Manage My Care Privacy Policy Statement

Manage My Care Privacy Policy Statement

Read the Manage My Care Privacy Policy Statement (PDF 215KB).

Last Updated: 23 March 2026

1. About this statement

In this Privacy Policy Statement (Policy), ‘we’, ‘us’ or ‘our’ refers to the Western Australian (WA) Health System (Department of Health). 'You' and 'your' refers to both you as a patient Account Holder and you as a patient’s Carer Account Holder.

This Policy sets out how we manage your personal information in connection with your access to Manage My Care (Application).

The Application is an online service which enables patients and their Carers to access certain aspects of their patient records stored and maintained by us and the company contracted to operate the Application on our behalf, NEXA Group Pty Ltd (NEXA).

This Policy contains terms relating to privacy from the Application’s Terms of Use (Terms). It is important to read the Terms in conjunction with the Policy, as the Terms govern the responsibilities and forms the legal agreement between the parties. The Terms also set out definitions of terminology used in this Policy. The Terms are available at https://www.healthywa.wa.gov.au/Managemycare.

2. Definitions

Account Holder means a person with a Manage My Care Account;

Application means the Manage My Care web portal and Application;

Authorised Contact means a Carer listed as a Contact within the Patient Administration System and, if not a minor, has been approved by the patient as being able to link to the patient’s health information profile within the Application;

Carer means a person who provides ongoing care, support and assistance to a person with disability, a chronic illness (which includes mental illness) or who is frail, without receiving a salary or wage for the care they provide;

Contact means a person who is listed on the WA Health System Patient Administration System as a patient’s Next of Kin, Preferred Contact or Other Contact;

Department of Health means the entity within the WA Health System who, on behalf of the State of Western Australia, has contracted NEXA to deliver the Application;

Device means laptops, computers, tablets, smartphones or any other internet enabled equipment used to access the Application that the Account Holder is at all times responsible for;

Health Service Providers means the legal entities within the WA Health System that provide public health services to the local areas and communities;

Linked Manage My Care Account means a Manage My Care account that has been successfully linked to a patient record in the WA Health System Patient Administration System;

Manage My Care Account means an account to access the Application which may or may not be linked to a patient record on the WA Health System Patient Administration System; 

Minor means a person who is younger than 16 years old;

NEXA means NEXA Group Pty Ltd, an Australian company who has been contracted by the WA Health System to develop and deliver the Application; 

Outpatient Direct means the contracted telephone and data processing service that assists WA Health Service Providers to manage outpatient appointments, provides support to Manage My Care Account Holders and processes requests submitted by Manage My Care Account Holders;

Patient means a person who has been, is being, will, or may be provided with healthcare services; 

Patient Administration System means, relevant to the Application, the WA Health System Patient Administration System (webPAS) that stores your public outpatient hospital information;

Personal Information has the meaning given in the Freedom of Information Act 1992 (WA) in the Glossary at Clause 1;

Unique Medical Record Number (U/R) means the unique patient identifier used by all WA Health Service Providers;

WA Health System means the Department of Health, Health Service Providers, and to the extent that contracted health entities provide health services to the State, the contracted health entities.

3. How we collect, use, and disclose your personal information

To fulfil the functions of the Application, we need to collect, use, and disclose personal information. We do this as permitted by the Health Services Act 2016 (WA); and NEXA do this as set out in their Products Privacy Policy, which is available at https://nexa.com.au/privacy-policy/. This may involve us disclosing the personal information that we collect about you to the following parties:

  • Authorised Contacts;
  • NEXA; and
  • The contractor who operates Outpatient Direct (Amplar Health - a business of Medibank Health Solutions Pty Ltd).

    3.1 Linking to a patient record in the Patient Administration System

    If you want to use the Application, you will need to link your Manage My Care Account to your WA Health System patient information. This will require NEXA to collect some personal information to verify your identity, including your U/R, name, and date of birth.

    If you are linking your Manage My Care Account to view the patient information of a patient you care for as their Authorised Contact, NEXA will also collect your name as well as the patient’s U/R, name, and date of birth. This information will only be disclosed to NEXA.

    If you are a Carer and require linking to a patient’s information, NEXA will notify the patient to confirm they authorise you to access their personal information as an Authorised Contact. Further information relating to the access an Account Holder can be permitted over patient information can be found in the Application’s Terms.

    3.2 Information in the Application

    We collect, use, and disclose the following personal information so that you can use the Application:

    Information collected from you – We and NEXA may collect personal information that you voluntarily provided. This could include information such as a request to reschedule an appointment, a request to update your details (e.g. name, address, phone number). Personal notes you make within the Application are stored on the Device and are not collected by us or NEXA.

    Information collected from the Patient Administration System – we will share personal and health-related information from the WA Health System Patient Administration System i.e. your U/R, your details, details of your Contacts, outpatient appointment details (e.g. clinic, appointment time and location) and outpatient referral details (e.g. referrer, triage category, referral priority code) with NEXA.

    Information associated with your Manage My Care Account – NEXA will collect, and store information associated with your Manage My Care Account, including your email address and password. All information collected, stored, and maintained by NEXA is done in accordance with NEXA’s Products Privacy Policy.

    We will retain ownership of all data entered into the Application. However, for the purposes of delivering the Application, NEXA collects, stores, maintains, and shares information about you in accordance with its Products Privacy Policy. No data will be extracted for NEXA marketing or analysis purposes unless under our authority. Your personal information and other data, detailed in Sections 4, 5 and 6, will not be provided to any other parties other than detailed in this Policy, or sold or used for marketing or advertising purposes.

    3.3 Storage and security

    Protection of your personal information is of the utmost importance, and we are committed to keeping it safe and secure. We take significant precautions to protect personal information from misuse or loss, including protection from unauthorised access, modification, or disclosure.

    Personal information will be stored in the NEXA-controlled Amazon Web Services (AWS) Australian private cloud environment. The AWS Data Privacy FAQs describes how AWS stores and secures data and is available at https://aws.amazon.com/compliance/data-privacy-faq/.

    NEXA will maintain control over the content within the AWS environment. The stored data is encrypted using AWS Encryption Keys that are controlled by NEXA, to ensure privacy and data security. AWS is not authorised to use customer content or derive information from it for any other purposes, such as marketing or advertising.

    We ensure us and NEXA have a range of industry standard measures in place to protect information available in the Application including:

  • Strong authentication processes to provide access to authorised users only;
  • Use of encryption protocols which comply with Australian encryption standards;
  • Proactive security measures and rigorous security assurance processes, including regular risk assessments, Vulnerability Assessment and Penetration Testing of the NEXA AWS, and pre-release testing prior to implementation of new system functionality;
  • Educating our employees and contractors on their obligations when handling personal information, including compliance and authentication requirements;
  • Provision of an audit trail for each Manage My Care Account Holder;
  • Established processes to identify and revoke unauthorised access;
  • Strong password management policies that are in line with industry best practice;
  • AWS Data Centres rated above Tier 4 and Defence Level 4 rating;
  • Information is not stored outside of Australia; and
  • Contracted third parties must process personal information in accordance with their obligations under Privacy Act 1988 (Cth).

4. Privacy and confidentiality

We will treat any personal or health information you provide via the Application in accordance with:

  • Health Services Act 2016 (WA)
  • DoH Information Management Policy Framework
  • DoH Information Communication Technology Policy Framework
  • DoH Information Security Policy Framework
  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles (APPs)

5. Data collected if accessing on a mobile Device

When you access the Application via a mobile Device, we may collect certain information automatically, including, but not limited to, the type of mobile Device you use, the unique ID and IP address of your mobile Device, your mobile operating system, the type of mobile Internet browser you use and other statistics.

6. Location information

We may use and store information about your location if you give us permission to do so. We use this information to improve, customise and provide specific features on the Application. At any time, you can enable or disable location services in your mobile Device settings.

7. Cookies

Cookies are files with small amounts of data, which may include an anonymous unique identifier.

We use cookies to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Application. We send a session cookie to your computer when you log in to your account. This type of cookie helps if you visit multiple pages on the Application during the same session, so that you do not need to re-enter your password on each page. Once you log out or close your browser, this cookie expires.

We also use longer-lasting cookies for other purposes such as to display your content and account information. We encode our cookies so that only we can interpret the information stored in them. Users always have the option of disabling cookies via their browser preferences. If you disable cookies on your browser, please note that some parts of the Application may not function as effectively or may be slower.

8. Changes to Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and where necessary, we may notify you by email.

9. Contact Us

We are responsible for ensuring us and NEXA take reasonable steps to ensure the security of your personal information while it is being collected by, stored, or passing through the Application.

If you have any questions about this Policy, please contact us at managemycare@health.wa.gov.au

Last reviewed: 10-05-2023

This publication is provided for education and information purposes only. It is not a substitute for professional medical care. Information about a therapy, service, product or treatment does not imply endorsement and is not intended to replace advice from your healthcare professional. Readers should note that over time currency and completeness of the information may change. All users should seek advice from a qualified healthcare professional for a diagnosis and answers to their medical questions.

Department of Health