Policy

Management of Personal Health Information & Communication Policy

(AHPRA & RACGP Compliant – January 2026)

PRIVACY POLICY

Introduction

This policy provides information to you, our patient, on how your personal information (including health information) is collected and used within our practice, and the circumstances in which it may be shared with third parties.

---

---

Why and When Your Consent is Necessary

When you register as a patient of this practice, you provide consent for GPs and authorised practice staff to access and use your personal information for the purpose of providing healthcare.

Only staff who require access to your information to perform their role will be permitted to do so. Additional consent will be sought if your information is required for purposes outside routine care or administration.

---

Why Do We Collect, Use, Hold, and Share Your Personal Information?

Our practice will need to collect your personal information to provide healthcare services to you. Our primary purpose for collecting, using, holding, and sharing your personal information is to manage your health.

Personal information may also be used for directly related administrative and business activities, including:

• Medicare, DVA, and private billing

• Practice accreditation and audits

• Quality improvement and staff training

• Practice operations and legal compliance

Information is only used for purposes permitted by law.

---

How Do We Collect your Personal Information?

Our practice may collect your personal information in several different ways.

• When you make your first appointment, our practice staff will collect your personal and demographic information via your registration.
• During the course of providing medical services, we may collect further personal information.
• We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
• In some circumstances, personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

1. Guardians or carers
2. Other healthcare providers
3. Hospitals, pathology and imaging services
4. Medicare, DVA or health insurers

• Patients are informed where information is collected from third parties.

---

MyMedicare Registration

Participation in MyMedicare is voluntary and does not affect access to care at this practice.

Benefits or Registering via MyMedicare:

Implied Consent

When you register and attend this practice, you provide implied consent for the collection, use and disclosure of your personal health information for the primary purpose of providing healthcare and for directly related administrative functions (e.g. billing, accreditation).

Express Consent (written or documented verbal) is obtained when:

• Information is disclosed to a third party not directly involved in care
• Email or other insecure electronic communication is used for personal health information
• A third party is present during a consultation
• Information is released to employers, insurers, lawyers, family members or other external organisations
• Participation in My Health Record uploads where required

Consent decisions are documented in the patient’s health record.

You may withdraw consent at any time, subject to legal obligations.

---

When, Why, and With Whom Do We Share Your Personal Information?

We sometimes share your personal information:

• With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply
• With APPs and this policy
• With other healthcare providers
• When it is required or authorised by law (e.g. court subpoenas)
• When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• To assist in locating a missing person
• To establish, exercise or defend an equitable claim
• For the purpose of confidential dispute resolution process
• When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
• During the course of providing medical services, through eTP, My Health Record (e.g. via Shared Health Summary, Event Summary).

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Third-party service providers are contractually required to comply with privacy and confidentiality obligations.

---

How Do We Store and Protect Your Personal Information?

Your personal information is stored in our practice by electronic records.

Our practice stores all personal information securely and we ensure your information is protected to the highest degree. We have a password/ username system for our medical software program as well as our IT has set up extensive security settings on our network. All staff has signed a confidentiality agreement before commencing work.

---

How Can You Access and Correct Your Personal Information at Our Practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges that patients may request access to their medical records. We require you to put this request in writing and signed our release of medical records form. Our practice will respond within a reasonable time; this could take up to 1 week depending on if your usual doctor is available to approve the release. There may be fees involved in the release of your medical records; if applicable, these will be reasonable and limited to the cost of providing access.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to us.

---

Privacy and Our Website – Collection of Information

---

Visitor Logs and Statistics

The main purpose for collecting this information is to provide statistical information used for website and system administration. The information does not identify individual users but does identify the computer that is used to access our sites.

Information provided by users through online forms, registrations, databases, and feedback is collected in accordance with this policy. When personal information is collected online, a privacy notice is provided explaining how the information is collected, used, and protected. Logged information is not disclosed outside of our organisation unless required by law.

We do not attempt to identify individuals from these records unless it is necessary to the investigation of a breach of law.

---

My Health Record

This practice participates in the My Health Record system.

• Information is uploaded only in accordance with legislation
• Access is role-based and audited
• Patient access controls and opt-out preferences are respected
• Patients may request not to upload specific documents

Further information is available at www.myhealthrecord.gov.au

---

Disclosure Without Consent (Limited Circumstances)

We may disclose personal health information without consent when required or authorised by law, including:

• Mandatory disease notification
• Court orders or subpoenas
• To prevent or lessen a serious threat to life, health or safety
• To assist in locating a missing person
• For statutory investigations or professional regulation

All disclosures are documented.

---

Storage, Security and Data Breach Management

Personal information is stored electronically in secure, encrypted clinical software systems.

Security measures include:

• Unique user logins and role-based access
• Password protection and audit trails
• Secure servers and firewalls
• Staff confidentiality agreements
• Regular privacy and security training

Records are retained in accordance with legal requirements (generally at least 7 years from last entry, or until age 25 for minors)

---

Data Breaches

Any suspected or confirmed data breach is managed in accordance with the Notifiable Data Breaches Scheme, including notification to affected individuals and the OAIC where required.

---

Anonymity and Pseudonymity

Where lawful and practicable, patients may interact with the practice anonymously or using a pseudonym.
This may not be possible where:

• Identification is required for safe care
• Medicare/DVA claims are involved
• Law requires identification

---

How Do We Use Document Automation Technologies?

---

There are multiple ways in which the practice communicates with patients and third parties.

Communication can occur through the following channels:

---

Face to Face

This can be via consultation with your doctor or nurse or interactions with other staff members. i.e.: Practice Manager or reception staff.

Telephone

Patients are able to contact the practice via telephone between the hours of Monday – Friday 8:30 am – 5:00 pm, Saturday 9:00 am – 12:00 pm, Sunday 9:00 am – 12:00 pm.

As the first point of contact, receptionists must review the triage support guide to ensure they are correctly assessing patient’s needs and concerns. Receptionists will often need to ask questions to determine that the patient receives the most appropriate care, at the most appropriate time.

Phone calls from patients requesting to speak to the doctor will not generally be put through at the time of the call. This is to minimise disruption to the doctor as they are usually in consultation with another patient and respectfully not wanting to interrupt their consultation. Doctors may take phone calls if time permits.

Reception staff will ask the patient to briefly explain the reason for the call and will determine if the doctor should be interrupted or if a message can be given to the doctor to return the call at a later time. This may be throughout the day or after the doctor has finished consulting for the day. Where clinically significant information is discussed, a note will be made in the patient’s file.

Please note you must have presented for a face to face appointment within the past 12 months to be eligible for a Medicare rebate, in accordance with current Medicare requirements.

Fax

Faxes received that are patient related are imported directly into the Doctor’s inbox which is then put into the patient’s file. These are then reviewed and actioned by the doctor. Any urgent patient related faxes are immediately handed to the doctor or if that doctor is not available another doctor in the practice will review the fax. All non-patient related faxes are given to the relevant staff member.

All outgoing faxes will be sent to the relevant place on request from the doctor and then saved into the patients file with a note detailing where it was sent and by whom.

Email

Email is not a secure form of communication and we do not use this to communicate personal information to patients without their consent. Whilst we make every effort to keep your information secure it is important for patients to be aware of the risks associated with electronic communication, in that the information could potentially be compromised and accessed by someone other than the intended recipient. Patients must be aware that any communication they direct to the surgery via email is also NOT secure and confidentiality cannot be guaranteed. Patients communicating through email do so at their own risk.

• Personal health information is only sent via email with express patient consent, documented in the health record
• Incoming emails do not automatically constitute consent
• Responses occur within 1–3 business days
• Urgent matters must be managed by phone

SMS

SMS messages are sent for a variety of health management purposes.

These may include:

– Appointment reminders – a reminder message will be sent the day prior to your appointment.

– Health reminders (e.g., cervical screening/care plans/Immunisations etc.)

We need to ensure that your mobile number is up to date at each visit to ensure that this information is sent to the correct number. Patients must be aware that if another person can access their mobile phone, then the confidentiality of these communications cannot be protected by the practice. Patients acknowledge confidentiality risks if others access their phone.

---

Post

Letters are often sent offering services available to eligible patients and for health reminders and recalls for patients who do not have a mobile number or who have opted out of our electronic messaging system.

Incoming mail is collected and opened each day. Letters received that are patient related are directly imported to the doctor’s inbox which is then saved to the patient’s file. These are then reviewed and actioned by the doctor. All remaining letters are provided to the addressee.

---

Social Media 

Our Facebook and Instagram page updates practice information and health promotions.

This page however, is intended for announcements only by Jupiter Health Treeby and not for the provision of individual medical advice. It is not monitored for clinical queries. If you have any questions, we ask that you please contact the practice via telephone.

---

Urgent Results

Your doctor or the Practice Nurse will attempt to contact you immediately via contact details supplied. If our attempts at contact are unsuccessful, a letter will be forwarded to your address to contact us urgently for an appointment.

---

Non-Urgent Results

Your doctor or the Practice Nurse will attempt to contact you via phone to advise that you need to make an appointment to see your doctor. If our attempts to contact you are unsuccessful, a letter will be forwarded to your address to contact us for an appointment.

If your results are NORMAL we will NOT contact you. You are welcome to phone us to check if your results have been returned to us, but you will have to make an appointment to discuss these results.

Patients are contacted for recalls and reminders. If our attempts are unsuccessful a letter will be forwarded to your address to contact us for an appt.

Confidential information is not included in these letters. All personal information is stored on a program specific, encrypted computer database.

---

Continuous Education

The practice is committed to supporting the doctors, nurses and administration staff to participate in ongoing education.

---

Home Visits and Out of Hours Services

Jupiter Health Treeby provides locum services for those patients who require a home visit, During the clinic opening hours, The Practice GPs will offer home visits at their discretion. GPs offer home visits when it is appropriate, depending on circumstances and considering safety of all staff. To obtain a home visit during clinic hours it needs to be safe and reasonable for the GP, and within a 5 Km radius of the clinic.

If for any reason our doctor is unable to come and see you and you can’t come in to the practice, please contact Night Dr (Fees May Apply) on PH: 1300 644 483

---

Walk-In Services

Jupiter Health Treeby does offer a walk-in service with some exceptions. The wait time for walk-ins varies and depends on how on time the Doctors are running. Please note we will refuse walk-ins if the Doctors are running late and do not have the capacity to fit in walk-In patients. Same day appointments are available within our opening hours. To book an appointment you can call the surgery, or you can come in and enquire when the next appointment is available. You can book appointments online via our websites or via Hotdoc.

Walk-Ins incur an additional fee of $50 on top of the consult fee.

---

Storing Card Details Via HotDoc

Storing card details is a precaution only and does not mean you will be charged for a bulk billed appointment

Card details will be used in accordance with our practice policy (e.g. late cancellations or non attendance) this is required for all patients booking online.

---

Appointment Policy

Standard consultations are 10 minutes and cover one or two issues. If you need to discuss more, please book a longer appointment to avoid rescheduling.

---

Overseas Disclosure

Personal information is not disclosed outside Australia unless:

• Required or authorised by law, or
• The patient has provided express consent

---

Complaints & Privacy Concerns