Oligo BioLabs (ABN 47 696 999 005), trading as Tora Health, is committed to protecting your privacy. We are a doctor-led telehealth provider, and we handle personal and health information in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) and applicable state and territory health records legislation. A copy of the APPs is available from the Office of the Australian Information Commissioner at www.oaic.gov.au.
What we collect
We collect personal information that is reasonably necessary to provide our services, including your name, date of birth, contact details, address, and payment details. As a healthcare provider we also collect health information, which may include your medical history, current symptoms, medications and allergies, clinical notes from your consultations, pathology and test results, referrals and care plans, consultation metadata, and Medicare or private health fund claim details.
Identifying yourself
Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.
Unsolicited information
From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices. If it is not, and the law permits, we will destroy or de-identify it.
How we use it
We use your personal and health information to deliver telehealth consultations, to assess your suitability for care, to coordinate your treatment with your consent, to manage payments and Medicare or fund claims, to maintain accurate clinical records, and to meet our legal and professional obligations. We may also use your contact details to send service communications related to your care.
Health information and consent
Health information is sensitive information under the Privacy Act. We only collect it with your consent and use it for the primary purpose of providing your care, or for a directly related secondary purpose you would reasonably expect, such as clinical governance and quality improvement. Consultations are conducted by AHPRA-registered doctors, and a prescription is only one possible outcome where it is clinically appropriate.
Disclosure and third parties
We may disclose your information to others involved in your care, with your consent. This can include pathology laboratories that process your tests, and an Australian pharmacy authorised under relevant state and territory pharmacy and medicines laws to dispense any prescription. We may also disclose information to our payment and IT service providers, and where we are required or authorised to do so by law. We require these third parties to handle your information consistently with this policy and the APPs.
Direct marketing
We will only send you marketing communications where you have given express consent. Every marketing message includes a simple way to opt out, and you can withdraw your consent at any time by contacting us. We do not use your health information for marketing or audience targeting.
Cookies and analytics
Our website uses cookies and similar technologies to operate the site, remember your preferences, and understand how the site is used. Because browsing health-related content can reveal sensitive interests, we limit analytics to aggregated, non-identifying insights wherever practicable. You can control cookies through your browser settings, though some parts of the site may not function as intended if cookies are disabled.
Automated tools
We may use software tools to help triage enquiries and organise information. These tools support our clinicians; they do not make clinical decisions. No prescription is issued without review by an AHPRA-registered doctor through a real-time consultation.
Telehealth privacy
Consultations take place by phone or video. We verify your identity before each consultation to keep your information safe. We recommend you take the consultation in a private space. Please tell your doctor if anyone else is present, such as a carer or support person. If telehealth is not suitable for your concern, your doctor may recommend in-person assessment, a GP review, a referral to another doctor, or another pathway, and we will handle any information shared in that process under this policy.
Government identifiers and My Health Record
We collect government healthcare identifiers, such as your Medicare number and Individual Healthcare Identifier, only as permitted by law and for the limited purposes of providing care and processing claims. We will only access or contribute to your My Health Record with your consent and in accordance with the My Health Records Act 2012 (Cth).
Data security and overseas storage
We store your information in systems that reasonably protect it from misuse, loss, and unauthorised access, modification, or disclosure, using measures such as access controls and encryption. Some of our service providers may store or process data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure those recipients handle your information consistently with the APPs.
Retention of records
We retain clinical records for the period required under the health records legislation that applies in your state or territory, calculated from the date of the last entry in your record. When information is no longer required and the law permits, we will securely destroy or de-identify it.
Data breaches
We maintain a data breach response plan. If an eligible data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner within 30 days of becoming aware of the breach, as required under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth).
Access and correction
You may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, or incomplete, subject to limited exceptions. We may ask you to verify your identity before releasing information. To make a request, contact us using the details below.
Complaints and contact
If you have a question or complaint about how we handle your information, please contact us and we will respond promptly. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au.
- Oligo BioLabs
- 2 76 Erindale Rd, Balcatta WA 6021
- [email protected]
- 1800 TORA HEALTH
Updates to this policy
We may update this policy from time to time to reflect changes in our practices or the law. The current version is always available on this page, and the effective date appears at the top.