Privacy Policy 



1. Purpose

Edge Hill Clinic is committed to protecting the privacy and confidentiality of patient information in accordance with applicable Australian privacy laws. This policy outlines how we collect, use, disclose, store, and manage personal and health information.

 


2. What Information We Collect

We collect personal and health information necessary to provide safe, high-quality medical care and manage our practice.

This may include:

  • Name, address, date of birth, contact details
  • Medicare, DVA, or health fund details
  • Medical history, family history, medications, and clinical notes
  • Referral letters, reports, and diagnostic results
  • Billing and payment information
  • Emergency contact or next of kin details

Where reasonable and practicable, we collect information directly from the patient. We may also collect information from:

  • Referring doctors or specialists
  • Other healthcare providers
  • Hospitals, pathology, or imaging services
  • Family members or carers (with consent or where appropriate)

 


3. Sensitive Information

Health information is classified as sensitive information under privacy law. We will only collect this information with:

  • Patient consent, or
  • Where required or authorised by law

 


4. How We Use Your Information

We use personal and health information for purposes including:

  • Providing medical care and treatment
  • Communicating with patients and other healthcare providers
  • Administrative functions (appointments, billing, reminders)
  • Medicare and health fund claims
  • Quality assurance, accreditation, and clinical audits
  • Legal and regulatory compliance

 


5. Disclosure of Information

We may disclose patient information:

  • To other healthcare providers involved in your care
  • To Medicare, private health insurers, or DVA
  • For referral, testing, or treatment purposes
  • To medical defence organisations or insurers
  • Where required by law (e.g. court orders, mandatory reporting)
  • In emergencies where necessary to prevent serious harm

We will not disclose information for unrelated purposes without consent.

 


6. Data Storage and Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.

This includes:

  • Secure electronic medical record systems with restricted access
  • Password protection and user access controls
  • Secure storage of physical records
  • Confidential disposal of records (e.g. secure shredding services)

 


7. Data Retention

We retain medical records in accordance with legal requirements:

  • Adults: Minimum 7 years from last attendance
  • Children: Until age 25 (or 7 years after turning 18)

Records may be retained longer where clinically or legally appropriate.

 


8. Access to Your Information

Patients have the right to request access to their health information.

  • Requests should be made in writing
  • Identification may be required
  • Reasonable fees may apply for copies or administration
  • Access may be refused in limited circumstances (e.g. risk of harm), with reasons provided

 


9. Correction of Information

If you believe your information is inaccurate or incomplete:

  • You may request a correction
  • Corrections will be made where appropriate
  • Original records are not deleted but annotated in line with clinical standards

 


10. Children and Privacy

We recognise the rights of minors to privacy.

  • Access to a child’s records may be restricted based on clinical judgement and legal requirements
  • We follow the principles of mature minor consent under Australian law

 


11. Use of Identifiers

We use identifiers (e.g. Medicare numbers) only where necessary for lawful purposes such as billing and identification.

 


12. Anonymity

Patients may request anonymity where lawful and practicable. However, in most medical situations this is not feasible due to:

  • Safety concerns
  • Medicare and insurance requirements

 


13. Overseas Disclosure

We generally store data within Australia. If information is disclosed overseas (e.g. cloud-based systems), we take reasonable steps to ensure compliance with Australian privacy laws.

 


14. Website and Digital Communication (if applicable)

If you interact with us online or via email:

  • We take reasonable steps to secure communications
  • However, electronic transmission carries some risk
  • Patients may opt out of electronic communication

 


15. Complaints

If you have concerns about your privacy:

Step 1: Contact the Practice Manager
Edge Hill Clinic

We will investigate and respond within a reasonable timeframe.

Step 2: If unresolved, you may contact:
Office of the Australian Information Commissioner (OAIC)
 OAIC complaints page

 


16. Updates to This Policy

This Privacy Policy may be updated from time to time to reflect changes in legislation or practice operations. The current version will always be available at reception or upon request.

 


17. Contact Us

Edge Hill Clinic
Practice Manager
(07) 4081 3088