Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:

  • The kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act.
  • How we collect and hold personal information.
  • The purposes for which we collect, hold, use and disclose personal information.
  • How you may access your personal information and seek the correction of that information.
  • How you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint.
  • Whether we are likely to disclose personal information to overseas recipients.

What kinds of personal information do we collect?

The type of information we may collect and hold includes:

  • Your name, address, date of birth, email and contact details.
  • Medicare number and other government identifiers, although we will not use these for the purposes of identifying you in our practice.
  • Other health information about you, including:
    • Notes of your symptoms or diagnosis and the treatment given to you.
    • Your specialist reports and test results.
    • Your appointment and billing details.
    • Your prescriptions and other pharmaceutical purchases.
    • Your healthcare identifier.
    • Any other information about your race, sexuality, or religion, when collected by a health service provider.

How do we collect and hold personal information?

We will generally collect personal information:

  • From you directly when you provide your details to us. This can occur via online forms, registration forms, telephone conversation or videoconference.
  • From a person responsible for you.
  • From third parties where the Privacy Act or other law allows it – this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme.

Why do we collect, hold, use and disclose personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

  • To provide health services to you.
  • To communicate with you in relation to the health service being provided to you.
  • Administrative purposes in running our medical practice, which may include confirmation of your appointment via SMS and email.
  • To help us manage our accounts, administrative services, and for billing purposes including, but not limited to, compliance with Medicare, pursuing unpaid accounts, and management of our ITC systems.
  • For consultations with other doctors and allied health professionals involved in your healthcare.
  • To obtain, analyse and discuss test results from diagnostic and pathology laboratories.
  • If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
  • For electronic transfer of prescriptions service.
  • To liaise with government and regulatory bodies such as Medicare, your Health Fund if needed, and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
  • To comply with our legal obligations, including, but not limited to, mandatory reporting under applicable child protection legislation.
  • Emergency situations whereby medical officers/hospitals may require access to patient notes for treatment purposes.

How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information which we hold about you. There may be some circumstances where access might legitimately be withheld, and an explanation will be given to you in such a circumstance. Time spent preparing medical records to transfer between providers is charged an administration fee, reflective of the practice’s costs. For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’. We will normally respond to your request within 30 days.

How do we hold your personal information?

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification, or disclosure. This includes:

  • Holding your information on secure web-based and mobile App-based platforms that use encryption to keep data private while in transit and at rest.
  • Our staff sign confidentiality agreements.
  • Our practice has document retention and destruction policies.

A medical record containing your personal information will be generated once you have directly provided your details to us. As described above, this can occur via online forms, registration forms, telephone conversation or videoconference. A medical record will be generated starting from the period of assessing suitability for an appointment and if offered an appointment, it will be maintained throughout your treatment. During the period of assessment and ongoing management, information of relevance is recorded in clinical notes. These records are stored securely as described above and may be kept for up to seven years following your last consultation.

Privacy related questions and complaints

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days.

If you are dissatisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992
Fax: +61 2 9284 9666
Post: GPO Box 5218, Sydney NSW 2001
Web: Visit OAIC Website

Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.

We have determined that it is largely impracticable for our practice to deal with patients anonymously or via a pseudonym. The provision of medical services is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impracticable.

Therefore, we require that you use your name and not a pseudonym.

Overseas disclosure

We may disclose your personal information to the following overseas recipients:

  • Any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider).
  • Overseas transcription services (where clinical notes and correspondence letters may be transcribed).
  • As your personal information collected on the web-based and mobile App-based platform that the practice uses may, from time to time, be stored and processed in and transferred between countries abroad in which the platform has service providers or suppliers. Your personal information may be held by the platform’s servers (which are located in Australia) or by the platform’s service providers or suppliers (whose servers may be located in countries abroad).
  • Overseas based cloud storage.
  • Anyone else to whom you authorise us to disclose it.

Updates to this Policy

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice's website.

Privacy and websites

See our Privacy page.

Contact details for privacy related issues

Privacy Officer

Phone: 02 9052 1893
Post: Nourishing Minds Psychiatry, Level 14, 275 Alfred St, North Sydney NSW 2060
Webform: Submit General Enquiry – Please ensure to include "ATTN: Privacy Officer" in the message.