising through Google Ads. Most browsers let you block or delete cookies, but if you do so parts of the Website may not function.

We use Google Analytics to understand traffic patterns. Google Analytics may collect information about your visit, including your IP address (which is truncated where possible), the device you use, and the pages you view. Information collected through Google Analytics is used in an aggregated form.

We also use Google Ads to advertise the Service. Google Ads may use cookies and pixels to measure the effectiveness of our advertising. You can opt out of personalised Google advertising at adssettings.google.com.

If you use the Website chat, the transcript of your conversation (and any personal information you enter into it) will be stored by us and by our chatbot provider in accordance with this Policy.

14.  Payments

14.  Changes to this Policy

We may update this Policy from time to time to reflect changes to the Service, changes in the law or better practice. The current version of the Policy will always be available on the Website, and the “Effective” date at the top will tell you when it last changed. Where the change is material we will take additional steps to bring it to your attention, such as a prominent notice on the Website or, if we hold your email address, an email.

15.  Contact us

If you have a question, request or complaint about this Policy or your personal information, please contact us:

Email: info@patientpower.com.au

Vanguard Consulting and Services Pty Ltd— Patient Power

Appendix A — Plain-English summary

This summary is provided for convenience only. The numbered sections above are the operative policy.

  • Who holds my information? Vanguard Consulting and Health Pty Ltd, which runs Patient Power.

  • What do you collect? Your contact details, that you have cataracts, your existing quote and who it is from, your insurance status.

  • Who do you share it with? Only the ophthalmologist we refer you to — plus our service providers (website host, payment gateway, email, analytics).

  • Do you sell my data? No.

  • What about the pricing data? We combine quote and price information across users after removing anything that could identify you. We use this to sharpen our benchmark, publish reports, and improve the Service.

  • Where is it stored? On servers in Australia.

  • Can I see or fix what you hold? Yes — email info@patientpower.com.au.

  • What if I am unhappy? Contact us first; if we cannot resolve it, you can complain to the OAIC.

bottom of page