top of page


Your Health Information and our Privacy Policy

The law gives you certain privacy rights to information that you give to this Medical Practice.  We need your consent to collect personal information about you. The fact that you have come here implies that you consent to us knowing about your health situation either for an event or generally.
We are committed to protecting the privacy of our patients within our Practice. Information collected is kept strictly confidential and used only for the medical and health care of patients.
To ensure patients who receive care from the Practice are comfortable in entrusting their health information to the Practice. This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our Practice, and the circumstances in which we may share it with third parties in accordance with the Victorian Health Records Act 2002, Victorian Information Privacy Act 2000, and the Privacy Act 1988 (Commonwealth); Privacy Act Amendment 2001; Privacy Act Amendment 2012 outlining the Australian Privacy Principles (APP).
This policy applies to all employees and patients of Healthspan Medical (the "Practice"). 
Practice Procedure
Ensure staff comply with the Australian Privacy Principles (APP) and deal appropriately with inquiries or concerns.
Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints.
Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.
The Practice staff will take reasonable steps to ensure patients understand:

  • What information has been and is being collected.

  • Why the information is being collected and whether this is due to a legal requirement.

  • How the information will be used or disclosed.

  • Why and when their consent is necessary.

Collection, Use and Disclosure
The Practice recognises that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the privacy compliance standards relevant to ensure personal information is protected.
The information we collect about you may include:

  • Names, addresses, contact details and dates of birth.

  • Medicare number for identification and electronic prescriptions.

  • Healthcare identifiers.

  • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
A patient’s personal information may be held at the Practice in various forms:

  • As paper records

  • As electronic records.

  • As visual records ie: x-rays and photos.

The Practice may collect your personal information in several different ways:

  • When you make your first appointment our Practice staff may collect your personal and demographic information via your registration or by completing a pre-appointment questionnaire.

  • During the course of providing medical services, we may collect further personal information.

  • We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.

  • In some circumstances, personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary) or from other involved healthcare specialists, healthcare services, pathology and diagnostic image services as well as your health fund, Medicare or the Department of Veterans’ Affairs (as necessary).

The Practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.
Personal information collected by the Practice may sometimes be used or shared in the following instances:

  • For the purpose where the patient was advised during consultation with the treating Doctor.

  • As required during the normal operation of services provided. i.e. for referral to a medical specialist or another health service provider.

  • During the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary). We do not share your health information unless you consent to do so explicitly.

  • When there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification).

  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent eg: to assist in locating a missing person.

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy.

  • When it is required or authorised by law (eg court subpoenas), confidential dispute resolution processes or medical defence purposes.

  • We may also use parts of your de-identified health information for research purposes, in study groups or at seminars as this may provide a benefit to other patients. You can let our reception staff know if you do not want your information included.

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our Practice will not share personal information with any third party without your consent and will employ all reasonable endeavours to ensure that a patient’s personal information is not disclosed without their prior consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent. The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s consent in writing. The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed.
Data Quality
Patient information collected for the purpose of providing quality health care will be complete, accurate, and up-to-date at the time of collection.
Data Security
All due care will be taken to ensure the protection of patient privacy during the transfer, storage, and use of personal health information.
Retention of medical records is for a minimum of 7 years from the date of last entry into the patient record, unless the patient is a child in which case the record must be kept until the patient attains the age of 25 years of age.
Access to Patient Information and Correction
The following will apply with regard to accessing personal and private medical information by an individual:

  • An individual has the right to request access their own personal information and request a copy or part of the whole record.

  • Individuals have the right to obtain their personal information in accordance with the Victorian Information Privacy Act 2000. Requests must be made in writing and an acknowledgement letter will be sent to the patient within 14 days confirming the request and detailing whether the request can be complied with and an indication of any costs associated with providing the information. Time spent and photocopying costs when processing a request can be passed on to the requesting patient. Information can be expected to be provided within 30 days.

  • Whilst the individual is not required to give a reason for obtaining the information, a patient may be asked to clarify the scope of the request. In some instances, the request to obtain information may be denied, in these instances the patient will be advised.

  • Patients may also request the Practice correct or update their personal information.

  • Upon request by the patient, the information held by the Practice will be made available to another health provider.

Parents/Guardians and Children
To protect the rights of a child’s privacy, access to a child’s medical information may at times be restricted for parents and guardians. Release of information may be referred back to the treating Doctor where their professional judgement.

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit or call the OAIC on 1300 363 992.

Our Practice values the privacy and security of our patients' personal information. This statement outlines how we collect, use, and protect personal information through our website, social media interactions, and digital communications.
1. Information Collection via Our Website:
When you visit our website, we may collect personal information that you voluntarily provide, such as your name, contact details, and inquiries about our services.
Our website may use cookies and similar tracking technologies to enhance your browsing experience, understand site usage, and improve our services. Cookies are small data files stored on your device that help us remember your preferences and gather information about your interactions with our site.
2. Social Media and Digital Communications:
If you interact with us through social media platforms or by email, we may collect information that you voluntarily share in these communications, such as inquiries, feedback, or requests for service.
Please be cautious when sharing sensitive personal health information over social media or unencrypted email, as these platforms may not be secure.
3. Use of Collected Information:
The information we collect is primarily used to respond to your inquiries, provide requested services, and improve our patient engagement and website functionality.
We may also use aggregated, non-identifiable data for analytics and service improvement purposes.
4. Data Protection and Privacy:
We implement stringent measures to safeguard the confidentiality and security of your personal information. Access to this information is restricted and is only used for the purposes stated above.
We comply with applicable privacy laws and regulations in handling personal data and do not share your information with third parties without your consent, except as required by law.
5. Your Rights and Choices:
You have the right to access, correct, or delete your personal information that we hold. You can also opt out of certain uses of your information, such as declining cookies on our website.
If you wish to exercise these rights or have any questions about how we handle your personal information, please contact us at
Your trust is important to us, and we are committed to ensuring the privacy and integrity of your personal information as we engage through our digital platforms.



Regular Review and Updates to Our Privacy Policy.


Policy Review

Our Practice is committed to maintaining the highest standards of privacy and data protection. Therefore, our privacy policy is regularly reviewed to ensure it remains current and effective in safeguarding your personal information.


This review process takes into account any changes in legal requirements, technological advancements, and best practices in privacy and data protection.


Notification of Amendments

In the event of any amendments or updates to our privacy policy, we will notify our patients in a timely and transparent manner.

Notifications of policy updates will be communicated through the following channels:

  • Email Communication: We will send an email to the address you have provided us, outlining the nature of the changes and how they may impact you.

  • Website Notification: The updated privacy policy will be promptly posted on our website, along with a summary of the changes and the effective date of the new policy.

  • In-Practice Notices: For those visiting our practice, we will display notices informing you of any significant changes to our privacy policy.

  • Social Media Announcements: We may also use our social media platforms to inform our followers about updates to our privacy policy.


Your Continued Consent

By continuing to use our services and digital platforms after these changes are made, you agree to the revised policy. We encourage you to review our privacy policy periodically to stay informed about how we are protecting the personal information we collect.



If you have any questions or concerns about our privacy policy, its regular review, or how policy changes are communicated, please do not hesitate to contact us at We are here to ensure your privacy and information security and will be happy to address any inquiries or feedback you may have.

bottom of page