The people of Medical Record Exchange work together as an energetic and integrated team to create a positive and supportive environment to deliver quality services
Zedmed MRE is privately owned by the Medical One Group; the largest privately owned Medical Group in Australia employing over 450 Doctors , Nurses and Health Professionals.
Medical One and Zedmed are in the business of Health. For over 6 years Zedmed MRE has been offering a range of professional services to insurers.
Zedmed MRE complies with all Australian Privacy regulations in facilitating requests for medical information and ancillary services.
Our integrated Web Portal is housed in an ISO certified secure environment. Information is encrypted in transfer to ensure your applicants & claimants privacy is maintained. Zedmed MRE offer our clients variable audit checks on information returned including medical review to ensure the quality of information returned to you is correct and relevant.
MRE is committed to treating the personal information we collect in accordance with the Australian Privacy Principles (“APPs”) in the Privacy Act 1988 (Cth) (Privacy Act).
Personal information we collect
For the purpose of this Policy, “personal information” is information or opinion that identifies an individual or information or an opinion which could reasonably identify an individual, regardless of whether the information or opinion is in a material form or not.
MRE may collect a range of personal information, including the individual’s name, address, telephone number, email address, age and date of birth.
MRE may also collect sensitive information about an individual. However, MRE only collects that information with the consent of the individual, in accordance with the Privacy Act. For the purpose of this Policy, “sensitive information” includes information or an opinion about an individual’s health, such as information or an opinion about:
How we collect personal information
MRE generally collects personal information about an individual directly from that individual, unless it is unreasonable or impracticable to do so. Generally, MRE collects information only when it specifically requests that information.
Notwithstanding the foregoing, MRE collects personal information from applicant/claimants Drs, health professionals or from a relevant third party (government agency). This is done in a number of ways, including by email, fax with communication also carried out by phone.
MRE will not collect health information without the express consent (written or digitally provided) of the applicant/claimant provided to us by or on behalf of the applicant/claimant. For example, the consent of the individual may be provided to MRE by the insurer on behalf of the individual.
MRE may also collect personal information (including sensitive information) about an individual from a variety of sources using a variety of means, including:
While MRE generally only collects personal information when it specifically requests that information, from time to time, MRE may receive personal information about an individual on an unsolicited basis. In accordance with its statutory obligations, MRE will determine whether or not MRE could have collected that information lawfully. If MRE determines that it could not have collected the information lawfully, then MRE will promptly destroy or de-identify such information.
In accordance with the APPs, individuals do not need to provide MRE with their personal information and they may interact with MRE on an anonymous or pseudonymous basis. However, where it is impracticable for MRE to deal with individuals who have not identified themselves or who have used a pseudonym, then individuals do not have the option of not identifying themselves or of using a pseudonym when dealing with MRE.
Further, MRE reserves the right to verify an individual’s identity as part of its response to a request to access and/or correct personal information held about an individual, or as part of its complaints-handling process. If MRE is unable to verify an individual’s identity, or the individual continues to engage with MRE in an anonymous or pseudonymous manner, MRE may be unable to satisfy the individual’s request or to complete its complaints-handling process.
Use of personal information
As a general principle, and in accordance with its statutory obligations, MRE only uses or discloses personal information for the primary purpose for which the information was collected or a secondary purpose that is related to the primary purpose for which you would expect MRE to use or disclose the collected information, or as otherwise required or permitted by law (including the APPs).
In the case of sensitive information, MRE only uses or discloses the sensitive information it collects for the primary purpose for which the information was collected or a secondary purpose that is directly related to the primary purpose for which you would expect MRE to use or disclose the collected information, or as otherwise permitted by law (including the APPs).
MRE collects personal information for the purposes of:
MRE will not use your personal information for the purpose of marketing its services or for any other company.
Disclosure of personal information
Generally, MRE does not disclose personal information unless it is required to facilitate MRE’s fulfilment of one or more of the purposes for which the information was collected (or any secondary purpose related to the primary purpose for which MRE may be permitted to disclose such information by law).
MRE may disclose personal information to the following:
MRE may also disclose personal information about an individual when required by law or court order, or other governmental order or process. MRE may disclose personal information where MRE believes (in good faith) that the law compels MRE to disclose the information or where MRE is required to do so as a result of any obligations owed to an individual under any contract.
Personal information may be disclosed if MRE considers it reasonably necessary to do so in order to identify, contact or bring legal action against any third party whom MRE suspects or knows is causing harm to, or interference with the services MRE performs, its information technology systems and equipment, or MRE’s property.
Personal information about individuals MRE has collected may be disclosed to third parties in the event its business and/or assets are sold or offered for sale, at or before the time of a merger, acquisition or sale.
Where MRE engages third parties to provide products and/or services to us, such third parties may have access to personal information MRE holds about individuals. MRE does not authorise those third parties to use any personal information disclosed to or accessed by the third party for any purpose other than to facilitate the completion of its obligations owed to MRE.
Without limiting the foregoing, MRE may disclose individuals’ personal information to its business partners and advisors (such as auditors, financial services or insurance companies) or to its professional advisers (such as its legal and accounting advisers) for them to complete their obligations owed to MRE under agreements that MRE has entered into for the purpose of undertaking or furthering its business operations and activities.
Transfer of personal information overseas
We may store, process or back-up your personal information on servers (including through third party service providers) Note: data stored on servers including third party servers remains within Australia.
Applicants / claimants personal medical information will not be sent outside of Australia with the sole exception being to facilitate the retrieval of the request from a medical practitioner outside of Australia.
Where it becomes necessary for MRE to disclose personal information to a recipient located outside Australia, MRE will comply with its statutory obligations in relation to such disclosure. In particular, wherever it is reasonably practicable, MRE will first seek the consent of the relevant individual to such cross-border disclosure. Where the individual consents to the disclosure, then MRE will be exempt from the requirements of the Privacy Act in relation to the individual’s personal information that is disclosed to an overseas recipient.
You have the right to inform MRE that you do not wish for MRE to send information to you other than for the primary purpose for which the information was collected. MRE will always attempt to ensure that its disclosure of personal information to other organisations is carried out in a manner which does not personally identify individuals, to the extent that it is practicable and lawful to do so.
Security and retention of personal information
MRE takes the security of all personal information in its possession seriously.
MRE takes reasonable steps to protect any personal information that we hold from misuse, interference and loss. MRE also takes reasonable steps to protect it from unauthorised access, modification and disclosure.
The security measures MRE takes include physical security measures (including security passes to enter our offices and storage of files in lockable cabinets), technology security measures (including restriction of access, firewalls, the use of encryption, passwords and digital certificates) and MRE’s staff, contractors and partners are required to undertake privacy and data protection training, as part of their general obligation to respect the confidentiality and privacy of any personal information (including sensitive information) MRE holds.
MRE regularly reviews and updates its physical and data security measures in light of current technologies.
The personal information you provide to MRE will be retained only for as long as reasonably necessary to fulfil the purposes for which the information was collected, as required by law or in accordance with MRE’s documentation retention policies.
Without limiting the foregoing, MRE will only hold sensitive information (including health information) for the minimum period required by law and by its agreements with various health insurers. As soon as practicable following the completion of MRE’s obligations with respect to the disclosure of the sensitive information to the insurers, MRE will take all reasonable steps to destroy or de-identify such information.
Privacy on our websites
MREs website is a secure encrypted website.
MREs website may contain links to third parties' websites, including sites maintained by other parts of the Medical One Group. Those other websites are not subject to MRE’s privacy policies and procedures. You will need to review those websites directly to view a copy of their privacy policies.
MRE does not endorse, approve or recommend the services or products provided on those third party websites.
Quality of the personal information we hold
MRE takes reasonable steps to ensure that the personal information it collects, uses and discloses is accurate, complete and up-to-date. However, the accuracy of the information MRE holds largely depends on the accuracy of the information supplied to MRE or which MRE collects. If at any time you discover that any information MRE holds about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact MRE to correct the information.
Gaining access to personal information we hold
MRE transfers information to its insurance clients as it is received by MRE on a daily basis. A request to access this information would need to be sent to the relevant insurer directly as MRE does not own or control the information beyond retrieving and sending the information from the Medical Practitioner to the Insurer.
Except for such information transferred to MRE’s insurance clients, the individual is entitled at any time (upon request) to access the personal information MRE holds about that individual.
Where MRE receives a request to access the personal information held about an individual, MRE will respond within a reasonable period of time. Unless it is unlawful or impracticable for MRE to do so, MRE will generally provide access to the requested information in the manner requested.
Please note that MRE is entitled, under the APPs, to charge a reasonable administrative fee to cover its costs incurred in providing access to the personal information held about an individual.
Additionally, MRE reserves the right to request information from the individual making the access request in order to verify the identify of the individual making the request, to ensure that MRE is not inadvertently disclosing personal information to an individual not entitled to access such information.
Further, MRE reserves the right to redact the information made available in response to an access request, to protect the privacy of other individuals.
From time to time, MRE may refuse to provide access to the information held about an individual, in accordance with the APPs and the Privacy Act generally. Where MRE refuses access, MRE will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process.
Lodging a complaint and how to contact us
If you wish to make a complaint to MRE about an alleged interference with the privacy of your personal information, the complaint should be made in writing to MRE and addressed to the attention of its privacy officer (details of whom are set out below).
MRE will promptly acknowledge receipt and will endeavour to deal with it and to provide you with a response within a reasonable period of time following receipt (generally within 30 days of receipt).
Where the complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then MRE will endeavour to provide you with progress reports.
MRE reserves the right to verify your identity and to seek (where appropriate or reasonable) further information from you about the circumstances of your complaint.
Where required by law, MRE will provide its determination on your complaint to you in writing.
MRE reserves the right to refuse to investigate or to otherwise deal with a complaint if MRE considers the complaint to be vexatious or frivolous.
If you are not satisfied with the outcome of the complaint, then you may write to MRE seeking an internal review of its decision. Such internal review will be completed by an officer not previously involved in the complaint.
If you still remain dissatisfied following the outcome of MRE’s internal review, then you may escalate the complaint to the Office of the Australian Information Commissioner.
Medical Record Exchange (MRE)
GPO Box 2061, Melbourne Vic 3000
Phone: 1300 933 833
Fax: +61 3 9682 8114