Patient privacy policy

This policy was written in accordance with the Australian Privacy Principles (APP) and is reviewed regularly to ensure it is up to date. Staff must also adhere to the Privacy and Surveillance Policy; governing staff conduct around general privacy matters.


This policy provides information about how patient’s personal information (including health information) is collected and used within our practice, and the circumstances in which we may disclose it to third parties.


When a patient registers at the clinic, there is implied consent for the clinic and practice staff to access and use personal information to provide the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for any other purposes, we will seek additional consent from you.

What information is collected:

• Names, date of birth, contact details.
• Healthcare identifiers.
• Cultural background (this ensures we provide you with the most appropriate care).
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

How this information is collected:

Our practice may collect personal information in several ways:

1. Practice staff will collect personal and demographic information via registration when a patient presents to the practice for the first time.
2. During the provision of medical services practice staff may collect further personal information.
3. Personal information may sometimes be collected from other sources, such as a patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare providers, such as specialists, allied health professionals and hospitals.
4. Personal information may be collected when a patient telephones or emails the practice, makes an online appointment or communicates with us via social media.

Patient’s right to anonymity

Patients have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to deliver healthcare services to you or when we are required by law to only deal with identified individuals.

Limits to a patient’s anonymity:

• Medical histories and identification are required before medical staff can make a diagnosis or prescribe medication.
• Medical staff are obliged by law to report communicable diseases and child abuse.

Patients should be made aware:

• Some components of healthcare cannot be provided to anonymous patients.
• Choosing to remain anonymous can be detrimental to a patient’s health i.e., previous tests or treatment may be unattainable and further tests may not be able to be conducted.

Storing of personal information

A patient’s personal information may be stored at our practice in various forms including as paper records, electronic records, visual records (x-rays, CT scans, videos and photos) and as audio recordings. Our practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.

Patient access to stored personal data

Patients have the right to request access to, and correction of, their personal information. We acknowledge a patient may require access to their medical records. We require the patient to make this request in writing where we will then aim to respond within 30 days and this request may be uploaded into the patient’s health record.

Our practice will take reasonable steps to correct personal information where it is not accurate or up to date. Practice staff are encouraged to verify with patients that personal information held by our practice is correct and current.

Sharing of personal data to third parties

Sharing of personal data may occur in the following circumstances:

• With other healthcare providers.
• With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers (in compliance with APPs).
• When it is required by law.
• When it is necessary to lessen or prevent a serious threat to a patient's life, health or safety or public health or safety, or it is impractical to obtain the patients consent.
• When there is statutory requirement to disclose personal information (E.g., Some diseases require mandatory notification).
• To assist in locating a missing person.
• To establish, exercise or defend an equitable claim.
• For the purpose of a confidential dispute resolution process.

Other than while providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without patient’s informed consent. If a transfer of patient care is required, the patient and their doctor will be required to fill in a Transfer of Patient Care Consent Form in accordance with the Transfer of Patient Health Records Policy.

Our practice may use a patient’s personal information to improve the quality of our services through research and analysis of patient data. We may provide de-identified data to other organisations to improve population health outcomes. This information is secure, stored within Australia and patients cannot be identified.

Lodging a privacy related complaint

The Exodus Foundation takes complaints and concerns about the privacy of patients’ personal information seriously. We ask that patients and staff express any privacy concerns or complaints in writing. We will then attempt to resolve it in accordance with our complaint resolution procedure.

Any feedback can be placed in our suggestions box, alternatively please ask one of our clinic staff for a Suggestions/Improvements Form.

All serious complaints are received by the Practice Manager and appropriate action will be taken.