The InnoWell Platform
Version 3.0 – December 2018
About this policy
We may amend or update this policy when our information collection and handling practices change. If this happens any updates will be published on our web site and we will use our best endeavours to notify you either by email or by posting a notice of the changes in the platform. If you do not agree with the changes you must cease accessing the platform. If you continue to access or use the platform after the changes come into effect, we will assume that you have agreed to them.
What is InnoWell?
InnoWell delivers digital health solutions to promote mental health and wellness and ensure that people receive the right care at the right time. Through research and development, we seek to redesign health systems to better meet the holistic needs of people across their lifespan. We do this by using innovative co-design methodologies to engage all members of the community and integrate input and perspectives from those with a lived experience and insights from the health sector, as well as incorporating research evidence and product design knowledge into our digital solutions. InnoWell is the owner of the InnoWell Platform. More information about InnoWell can be found here https://www.innowell.org/about-innowell/ - about-bio
1. For participants in the InnoWell Platform
What is the InnoWell Platform?
The InnoWell Platform is a customisable digital platform that is designed to assist in assessing, monitoring and managing mental health issues and the maintenance of wellbeing. It does this by collecting your personal information (including sensitive and health information) and by processing and analysing it. Your personal information and the information we create about you through analysis and processing is then made available to both you and your care service provider through the Platform to support your mental health and to promote collaborative care partnerships.
The InnoWell Platform is designed to provide services to you that are suitable for your individual needs as assessed by your care service provider. Because of this, the exact nature of the personal information that the platform collects and handles differs from person to person. All personal information is collected and handled in accordance with the requirements of the Privacy Act 1988 and the APPs. The InnoWell Platform does not of itself provide stand-alone medical or health advice, diagnosis or treatment. It is designed to be used in conjunction with the clinical decisions and care provided by your care service provider.
The InnoWell Platform is considered to be software as a medical device. It is not currently approved as such by the Australian Therapeutic Goods Administration and is currently being provided as part of a clinical trial in accordance with the requirements of the Therapeutic Goods Act 1989.
The InnoWell Platform is only available to people who are lawfully residing in Australia.
What personal information does the InnoWell Platform collect from participants?
The InnoWell Platform collects your personal information in order to provide you with services that assist you and your care service provider to assess, manage and monitor your mental health and wellbeing.
The main way we collect personal information about you is when you provide it to us. For example, when you create an account in the platform, you will be asked to complete an assessment that includes questions about you generally, and about your health and wellbeing in particular. The platform processes and analyses this information to produce personal information that will be displayed on a dashboard according to health domains (for example, physical health, sleep-wake cycle, alcohol use, psychological distress). For each health domain, you will be presented with a variety of care options that you can select from to match your needs. Some of these you can do yourself straight away while others will require you to work with your care service provider. Importantly, it is you that manages your own care options in collaboration with your service provider.
The platform also collects personal information about you from your care service provider. This can include information that relates to your treatment, clinical information and advice and recommendations entered in to your record by your care service provider. This information will also be incorporated in to the dashboard and will be accessible to you.
The InnoWell Platform also collects other categories of your personal information in order to provide services to you. These include:
Identity data – the platform collects personal data when you create an account. This data includes information about your identity (such as full name and email address) and demographics (such as date of birth, gender and socio-economic information);
Self-reported health data – the platform collects data you enter in response to questions about your health when you use it (such as physical health, sleep-wake cycle, alcohol use, psychological distress, medical history);
Care-related data – the platform collects personal care-related data through your care plan. This data includes care options you choose to use alone (such as fact sheets, apps or etools) as well as those agreed between you and your service provider (such as psychological therapies or other clinical interventions); and
Behavioural data – the platform automatically collects behavioural data, including but not limited to, data on location, device (phone, tablet or computer) and usage.
2. What personal information does the InnoWell Platform collect from staff/ contractors of care service providers?
The InnoWell Platform collects information from staff/contractors of care service providers when you are asked to create an account in the InnoWell Platform. The information includes names, email, and professional details and demographics. The main purpose for which we use your personal information is to provide you with the platform’s services.
The following sections apply as relevant to both participants in the InnoWell Platform and for staff/contractors of care service providers.
How does the InnoWell Platform use personal information?
The main purpose for which we use your personal information is to provide you with the platform’s services. For participants, we analyse and process the personal information we collect from you and your care service provider to produce personal information about you that is made available to you within the platform.
We also use personal information for several other related purposes, including:
monitoring and assessing the operation of the platform;
de-identifying your personal information so that it can be used for research purposes by the University of Sydney’s Brain and Mind Centre; and
providing technology and help desk support.
For care service provider staff or contractors, we use your personal information to keep and maintain records of your access to the InnoWell Platform so as to provide you with access to it.
How does the platform disclose your personal information?
For participants, the InnoWell Platform discloses your personal information to your care service provider.
We may also disclose your personal information for purposes permitted by the APPs. These include disclosure:
to third parties at your express request;
where it is necessary to lessen a serious threat to life, health, safety of any individual or to public health or safety and it is unreasonable or impractical for us to obtain your consent; and
if required or authorised by or under an Australian law or a court/ tribunal order or regulatory authority. InnoWell’s policy is that we will not disclose your personal information for such a purpose unless we are legally required to do so, for example by a court order or a law enforcement agency warrant.
For care service provider staff or contractors, we disclose your personal information to the care service provider for account oversight and maintenance purposes.
Maintaining the integrity of your personal information
Some of your personal information that is collected by the platform is entered directly into the platform by you and this always accessible to you when you log in to the InnoWell Platform. If your contact details change, we ask that you update this information promptly.
For participants, for personal information entered by your care service provider, we take steps through training and education as well as platform design to ensure so far as we can that the information they enter is accurate, complete and up to date.
If you wish to correct or amend any of your personal information, please read the information we have provided about access and correction below.
How do we keep your personal information secure?
We take all reasonable steps to protect your personal information from misuse, interference and loss as well as from unauthorised access, modification and disclosure.
Your personal information is stored on computer systems located in Australia. Access to these systems is highly restricted and controlled. Personal information we collect is protected by organisational, physical and logical security measures. Data communications between the platform services are protected by strong encryption. Hence data traffic via the Internet between the platform and the systems is encrypted. Only staff who have a need to access your information to perform a specific task or function are granted access to such information.
Although we take appropriate measures to safeguard the security of your personal information we cannot guarantee its security. To assist in preventing unauthorised use or disclosure of your personal information, you must keep confidential any sign-in information and passwords related to the platform. Further, you can protect the data in the platform on your smart device (phone, tablet or computer) by use of a PIN code to restrict unauthorised access to your smart device. Whenever you have finished using the platform you should log out. You should not leave your device unattended while you access the platform.
In the event of any data breach, we will follow the specific requirements of the Privacy Act 1988 and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and notify you and other affected individuals as appropriate.
How can you access and correct your personal information?
For participants, you can access, view, manage and update your personal information details, consent status, health domains and care options at any time. Simply sign in to the platform to view and update your information via the dashboard or settings menu.
For staff/contractors of service providers you can access, view, manage and update your personal information details, and consent status at any time. Simply sign in to the platform to view and update your information via the settings menu.
If you think that your personal information is inaccurate in the platform, please get in touch by emailing email@example.com and we will take reasonable steps to ensure that it is corrected. In order to protect your personal information we may require identification from you before changing or releasing any requested information.
InnoWell Privacy Officer
Call: +61 2 86276933
Mail: InnoWell Pty Ltd, Shop 1-3, 66-70 Parramatta Road, Camperdown, NSW 2050, Australia
We will quickly acknowledge access or correction requests, or complaints, and use our best endeavours to respond fully within 30 days of receipt of your request.
If you think that we have failed to resolve a complaint satisfactorily or you still have a concern, or would like more information you can contact the Office of the Australian Information Commissioner in any of the following ways:
Call: 1300 363 992
Fax: +61 2 9284 9666
Mail: Office of the Australian Information Commissioner,
GPO Box 5218, Sydney NSW 2001, Australia
(or GPO Box 2999, Canberra ACT 2601, Australia)
How and when is my data deleted?
InnoWell will only keep your personal information about you for as long as is necessary for the purposes of the InnoWell Platform, or as required by law. When your personal information is no longer needed for the purpose for which it was collected, we will take reasonable steps to destroy or permanently de-identify it. However, most of the personal information is or will be stored in client files which will be kept by us for a minimum of 7 years.
We are required by the Privacy Act to notify you and the Office of the Australian Information Commissioner in the event of a serious data breach, for example:
A device containing participants’ personal information is lost or stolen
A database containing personal information is hacked
Personal information is mistakenly provided to the wrong person
Our notification to you will be sent as soon as practicable and will contain:
A description of the data breach
The kinds of information concerned
Recommendations about the steps you should take in response to the data breach.
Last updated: December 2018