Legal and Privacy Policy

Introduction

Medi Elves Pty Ltd (“Medi Elves,” “we,” “us,” “our”) is committed to protecting the privacy, confidentiality, and security of your personal and health information in full compliance with the Australian Privacy Act 1988, including the Australian Privacy Principles (APPs), the Health Records and Information Privacy Act 2002 (HRIP Act) where applicable, the US HIPAA Privacy Rule (for international clients and partners), and the Security of Electronic Transactions Act 2000 (SETA). This Legal and Privacy Policy explains how we collect, use, disclose, secure, and retain your information when you use our medical billing services and website.

Information We Collect

To provide expert medical billing services, we collect the following categories of personal and health information:

  • Identity Details: Full name, date of birth, Medicare number, DVA/TAC identifiers.
  • Contact Details: Email, phone number, postal address.
  • Health Information: Clinical billing details, treatment codes, practitioner notes, appointment dates, procedure descriptions necessary for claim submission.
  • Financial Data: Bank account information, billing statements, payment history.
  • Technical and Usage Data: IP addresses, device details, cookies, and browsing behavior on our website for service improvement.

Purpose of Collection and Use

We collect and process your data strictly for:

  • Medical Billing and Claims Processing: Submission, tracking, and reconciliation of claims with Medicare, DVA, TAC, private health insurers, and other payers.
  • Client Communication: Handling inquiries, support requests, appointment scheduling, and feedback.
  • Compliance: Fulfilling our obligations under Australian health laws, Medicare rules, taxation legislation, and international privacy regulations where applicable.
  • Service Enhancement: Website analytics, security improvements, fraud detection, and personalized client experiences.
  • Legal Obligations: Reporting, audit, and dispute resolution as required by law.

Legal Basis for Processing

Under the Privacy Act and APPs, we process your information based on:

  • Your informed consent, particularly for sensitive health information.
  • Compliance with legal or contractual obligations.
  • Legitimate interests in providing and improving our billing services.

Disclosure of Information

Medi Elves will only disclose your personal and health information to:

  • Authorized Third Parties: Medicare, DVA, TAC, private insurers, and approved medical billing software providers bound by confidentiality agreements.
  • Service Providers: Payment processors and IT service companies under strict data protection contracts.
  • Legal and Regulatory Authorities: Where required by legislation or court orders.
  • Other Entities: Only with your explicit, informed consent.

We strictly prohibit the sale or unauthorized sharing of your data.

Data Retention and Security

  • Data Retention: We retain your personal and billing data only as long as required by relevant health, taxation, and commercial legislation or as necessary for the purposes described above.
  • Data Security: We implement advanced security controls, including AES-256 encryption of data at rest, TLS encryption in transit, multi-factor authentication, secure firewalls, intrusion detection systems, and routine vulnerability assessments.
  • Access Controls: Role-based access limits ensure only authorized personnel with a legitimate business need can access your information.
  • Data Breach Response: In compliance with APP 11 and HIPAA Security Rule, we have a documented incident response plan that includes timely notification to affected individuals and regulators where required.

Cross-Border Data Transfers

If your data is transferred outside Australia, we ensure it is protected by equivalent safeguards consistent with APP 8 and HIPAA standards, including binding corporate rules or contractual clauses.

Your Rights and Choices

You have the right to:

  • Request access to your personal and health information held by us.
  • Correct or update inaccurate, incomplete, or outdated information.
  • Request deletion or restriction of processing, where legally permissible.
  • Withdraw consent for any direct marketing or non-essential processing activities.
  • Complain to Medi Elves or the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

 

 

Contact

For privacy inquiries, data access requests, complaints, or exercising your rights, please contact our Privacy Officer via email:
admin@medielves.com.au