Privacy Policy

Current as of: 2 December 2025

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Staff will only access your personal information if it is necessary to help you maintain your health, or for your care and treatment.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to help you manage your health. We also use it for activities directly related to our practice and business, such as financial and Medicare claims and payments, practice audits and accreditation, processes related to quality, safety, and improvement, as well as business processes (eg staff training).

What personal information do we collect?

The information we will collect about you includes:

  • names, date of birth, addresses, contact details, next of kin to contact in case of an emergency
  • email address to communicate with you about health and practice related matters
  • mobile phone number so we can send you an SMS to confirm appointments and/or otherwise communicate with you (eg for reminders)
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, personal  risk factors, and cultural history.
  • Medicare number (where available) for claiming purposes
  • healthcare identifiers

How do we collect your personal information?

Our practice will collect your personal information:

  • When you make your first appointment our practice staff will collect your personal information.
  • During the course of providing medical services, we may collect further personal information. With your verbal (and/or written) permission, this information may be sourced from other healthcare and pathology providers, hospitals, specialists, allied health providers, pharmacists, as well as your MyHealth record and LinkedeHR records (where applicable). We also use our booking system Automed which also collects information in order to assist you in making appointments and receiving reminders.
  • We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.

In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
  • your health fund, Medicare, or the Department of Veteran’s Affairs (as necessary).
  • your relatives or friends in an emergency


Who do we share your personal information with?

We sometimes share your personal information:

  • third parties who work with our practice for business and quality improvement purposes, such as accreditation agencies, information technology providers, and clinical team members such as allied health providers and non-dispensing pharmacists
  • with other healthcare providers, both within and outside of the practice
  • when it is required or authorised by law (eg court subpoenas)
  • when it is necessary to lessen or prevent a serious threat to a you or another patient’s life, health or safety, or public health or safety, or when it is impractical to obtain your consent
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of confidential dispute resolution processes
  • when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
  • during the course of providing medical services, through Electronic Transfer of Prescriptions (eTP) or electronic prescribing of medications via the Prescription Delivery Service (PDS),  My Health Record system (eg via Shared Health Summary, Event Summary uploads or downloads), and electronic ordering of pathology or radiology.


We use deidentified information both internally and externally for the purpose of quality improvement and population health management. Examples of this include our Primary Health Network and NSW Ministry of Health.

Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

From time to time, we may contact you in relation to your health and the services that we provide.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms. The information is mainly stored electronically and on paper. Information about you is also stored in cloud-based email servers (Office 365). Access to this information is password protected with two-factor authentication security measures, and subject to Australian Privacy Principles (APP).

Our practice stores all personal information securely.

Our practice has a designated person (Dr Vitalis Ihuarulam) with primary responsibility for the practice’s electronic systems, computer security and adherence to protocols as outlined in our Computer Information Security policy. We have confidentiality agreements signed by all staff. To protect and securely store your personal information we use an electronic format in a secured environment that is password protected.

How can you access and correct your personal information at our practice?

You have the right to request access to and correct your personal information.

Our practice acknowledges patients may request access to their medical records. We generally require you to put this request in writing but may (at our discretion) accept your request verbally. Our practice will respond within a reasonable time, which is generally under 30 days. We reserve the right to charge a reasonable administrative fee to provide you with a copy of your records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time-to-time, we will ask you to verify your personal information held by our practice to make sure it is correct and up-to-date. You may also request that we correct or update your information. We cannot, however, delete clinical information, but we can append your corrections.

How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Please contact our Practice Manager at the practice. We aim to have a turnaround timeframe of 30 days.

You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond, before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.

Call: 1300 363 992 Email: enquiries@oaic.gov.au Address: GPO Box 5218 Sydney NSW 2001

Privacy and our website

We do not collect or use any personal information on visitors to our website, through the use of “cookies” or other software or hardware techniques. We look at the number of hits the website receives and keep track of the domains from which this website is accessed. To determine what our users are interested in, we may also look at the frequency of search words used in connecting you to this website.

Policy review statement

This privacy policy will be reviewed from time to time to ensure it is in accordance with privacy legislation and our practice policies. We will put the new privacy policy up on the patient noticeboard after it has been amended.