Teladoc Health Australia and New Zealand Privacy Policy – Hospital and Health Systems

Teladoc Health Australia Pty Ltd (“Teladoc Health” or “we” or “us” or “our”) respects the privacy of all who engage with our platforms, services and tools (collectively, the “Services”). Teladoc Health is committed to handling your personal information in line with privacy laws including the Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020 and other applicable privacy laws (collectively “Applicable Law”), and complying with all our contractual requirements concerning privacy and confidentiality (“Privacy Requirements”). 

The purpose of this Australia and New Zealand Privacy Policy (“Policy”) is to outline the handling of personal information including sensitive personal information (“Personal Information”) for its Australia and New Zealand based Hospital and Health Systems. 

Hospital and Health Systems enables virtual care to be delivered for hospitals and health systems. The enterprise virtual care platform and devices provide care to individuals across the entire continuum of care, from low acuity on-demand care to high acuity inpatient care.

What types of Personal Information is collected

The type and volume of Personal Information we collect depends on how the customer chooses to share data with us. 

• To the extent necessary, we collect the following Personal Information: demographic information, including name, address, phone number, date of birth, email address, username, answer to challenge questions.

The Hospital and Health Systems can also choose to collect Sensitive Personal Information. The types of Sensitive Personal Information we collect varies depending on the customer’s solution and may include:

• Health information including medical history, treatment records, diagnostic testing, diagnostic imaging such as X-rays and CT scans, and pathology samples;
• Sexual orientation or practices;
• Ethnic or racial origin.

How we collect Personal Information

We collect Personal Information from the hospital or healthcare organisation using our virtual care services.

How we use or disclose your Personal Information

Uses and Disclosures for Hospitals and Health Services

Teladoc Health uses Personal Information as necessary to deliver virtual care services. The Hospital and Health Systems processes the Personal Information we collect to deliver our virtual care services.  

Uses and Disclosures for Management and Administrative Purposes

Additionally, to the extent necessary to facilitate and/or perform virtual care services for Hospital and Health Systems, we will use and disclose Personal Information as necessary for our own management and administration purposes. These activities include:

• Information security and privacy compliance;
• Maintaining information technology systems.

Disclosures to Subcontractors

Teladoc Health may use trusted third parties, including contractors and service providers (“Subcontractors”) to help:

• Provide healthcare services;
• Host and administer our information technology systems.

Before disclosure of any Personal Information to a Subcontractor, Teladoc Health undertakes a robust due diligence process and enters into an agreement with the Subcontractor that provides privacy and security of Personal Information. These agreements require that all Personal Information held by the Subcontractor is either securely destroyed or returned to Teladoc Health when the agreement expires or is terminated. 

Disclosures Required by Law and for Public Policy

Under certain circumstances, Teladoc Health may use and disclose Personal Information as required by law for the following purposes:

• As necessary for public health activities (such as public health reporting, child abuse reporting, notification of exposure to disease or condition);
• To report victims of abuse, neglect or domestic violence;
• For health oversight activities;
• For judicial and administrative proceedings;
• To law enforcement officials; and
• To lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

Depending on the type of data disclosure and solution, the system and process might vary. Teladoc Health works with the customer to support data disclosure requests and/or comply with customer requirements.

Other Uses and Disclosures

Teladoc Health will not use or disclosure any Personal Information (other than what has been listed above) without first obtaining authorisation from the individual. Teladoc Health makes reasonable efforts to limit the use, disclosure or request of Personal Information to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. 

Teladoc Health does not sell Personal Information. 

International Data Transfer

Teladoc Health stores all personal Information on servers and information technology systems located in Australia. The exception to this is Personal Information from registered users (i.e., healthcare professionals), which are stored in the Fleet Management System (FMS) in the United States of America (USA). The user data housed in the FMS includes usernames, email addresses, user specialties and other basic demographic information. 

Teladoc Health’s parent company and other subsidiaries (“Affiliates”) are also located outside of Australia and New Zealand (ANZ). Some administrative and management functions that involve the use of Personal Information may take place at an Affiliate located outside of ANZ. The functions these Affiliates perform include legal, privacy and security, information technology management, and business management functions.      

As such, Teladoc Health might, depending on the Hospital and Health Systems, transfer Personal Information outside of ANZ. The information will be protected to an equivalent standard as it would be in ANZ. 

How we protect your Personal Information

Teladoc Health maintains a robust information security program. We have appropriate technical and organisational measures in place to protect Personal Information against unauthorised use or disclosure, damage or destruction. Such measures include but are not limited to:

• Training staff on protecting Personal Information;
• Disposing of personal information in a secure manner;
• Ensuring the physical security of the premises where Personal Information is processed;
• Signing confidentiality agreements with employees, Subcontractors and clients;
• Using effective password protection;
• Encrypting or password protecting emails and other communications containing sensitive Personal Information;
• Implementing a disaster recovery plan, that includes making backups of personal data;
• Undertaking regular data security audits to detect errors and implement improvements; and
• Retaining Personal Information for the amount of time needed to meet legal and compliance requirements:
• Variable periods of time for Hospital and Health Systems according to contractual terms and as advised by a hospital or healthcare organisation.

How to access or correct your Personal Information

Individuals have the right to obtain a copy of the Personal Information that Teladoc Health holds about them or to amend the Personal Information. Requests to access or amend the information must be in writing and sent to this email address: privacy@teladochealth.com

When an individual requests access to their Personal Information, Teladoc Health takes reasonable steps to verify the identity of the requestor. We verify identity in several ways, including asking a series of questions or asking for a copy of a driver’s license or other identity document.

How to ask a question, make a complaint or find out more information  

All individuals have the right to file a complaint with Teladoc Health or ask questions regarding our privacy practices. All complaints and questions must be sent to Teladoc Health via this email address: privacy@teladochealth.com

If you feel your request or complaint has not been adequately addressed by Teladoc Health, you can contact the privacy regulator in Australia or New Zealand by using the contact details below. 

Office of Australian Information Commissioner contact details:

• Email: enquiries@oaic.gov.au
• Phone: 1800 620 241
• Web: https://www.oaic.gov.au

Office of the Privacy Commissioner (New Zealand) contact details:

• Email: enquiries@privacy.org.nz
• Phone: 0800 803 909
• Web: https://www.privacy.org.nz/

Last updated: 22 January 2025