Privacy Policy


Privacy Policy

Introduction

We are committed to protecting the privacy of patient information we collect and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, cyber security legislation and relevant state and territory privacy legislation (referred to as privacy legislation).


This Privacy Policy explains how we collect, use and disclose your personal information (which includes your health information), how you may access that information and how you may seek the correction of any information and the circumstances in which we may share it with third parties. It also explains how you may make a complaint if you are concerned there has been a breach of privacy legislation. From time to time we may make changes to our policy, processes and systems relating to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice. This Privacy Policy also addresses the responsible use of Artificial Intelligence (AI) technologies within our practice.


Why and when your consent is necessary

When you first attend the practice, we will ask you to provide information (for example, contact details).This means that you are providing consent for the practitioners and staff to gather, access and use your personal health information to facilitate the delivery of healthcare to you. Your personal information will only be accessed by practitioners and staff who need to do so for the purpose providing healthcare to you. We will seek your express consent before using your information for any purpose not directly related to your healthcare.


Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training). We primarily collect information directly from patients. In certain circumstances, and with appropriate authority, we may also obtain information from third parties such as other treating practitioners, hospitals, or diagnostic service providers and the My Health Record. In limited situations, we may also collect information from other people, such as your relatives or friends.


CCTV footage: Collected from our premises for security and safety purposes.


Clinical images: From time to time, we may also take photographs or images with your consent obtained at the time, including on a personal device.


Website use: When you visit our website, we collect information through [cookies, tracking technologies or list other technologies you are using here]. This information is used for personal information, as you will be identified or reasonably identifiable, and this information will be treated as personal information under the Privacy Act 1988 (Cth).


What personal information do we collect?

The information we will collect about you includes your:

  • names, date of birth, addresses, contact details
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details.
  • information generated or processed through AI-enabled tools used in clinical or administrative contexts


Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. 


How do we collect your personal information?

Our practice may collect your personal information in several different ways.

  1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
  2. During the course of providing medical services, we may collect further personal information. Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record, eg via Shared Health Summary, Event Summary. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
  3. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
  • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
  • Through AI scribes used at the practice
  • Through Third party integrated tools (Better Consult. Automed Booking systems)
  • Through questionnaires on patient feedback
  • In any preventative health measures or questionnaires initiated by the nurse or GP (Health assessments, Epworth sleepiness scale, Sarc-F, Mental health surveys


When, why and with whom do we share your personal information?

We sometimes share your personal information:

  • to provide medical treatment and care
  • for administrative functions including billing and compliance with legal obligations
  • compliance with our legal obligations.
  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • with other healthcare providers
  • when it is required or authorised by law (eg court subpoenas)
  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person Privacy policy template for general practices 3 
  • to establish, exercise or defend an equitable claim
  • for the purpose of confidential dispute resolution process
  • when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
  • during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).
  • Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.


We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.


Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.


Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.


We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia. You can let our reception staff know if you do not want your information included.


We will communicate with or about you using the following methods – [SMS/text messaging, email, secure messaging, encrypted messages]. This may include your personal and health information. We do not disclose personal information to overseas recipients unless it is necessary for the provision of care and appropriate safeguards are in place, in accordance with Australian Privacy Principle 8.


Use for research/education, quality improvement and marketing

We are committed to continuously improving the quality of our services and supporting clinical education. We may use your information in the following ways:


Quality Improvement and Staff Education

We may use patient information for internal audits, staff training, clinical review, and accreditation activities, de-identified where practicable. These processes help ensure we maintain high standards of care and safety.


Research

From time to time, we may participate in health research projects. If identifiable information is required, we will seek your express consent before sharing your data. You may be contacted by a member of our team to discuss a research opportunity, but you will never be contacted directly by researchers unless you have provided consent. We will only provide identifiable information for research if the project has appropriate ethics approval and meets legal and privacy requirements.


De-identified Data Sharing

We may contribute de-identified health data to health improvement initiatives or registries. This data cannot identify you and is stored securely. If you do not want your data included in these de-identified datasets, please inform our reception staff.


Marketing

We will not use your personal information to market goods or services directly to you without your express consent. If you do provide consent, you may opt out of receiving marketing communications at any time by notifying us in writing or using the unsubscribe function.


Use of Artificial Intelligence (AI)

Our practice may use AI technologies to enhance clinical decision-making, streamline administrative Privacy policy template for general practices 4 processes, and improve patient engagement.


Examples of AI applications include:

  • automated transcription of clinical consultations
  • AI-assisted triage and appointment scheduling tools
  • AI use of chatbots.


Governance of AI Use:

  • We use AI tools in a manner consistent with the APPs and relevant ethical standards.
  • Personal information is not used to train AI models unless express consent has been obtained.
  • All outputs generated by AI systems are subject to human review and clinical oversight.
  • No automated decision-making tool is used in this practice.


Anonymity and pseudonymity

The APPs provide for individuals to be dealt with anonymously or under a pseudonym, except where impracticable or where the law requires individuals to be identifiable. Please raise this with us if you wish to remain anonymous or use a pseudonym when interacting with our practice and we will consider your request. However, given the nature and requirements of providing healthcare, if impractical or required by law we will require you to be identifiable.


How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms. e.g., as paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings.


Our practice stores all personal information securely via electronic format, in protected information systems or in hard copy format in a secured environment. We use of passwords, secure cabinets, confidentiality agreements for staff and contractors.


Data Security and Retention

We will take reasonable steps to ensure your personal information is accurate, complete, up to date and relevant. We implement robust technical and administrative measures to protect personal information from misuse, interference, loss and unauthorised access, modification, or disclosure.


These measures include:

  • secure electronic medical record systems with role-based access controls
  • regular staff training on privacy and data protection
  • having a robust cybersecurity framework
  • regular audits and updates to our software and cybersecurity framework. Information is retained in accordance with applicable legal and professional obligations.


Information no longer required for the purposes it was collected and the minimum period for retention has passed, will be destroyed in a safe and responsible manner as required under privacy legislation.


Access to and correction of information- How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.


Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing through our request forms (there is a part from your nominated GP and yourself to sign) and our practice will respond within a reasonable time eg 14 days. A health summary can be provided for free. An Privacy policy template for general practices 5 upload to my health record can also be bulk-billed. There may be charges for printing costs and postage.


Please contact the Privacy Officer/ Practice Manager in writing for further information. Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date.


From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to manager@campsiemedicalpractice.com.au.


To request access or corrections, please contact our Privacy Officer in writing. We will respond within 30 days]. A small fee may apply to cover administrative costs (but you will not be charged for making the request). We will respond to such requests in accordance with applicable privacy principles and legislation.


How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

If you have any questions or concerns about how your personal information is handled or want to request access to or correction of your information, please contact:

Name: Dana Tse

Role: Practice Manager

Practice name: Campsie Medical Practice

Postal address: 3/20 Ninth Ave Campsie

Phone: 9789 3333

Email: manager@campsiemedicalpractice.com.au


If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): Website: www.oaic.gov.au Phone: 1300 363 992


We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Please email the practice manager (manager@campsiemedicalpractice.com.au) and a response will be given within 30 days after a complaints procedure has commenced.


You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992. If you wish to discuss the matter outside of the surgery, there are several options available including The Medical Registration Board, AMA or Health Care Complaints Commission at Locked Bag 18 Strawberry Hills 2012 Phone 02 9219 7444. Free call No. 1800 043 159.


Privacy and our website

Any personal information that occurs through the website or social media and the use of website analytics, cookies, etc remains confidential and is not passed on to third parties.


Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. Please speak to the Practice Manager for the latest information or Practice Policy.



This document was updated on 17/12/2025. We review this privacy policy at least annually, or when there are changes to operations, legislation, or relevant technology. Significant changes may be communicated to patients via email, in the practice, or on our website.


Refer here for Campsie Medical Practice - Website Terms of Use.