Our Privacy Policy


APP 1 of the 13 Australian Privacy Principles requires our practice to have a document that clearly sets out its policies on handling personal information, including health information. These new privacy law regime commenced on 12 March 2014 and replaced the ten National Privacy Principles (NPPs)

This document, commonly called a privacy policy, outlines how we handle personal information collected (including health information) and how we protect the security of this information. It must be made available to anyone who asks for it and patients are made aware of this.

The collection statement informs patients about how their health information will be used including other organisations to which the practice usually discloses patient health information and any law that requires the particular information to be collected. Patient consent to the handling and sharing of patient health information should be provided at an early stage in the process of clinical care and patients should be made aware of the collection statement when giving consent to share health information.

In general, quality improvement or clinical audit activities for the purpose of seeking to improve the delivery of a particular treatment or service would be considered a directly related secondary purpose for information use or disclosure so we do not need to seek specific consent for this use of patients’ health information, however we include information about quality improvement activities and clinical audits in the practice policy on managing health information.(Refer Section 8 Accreditation and Continuous Improvement)


We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:

  • A sign at reception
  • Our patient information sheet
  • New patient forms- “Consent to share information ”
  • Verbally if appropriate
  • The practice website.


New patient form includes; Patient Consent I give consent for my Patient Health Information to be provided to Health Organisations such as The Pap Smear Registry and Immunisation Registry. This clinic also uses SMS and Email communication for reminder and clinical updates. If you do not wish to consent – please discuss this with your doctor.

…………………………………..Patient Signature



North Mitcham Clinic Privacy Policy
5/ 90 Mitcham Road Donvale 3111
Telephone: 9842 2555


This Privacy Policy also includes a Collection Statement:

Karen Croxford, Clinic Manager is the Privacy Officer who co-ordinates, implements and monitors privacy policy. She is the liaison officer for all privacy issues and patient requests for record access under legislation. She will co-ordinate the implementation of any new legislation and promote the policy to all interested parties including patients, GP’s and staff. She also formulates privacy policy and conducts privacy reviews.

The primary purpose of our practice is to provide comprehensive, coordinated and continuing whole person medical care for individuals, families and the community.

The information we collect includes any identifying details including DOB, address, telephone numbers, NOK, Emergency contacts, marital status, employer details, Medicare No, Health Identifier no, Health insurance details, Ethnicity, allergies and other sensitivities, ATSI status, past and current medical history, social history, medical procedures, diagnostic tests, results, referrals, reports from other health providers, xrays, progress notes, financial details related to billing, medications, immunisations and work cover examinations. Where possible information is collected directly from the patient.

The purpose of the collection of this material is to gain sufficient information to provide for the optimal ongoing management of each patient’s health.

The data is stored electronically on the computer. The data is accessed only via authorised GPs and staff. Computers have password access. Staff who access files have signed privacy agreements. Practice manager and reception staff require access to accounts, demographic records and from time to time the actual medical records. GP’s are also aware of privacy restrictions and access issues and use passwords for computer access.

The data is used for primary purpose and related secondary purpose by GP’s, practice manager, practice nurses and reception staff. Patients referred to another health service provider will be aware that information is given to that service provider for the normal course of ongoing patient care and management. Account details are used to gain payment from Medicare / Insurance.

If research is conducted, then each patient provides informed consent for his/her personal health information to be released. Patient information is also supplied to specific health organisations, that is Pap Smear Registry and Immunisation Registry. Patients are made aware of this verbally and via information notices within the clinic and may opt out of this service if they wish.

Deidentified research may also be conducted to improve processes within the practice in the form of a clinical audit, such as the Health Atlas. For a quality improvement activity undertaken within a general practice, where the primary purpose is to monitor, evaluate or improve the quality of healthcare delivered by the practice, ethics approval is not required.

Under certain legislation we must disclose patient information. This includes Notifiable Diseases under the Infectious Diseases Act, The Adoption Act, and records must be disclosed under court orders, subpoenas, search warrants and Coroner’s Court cases.

The patient has the right to access of their own personal health information. A possible exception to this would be at the doctor’s discretion if it was felt that the release could cause harm to the patient.

Request for information may be made in discussion with the doctor, or discussed at reception who will be able to provide the patient with appropriate forms or direct the patient to the Privacy Officer. A Transfer of History form is also available at the front desk.

If the patient has a complaint they should talk to the practice manager or their doctor or direct their complaint to The Health Services Commissioner Level 26, 570 Bourke St, Melbourne, Victoria 3000. Phone: 1300 582 113

Social Media Policy

This policy provides guidance for employee use of social media. Social media has many forms. This policy must be broadly applied to all forms of social media; these include but are not restricted to Facebook, Twitter, LinkedIn, Share, Blogging, Messenger, message boards, chatrooms, electronic newsletters, online forums, social networking sites, and wikis.


  • Employees need to be aware that their actions may have an impact on their individual image as well as the practice’s image. The information that employees post or publish may be public information for a long time. Employees must use their best judgement in posting material that is neither inappropriate nor harmful to the practice, its employees or patients.
  • Our practice may observe the content and information made available by employees through social media.
  • Examples of prohibited social media conduct include posting commentary, content or images that are defamatory, pornographic, proprietary, harassing, or libelous.
  • Employees are note to publish, post or release any information that is considered confidential or not public.
  • Employees must get appropriate permission before referring or posting images of current or former employees, contractors or patients.
  • Employees must be clear that their online posts as personal and purely their own. The practice should not be held liable for any repercussions the employee’s content may generate.
  • Employees must show respect for others’  and others’ opinions in all posts.

Overall employees must observe the principles of integrity, professionalism, privacy and impartiality when posting online.

There may be disciplinary implications for employees not complying with the practice’s social media policy and guidelines.

The RACGP’s Guide for the use of social media in general practice is available at www.racgp.org.au/your-practice/ehealth/social-media