The Privacy Act 1988 and the Australian Privacy Principles require our practice to have a document that clearly sets out its policies on handling personal information, including health information.
This document, called a Privacy Policy, outlines how we handle personal information collected (including health information) and how we protect this information.
Our practice has used the privacy policy template available from the RACGP and this has been adapted to reflect how our practice collects and uses personal information.
Our privacy policy is displayed in the waiting room and also on the practice information sheet and practice website and is readily presented to anyone who asks.
Our collection of information statement informs patients about how their personal health information will be used, including by other organisations to which the practice usually discloses patient information to, and any law that requires the particular information to be collected. Patient consent to the handling and sharing of personal patient health information is sought and documented early in the process of clinical care, and patients are made aware of the collection statement when giving consent to share health information.
According to the Privacy Act 1988 and the Australian Privacy Principles, an organisation may use or disclose personal health information for a purpose (the secondary purpose) which is directly related to the primary purpose of collection without seeking consent, but only if the individual would have a reasonable expectation that the information could be used or disclosed for that secondary purpose.
A directly related secondary purpose for the use and disclosure of personal health information in our practice includes the many activities necessary for the provision of a health service, such as management, funding and monitoring, as well as complaint-handling, planning, evaluation and accreditation activities.
It is essential to recognise the importance of ‘reasonable expectation’ as many individuals may be unaware of the range of activities for which their personal health information may be used and disclosed, such as the accreditation processes. Our practice ensures we tell patients how, and for what purpose, personal health information collected about them could be used or disclosed. Patients are advised of this ‘secondary purpose’ in a number of ways, including:
Prior to a patient signing consent to the release of their health information, patients are
made aware they can request a full copy of our privacy policy.
Patient consent for the transfer of health information to other providers or agencies involved in the patient’s healthcare (e.g. treating practitioners and specialists outside the practice) is obtained at the patient’s first visit to our practice through the New Patient Information Form. Once signed, this form is scanned into the patient’s health record and its completion is noted
We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:
Current as of: 01.07.2026
This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.
By providing personal information, you consent to us collecting, using, storing and disclosing your personal information in accordance with this Policy or as required or permitted by law. If you continue using our services, then we will treat your use as your consent to us handling your personal information in accordance with this Policy.
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access. If we need to use your information for anything else, we will seek additional consent from you to do this.
Our practice needs to collect your personal information to provide healthcare services to you and manage your health safely and effectively. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training and internal quality improvement processes).
The information we will collect about you is your Health record and includes:
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. you can contact us from a private number and remainnonymous.
Our practice may collect your personal information in several different ways:
1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
2. During the course of providing medical services, we may collect further personal information. Information may also be collected through real time recording (Telehealth services and transcribing services), electronic transfer of prescriptions (eTP), My Health Record, electronic sharing of health information with other health professionals via Medical Objects and secure messaging services with Queensland Health facilities. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
Various types of images may be collected and used, including:
3. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
We sometimes share your personal information:
Prescriptions (eTP), MyHealth Record/PCEHR system (eg via Shared Health Summary, Event
Summary).
Only people that need to access your information will be able to do so. Other than in thecourse of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent. We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.
The practice may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities with the practice team.
We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. You can let reception staff know if you do not want your information included.
Your personal information will be stored at our practice as electronic records Our practice stores all personal information securely in protected information systems placing passwords, multifactor authenticator and varying access levels on databases to limit accessand protect electronic information from unauthorised interference, access, modification and disclosure. All staff use individual passwords with appropriate level ofaccess to their position, there are signed confidentiality agreements for staff and contractors.
Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare.
The practice uses document automation technologies to create documents such as referrals, which are sent to other healthcare providers. These documents contain only your relevant medical information.
These document automation technologies are used through secure medical software Best
Practice.
All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the practice team.
The practice complies with the Australian privacy legislation and APPs to protect your information.
All data, both electronic and paper are stored and managed in accordance with the Royal Australian College of General Practitioners Privacy and managing health information guidance.
Whilst We do not endorse the use of AI in medical practice, Your Healthcare Practitioners may choose to use artificial intelligence (AI) to assist with consultations and practice efficiencies including to record, transcribe and produce notes of the consultation. Your Healthcare Practitioners are required to use AI responsibly and comply with their professional and ethical obligations.
The use of AI during or in connection with your consultation must only be undertaken with your prior consent. If you elect to provide consent, you do so at your own risk. We do not accept any responsibility or liability relating to the use of AI in or in connection with patient consultations.
If you have any concerns or questions relating to the use of AI in your consultation, you should have a discussion with your Healthcare Practitioner prior to the consultation
The AI scribe uses an audio recording of your consultation to generate a clinical note for your health record. The practice AI scribe service:.
removes sensitive, personal identifying information as part of the transcription The practice will only use data from our digital scribe service to provide healthcare to you.
You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within a reasonable time.
Our practice will takes reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time-to-time, we will ask you to verify your personal information held by our practice is correct and up-to-date. You may also request that we correct or update your information, and you should make such requests in writing.
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure
If you do not feel that we have resolved your issue, you may also contact the OAIC. Generally the OAIC will require you to give them time to respond, before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.
Policy review statement
This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. A Notification of any amendment to this policy will be available at Reception