PRIVACY POLICY

Practice: Huntlee Doctors
Author: Maree Mitchell
Current as of: 15/12/2025
Next Review Date: 15/12/2026

1. Introduction

Huntlee Doctors is committed to protecting the privacy, confidentiality and security of your personal information, including your health information. This Privacy Policy explains how we collect, use, store and disclose your personal information, and how you may access or correct that information.

This policy has been developed in accordance with:

• The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• The My Health Records Act 2012 (Cth)
• Relevant NSW health records and mandatory reporting legislation
• RACGP Standards for General Practices (current edition)

2. Why We Collect Your Information

Our GPs and practice team collect personal and health information to provide you with safe, high‑quality healthcare. Accurate and complete information assists us to diagnose, treat and manage your health appropriately.

A medical record includes all information collected for the purpose of providing care, including but not limited to:

• Clinical notes and progress notes
• Referrals, specialist letters and correspondence
• Pathology and diagnostic imaging results
• Prescriptions and medication records
• Immunisation records
• Appointment records and billing information
• Photographs, scans, X‑rays and other diagnostic images

3. Consent

When you register as a patient of Huntlee Doctors, you provide consent for our GPs and authorised practice staff to collect, access, use and disclose your personal information for the primary purpose of providing healthcare.

Only staff members who require access to your information to perform their duties are permitted to do so. If your information is required for a secondary purpose not directly related to your care, we will seek your additional consent unless otherwise permitted or required by law.

4. What Information We Collect

The personal information we may collect includes:

• Identifying information: name, date of birth, address, contact details and emergency contact details
• Demographic information (where relevant and permitted by law)
• Health information: medical history, medications, allergies, adverse reactions, immunisations, family and social history, risk factors and clinical notes

• Medicare number, Department of Veterans’ Affairs (DVA) number or health fund details (for identification and claiming purposes)
• Healthcare Identifiers

5. Anonymous and Pseudonymous Dealings

Where practicable, you may deal with us anonymously or using a pseudonym. However, this may not be possible when providing medical care, processing Medicare claims, or where identification is required by law.

Huntlee Doctors does not routinely communicate clinical information via standard email. Communication is generally provided via telephone, secure electronic systems or secure password protected email.

6. How We Collect Your Information

We may collect your personal information in the following ways:

1. When you register as a new patient or book an appointment
2. During consultations and the provision of medical services
3. Through secure electronic systems such as ePrescribing, My Health Record (including Shared Health Summaries), and other eHealth services
4. When you contact us by telephone, submit online forms, book appointments online, or communicate via approved digital platforms
5. From third parties where it is impracticable to collect information directly from you, including:
   • Parents, guardians or authorised representatives
   • Other healthcare providers involved in your care (e.g. specialists, hospitals, allied health, pathology and imaging services)
   • Medicare, DVA or health funds, where necessary

7. Use and Disclosure of Personal Information

We may use or disclose your personal information:

• To provide medical care and manage your health
• To communicate with other healthcare providers involved in your care, using secure electronic referral systems
• For practice operations such as accreditation, quality improvement, staff training, billing and audits
• Where required or authorised by law (e.g. subpoenas, mandatory disease notifications)
• To prevent or lessen a serious threat to life, health or public safety
• To assist in locating a missing person
• For legal or dispute resolution purposes

Only information necessary for the relevant purpose is disclosed, and strict confidentiality is maintained at all times.

We do not disclose your personal information to overseas recipients unless permitted by law or with your explicit consent.

Huntlee Doctors does not use your personal information for direct marketing without your express consent. You may withdraw consent for marketing at any time by notifying the practice in writing.

8. Storage and Security of Information

Your personal information is stored securely in electronic medical record systems, including diagnostic images and clinical documents.

We take reasonable steps to protect your information from misuse, loss, unauthorised access or disclosure, including:

• Secure, password‑protected clinical software systems
• Role‑based access controls
• Confidentiality agreements for staff and contractors
• Secure electronic transmission of eReferrals, eScripts, SMS appointment reminders and recalls

9. Access to and Correction of Your Information

You have the right to request access to, and correction of, your personal information.

Requests for access to medical records must be made in writing using a Medical Record Transfer Consent Form. We will respond within a reasonable timeframe, generally within 30 days.

There is no fee for making a request; however, a reasonable administrative fee may apply to cover the cost of providing copies. Any applicable fees will be advised in writing.

If you believe information we hold is inaccurate, incomplete or out of date, you may request correction in writing. Requests should be directed to the Practice Manager at:

Email: [email protected]

Use of Artificial Intelligence (AI) Tools

Huntlee Doctors uses Heidi Health AI as a clinical documentation support tool during consultations. Heidi Health AI assists clinicians by generating draft clinical notes based on consultation information. All notes are reviewed, edited and approved by the treating clinician before being added to your medical record.

Heidi Health AI operates in accordance with Australian privacy and security requirements. No information is used for purposes other than clinical documentation, and all data is handled securely in line with our privacy obligations.

10. Privacy Complaints

We take privacy concerns seriously. If you have a complaint regarding the handling of your personal information, please submit it in writing to the Practice Manager, including your full name, contact details and details of the complaint.

We will acknowledge and investigate your complaint and aim to respond within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

11. Policy Review

This Privacy Policy is reviewed regularly to ensure compliance with legislative changes and best practice standards. The current version is available at the practice, and patients will be notified of material changes where appropriate.

For further information about privacy, visit www.oaic.gov.au.