We are committed to protecting the privacy and confidentiality of the personal information we collect. We handle your information responsibly and in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, relevant cyber security requirements, and all applicable state and territory privacy legislation (collectively referred to as “privacy legislation”).

This Privacy Policy explains:

• what personal information we collect
• how we collect, use and disclose that information
• how you can access and correct your information
• how you can make a privacy complaint
• how we use and govern Artificial Intelligence (AI) tools within our practice

Our Privacy Policy may be updated from time to time. Any changes will be published on our website and made available in our practice.

Why do we collect and hold your personal information?

When you attend our practice for the first time, we ask you to provide personal information, and we obtain your consent to collect this data. This allows our practitioners and staff to access and use your personal information for the purpose of providing healthcare.

We may also need to collect relevant information from previous doctors, hospitals, allied health providers, pathology services or imaging services to ensure we have a complete clinical picture.

We use your information for purposes such as:

• Accurately identifying you
• Assessing your healthcare needs and providing appropriate medical treatment
• Practice administration, including contacting you using the details you provide
• Billing, Medicare, insurance purposes and debt collection
• Coordinating your care with other providers involved in your treatment (e.g., GPs, specialists, hospitals, pharmacy, allied health professionals)
• Managing referrals, medical tests, hospital bookings and receiving results
• De-identified data may be used for teaching, audit and quality improvement
• Contacting you for long-term follow-up if required as part of your care

We will always seek your express consent before using your personal information for any purpose unrelated to your healthcare.

What personal information do we collect?

To deliver safe and high-quality healthcare, we may collect:

• Your name, date of birth, address and contact details
• Medicare card details and concession card information (if applicable)
• Private health fund details (if applicable)
• Details of your usual healthcare providers (e.g., GP, optometrist)
• Your occupation (as it may relate to clinical decision-making)
• Emergency contact or next-of-kin details
• Medical information including your medical history, family history, medications, allergies, social history and other relevant health risk factors

CCTV footage

We use CCTV within our premises for safety and security purposes. CCTV footage may capture identifiable images of patients, visitors and staff

How is your data stored and protected?

We are committed to maintaining the highest standards of data security.

• All staff with access to medical records are bound by strict confidentiality obligations and sign appropriate agreements upon commencement of employment.
• Your records are stored securely in electronic format within Australia.
• Hardcopy documents are scanned into your electronic record and then securely destroyed using an ISO-certified shredding provider.
• Data is backed up frequently and stored securely.
• Access to information is restricted to authorised personnel only.

Use of Artificial Intelligence (AI)

Our practice may use AI technologies to assist with administrative tasks such as drafting correspondence to update your other healthcare providers. AI is not used to make clinical decisions.

Governance of AI Use

• We use AI tools in compliance with the Australian Privacy Principles and relevant ethical standards.
• Personal information is not used to train AI models unless you have provided express written consent.
• All AI-generated content is reviewed and approved by a qualified staff member before use.
• No automated decision-making systems are used in this practice.

How can I access my data and provide updated information?

You have the right to access the personal information we hold about you.

To request access or corrections, please contact our Privacy Officer in writing.
We will respond within 30 days in accordance with privacy legislation.
A small administrative fee may apply for processing access requests (you will not be charged for lodging the request).

What can I do if I have a privacy related complaint?

We take privacy concerns seriously. If you have a question, concern, or complaint about how your personal information is handled, please contact our Practice Manager in the first instance. We will work with you to resolve the issue promptly.

If you are not satisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au