Privacy Policy

Protecting the privacy of your personal information

In compliance with the Privacy Amendment (Private Sector) Act 2000, we have developed a Practice Privacy Policy that governs the handling of your personal information.

Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion (P57 Guidelines on Privacy in the Private Health Sector, Office of the Federal Privacy Commissioner – October 2001).

Privacy Policy

The Federal Privacy Act incorporates the Australian Privacy Principles (APPs) that set out the rules for the handling of personal information in the private health sector. In the interests of providing quality health care this practice has implemented a privacy policy that complies with the Privacy Act (1988) and the APPs (2014) Full details of the Australian Privacy Principles are available from reception upon request. Any enquiries regarding this Policy should, in the first instance, be directed to Practice Management.

We aim to explain clearly how personal information about you and your health is recorded and managed in this practice. Your doctor will be happy to discuss this with you the ways in which this practice complies with the Australian Privacy Principles are set out below:


It is necessary for us to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes. We will give patients a registration form with a consent for collection on their first visit.

During the course of providing medical services, we may collect further personal information This scan be  from other health care providers, discharge notifications, health funds, Department of Health, electronic transfer of prescriptions (eTP), My Health Record, (e.g. via Shared Health Summary, Event Summaries).

We may also collect information from your communication with us, through our website, SMS, telephone, social media and online appointments.

A copy of this privacy policy is available on request, and a copy kept in reception. Where possible, we will aim to provide you with a copy in the same format as requested, for example by email, we also have a copy on the website.

The information we will collect about you includes your:

  • Names, date of birth, addresses, contact details,
  • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors,
  • Medicare number (where available) for identification and claiming purposes,
  • Healthcare identifiers,
  • Health fund details.

Use and Disclosure

A patient’s personal health information is used or disclosed for purposes directly related to their health care and in ways that are consistent with a patient’s expectations. In the interests of the highest quality and continuity of health care this may include sharing information with other health care providers who comprise a patient’s health care team from time to time, this includes GP’s, practice nurses, registrars and students, allied health professionals, support staff. The use of this data is determined by what is required for patient care. In general, a patient’s health information will not be used for any other purposes without their consent.

There are circumstances when information has to be disclosed without patient consent, such as:

  • Emergency situations,
  • By law, e.g. mandatory reporting of some communicable diseases it may be necessary to disclose information about a patient to fulfil a medical indemnity insurance obligation,
  • Provision of information to Medicare or private health funds if relevant for billing and medical rebate purposes.

Where relevant we have the ability to share your information during the course of providing medical services, through eTP and My Health Record (e.g. via Shared Health Summary, Event Summary).

There are also necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing,  billing, service monitoring activities, improving the administration of the practice and disclosure to a clinical supervisor.

We will use all the contact details that a patient provides where necessary, for purposes directly related to the patient’s health care. This will include making contact for preventative health reminders.

The practice can also use SMS or email for the following activities:

  • Preventative health reminders
  • Important practice updates (such as seasonal closing times)
  • Relevant Health awareness campaigns (immunisation awareness updates or Men’s health focus)

A patient has the right to choose if they do not want to have their SMS or email used in this way and have options to opt in and out at any time by responding to opt out emails or informing us verbally or in writing. It is important to note that opting out of SMS and email does not opt the patient out from receiving Health Reminders (such as CST or blood check reminders) and alternative means (such as post) will be used.

We will also use a patients SMS details to remind them of appointments and appointment changes. A patient can opt in and out at any time, in writing or verbally with a panaceum group staff member.

Data Quality

All patient information held by this practice relevant to the functions of providing health care will be maintained in a form that is accurate, complete and up to date.

Data Security

The storage, use, and where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for the practice to keep patient information after a patient’s last attendance for as long as is required by law (7 years or until a minor turns 25 years) or is prudent having regard to administrative requirements. Data will only be accessible to authorised personnel involved in patient care or administration of that care. Any data to go to a third party will be discussed with the patient involved and the patients consent will be obtained and documented except in the exceptional circumstances as listed above in ‘use and disclosure”.

Notifiable Data Breaches Scheme. If a breach of personal information (data) occurs in our practice, we must notify the individuals involved and the Office of the Australian Information Commissioner (OAIC).

This is known as the Notifiable Data Breaches scheme. We must notify the individuals involved and the OAIC if personal information is lost; accessed by an unauthorised person or disclosed to an unauthorised person; and this is likely to result in serious harm to someone; and we can’t take steps to prevent the risk of serious harm.


This practice has made this and other material available to patients to inform them of our policies on the management of personal information. On request this practice will, generally, let patients know what sort of personal information we hold, and for what purposes, and how we collect, hold, use and disclose that information.

Access and Correction

Patients may request access to their personal health information held by this practice or its transfer to another health provider. All requests for access to personal health information will need to be made in writing. The Practice Privacy Officer or the patients normal GP will review and manage the request and will respond to the request within 30 days. A designated form is available for patients to use to request access to personal health information.

This practice acknowledges the right of children and young people to privacy of their health information. Based on the professional judgement of the doctor and consistent with the law, it might be necessary at times to restrict access to personal health information by parents or guardians

The practice encourages patients to ensure that information held is accurate and up to date and to amend any information that is inaccurate. A charge may be payable where the practice incurs a cost in providing access. This is for administrative costs such as photocopying, etc.

Where access is restricted or denied, the reason for this will be explained to the patient by their regular GP.


These are numbers or symbols that are used to identify patients with or without using a name e.g.

Medicare or DVA numbers. The practice will limit the use of identifiers assigned by other agencies to those uses necessary to fulfil our obligations to those agencies e.g. Medicare claims.


A patient has the right to be dealt with anonymously, provided that this is lawful and practical.

However in the health context this is unlikely to be practical and may in some circumstances impact of the quality of care and treatment. All requests of this nature will be referred to the practice Privacy Officer.

Trans border data flows

The individual’s privacy is protected by federal privacy legislation and State privacy legislation.  This practice does not send data / information to locations outside of Australia.

Sensitive information

Health information is sensitive information for the purposes of the privacy legislation. This means that generally patients’ consent will be sought to collect the information that is needed to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient health care.

We also have aUse and Collection of Health Information sheet” which sets out information on the collection, use and disclosure of your health information. This is given to patients at the first visit. If you would like a copy of the form, please let the practice staff know.

For further information you can speak to the Privacy Officer; which is our Practice Manager on the premises.


The best way to deal effectively with concerns and complaints is to communicate openly and respectfully. This often reduces the likelihood of the problem escalating and becoming more difficult to deal with.

This practice recognises the right of patient’s to raise their concerns about privacy and confidentiality. Patients are asked to contact the Practice Privacy Officer or their treating GP if they have any concerns regarding the collection, use or disclosure of the personal health information.

We will endeavour to acknowledge your complaint within 2 working days of receiving it. Where possible, a response to your complaint will be provided to you within 14 days of the date we acknowledge your complaint. Where this is not possible, due to the complexity of your complaint or other factors, we will keep you informed.

If you are dissatisfied with any aspect of our Privacy Policy, and your concerns are not dealt with to your satisfaction by our practice Privacy Officer and staff, you may complain to:

The Panaceum Group, 233 Lester Avenue, Geraldton WA, 6530, Ph: 08 9920 8111

Office of the Australian Information Commissioner: 1300 363 992