Practice Policies: Privacy, Communication, and Feedback

Table of Contents
  1. Privacy Policy
    1. Why and when your consent is necessary
    2. Why do we collect, use, hold, and share your personal information?
    3. What information do we collect?
    4. How do we collect your information?
    5. When, why, and with whom do we share your personal information?
    6. How do we store and protect your personal information?
    7. How can you access or correct your personal information when required?
    8. Dealing with us anonymously
  2. Communication Policy
    1. How can you contact our practice?
    2. Telephone
    3. Email
    4. SMS/Text message
    5. Website contact form
    6. Fax
  3. Feedback
    1. General feedback and complaints
    2. Privacy related complaints and concerns
    3. Practice and registrar feedback requirements
  4. Policy review statement

Privacy Policy

This policy details how we collect and handle our patients’ personal and health information within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, part of your registration process will include your consent for our GPs and practice staff to collect, access, and use your personal and health information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it.

Some of our practitioners utilise Heidi Health AI Scribe during consultations. You will be asked for your consent at the beginning of each consultation, even if you have given consent previously. The audio used for generating patient notes disappears right after the doctor finalizes their notes; It is never stored permanently.

If we need to use your information for anything outside of its reasonable, expected use, we will seek additional informed consent from you to do so.

Why do we collect, use, hold, and share your personal information?

Our practice needs to collect your personal information in order to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, including but not limited to financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training). These purposes may or may not involve deidentifying your information before use.

What information do we collect?

The information that we will collect about you includes:

  • General details such as your name, date of birth, address, contact details, and emergency contacts.
  • Medical information including your general medical history, current conditions, medications, allergies, adverse events, immunization history, social history, family history, and risk factors.
  • Medicare details such as your Medicare card information, DVA information, and MyMedicare registration.
  • Indigenous status, ethnicity, country of birth, and preferred spoken language.
  • Healthcare Identifier(s).
  • Private health fund details.
  • Legal, insurance, or employment details, such as in the course of a worker’s compensation claim or CTP claim.

We do not record, duplicate, or store any consultations.

If you have consented to the use of Heidi Health AI Scribe during a consultation, the software will temporarily record audio. The audio used for generating patient notes disappears right after the doctor finalizes their notes; It is never stored permanently.

How do we collect your information?

Our practice may collect your personal information in several different ways:

  • When you make your first appointment, our practice staff will collect your general details to enter you into our system. Your full demographic information will be collected via your registration form, which may be completed in our online booking software, Automed, or with a paper form.
  • During the course of providing medical services, we may collect further personal information including through electronic transfer of prescriptions (eTP), My Health Record via Shared Health Summary or Event Summary, and correspondence from other healthcare professionals.

We also collect your personal information when you send us an email or SMS, telephone us or communicate with us using social media. Depending on the relevancy to your ongoing care, this information may not be held or may be held temporarily.

If you have consented to the use of Heidi Health AI Scribe during a consultation, the software will temporarily record audio. The audio used for generating patient notes disappears right after the doctor finalizes their notes; It is never stored permanently.
    
In some circumstances, personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

  • Your guardian or responsible person, including enduring guardian.
  • Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, pathology, and diagnostic imaging services.
  • Your private health fund, Medicare, or the Department of Veterans’ Affairs.

When, why, and with whom do we share your personal information?

We may share your personal information:

  • With third parties that work with our practice for directly business purposes, including but not limited to accreditation agencies or information technology providers. These third parties are required to comply with the Australian Privacy Principles (APPs) and this policy.
  • With other healthcare providers.
  • When it is required or authorised by law, such as court subpoena.
  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety, public health or safety, or if it is impractical to obtain the patient’s consent.
  • To assist in locating a missing person.
  • To establish, exercise or defend an equitable claim.
  • For the purpose of confidential dispute resolution process.
  • When there is a statutory requirement to share certain personal information, such as mandatory notification of certain diseases.
  • Through electronic transfer of prescriptions (eTP), My Health Record via Shared Health Summary or Event Summary.

Only staff who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal or health information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

We will not share or sell your personal information to any third parties for marketing purposes. Our practice will not use your personal information for marketing any of our goods or services to you without your consent. Our practice does not engage in direct marketing.

How do we store and protect your personal information?

Your personal information is stored at our practice in various forms, including but not limited to paper records, electronic records, and visual records (radiology images, photographs, video).

Our practice stores all confidential and personal information securely and in compliance with state and federal legislation.

Confidential information stored at our practice is protected by:

  • Securing our premises.
  • Placing regularly updated passwords, and varying access levels on electronic databases to limit access and provide protection against interference, modification, and disclosure by unauthorised persons and entities.
  • Provision of locked cabinets and rooms for the storage of physical records.
  • Implementation of process and procedures by staff to ensure security is well maintained.

How can you access or correct your personal information when required?

Patients may request access to their medical records in various ways. However, we require that all requests be made in writing via email to reception@healthinabundance.com.au or practice.manager@healthinabundance.com.au, or via post to 28A Ferodale Rd, Medowie NSW 2318. Once received, we will endeavour to action and respond to your request within a reasonable timeframe, generally within 30 days of the request being received.

Your request may incur a fee for the administrative cost of preparing your medical records for release. Any cost to you will be explained in our response to your request. For more information on these fees, please contact the practice via phone or email.

Our practice will take reasonable steps to correct your personal and health information where it is inaccurate or not up to date. Periodically, we will ask you to verify that your information held by our practice is correct and current. You may also request that we correct or update your information at your own discretion. We require that all requests be made in writing via the contact details listed above. Once received, we will endeavour to action and respond to your request within a reasonable timeframe, generally within 30 days of the request being received.

Dealing with us anonymously

You have the right to deal with us anonymously or under an alias (pseudonym) unless it is impracticable for us to do so, or unless we are required or authorised by law to only deal with identified individuals. If you wish to remain anonymous or be registered under an alias (pseudonym), please advise our reception staff when you make contact with the practice.

Communication Policy

This policy details how patients can contact and communicate with our practice, our requirements around certain requests or contact types, how certain communication methods and technologies work, and how we manage and action patient communication.

How can you contact our practice?

All patients are provided avenues to contact the practice for timely advice, information, or other requests regarding their clinical care and personal or medical information.

You can communicate with the practice via:

  • Telephone.
  • Email.
  • SMS/Text message.
  • Website contact form.
  • Fax.
  • In person.
  • In writing via post or documents hand delivered to reception.

Telephone

Calls to the practice will not generally be put through to your GP. Our reception staff will do their best to assist you with any general questions or concerns regarding your care, and will take messages for your GP or the practice nurses wherever clinical insight is required. We endeavour to return all calls by the end of the business day, generally after the GP/nurse has finished consulting.

Urgent concerns that require triaging with clinical staff will be prioritized on the day by our reception staff. If you have an urgent medical problem, please notify our reception staff immediately when calling the practice. You may be asked to provide our team with more detailed information to ensure that your concern is dealt with promptly as per our triaging procedure.

If you are not comfortable providing certain details to our reception staff, please let them know. However, if you do not provide any details at all we may be unable to properly assess the urgency of your problem, which may delay your care.

Patients will be added to our daily triage list if our urgent on the day appointments are full and your issue or concern falls under our triaging criteria. This list is monitored and discussed with a GP throughout the day to ensure that urgent issues are not kept waiting for too long, and it is also reviewed by a GP before being finalised at the end of the day.

Depending on the nature of your request/inquiry, you may be asked to put something in writing that we can provide to the GP or for documentation purposes. See below for further, relevant information.

Email

Our practice email is reception@healthinabundance.com.au. This inbox is not monitored 24/7. We aim to respond to all non-urgent queries within 24–48 hours during regular business hours. If your matter is urgent or requires immediate attention, call the practice directly. Any and all requests to book, cancel, move, or otherwise change appointments must be made over the phone; Emailed requests will not be actioned, and you will be asked to call the practice to proceed.

We may respond with an email reply or by phone, depending on the nature of the communication.

Any requests for patient information must be accompanied by three (3) points of identification. Accepted patient identifiers are:

  • Full name.
  • Date of birth.
  • Gender (as identified by the patient).
  • Current address.
  • Patient health record number.
  • Individual Healthcare Identifier (IHI).

Sensitive personal and health information will not be emailed without consent from the GP, and only in response to an email matching the one we have on file for you that includes the above identifiers.

SMS/Text message

Our practice may contact you via SMS for matters including but not limited to confirmation of appointments, non-urgent or no action recalls, and general health reminders. SMS communication is facilitated through a semi-automatic system between our practice’s medical software and our online booking platform, AutoMed (AMS). This means that communication is initiated by our practice staff, and the messages are automatically sent. Depending on the purpose of the message and the corresponding practice procedure, this may include automatically sent follow up messages.

In the case of normal appointment confirmation texts, replying to the message according to the instructions will automatically confirm your appointment or flag to our reception team that you would like to cancel or reschedule, at which point we will contact you for further discussion. All other SMS replies are converted into emails that are received to our general practice email, and are governed by the policy outlined under ‘Email’.

Website contact form

Our website’s contact form can be found on our ‘Contact Us’ page at the URL https://healthinabundance.com.au/contact/. All submissions are converted into emails that are received to our general practice email, and are governed by the policy outlined under ‘Email’.

Fax

Due to the advancement of technology, all faxes are now received via electronic facsimile to our general practice email, and are governed by the policy outlined under ‘Email’.

Feedback

This policy details how we collect and handle our patients’ feedback, including but not limited to criticism and complaints, within our practice, and the alternate avenues that patients can make complaints where necessary.

General feedback and complaints

Should you have any feedback in regard to these policies or any experience you have had with our practice we ask that you submit it in writing. You can do this via the suggestion box in our waiting room, through our email, or written letter. Alternatively, you can also ask to speak to our practice manager directly.

We are always aiming to improve our service, and all criticism and complaints that are submitted to our practice staff and/or practice manager are taken seriously and addressed accordingly.

Privacy related complaints and concerns

Our practice takes complaints and concern regarding patient privacy and confidentiality very seriously. We require that all complaints and concerns be lodged in writing. We will then attempt to investigate and resolve it in accordance with our complaints and resolution policies, and any relevant state or federal legislation. Correspondence should be addressed to the practice manager and can be sent via email to practice.manager@healthinabundance.com.au or via post to 28A Ferodale Rd, Medowie NSW 2318.

You may also choose to contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will request that you to lodge a complaint with us as a first step, and they will require that you give them time to respond before they will investigate. For further information, visit www.oaic.gov.au or phone 1300 363 992. In NSW, you may also contact the Information and Privacy Commission online at www.ipc.nsw.gov.au or phone 1800 472 679.

Practice and registrar feedback requirements

From time to time, our staff may ask if you are willing to fill out a form providing feedback after your consult. The scope of this feedback may be limited to your treating GP, or it may apply to the practice as a whole.

As part of their training and education requirements during their terms with us, our registrars are required to take feedback from patients following their consultations. Patients are surveyed using an interpersonal skills questionnaire, and all feedback is anonymous. The survey explores patient perceptions about the GP’s behaviours, such as listening skills, clarity of explanations, respect for the patient and involvement of the patient in decision-making, as well as the patient’s confidence in their ability.

Similarly, our practice is required to undertake patient feedback as part of the accreditation process.

You are not obliged to fill out the se patient surveys, and may decline if you wish. Should you have any serious concerns or complaints at the time of filling out a patient feedback survey, we request that you also submit your concern in writing as per the above policies to ensure that it is managed appropriately.

Policy review statement

These policies are current as of October 2025. Our practice reviews all items in the Privacy Policy, Communication Policy, and Feedback Policy annually, and any changes to the Policies or the associated procedures and systems related to how we handle personal information and communication are updated and made available for our patients in the practice, on our website, and otherwise upon request.