Privacy Policy


To ensure patients who receive care from the Practice are comfortable in entrusting their health information to the Practice. This policy provides information to patients as to how their personal information (which includes their health information) is collected and used within the Practice, and the circumstances in which we may disclose it to third parties.


The Australian Privacy Principles (APP) provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consist of 13 principle-based laws and apply equally to paper-based and digital environments. The APP complement the long-standing professional obligation of medical practitioners to manage personal information in a regulated, open, and transparent manner.

Practice procedure

The Practice will:

  • provide a copy of this policy upon request
  • ensure staff comply with the APP and deal appropriately with enquiries or concerns
  • take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with enquiries or complaints
  • collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.

Staff responsibility

Practice staff will take reasonable steps to ensure patients understand:

  • what information has been and is being collected
  • why the information is being collected, and whether this is due to a legal requirement
  • how the information will be used or disclosed
  • why and when their consent is necessary
  • the Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.

Patient consent

The Practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.

Collection of information

The Practice will need to collect personal information as a provision of clinical services to a patient at the practice. Collected personal information will include patients’:

  • names, addresses and contact details, including those of next of kin
  • Medicare number and other identifiers required for identification and claiming purposes.
  • healthcare identifiers
  • medical information including medical history, psychiatric history, medications, allergies, adverse events, immunisations, family history, developmental and social history, and information required to perform a thorough psychiatric assessment including assessment of all relevant risks.

A patient’s personal information may be held at the Practice in various forms:

  • as paper records
  • as electronic records
  • as visual – x-rays, CT scans, videos and photos
  • as audio recordings.

The Practice’s procedure for collecting personal information is set out below.

  • Practice staff collect patients’ personal and demographic information via registration when patients present to the Practice for the first time. Patients are encouraged to pay attention to the collection statement attached to/within the form and information about the management of collected information and patient privacy.
  • During the course of providing medical services, the Practice’s healthcare practitioners will subsequently collect further personal information.
  • Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.

The Practice takes all reasonable steps to ensure secure storage of all patient data, whether in electronic format in protected information systems, or in hard copy format in a secured environment.


Where lawful and practicable you have the option of using health services without identifying yourself, however in the private psychiatric context this is not practicable and would be likely to compromise patient safety and quality of care, for example as regards obtaining collateral information and assessment of risk.

Use and disclosure of information

Hills Psychiatry collects personal information for a number of purposes (being the primary purposes of collection), including but not limited to:

  • provision of psychiatric and medical care to patients
  • maintaining the safety of patients and others
  • claims and billing
  • administration
  • professional development (in de-identified form)
  • adherence to best practice standards for record-keeping

Disclosure may occur to third parties engaged by or for the Practice for business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy. The Practice will not disclose identifiable personal information to any third party other than in the course of providing psychiatric services without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient.

Transborder data flows

The Practice will not disclose personal information to anyone outside Australia without need and without patient consent. This includes electronic storage of patient records.

Exceptions to disclosure without patient consent are where the information is:

  • required by law
  • necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • to establish, exercise, or defend an equitable claim
  • for the purpose of a confidential dispute resolution process.

Direct marketing

The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt out of direct marketing at any time by notifying the Practice in writing.

Dealing with unsolicited personal information

The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed. This process is guided by principles of harm-minimisation, patient autonomy and dignity, best practice, and all relevant ethical, professional, and legal responsibilities and codes of conduct.

Access, corrections, and privacy concerns

The Practice acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing, and the Practice will respond within a reasonable time. We can provide you with a form to make this request.

The Practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. If your details change or you believe our records are not current or accurate, please inform us of the correct details as soon as possible in writing.

The Practice takes complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing to Dr Strachan at the address below. The Practice will then attempt to resolve it in accordance with its complaint resolution procedure.

Any privacy queries should be directed to:

Dr A. Strachan     Telephone: (08) 8311 3755