Practice privacy policy

The Privacy Act 1988 and the Australian Privacy Principles require our practice to have a document that clearly sets out its policies on handling personal information, including health information.

This document, called a Privacy Policy, outlines how we handle personal information collected (including health information) and how we protect this information.

Our practice has used the privacy policy template available from the RACGP and this has been adapted to reflect how our practice collects and uses personal information.

Our privacy policy is displayed in the waiting room and also on the practice information sheet and practice website, and is readily presented to anyone who asks.

Our collection of information statement informs patients about how their personal health information will be used, including by other organisations to which the practice usually discloses patient information to, and any law that requires the particular information to be collected. Patient consent to the handling and sharing of personal patient health information is sought and documented early in the process of clinical care, and patients are made aware of the collection statement when giving consent to share health information.

According to the Privacy Act 1988 and the Australian Privacy Principles, an organisation may use or disclose personal health information for a purpose (the secondary purpose) which is directly related to the primary purpose of collection without seeking consent, but only if the individual would have a reasonable expectation that the information could be used or disclosed for that secondary purpose.

Your medical record may be used and disclosded for communicating with other treating doctos, allied health professionals or specialists, disease notification as required by law, legal related disclosures as required by a court of law and for research purposes with information de-identified.

A directly related secondary purpose for the use and disclosure of personal health information in our practice includes the many activities necessary for the provision of a health service, such as management, funding and monitoring, as well as complaint-handling, planning, evaluation and accreditation activities.

It is essential to recognise the importance of ‘reasonable expectation’ as many individuals may be unaware of the range of activities for which their personal health information may be used and disclosed, such as the accreditation processes. Our practice ensures we tell patients how, and for what purpose, personal health information collected about them could be used or disclosed. Patients are advised of this ‘secondary purpose’ in a number of ways, including:

  • At the time of the consultation with a general practitioner
  • Via the practice privacy statement in the practice information sheet
  • Via the practice privacy statement on signage on the walls of the practice, practice website and/or
  • By reading, understanding and signing a new patient information form when first registering at the practice, which incorporates the practice privacy statement.

It is important we maintain a patient’s right to ‘opt out’ of the secondary purpose through refusal to consent. If an individual expresses negative views or opposition when made aware of a proposed secondary use or disclosure of their personal health information, this would indicate that they have a reasonable expectation that their personal health information will not be used or disclosed in that manner, and their non-consent is recorded on file.

If you have any questions or concerns regarding matters with privacy, please contact us on