Privacy Policy

Effective date: 22 June 2024

This page outlines the Privacy Policy for my private practice, and should be read in conjunction with my Cookie Policy.

1. Overview

Personal information that I collect is managed in accordance with the Health Records (Privacy and Access) Act 1997, the Privacy Act 1988 (Cth), the Health Records Act 2001, the Privacy Amendment (Notifiable Data Breaches) Act 2017, and other relevant legislation. 

2. Definitions

Personal Information means information or an opinion about an individual who is identified, or who can reasonably be identified, from the information, whether or not the information or opinion is true or recorded in a material form and includes sensitive information.

Sensitive Information means information or an opinion, that is also personal information, about a person’s racial or ethnic origin, political opinions, memberships of political, professional and trade associations and unions, religious and philosophical beliefs, sexual orientation or practices, criminal history, health information, and genetic and biometric information.

3. The kind of personal information that I collect and hold

I collect a range of personal and sensitive information in the course of providing psychological services to my clients. This information is managed in your Client Service Record and Confidential Client File.

Information collected and managed in your Client Service Record would include your name, pronouns, date of birth, sex assigned at birth, gender, contact information, communication preferences, occupation, emergency contact, billing information, Medicare number, DVA card number, referring doctor, and referral source, as well as any additional information you volunteer relating to variations of sex characteristics, sexual orientation, languages spoken, cultural identity/descent, and country of birth.

Your Client Service Record also includes a record of your appointments, invoices, encrypted payment card details, payments, Medicare rebates, online booking activity, and response to automated text messages and emails.

Information collected and managed in your Confidential Client File would include file notes documenting the psychological services that I have provided; relevant information collected during the provision of these services; copies of any service-related letters or reports; and any other service-related documents that we have agreed to store on your file.

4. How your personal information is collected

Your personal information is collected both during and between consultations when we communicate with each other in person, or by phone or email. Your personal information is also collected during service-related oral and written communications that I have with your referring doctor, or other third parties such as your insurer, rehabilitation provider, or other health professionals involved in your treatment.

5. Where your personal information is held

Information in your Client Service Record and Confidential Client File is primarily held in my practice management software, and relevant information from your Client Service Record is also held in accounting software and payment/rebate processing software that are integrated with my practice management software.

Personal information contained in service related correspondence may also be held in my encrypted email service and password protected mobile phone. Additionally, I use an encrypted file transfer service when required, for the secure transfer of client files.

6. Use

Your personal information is collected and used for the purposes of documenting and informing the psychological services that I provide, supporting the administration of my business, and supporting my compliance with the various ethical and legal obligations that are required of me as a clinical psychologist and sole trader.

7. How long your personal information is held for

Personal information managed in your Client Service Record and Confidential Client File is held until at least seven years after the day that a service was last provided (or, if you were under 18 years old when the last service was provided, until the day you turn 25 years old). 

A register is kept for a further seven years documenting any records that are deleted/destroyed after the mandated holding period (or transferred to another entity within the holding period). 

8. Who else has access to your personal information

My administrative assistants have access to your Client Service Record as well as limited access to some documents within your Confidential Client File for administrative purposes. 

My accounting firm has access to information within your Client Service Record that has been shared with my accounting software, for accounting and bookkeeping purposes.

The colleague nominated in my practice contingency plan (currently Clinical Psychologist Alexi O’Dea) has access to your Client Service Record and Confidential Client File for the purposes of taking over the management of these records in the event of my death or incapacitation. 

9. Disclosure

Your personal information will remain confidential except when:

  • It is subpoenaed by a court;

  • Failure to disclose the information would, in my reasonable belief, place you or another person at serious risk to life, health or safety;

  • Your approval has been obtained to:

    • provide a written report to another professional or agency; or

    • discuss the material with another person, such as your doctor or a rehabilitation provider; or

    • disclose the information in another way;

  • You would reasonably expect your personal information to be disclosed to another professional or agency and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected; or

  • Disclosure is otherwise required or authorised by law.

Note that psychologists are listed as ‘mandated reporters’, which means that I’m legally required to make a report to child protection agencies if I believe on reasonable grounds, based on information obtain during the course of (or because of) my work, that a child or young person has experienced, or is experiencing sexual abuse, or non-accidental physical injury.

Your personal information will not be disclosed to overseas recipients, unless you provide consent for such disclosure, or disclosure is required by law.

Your personal information will not be used, sold, rented, or disclosed for any other purpose.

In the event that unauthorised access, disclosure, or loss of your personal information occurs, I will activate my data breach action procedures and use all reasonable endeavours to minimise any risk of consequential serious harm.

10. Anonymity and pseudonymity

It is not possible to engage my services anonymously. However, you are welcome to use a pseudonym and limit the amount of personal information you provide, where practical.

11. Requests for access to and correction of your personal information

You can lodge an oral or written request with me to view and/or obtain a copy of your Client Service Record or Confidential Client File. Access will be given within 30 days of me receiving your request. If necessary, we will make an appointment to review the records together, so that I can explain the contents and answer any questions you might have. A fee may be charged for this service.

If you are satisfied that your personal information is inaccurate, out of date, or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected.

12. Complaints

If you have any concerns or complaints regarding the management of your personal information, let me know and I will attempt to address them as best I can.

You may also lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone (1300 363 992), by post (Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001), or online at https://www.oaic.gov.au.