Privacy Policy

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties. 

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information to facilitate the delivery of healthcare. Access to your personal information is restricted to practice team members who require it for your care. If we ever use your personal information for purposes other than outlined in this document, we will obtain additional consent from you.

It is important to us that as our patient, you understand why we collect and use your personal information. 

By acknowledging this Privacy Policy you consent to us collecting, holding, using, retaining and disclosing your personal information in the manners described below. 

Why we collect, use, store and share your personal information

Our practice collects, uses, stores, and shares your personal information primarily to manage your health safely and effectively. This includes providing healthcare services, managing medical records, and ensuring accurate billing and payments. Additionally, we may utilise your information for internal quality and safety improvement processes such as practice audits, accreditation purposes, and staff training to maintain high-quality service standards.

Kinds of personal information we collect

Information we collect about you includes:

• Personal details (your name, address, date of birth, contact details, race, sex, gender or religion, Medicare number, healthcare identifier, health fund details);

• Your medical information including medical history, medications, allergies, adverse reactions, immunisations, social history, family history, risk factors, diagnostic results and reports.

How we collect personal information

The information held about you is provided either directly by you (via our new patient registration form, via phone, in person, by SMS, letter or email) or a person responsible for you or from third parties which may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, allied health professionals, community health services, hospitals, My Health Record, electronic prescription services, online appointments, Medicare, the Department of Veterans’ Affairs, your health insurer and the Pharmaceutical Benefits Scheme.

We do not use our personal mobile devices for taking clinical photos though we may ask if we can take a photo using your mobile.  

When, why and with whom we share your personal information

We share your personal information for the following purposes:

• For consultations with other doctors and allied health professionals involved in your healthcare,

• To comply with our legal obligations, including, but not limited to court subpoenas, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation,

• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent 

• to assist in locating a missing person 

• to establish, exercise or defend an equitable claim 

• for the purpose of confidential dispute resolution process 

• When it is provision of medical services, through electronic prescribing, My Health Record (e.g. via Shared Health Summary, Event Summary). 

• To liaise with your health fund, government and regulatory bodies, such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) as necessary.

• With third parties for business purposes, such as accreditation agencies or information technology providers

Overseas Disclosure

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Quality of personal information

We take all reasonable steps to ensure personal information collected, used or disclosed is accurate, up-to-date, complete and relevant. 

How your information is used to improve services

The practice may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities with the practice team.

We may provide de-identified data to other organisations to improve population health outcomes. If we provide this information to other organisations, patients cannot be identified from the information we share, the information is secure and is stored within Australia.

Direct marketing

The practice does not engage in direct marketing. 

Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves or of using a pseudonym except where it is impracticable. In medical practices, it is impracticable to deal with patients anonymously or via a pseudonym. 

Document automation technologies used

Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare. Our practice uses document automation technologies through secure medical software to create documents such as referrals, which are sent to other healthcare providers. These documents contain only your relevant medical information. All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the practice team. We do not currently use AI (Artificial Intelligence).

Storage and Security of personal information

Your medical file is handled with the utmost respect for your privacy. All personal information is stored securely on an onsite server with firewall and virus protection. Backups are done daily, taken off site and restored regularly. Electronic communication is via encrypted email unless explicit consent is obtained to use unencrypted email. Our staff members are bound by strict confidentiality requirements. Strict secure storage policies are observed in this practice. All reasonable steps are taken to protect information held from misuse, loss and unauthorised access, modification or disclosure. Your electronic personal information is accessible only by staff of this practice and is protected by strong passwords.

Website

We do not collect personal information about you when you use our website.

Our website contains links to third-party websites that are governed by their own terms of use (including privacy policies). We advise that you satisfy yourself of the personal information handling policies of these before making use of them. 

We use AutoMed, a third party provider, to remind you of appointments, recalls and results. AutoMed needs to store your name, date of birth and mobile to be able to do this. AutoMed stores nothing else. You may opt out of SMS reminders and messages on the AutoMed app or by phoning our surgery. 

Access to and correction of personal information

You have rights of access to and correction of any information we hold concerning you. Should you wish to access or correct this information please ask our reception staff for details on how to do so. We will normally respond to your request within 30 days.

Policy review statement

Our privacy policy is regularly reviewed to ensure compliance with current obligations. Any changes that are made will be reflected on the website. Please check the policy periodically for updates. If you have any questions, feel free to contact us.

Questions or complaints

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to Dr John Carmody. We will make our best endeavor to address complaints within 30 days of receipt of your complaint. If you do not feel we have resolved your issue, you may lodge a written complaint with the NSW Privacy Commissioner Ph: 1800 472 679 or the Office of the Australian Information Commissioner www.oaic.gov.au GPO Box 5218 Sydney NSW 2001 Ph: 1300 363 992.

Reviewed 10th January 2026