Legal

Privacy Policy

How we collect, use, and protect your personal and health information.

Last updated: [Day Month Year]  |  Effective: [Day Month Year]

1. About This Policy

[Business Name] ("[Business Name]", "we", "us", "our") is committed to protecting the privacy of our patients and website visitors. This Privacy Policy explains how we collect, use, hold, and disclose your personal information — including health information — in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the Health Records Act 2001 (Vic) or equivalent state legislation.

Our practice is located at [Street Address], [Suburb] [State] [Postcode], Australia. ABN: [XX XXX XXX XXX]. AHPRA Registration: [Registration Numbers for each practitioner].

By using our website or services, you consent to the collection and use of your personal information as described in this policy. We encourage you to read this document carefully and contact us if you have any questions.

2. What Personal Information We Collect

We may collect the following types of personal information:

  • Contact information — your name, address, email address, and phone number
  • Health information — medical history, presenting condition, diagnosis, treatment records, referral letters, diagnostic results, and progress notes collected in the course of providing healthcare
  • Appointment details — preferred service, date and time preferences, and health fund or Medicare information
  • Billing information — health fund membership details, Medicare number, and payment records (we do not store full payment card details)
  • Communications — messages you send us via our website contact form, email, phone, or social media
  • Technical data — IP address, browser type, device information, and pages visited, collected automatically when you use our website

Health information is classified as sensitive information under the Privacy Act. We handle it with the highest standard of care and only collect what is necessary to provide you with clinical care.

3. How We Collect Personal Information

We collect personal and health information in the following ways:

  • Directly from you — through intake forms (paper or electronic), consultation, phone calls, emails, and our website contact form
  • From your referring practitioner or GP — with your knowledge and consent, via referral letters or clinical reports
  • From other treating health professionals — where you have consented and it is relevant to your care
  • When you visit our website — automatically via cookies and analytics tools (see Section 8)

We will always tell you why we are collecting information and how it will be used before or at the time of collection.

4. Why We Collect Personal Information and How We Use It

We collect and use your personal and health information primarily to:

  • Provide clinical assessment, diagnosis, and treatment
  • Manage appointments, recalls, and follow-up care
  • Process Medicare claims, DVA claims, and health fund rebates via HICAPS
  • Communicate with your referring GP or treating team (with your consent)
  • Prepare clinical reports, certificates, or letters at your request
  • Meet mandatory reporting obligations under relevant legislation
  • Improve our services and website using anonymised analytics data
  • Send appointment reminders or practice updates where you have consented to receive these

We will not use your health information for any secondary purpose without your consent, except where required or permitted by law.

5. Disclosure of Personal Information

We may share your personal or health information with the following parties, only to the extent necessary:

  • Your referring GP or treating practitioners — with your consent, for continuity of care
  • Medicare Australia and health funds — for the purposes of processing claims and rebates
  • WorkCover, DVA, or TAC — where you have a claim and have consented to the disclosure
  • Form processing services — we use Formspree (formspree.io) to receive website enquiries. Formspree receives submitted form data and forwards it to our inbox. Their privacy policy is available at formspree.io/legal/privacy-policy.
  • Practice management software — we use [Software Name, e.g. Cliniko / Nookal / HotDoc] to store clinical records securely. Their privacy policies govern their handling of data.
  • Legal and compliance authorities — where required by law, a court order, or AHPRA regulatory requirement
  • Professional advisors — accountants, lawyers, or insurers, subject to confidentiality obligations

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

6. Health Records and Clinical Notes

Clinical records created during your treatment are stored securely in our practice management system. These records are retained in accordance with AHPRA registration standards and relevant state legislation — typically a minimum of seven years from the date of last entry for adult patients, and until the patient reaches the age of 25 for patients who are minors.

You have the right to request access to your health records. We will generally provide access within a reasonable timeframe. In limited circumstances, access may be declined — for example, if providing access would pose a serious threat to your health or safety or the health or safety of another person. If we decline, we will explain why in writing.

If you transfer your care to another practitioner, we will provide a clinical summary or your records as appropriate, subject to any applicable fees for photocopying or preparation.

7. Direct Marketing

We may use your contact details to send appointment reminders, recalls, or practice newsletters where you have consented to receive them. You can opt out of marketing communications at any time by:

Appointment reminders and clinically relevant communications are not considered direct marketing and may continue regardless of your marketing preferences.

8. Storage and Security

We take the security of your personal and health information seriously. Our safeguards include:

  • Clinical records stored in a password-protected, cloud-based practice management system with role-based access controls
  • Physical records (where applicable) stored in locked filing cabinets accessible only to authorised staff
  • Staff trained in privacy obligations and bound by confidentiality agreements
  • Secure, encrypted email for transmission of clinical information
  • Regular software updates and security reviews

Despite these measures, no method of electronic storage is completely secure. If you have concerns about the security of your information, please contact us.

When information is no longer required and its retention period has expired, we will destroy or de-identify it securely.

9. Cookies and Website Analytics

Our website may use cookies to improve your browsing experience. We may also use Google Analytics or a similar service to understand how visitors use our site. This data is anonymised and does not personally identify you. Google's privacy policy is available at policies.google.com/privacy.

You can disable cookies through your browser settings at any time. Doing so may affect the functionality of some parts of our website.

10. Access and Correction

Under the Australian Privacy Principles, you have the right to:

  • Request access to the personal and health information we hold about you
  • Request corrections if that information is inaccurate, out of date, incomplete, or misleading

To make a request, please contact us using the details in Section 12. We will respond within a reasonable timeframe (generally [30] days). We may ask you to verify your identity before granting access. We do not charge a fee for making an access or correction request, though a reasonable fee may apply for the cost of providing access in some circumstances.

11. Privacy Complaints

If you believe we have breached the Australian Privacy Principles or your health information rights, please contact us directly in the first instance. We take all privacy concerns seriously and will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

  • Office of the Australian Information Commissioner (OAIC)www.oaic.gov.au · Phone: 1300 363 992
  • AHPRA (for concerns about a registered practitioner's conduct) — www.ahpra.gov.au
  • [State] Health Complaints Commissioner — [e.g. Health Complaints Commissioner Victoria: hcc.vic.gov.au]

12. Contact Us

For any questions, requests, or complaints about this Privacy Policy or how we handle your information, please contact our Privacy Officer:

  • Business name: [Business Name]
  • Privacy Officer: [Name / Position, e.g. Practice Manager]
  • Address: [Street Address], [Suburb] [State] [Postcode], Australia
  • Phone: [Phone Number]
  • Email: [EmailAddress]

This Privacy Policy may be updated from time to time to reflect changes in our practices or applicable legislation. The current version will always be available on this page with the date it was last revised.

Questions About Your Privacy?

We're happy to talk through anything in this policy. Call us or send a message.

Contact Us Book an Appointment