Privacy Policy

1. Overview & Scope

This Privacy Policy explains how Burpengary East Medical Centre & Skin Cancer Clinic (“we”, “our”, “the practice”) manages personal and health information (including sensitive health details) in accordance with the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and relevant State/Territory health records laws.

2. Accountability & Privacy Governance

We have appointed a Privacy Officer responsible for privacy governance, training, incident response, and compliance reviews. Staff receive regular education on handling health information and confidentiality obligations.

3. What We Collect & Why

We collect identification (name, date of birth, contact details), health details (medical history, medications, immunisations, allergies, family/social history), and administrative details (Medicare number, healthcare identifiers, health fund info). Data is collected directly from patients or from third parties such as guardians or other providers. The primary purpose is to deliver healthcare services. Secondary uses, such as quality improvement or audits, are permitted when directly related to patient care.

4. Consent & Collection Notices

Patients receive a Privacy Collection Notice at the outset of care explaining how information will be used and disclosed. Consent is sought for sharing data with external providers or systems. Special handling applies for patients with impaired capacity, genetic data, or in serious-threat disclosure scenarios.

5. Use, Disclosure & Sharing

We may share information with other healthcare providers, accredited third parties under confidentiality agreements, My Health Record or e-prescribing services (with consent), research bodies (with consent or ethics approval), as required by law, or in cases of serious threat to health or safety. No direct marketing occurs without opt-in consent.

6. Overseas Disclosure

We will not send personal information overseas unless required by law or with explicit informed consent and safeguards in place.

7. Data Security Measures

All records are stored electronically in secure systems with multi-factor authentication, encryption, and secure disposal processes. We use secure messaging for transmitting health data and prohibit unencrypted email for health details.

8. Access and Correction

Patients can request access to or correction of their information in writing. We respond within 30 days, with costs if applicable. If refused, reasons will be provided in accordance with APP 12–13.

9. Complaints & Data Breach Handling

Complaints should be submitted in writing to reception or the Privacy Officer. If unresolved, patients may contact the OAIC or the Office of the Health Ombudsman (Qld). We follow mandatory data breach notification laws.

10. Website, Cookies & Online Data

We collect comment data, IP addresses, browser info, and cookies for site functionality. Embedded content may allow third-party tracking. Users can request export or deletion of their stored data, except where retention is legally required.

11. Review and Updates

This policy is reviewed annually, or sooner if required by law. Last updated August 2025. Updates will be posted on our website and notified within the practice.