Privacy & Confidentiality Policy
Physio Interactive respects the privacy of all people including the people who use the service, employees, volunteers, members, donors and business partners and is committed to safeguarding the personal information that is provided.
Each participant is advised of the Physio Interactive’s Privacy and Confidentiality Policy using the language, mode of communication and terms the participant is most likely to understand. This may mean engaging a translator, speaking to your nominee or any other preferred communication method, as required.
- Privacy: is defined as a person’s right to keep their personal matters and relationships known to only a select group of
- Confidentiality: is the protection of personal
- Personal Information: as defined in the Privacy Act 1988 means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not;
- And whether the information or opinion is recorded in a material form or not.
- Physio Interactive is committed to best practice in relation to the management of information we collect. Physio Interactive has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles Disability Service Act 2006.
Our policy is to inform you of:
- the kinds of information that we collect and hold, which, as an allied health practice group, is likely to be ‘health information’ for the purposes of the Privacy Act;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you may access your personal information and seek the correction of that information;
- how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
- whether we are likely to disclose personal information to overseas recipients;
What kinds of personal information do we collect?
The type of information we may collect and hold includes:
- Your name, address, date of birth, email and contact details
- Medicare number, insurance details, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
- Other health information about you, including:
- Notes of your symptoms or diagnosis and the treatment given to you
- Your GP/specialist reports and test results
- Your appointment and billing details
- Your prescriptions and other pharmaceutical information
- Your dental records if required
- Your genetic information
- Your healthcare identifier
- Any other information about your race, sexuality or religion, when collected by a health service provider.
How do we collect and hold personal information?
We will generally collect personal information:
- From you directly when you provide your details to us. This might be via a face to face discussion, telephone conversation, registration form or online form.
- Where a person is not able to provide the information, Physio Interactive may collect the information from another person who has legal responsibility for the person or who acts as a recognised representative/nominee for the person.
- From third parties where the Privacy Act or other law allows it – this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme, a third party insurer and your employer.
- Physio Interactive may also collect personal information in its normal communications, including when a person:
- Emails employees
- Contacts Physio Interactive by telephone
- Provides their business card
- There are some circumstances where Physio Interactive may receive personal information that was not requested. When this happens, Physio Interactive will decide whether or not the collected information could have been obtained from that person, had they asked. Physio Interactive may use or disclose that information to make that decision.
Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
- To provide health services to you
- To communicate with you in relation to the health service being provided to you. Sensitive information will only be used for direct marketing if consent has been given.
Consent may be implied in certain circumstances. Implied consent arises where consent may reasonably be inferred in the circumstances from the conduct of the individual and the practice.
You may opt out of direct marketing at any time by notifying your practice, and let them know they can do that by sending the practice a letter, email or Phone Call.
- Mail to: PO Box 566 NSW 2161.
- Email: email@example.com
- Or by phone to: 1300 749 946
- To comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
- To help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our information management systems
- For consultations with other doctors and allied health professional involved in your healthcare;
- To obtain, analyse and discuss test results from diagnostic and pathology laboratories
- For identification and insurance claiming
- If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
- To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
Use and Disclosure of Information
Physio Interactive only holds personal information for the primary purpose it was given. It is not to be used or disclosed to anyone else for a secondary purpose unless one of the following applies:
- The person has agreed
- The person would expect Physio Interactive to use or disclose the personal information for the secondary purpose as it relates to the primary purpose
- It is required or authorised by law
- A permitted general situation exists (see s.16A of the Privacy Act)
- A permitted health situation exists (see s.16B of the Privacy Act), in which case, steps must be taken to de-identify the information before it is disclosed
- Physio Interactive believes that the use or disclosure of the information is necessary for an enforcement related activity (e.g. Federal Police, Immigration, ATO)
- Physio Interactive does not sell, loan or give away any information that the service collects.
- Notice will be placed in the local newspaper indicating the way in which clients should arrange for the transfer of their record to another physiotherapist and/or allied health professional.
When hard files are due to be destroyed they are shredded as directed by the DCS
Consent to exchange your information
If you agree to Physio Interactive sharing and receiving information about you from third parties, you will need to fill in and sign a Consent to Exchange Your Information form.
Physio Interactive will share this form with third parties to show them you have agreed for Physio Interactive to talk to them about you and exchange information about you. If you do not want this to happen, you do not have to give your permission. If after signing this form you decide you do not want Physio Interactive to have permission anymore, you can withdraw your consent by contacting Physio Interactive.
There are certain circumstances where Physio Interactive may also be required or allowed by law to talk to other people about you; give them your information or ask for information about you without your consent.
How can you access and correct your personal information?
If a person asks for access to their personal information held by Physio Interactive the Service will allow access unless there is a reason under the Privacy Act or any other law not to give access to the information. These reasons may include:
- a serious threat to the life, health or safety of any individual, or to public health/safety
- it would impact on the privacy of other individuals
- the request is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings
- it would prejudice negotiations with the individual
- it would be unlawful
- denying access is authorised by law
You have a right to seek access to, and correction of the personal information which we hold about you. This is charged at $38.00 +GST for the first 30 pages, then $1.00 +GST for each page thereafter.
Electronic records are charged at a fixed fee of $35.00 + GST.
Physio Interactive will respond to the request for access to the personal information within a reasonable time and will give access in the way requested by the person, if it is able to do so.
If changes are required in relation to: correcting their information, withdrawing or amending their prior consent, this needs to be communicated in through a practical means for the person, and Physio Interactive will make clear written documentation of this.
How do we store your personal information?
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:
- Holding your information on an industry specific database. Physio Interactive uses ‘NetPhysio’ which is stored securely on our in-house server.
- Strong password protections have been applied for any access to the server and the database.
- Access to the server is limited to in-house clinic use only for all staff members except for the Director and Partner who have external access from their homes.
- The server is watched, maintained and updated regularly by our IT Company with the most up-to-date security features.
- Holding your information in secure cloud storage as a back-up (this information is encrypted and can only be accessed by the director of Physio Interactive and the IT Company.
- The IT Company engaged is a nationwide provider with a strict confidentiality agreement in place.
- All electronic records are kept indefinitely and are made inactive at the discretion of the DCS and treating practitioner or practice partner in the event the treating practitioner is unable to advise.
- Non-electronic information is stored in archive boxes in a secure setting, with surveillance and back-to-base monitoring.
- All hard copies of information are stored safely and securely on the premises and kept for a minimum of 7 years after final attendance at the practice. In the case of a child, files are stored for 7 years after the final attendance after the child has turned 18 (25 years of age).
- Our staff sign confidentiality agreements. Employees, volunteers and contractors who may have access to personal and sensitive information in the course of their duties are bound by their commitment to confidentiality.
- Practitioners and staff will protect personal health information against unauthorised access while it is being stored and transmitted.
- Staff will ensure that clients and other visitors to the practice will not have access to the health record, and that records or any other documents containing personal information are not left where they may be accessed by unauthorised persons.
- Fax, e-mail and telephone messages will be treated with security equal to that applying to health records.
- Practitioners and staff will ensure that personal health information held in the practice is secured against loss or alteration of data.
- Client records will not be taken away from the practice except when required by clinical staff for the care of a patient and kept securely during this time. The responsible clinician will ensure that the record is returned to the practice and left in an appropriate place for filing.
- Staff nominated for closing the practice will ensure that the building is locked, alarm set prior to leaving the practice.
- Our practice has document retention and destruction policies. No record will be destroyed at any time without the permission of the treating practitioner or of the DCS if the treating practitioner is no longer involved in the practice.
- In the event of a practitioner being deceased or transferring out of the practice, the practice will post a notice in the practice waiting room or on the practice website informing patients.
- In the event of a departing practitioner they may choose to individually inform each client, asking the client to nominate a practitioner to whom the record should be transferred.
- If the practice closes, clients will be contacted individually if considered reasonably practicable.
Anonymity and Pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.
However, at Physio Interactive, the provision of services is likely to be impacted, and billing via Medicare or health insurer, third party insurer, NDIS and other third parties where applicable is likely to be impracticable. You however may seek certain treatments and may be prepared to forego notifying your insurer or seeking a Medicare benefit and pay Physio Interactive directly.
If this is you, ask to speak to the manager at the practice you attend to make the necessary arrangements for you.
Privacy related questions and complaints
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days.
All privacy related enquiries shoulder be sent to:
- Mail to: PO Box 566 Guildford NSW 2161.
- Email: firstname.lastname@example.org
- Or by phone to: 1300 749 946
If you are dissatisfied with our response, you may refer the matter to the OAIC:
- Phone: 1300 363 992
- Email: email@example.com
- Fax: +61 2 9284 9666
- Post: GPO Box 5218
Sydney NSW 2000
- Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint
We may disclose your personal information to the following overseas recipients:
- any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider)
- overseas transcription services for clinical records such as but not limited to clinical notes
- overseas based cloud storage
- anyone else to whom you authorise us to disclose it
- An overseas service based in Pakistan or Philippines, to manage the accounts of Physio Interactive for the purpose of accounts and bookkeeping specific tasks.
Privacy and websites
On our website, we use browser cookie to record and store NPII related to your navigation of our websites including session information, access and usage preferences and pattern to help identify and track your usage our websites to provide for personalization of your navigation on our websites, promotion and marketing to you and also to improve our service delivery to you. For your understanding, cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.
Remember that opting out is browser-specific. So, if you have multiple browsers or multiple devices you use to access the internet and the websites, you’ll need to opt out from each device or browser.
On our website, there is a section to communicate with us by requesting a call back. You will need to provide us with your name, phone number and email address for this function to work properly.
Privacy and Social Media
Physio Interactive adheres to the policies regarding privacy and social media published by The Office of the Australian Information Commissioner on the below link:
Updates to this policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice’s website.
Breaches of privacy
Breaches of privacy and/or confidentiality by employees, volunteers and contractors will be dealt with in accordance with Physio Interactive’s Incident Management Policy.