We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the privacy Amendment (Notifiable Data Breaches) Act 2017, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation as of 12 March 2014).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is current from October 2020 and is reviewed annually. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.


We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history and contact details. This information may be stored on our computer medical records system and/or in handwritten medical records.

Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers.

We collect information in various ways, such as over the phone, or in writing, in person in our practice. This information may be collected by medical and non-medical staff.

In emergency situations we may also need to collect information from your relatives or friends.
We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.

Use and Disclosure

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, some diseases require mandatory notification, the disclosure of blood test results to your specialist or requests for x-rays.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, the electronic transfer of prescriptions service or to the Myhealth record system. We may also from time to time provide statistical data to third parties for research purposes.

We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.

The Practice participates in the electronic transfer of prescriptions via a secure messaging system and in the transfer of patient information via the PCEHR (personally controlled electronic health record). The PCEHR transfers may be either uploaded or downloaded and are directed by the patient advising what information can or cannot be transferred. Both of these services benefit the patient by allowing the practice to directly send prescriptions to their participating pharmacy and to send / receive patient information from other parties (ie the transfer of patient medication list to the Accident & Emergency department within a hospital). The Practice has procedures in place to ensure any patient data sent electronically via these methods is encrypted and unable to be accessed by anyone other than the intended recipient.

A patient has a right to seek access or correction of their personal information contained in a PCEHR

Data Quality and Security

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.

Personal information that we hold is protected by:

  • securing our premises;
  • placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
  • Complying with the Notifiable Data Breaches (NDA) Act 2017.
  • providing locked cabinets and rooms for the storage of physical records.


If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us in writing (see details below).


You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

Overseas Transfer of Data

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.


The Practice takes complaints and concerns about the privacy of patients’ personal information very seriously. Patients have a ‘right to complain’ and where possible patients and others are encouraged to raise any concerns directly with the practice team who are trained to make sure patients of the practice feel confident that any feedback or complaint made will be handled appropriately and within a timely manner.

We believe most complaints can be responded to and resolved at the time the patient (or other people) such as a carer, relative, or friend makes the complaint known to us. All complaints are reviewed by the practice manager. Where necessary the patient will be contacted by either the practice manager. Any actions required to minimise the circumstances from happening again, are documented and signed off on completion. Staff training will be provided if required.

Examples of complaints or concerns may include breach of privacy. Complaints can be supplied in writing to Wahroonga Family Medical Practice ATT: Practice Manager, Level 1 Suite 10, 2 Redleaf Avenue Wahroonga NSW 2076. (Please mark these Confidential)

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner on 1300 363 992 or the Privacy Commissioner in your State or Territory on 1800 472 679.