Infinity Health Medical Centre Privacy Policy

Purpose of this Policy

Who can I contact about this policy?

For enquiries about this policy, please contact: Practice Manager – pm@infinityhealthgreensquare.com.au on (02) 8252 6599.

Why and when your consent is necessary

When you register as a patient, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible heathcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything ese, we will seek additional consent from you to do this. We will also obtain informed consent for telehealth, real-time audio/visual recording.

What personal information do we collect?

The personal information we collect about you includes:

• name, date of birth, addresses, contact details, emergency contact details. Medicare number (where available) for identification and claiming purposes.
• medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
• Healthcare identifiers, health fund details.
• Wherever it is lawful and practicable, patients may need to remain anonymous when receiving care from our practice. In these circumstances, the use of an alias may be the most appropriate approach.

Why do we collect, use, store and share your personal information?

We collect, use, store and share your personal information to provide you with the best healthcare by managing your health safely and effectively. This includes:

• Providing healthcare services and managing your medical record;
• Billing, financial claims and payments;
• Directly related business activities such as practice audits, accreditation and internal staff training; and
• Quality and safety improvement initiatives within the practice.

How do we collect your personal information?

We may collect your personal information in various ways, including:

• When you make your first appointment, our staff will collect your personal and demographic information via our new patient registration form.
• When providing medical services, we collect further personal information. Other methods we receive information are “myhealth record” and electronic downloads from the hospital or pathology
• We may also collect your personal information when you send us an email, telephone us, make an appointment or communicate with us.
• In some circumstances, personal information may also be collected from other sources. Sometimes it is not practical or reasonable to collect it from you directly. This may include the following:
  • your guardian or responsible person.
  • involved healthcare providers, such as specialists, allied health, hospitals, pathology and diagnostic services, etc.

Can you deal with us anonymously?

Where lawful and practicable, you may deal with us anonymously or use a pseudonym. However, in many cases, it may be impractical to provide clinical services without identifying you.

How do we store and protect your personal information?

• Your personal information may be stored at our practice in various forms.
• Our practice stores information, as electronic records, which may include visual (X-rays, CT scans, videos and photos) records.
• Our practice stores all personal information securely in electronic format, in protected information systems in a secure environment. We ensure that all PCs in the practice are password-protected and that electronic information is backed up regularly in the unlikely instance of an adverse event.

Who do we share your personal information with?

• With healthcare providers, during the course of providing medical services/ when it forms part of the patient of a medical condition.
• when it is required or authorised by law (e.g court subpoenas)
• when it is necessary to lessen or prevent serious threat to a patient’s life, health or safety or public health or safety.
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim, and/or for the purpose of confidential dispute resolution process
• when there is statutory requirement to share information (e.g diseases or virus mandatory notification)
• Our practices used automated technologies (eg. Best Practice) – where relevant information is populated in referrals, investigation requests, etc.

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent. We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Use of de-identified information and quality improvement

We may use your information to improve the quality of our services (e.g practice audits, accreditation and training). We also provide de-identified health information to the Central and Eastern Sydney Primary Health Network (PHN) via the POLAR data extraction tool to help plan and fund services for our community. You can opt out of having your de-identified data included – please tell reception or the practice manager if you do not wish to participate.

Will your information be used for marketing

We will not use your personal information for direct marketing for our goods or services without your express consent. If you consent, you may opt out at any time by notifying us in writing.

Technology we use

We use a secure clinical software Best Practice to generate documents such as referrals that contain only relevant medical information. All users have unique credentials and access appropriate to their role. Our doctors may use AI scribe services with note-taking during consultations. These services comply with the Australian Privacy Principles. Patient consent is required to proceed with AI scribe. Audio from your consultation will be turned into text within the consultation. AI does not record your voice, but offers a speech to text, allowing general practitioners to write up clinical notes which are efficient and accurate. These notes are all kept within Australian borders, and patient data will not be kept anywhere else. It is compliance with Australian Privacy Principles.

Email, online bookings and SMS

Email is not a secure form of communication, unless encrypted. We prefer not to employ the use of email for the purposes of transferring personal information or communicating with patients. Email should not be used as the first line of information for time-critical matters, such as appointment management or clinical concerns.

Patients who provide an email address may receive correspondence such as administrative forms, notifications or practice updates. If you do not wish to receive emails, please advise our reception team so we can update your communication preferences. To ensure accurate and secure correspondence, ensure your email address is kept up to date with the practice at all times.

Our online bookings and SMS reminders are facilitated through Hotdoc. If you subscribe to this service, Hotdoc will access necessary personal details:

• Name
• Address
• Contact number

To provide this service, For more information on their privacy and security policy please see their website – https//www.hotdoc.com.au/privacy-policy

You have the right to request access to your personal information

You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing, by completing our request for a personal information form, and our practice will respond within a reasonable time. We endeavour to respond to these requests within 30 days. An administration fee may apply to produce records, depending on the format requested. You will not be charged for making the request – only for reasonable costs of complying with it i.e hard copy or soft copy.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time to time, we ask you to verify your personal information held by our practice is correct and up-to-date. You may also request that we correct or update your information, and you should make such requests in writing addressed to the practice manager.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

• We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you have in writing to our Practice Manager.
• Our location is: INFINITY by Crown, Shop 108/305 Botany Rd, Zetland NSW 2017. We aim to respond within 30 days.
• You may also contact the OAIC. The OAIC may require you to give them time to respond, before they will investigate. For further information, visit www.oaic.gov.au or call the OIAC on 1300 363 992

Policy Review:

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. We will notify you of any changes via the website. All revisions of the document will replace the previous version and will be available on the website or at reception.

Last Reviewed: March 2026 | Next Review Date: March 2027
Version Date: 9 March 2026

Please do not hesitate to ask one of our reception team members for the version of our practice policy on how we manage your privacy.