Privacy Policy

Introduction

This Privacy Policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and When Your Consent is Necessary

When you register as a patient of our practice, you provide consent for our doctors and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why We Collect, Use, Hold and Share Your Personal Details

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).

Definition of a Patient Health Record

Information, held about a patient, in paper form or electronic form, which may include:

• Contact and demographic information
• Medical history
• Notes on treatment
• Observations
• Correspondence
• Investigations and test results
• Photographs
• Prescription records and medication charts
• Insurance and legal information
• Work health and safety reports

What Personal Information We Collect

• Names, date of birth, addresses, contact details
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, and risk factors
• Medicare number (where available) for identification and claiming purposes
• Healthcare identifiers

Dealing with Us Anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

Examples where anonymity may not be practical include:

• When follow-up is required, but details are missing
• When multidisciplinary care requires patient identification
• When safe care cannot be provided without clinical information

How We Collect Your Personal Information

We may collect your personal information in several ways:

• When you make your first appointment and complete registration forms
• During medical services and follow-ups
• Through My Health Record (e.g. Shared Health Summary, Event Summary)
• When you email, SMS, phone, or contact us via online or social media
• From other sources such as guardians, healthcare providers, hospitals, pathology or imaging services, health funds, Medicare, or the Department of Veterans’ Affairs

When, Why, and With Whom We Share Your Personal Details

• With third parties working with our practice (e.g., accreditation agencies, IT providers) who comply with APP and this policy
• With other healthcare providers
• When required or authorised by law (e.g., court subpoena)
• To lessen or prevent a serious threat to health or safety
• To assist in locating a missing person
• For confidential dispute resolution or legal obligations
• During medical services through My Health Record

Only information necessary for the purpose will be disclosed. Referrals are securely sent through Argus, which uses Australian encryption standards for safe information exchange.

We discourage patients from emailing confidential information due to privacy risks. We will not share personal information outside Australia unless legally permitted and with your consent.

We do not use your personal information for marketing without your express consent. You may opt out of any marketing by notifying us in writing.

How We Store and Protect Your Personal Information

Your information is stored securely in our clinical software (Medical Director) and includes electronic and visual records. All staff and contractors sign confidentiality agreements, and systems are password-protected.

Access and Correction of Your Personal Information

You have the right to access and correct your information. Requests must be in writing using our “Request for Health Information” form, and we will respond within 30 days. Fees may apply.

Our practice will take reasonable steps to correct inaccurate or outdated information. From time to time, we may ask you to confirm your information is current.

Privacy-Related Complaints

We take complaints seriously. Please submit any privacy concerns in writing — they will be addressed within 30 days.

Complaints can be emailed or mailed to the following: