1. Introduction
This Privacy Policy explains how we collect, use, disclose and protect your personal and health information in accordance with the Health Records and Information Privacy Act 2002 (NSW), the Privacy Act 1988 (Cth), and the Australian Privacy Principles (APPs). We also comply with the Notifiable Data Breaches Scheme under the Privacy Act 1988 (Cth).
2. Definitions
· Personal information: information about you where your identity is reasonably identifiable.
· Health information: personal information about your physical or mental health, disability, medical history, or health services provided.
· Sensitive information: includes health information as well as details such as racial or ethnic origin, sexual orientation, or religious beliefs.
3. Collection of Information
· We collect personal and health information such as your name, address, date of birth, contact details, Medicare number, DVA number, private health fund details, medical history, treatment plans, referrals, and test results.
· We collect this directly from you or from third parties (such as your GP, specialists, hospitals, pathology/radiology providers) if needed for your care.
· We only collect what is reasonably necessary to provide healthcare services (APP 3, HPP 1).
4. Use and Disclosure of Information
· Provide medical treatment and manage your care
· Communicate with other treating health professionals
· Manage practice operations and meet legal obligations
· Process claims with Medicare, DVA, private health insurers, or workers’ compensation bodies
· Contact you about appointments, results, follow-up care, or other relevant matters
· Use secure third-party services under strict confidentiality agreements
· We will not use or disclose your information for any other purpose without consent unless required or authorised by law (APP 6, HPP 10 & 11).
5. Electronic Communications
· If you provide an email address or mobile number, we may contact you via SMS or email.
· While we take steps to secure these communications, there are inherent risks.
· You can opt out at any time.
6. Data Storage and Security
· We store your information securely in our practice management system and physical files (where applicable).
· We take reasonable steps to protect your data from misuse, interference, loss, unauthorised access, modification, or disclosure (APP 11, HPP 5).
· Records are retained for at least 7 years from your last visit (or until 25 years of age for minors) before secure destruction.
7. Mandatory Data Breach Notification
If your information is involved in a breach likely to cause serious harm, we will notify you and the OAIC as required under the Notifiable Data Breaches Scheme.
8. Access and Correction
· You may request access to your information and request corrections if inaccurate, incomplete, or out of date (APP 12 & 13, HPP 6 & 7).
· Requests should be in writing to our Practice Manager.
9. Disclosure to Third Parties
· Other treating health professionals
· Hospitals and day surgery facilities
· Medicare, DVA, private health insurers, and workers’ compensation bodies
· Legal representatives, insurers, or government bodies for legal matters
· Regulatory authorities when required by law
· We do not send your information overseas without written consent, unless permitted by law (APP 8).
10. Your Consent and Responsibilities
· By attending our practice, you consent to the collection and use of your information as outlined.
· You are responsible for advising us if your contact or personal details change.
11. Complaints
· If you have concerns about your privacy, contact our Practice Manager.
· If unresolved, you may contact:
· NSW Information and Privacy Commission – www.ipc.nsw.gov.au / 1800 472 679
· Office of the Australian Information Commissioner – www.oaic.gov.au / 1300 363 992
12. Contact Us
· For questions about this policy or your information, please contact:
· Contact our Practice Manager
· If unresolved, contact: NSW Information and Privacy Commission – 1800 472 679
· Office of the Australian Information Commissioner – 1300 363 992