Privacy Policy
At PrimeMedix Medical Centre, we are committed to protecting your privacy and maintaining the confidentiality of your personal information, including your health information.
This Privacy Policy explains how we collect, use, hold, store and disclose your personal information, and the circumstances in which it may be shared with third parties.
This policy is developed in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), applicable State and Territory health records legislation, and the **Royal Australian College of General Practitioners (RACGP) Standards for General Practices (5th Edition), particularly Criterion C6 – Information Security.
Consent and When It Is Required
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information to provide you with appropriate healthcare.
Only authorised staff who require access to your personal information in order to perform their duties will be able to access it.
If we need to use your personal information for any purpose not directly related to your healthcare or practice operations, we will seek additional consent from you.
Consent is also obtained prior to the use of AI-assisted documentation tools where applicable.
Why We Collect, Use, Hold and Share Your Personal Information
Our primary purpose for collecting your personal information is to provide healthcare services and manage your health.
We may also collect, use and share your information for directly related business activities, including:
- Medicare and private health fund claims and payments
- Practice audits and accreditation
- Staff training and quality improvement activities
- Research and analysis to improve the quality of care
- Legal, regulatory and compliance requirements
- Business and administrative processes
We may use patient data in a de-identified form to improve population health outcomes. De-identified information does not identify individual patients and is stored securely within Australia. You may notify reception if you do not wish your de-identified information to be included.
What Personal Information We Collect
We may collect the following types of personal information:
- Name, date of birth, sex, ethnicity, address and contact details
- Medical history, medications, allergies, adverse events, immunisations, family history, social history and risk factors
- Test results and diagnostic reports
- Medicare number (where available)
- Healthcare identifiers
- DVA and concession details
- Private health fund details (if applicable)
Anonymity and Pseudonymity
You may choose to deal with us anonymously or under a pseudonym, unless it is impracticable for us to do so or we are required or authorised by law to deal only with identified individuals.
How We Collect Your Personal Information
We may collect your personal information in several ways:
- During registration at your first appointment.
- During consultations and ongoing medical care.
- Through electronic systems including:
- Electronic Transfer of Prescriptions (eTP)
- AI-assisted medical scribe technology
- My Health Record (e.g., Shared Health Summary, Event Summary)
- Through our website, email, SMS, phone calls, online booking systems or social media communications.
- From other sources where it is impracticable to collect directly from you, including:
- Your guardian or responsible person
- Other healthcare providers (specialists, allied health professionals, hospitals, pathology and diagnostic imaging services)
- Medicare, your health fund, or the Department of Veterans’ Affairs
When and With Whom We Share Your Personal Information
We may share your personal information:
- With other healthcare providers involved in your care
- With third-party service providers (e.g., IT providers, accreditation agencies) who comply with APPs and privacy laws
- When required or authorised by law (e.g., subpoenas, statutory disease notification)
- To lessen or prevent a serious threat to life, health, safety or public health
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For confidential dispute resolution processes
- During the provision of healthcare via AI-assisted scribe tools, eTP or My Health Record
Only authorised individuals will access your information.
We do not disclose personal information overseas without your consent, except where permitted by law.
All AI-assisted medical scribe processing occurs on secure Australian-based servers. Audio recordings are transcribed securely and are not permanently stored. Clinical notes generated are reviewed and verified by the treating practitioner before inclusion in your medical record.
We do not use your personal information for marketing without your express consent. You may opt out at any time in writing.
Storage and Security of Personal Information
We store personal information securely in accordance with:
- The Privacy Act 1988 (Cth)
- Australian Privacy Principles (APPs)
- RACGP Standards (5th Edition)
We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification or disclosure.
Electronic Records
Most information is stored in secure electronic clinical systems protected by:
- Unique user accounts and strong passwords
- Role-based access controls
- Multi-factor authentication (where available)
- Automatic screen locking
- Firewalls and antivirus software
- Secure encrypted backups
- Audit trails tracking record access
Systems are hosted on secure Australian servers or with reputable providers compliant with Australian privacy laws.
Staff and Contractor Responsibilities
All staff, contractors and third-party providers:
- Sign confidentiality agreements
- Receive privacy and security training
- Are bound by professional and legal confidentiality obligations
- Access patient information only as required for their role
Accessing and Correcting Your Information
You have the right to request access to and correction of your personal information.
Requests must be made in writing (via our Personal Health Information Request Form). We aim to respond within 30 days.
We will take reasonable steps to correct information that is inaccurate or outdated. You may request corrections in writing addressed to the Practice Manager.
Privacy Complaints
We take privacy complaints seriously.
Complaints should be made in writing to the Practice Manager via:
PrimeMedix Medical Centre
2/12–16 MacMahon Place
Menai NSW 2234
Phone: (02) 9057 9833
We will:
- Acknowledge receipt within three (3) working days
- Respond within thirty (30) working days
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.
Website and Digital Privacy
Where personal information is collected through our website or digital communications, we take reasonable steps to protect it.
Our website may collect information you voluntarily provide via contact forms, appointment requests or email.
We may use cookies and analytics tools to improve website performance. These may collect non-identifiable data such as browser type, pages visited and time spent on the site. You may disable cookies in your browser settings, although functionality may be affected.
Policy Review
This Privacy Policy is reviewed regularly to ensure it remains current and reflects changes to legislation, technology or practice operations.
The most recent version will be available on our website and at reception. Significant changes will be communicated via notice in our practice and/or on our website.
Disclaimer
This Privacy Policy provides a general overview of how PrimeMedix Medical Centre manages personal and health information in accordance with applicable Australian privacy laws and professional standards.
It does not constitute legal advice and does not create contractual rights beyond those imposed by law. While reasonable efforts are made to ensure compliance with applicable legislation and standards, laws may change and their application may vary depending on circumstances.
To the maximum extent permitted by law, PrimeMedix Medical Centre disclaims liability for loss or damage arising from reliance on this Privacy Policy.
This policy may be updated from time to time to reflect legislative or operational changes.