Privacy Policy

What information we collect

We collect and hold the following types of information:

• Personal information (such as name, address, contact details, date of birth)

• Health information (including medical history, treatment details, and other sensitive information related to your mental health)

• Session notes and assessments

• Medicare and private health insurance details (where applicable)

• Communications between you and our practice

How we collect information

We collect information:

• Directly from you during consultations

• Through our scheduling systems (Zanda and Halaxy)

• From referral sources (e.g., GPs, other healthcare providers) with your consent

• Through session transcriptions (using Heidi AI)

Technology and Service Providers

We use the following technology services:

• Heidi AI for session transcription (note: recordings are not stored after transcription)

• Zanda and Halaxy for appointment scheduling and practice management (Australian-based services)

• Secure electronic health record systems

Please note that some of our service providers may utilise data hosting facilities outside of Australia. Any overseas recipient of your information may not be subject to privacy obligations similar to the Australian Privacy Principles. In these cases, we will not be accountable under the Privacy Act for any breach by the overseas recipient, and you may not be able to seek redress in the overseas jurisdiction.

​

If you have any concerns regarding the use of these technology services, please do not hesitate to discuss them with me directly.

Use and Disclosure of Information

Your information will be used for:

• Providing psychological services to you

• Administrative purposes

• Processing payments and Medicare claims

• Communication with other healthcare providers involved in your care (with your consent)

• Meeting our legal obligations

We will not disclose your personal information to overseas recipients. Our service providers (Zanda and Halaxy) are based in Australia and comply with Australian privacy laws.

Security of Information

We maintain your personal information in a secure environment and take reasonable steps to protect it through:

• Ensuring physical security over our paper and electronic data stores through locks and security systems

• Maintaining computer and network security through firewalls, passcodes, and two-factor authentication where available

• Taking reasonable steps to destroy or de-identify personal information when no longer needed

• Conducting regular privacy and data security audits

• Staff training in privacy and confidentiality

• Regular security updates and reviews

Please note that no data transmission over the internet or information stored on servers accessible through the internet can be guaranteed to be fully secure. We cannot ensure the security of personal information that has been provided to you, such as emailed reports.

Access and Correction

You have the right to:

• Access your personal information held by us

• Request corrections to your information

• Receive copies of your information in a format suitable for transfer to another healthcare provider

Requests for access should be made in writing. We will respond within 7 days. 

Retention of Records

We retain health records for the minimum periods required by law:

• Adults: 7 years from the date of last contact

• Children: Until the patient turns 25 years of age

• Or longer if required for legal or professional reasons

Data Breaches

In the event of a data breach that could result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

Complaints

If you have concerns about how we handle your privacy, please contact us first to resolve the matter.

If you are not satisfied with our response, you may contact:

The Office of the Australian Information Commissioner

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: www.oaic.gov.au