Privacy Policy

The Federal Privacy Act Incorporates 10 National Privacy Principles (NPP’s) that set out the rules for the handling of personal information in the private sector. In the interests of providing quality care this medical practice has developed a privacy policy that complies with the privacy legislation and the NPP’s.

The provision of quality health care is our principle concern. It requires a relationship of trust and confidentiality. We regard patient health information as confidential. All information is handled in accordance with the privacy legislation.


It is necessary for us to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes. The database contains the following types of information:

  • Personal details (name, address, date of birth, Medicare Number, health fund details, billing information, etc).
  • Medical information (past medical history, current medical history, family medical history if relevant, current medication if any, results of any tests such as X-rays and blood tests, information from hospitals, information from government health-related departments where relevant, reports from specialists, etc).

Reasonable efforts will be made to discuss these matters with the patient when personal information is collected. Because there will be occasions when it is not practical to make patients aware of these matters at the time of collection, this policy is designed to outline how the practice endeavors to protect the privacy of patient’s personal health information.

Sensitive Information

Health information is “sensitive information” for the purposes of privacy legislation. This means that generally patients’ consent will be sought to collect health information that is necessary to make an accurate diagnosis, prescribe appropriate treatment, and to be proactive in the patient’s health. It is important to note that, in giving information to us the patient implies consent for that information to be both collected and appropriately used.

Use & Disclosure

A patient’s personal health information is used or disclosed for purposes directly related to their health care and in ways that are consistent with a patient’s expectations. In the interests of the highest quality and continuity of health care this may include sharing information with other health care providers who comprise a patient’s medical ‘team’ from time to time.

In addition there are circumstances when information has to be disclosed without patient’s consent, such as:

  • Emergency situations.
  • By law, doctors are sometimes required to disclose information for public interest reasons eg; mandatory reporting of some communicable diseases.
  • It may be necessary to disclose information about a patient to fulfill a medical indemnity insurance obligation.
  • Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.
  • Provision of information to our collection agent for bad-debt recovery purposes.

We may use information to assist with preventative health care, including direct-mailings to patients and patient recall.

There are some necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing, billing, and so forth.

In general, a patient’s health information will not be used for any other purpose without their consent, verbal and/or written.

Data Quality

All patient information held by the practice relevant to the functions of providing health care will be maintained in a form that is accurate, complete, and up-to-date, as far as is reasonably possible.

Data Security

The storage, use and where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. The practice has systems in place that help ensure that data is protected from misuse and unauthorized access. We have procedures for securely destroying any data that is no longer required. It is necessary for medical practices to keep patient information after a patient’s last attendance for as long as required by law or is prudent having regard to the administrative requirements.


The practice has made material available to patients to inform them of policies on management of personal information. On request the practice will let patients know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold, use and disclose that information. This policy is intended to fulfil that function.

Access, Correction & Fees

Patients may request access to their personal health information held by the practice. While not required to give reasons for their request, a patient may be asked to clarify the scope of the request. There are some circumstances in which access may be denied but in such an event, the patient will be advised of the reason.

  • Where necessary, patients will be given the opportunity to amend any personal information held that is incorrect.
  • There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained.
  • A charge will be payable when the practice incurs costs in providing access, including the hourly cost of administrative and medical staff time required to process your access request. Such costs are not covered under Medicare.
  • The practice acknowledges the right of children to privacy of their health information. Based on the professional judgment of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents, or guardians.
  • Upon receipt of a signed written request a patient’s health information held by the practice will be made available to another health service provider.
  • The material over which the doctor has copyright might be subject to conditions that prevent further copying or publication without the author’s express permission.

The following procedure has been developed to ensure that all requests for access are dealt with as fairly and efficiently as possible:

  • All requests for access are required to be lodged in writing and scanned into the patients file.
  • Requests for access will be acknowledged, in writing, within 14 days of receipt of the request.
  • After written application, applicants will be required to complete the standard consent form, and undertake to be bound by the terms of the document.
  • The total time between the receipt of a request for access and the time when access is granted shall not, ordinarily, exceed 30 days. Where it is not possible for access to be granted within 30 days, you will be notified in writing of this and advised when access will be granted. Note that formal access to information held prior to 21 December 2001 (the commencement date of the Privacy Act) may not ordinarily be granted.
  • Where access is refused to your medical file you will be advised in writing of the reasons for refusal, and our Practice Manager may contact you to discuss whether there are any means by which access may be facilitated.
  • You will not be permitted to remove any of the original contents of your medical file from the medical practice, nor will you be permitted to alter or erase information contained in the medical record.
  • Where practicable, a doctor will be present when access is granted to your file so that he or she may go through the contents of your file, and address any concerns that you may have in relation to the information contained within the file. A fee will be payable in advance in relation to this attendance. We advise that a rebate will not be recoverable from Medicare for this service.
  • Should you request copies of any, or all, of the contents of the medical file, fees will be charged for each individual page of the report copy, payable at the time of collection. Any outstanding debts owed to the practice must also be finalised prior to or at the time of collection of the copies.
  • Generally, patients will be required to collect their records in person. However, in some limited circumstances, patients may request that records are provided to another person. This provision will generally only apply where the patient is unable, due to illness or incapacity, to attend the practice in person.
  • If you are to collect a copy of your medical records, or are authorised to collect the record for another person, you will be required to provide photographic identification.


These are the numbers, letters or symbols that are used to identify patients with or without the use of a name (eg; Medicare numbers). We will limit the use of identifiers assigned to patients by “Commonwealth Government Agencies” to those uses necessary to fulfil our obligations to those agencies.


A patient has a right to be dealt with anonymously, provided this is lawful and practicable. However, in the medical context this is not likely to be practicable or possible, for example for Medicare and insurance rebate purposes. It could also be dangerous to the patient’s health.

Trans-Border Data Flows

Individual’s privacy is protected Australia-wide by privacy laws. We will take steps to protect patient privacy if sending information interstate or outside Australia.


It is important to us that patient’s expectations about the way in which we handle information are the same as the practices. Patients should feel free to discuss any concerns, questions or complaints about any issues related to the privacy of their personal information with their doctor.

Privacy Policy Concerns

If a patient is dissatisfied regarding aspects of our Privacy Policy we request that you raise your concerns with us at the Practice in the first instant. If after discussing it with us the Federal Privacy Commissioner handles complaints relating to the Privacy Act 2000.

Further Information

Further information about an individual’s privacy rights can be obtained from the Federal Privacy Commissioner on