Privacy Statement

We are committed to protecting the privacy and confidentiality of all personal and other information we collect in the conduct of our business and delivery of services, and the way in which it is used, stored and disclosed.

Privacy Policy

We understand that information entrusted to us by our clients is private and confidential.  Any personal information collected by us is treated as confidential and, as an allied health provider who holds health information, we are bound by the Privacy Act 1998 (“Privacy Act”) and are guided by the Australian Privacy Principles (APP) issued by the Australian Information Commissioner.

This legislation imposes additional obligations on the collection, use and disclosure of such information and requires a higher level of privacy protection than for other personal information.

The requirements of our Confidentiality Policy apply in equal measure to the personal and health information of our clients.

This policy provides information on:

  • how and what personal information we collect;

  • the purpose for which it is collected, used, stored and disclosed;

  • how our clients can access and/or seek correction of personal and health information we hold;

  • storage of personal information;

  • our client’s right to withdraw consent; and

  • our client’s rights to make a complaint about how we have handled their personal and health information.

What is Personal Information?

Personal information means information, or an opinion, that could identify an individual, and includes both sensitive information and health information.

Personal information includes:

  • an individual’s name, signature, address, phone number or date of birth; and

  • employee record information; and

  • photographs

Sensitive information includes personal information that includes information or opinion about an individual’s:

  • racial or ethnic origin

  • political opinions or associations

  • religious or philosophical beliefs

  • trade union membership or associations

  • sexual orientation or practices

  • criminal record

  • health or genetic information

Health information is any personal information about a client’s health or disability, and includes information or opinion about one’s illness, injury or disability, including but not limited to:

  • notes of a client’s symptoms or diagnosis

  • information about a health service the client has had or will receive

  • specialist reports and test results

  • prescriptions and other pharmaceutical purchases

  • genetic information

  • wishes about future health services

  • appointment and billing details

  • any other personal information about the client

How We Collect Personal Information

We collect personal information about our clients in a number of ways, including in person, in writing, by telephone and email, generally when:

  • a potential new client contacts us to seek treatment;

  • a client completes a Client Intake & Consent Form;

  • a client has interactions with us where we record notes, including treatment sessions; and

  • a client provides feedback or lodges a complaint.

We may also receive personal information indirectly or from third parties where it is reasonably expected the client would have consented to the personal information being shared, including but not limited to:

  • from a client’s legal guardian or responsible person;

  • from other involved health care providers when we receive a medical report or other referral; and

  • third parties responsible for the management and payment for and of a client’s services with us.

Notification of Collection of Personal Information

When we collect personal information, either directly or from a third party, we will provide notice to the individual for whom we are collecting, or have collected, their personal information.

That notice will, generally, include:

  • contact details;

  • the purpose of collection; and

  • the consequences for the individual if personal information is not collected;

  • other entities to which the personal information is usually disclosed; and

  • in the case of receipt of personal information from a third party, the identity and contact details of that individual or organisation and how and when the personal information was collected and for what purpose.

Personal Information We May Collect & Hold

We only collect personal information, by reasonable and lawful means, that is necessary for us to carry out our work.  Personal information we collect may include, but is not limited to, the following information:

  • Name

  • Address

  • Telephone Number

  • Date of birth

  • Gender

  • Marital status

  • Email address

  • Occupation

  • Medicare card number

  • Credit Card number

  • Health Information

  • General practitioner

  • Referring doctor or other health care provider

  • Transaction details associated with services we have provided to a client

  • Any additional information provided to us by the client

  • Any information provided to us through feedback or complaints

At the time we collect personal information, we will ensure that individuals are aware of the purpose for which the information is collected.

Anonymity

Individuals have the option to deal with us anonymously or by pseudonym, except in circumstances where it is required by law or where it is impracticable for us to deal with an individual who has not identified themselves.

Purpose of Collection, Storage, Use & Disclosure of Personal Information

Primary Purpose

We collect, store, use and disclose a client’s personal information only for the purposes consistent with the reasons it was collected, including:

  • assessing a client’s suitability for our services

  • managing our ongoing relationship with our clients, including:

    • treatment planning and monitoring client progress

    • providing treatment and care

    • providing information about treatment and care, if required and with consent

  • answering queries clients have in relation to the services provided

  • the preparation of referrals and/or reports to other medical or allied health professionals

  • gathering feedback and quality assurance reviews to improve our services

Secondary Purpose

We may also collect, store, use and disclose personal information in order to:

  • train employees or people otherwise engaged by us;

  • resolve any legal and/or commercial complaints or issues;

  • meet any legislative requirements as they apply to us as a health care provider; and

  • perform any of our functions and activities relating to our business, including to meet our internal administrative requirements, in the processing of accounts for payment, the communication of important information and/or marketing.

We will not use or disclose a client’s personal information for any other reason than those outlined above, unless an exception applies, including:

  • where a client has consented to the use or disclosure of personal information for a secondary purpose or where it would be reasonable to consider that a client would have expected their personal information to be used for such a purpose; and

  • a secondary purpose that is required or authorised under an Australian law, or court or tribunal order.

We do engage and/or interact with third parties in the performance of our business functions and activities, including professional service organisations and government agencies.  Personal information may be provided to these third parties to enable them to provide their agreed services (for example, billing clients, etc). 

Collection of Personal Information from Third Parties

Collection of Solicited Personal Information

We may solicit personal information, which may include health information, where we explicitly request another individual or organisation to provide personal information, but we will only do so where it is reasonably necessary for, or directly related to, the provision of services to our clients and the client concerned consents to the solicitation and collection.

Collection of Unsolicited Personal Information

From time to time, we may receive personal information about our clients that is unsolicited (i.e. where we have taken no active steps to collect the information), for example, when we receive a referral or other medical report about our clients.

Where we could have solicited that information, we will provide notice to our clients of the collection of that information.

Where we could not have solicited that information, we will immediately destroy or de-identify the information as soon as practicable.

Accessing & Correcting Personal Information

It is important that we maintain accurate, complete and up-to-date personal information and we regularly request that our client’s check and update personal information held by us to ensure it remains current.  All clients are asked to let us know if there are any errors or changes in the personal information we hold.

It is also important that the health information we hold about our clients is accurate, complete, up-to-date, relevant and not misleading.  Clients have a right to request access to the health information we hold about them and, if a client thinks any information we hold about them is incorrect, may request a correction.

Requesting Access or Correction to Personal and/or Health Information

A client, their legal guardian or other authorised representative may request access to, or correction of, personal and/or health information we hold.

Management are responsible for considering all requests to access and/or correct personal and/or health information and responding to the client.

To satisfy ourselves that the request comes from a client (or their legal guardian or other authorised representative), requests for access and/or correction must be in writing and signed by the client (or their legal guardian or other authorised representative) and include the following:

  • clients name, address and date of birth; and

  • the personal and/or health information requested; and

  • how access to the personal and/or health information is preferred (e.g. by email, paper copies or to view); and

  • if another person or organisation is authorised to access the personal and/or health information on the client’s behalf or if the client would like their record transferred in full to a new provider.

Requests can be emailed to carla@sherwoodholistic.com.au.  Clients are not required to provide a reason for requesting access. 

Responding to a Personal and/or Health Information Access Request

Generally, we will provide the requested information within 30 days of receiving the request.

In certain limited circumstances, we may refuse to provide access, such as if:

  • it may threaten our client’s or someone else’s life, health or safety;

  • it may impact someone else’s privacy; or

  • giving access would be unlawful.

If giving certain information would impact someone else’s privacy, we may provide redacted information. If it is not possible to provide information directly to the client because of a concern for their health or safety, it may be provided through an agreed third party. 

If a client requests access in a way that is unreasonable or not practical, we will endeavour to provide it in another satisfactory way.

Where we refuse to provide requested access and/or to provide information in the requested way, we will provide the client (or their legal guardian or other authorised representative) with written notice outlining reasons for refusal and/or why we were unable to provide information in the requested way and the client’s right and how to make a complaint about the refusal.

Responding to a Personal and/or Health Information Correction Request

Generally, we will respond to a request to correct any personal and/or health information within 30 days of receiving the request. 

Upon receiving a request to correct any personal and/or health information held by us, we will consider the reasons for holding such information and review the client’s health information to determine if it is correct. 

We will take reasonable steps to respond to the request and will add, change or delete personal information, including sensitive or health information, where appropriate.

It is important to recognise that our opinion may differ from that of our clients, but this does not mean it is inaccurate.

We may refuse to correct personal information, including any sensitive or health information, where doing so would be unreasonable, for example where we have a legal obligation to hold particular information about a client for a certain period or where we believe the health information we hold is accurate.

Where we refuse a request to correct a client’s personal or health information, we will provide the client with written notice outlining:

  • the reasons for refusing to correct the personal or health information;

  • the client’s right to request that:

    • a statement be associated with their personal information (i.e. a statement that the client (or their legal guardian or other authorised representative) thinks their personal information is inaccurate, out of date, irrelevant or misleading, that we must take reasonable steps to associate the statement with the client’s personal information so that the statement is apparent to users of the personal information; and/or

    • a statement be associated with their health information (i.e. a statement that the client (or their legal guardian or other authorised representative) thinks the health information is inaccurate, out of date, irrelevant or misleading, that we must take reasonable steps to attach the statement to their health information so that other health service providers will know the client disagrees with the information, including but not limited to printing a statement to attach to a physical record or linking the statement to a digital record); and

  • the client’s rights, and how, to complain about the refusal.

Charges

Requesting access to personal and/or health information held by us is free, however we reserve the right to charge an administrative fee for the giving of access to cover the cost of deciding, searching for, locating and retrieving the information and the providing of the personal and/or health information.

The fee will be discussed at the time of receiving a request to provide personal and/or health information and will be based on the extent of the individual request.

Requesting a correction to personal and/or health information held by us does not incur a charge.

Withdrawing Consent

A client (or their legal guardian or other authorised representative) may withdraw consent at any time in relation to any aspect of the use, storage and disclosure of any personal or health information previously provided to us, which can be done either verbally or in writing.

Storage of Personal Information

We may store personal information in both hard and electronic copy. 

We take all reasonable steps to ensure that personal information is securely stored and to protect it from misuse, loss, unauthorised access, modification, interference or disclosure, however we cannot guarantee that unauthorised access to personal information will not occur.

We utilise Halaxy as our practice software, which meets stringent privacy, security and confidentiality standards and data is protected by 256-bit bank grade security and encryption.  We also adopt the following electronic and physical security measures:

  • locked storage of personal records;

  • use of document shredding;

  • authentication and password controls for electronic records; and

  • screensavers for when devices are not in use.

Regular risk assessments are conducted to ensure the appropriate availability, integrity and confidentiality of personal information managed through our systems and programs. 

We do not disclose personal information for any purpose to anyone outside of Australia, except with the express consent of our clients. Halaxy is operated from Melbourne, Australia and its data is stored within Australia in security-protected data centres.

We will take reasonable steps to destroy or de-identify the personal information we hold about clients once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed.  Where we are required by or under an Australian law or court/tribunal order to retain personal information, we are not required to destroy or de-identify the information.

Complaints        

Any queries, concerns or complaints about the way in which we have handled a client’s personal information may be directed to management at any time.

Should we fail to respond within the notified time frame, or a client remains unhappy with our response, a formal complaint can be lodged with the Office of the Australian Information Commissioner (call 1300 363 992 or visit www.oaic.gov.au for further information).

Changes to our Privacy Policy

From time to time our Privacy Policy may be updated to account for changes in information handling practices.  Our updated policy will be publicised to all clients.


All questions or concerns should be directed by email to carla@sherwoodholistic.com.au