Security and Privacy

The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, must not be disclosed in any form (verbally, in writing, electronic forms inside/outside our practice) except for strictly authorised use within the patient care context at our practice or as legally directed.

Personal health information is kept out of view and is not accessible by the public.

All patient health information must be considered private and confidential, and therefore must not be disclosed to family, friends, staff or others without the patient’s consent. This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception.

Any information given to unauthorised personnel will result in disciplinary action, possible dismissal and other legal consequences. Each staff member must sign a confidentiality agreement on commencement of employment.

In addition to Federal legislation, Drysdale Clinic also complies with State or Territory legislation.

Last updated on 31 Jan 2023

1. Openness

This practice has made this and other material available to our patients to inform them of our policies on management of personal information. On request this practice will let patients know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold, use and disclose that information.

2. Anonymity

A patient has the right to be dealt with anonymously, provided this is lawful and practicable. However, in the medical context this is not likely to be practicable or possible for Medicare and insurance rebate purposes. It could also be dangerous to the patients health.

3. Collection of Information

It is necessary for us to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes.

4. Unsolicited Information

If we receive personal information and we did not request that information, we will destroy and/or de-identify that information.

5. Collection - Notification

If we collect information from our patients it will be used for the purposes outlined.

6. Use And Disclosure

A patients’ personal health information is used or disclosed for purposes directly related to their health care and in ways that are consistent with a patients’ expectations. In the interests of the

highest quality and continuity of health care this may include sharing information with other health care providers who comprise a patients’ medical team from time to time. In addition there are circumstances when information has to be disclosed without patient consent, such as:

  • Emergency situations
  • By law, doctors are sometimes required to disclose information for public interest reasons, e.g. – mandatory reporting of some communicable diseases.
  • Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate    p purposes.

In general a patients’ health information will not be used for any other purposes without their consent.

There are some necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing, billing and so forth.

7. Direct Marketing

The practice does not use or disclose personal information for the purposes of direct marketing. We will contact you regarding health recalls, appointment reminders, preventative health measures or similar health related issues.

8. Cross Border Disclosure

Except in exceptional circumstances, or with the patients written consent, we do not send information overseas; if we need to send overseas we will take steps to protect patient privacy. We do not store any information outside Australia.

9. Government Identifiers

These are numbers, letters or symbols that are used to identify patients with or without the use of a name. (e.g.- Medicare Numbers). We will limit the use of identifiers assigned to patients by Government agencies to those uses necessary to fulfil our obligations or as required by law

10. Information Quality

All patient information held by this practice relevant to the functions of providing health care will be maintained in a form that is accurate, complete and up to date.

11. Information Security

The storage, use and, where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for medical practices to keep patient information after a patients’ last attendance for as long as is required by law or is prudent having regard to administrative requirements. Where data is to be destroyed this will be done in a secure manner or in a way to ensure the information is de-identified.

12. Access to Information

Patients may request access to their personal health information held by this practice . A fee may apply and access to information in Victoria is covered under the Victorian Health Records Act 2001. There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained. e.g. – providing access would pose a serious threat to life, prohibited by court order.

13. Correction

Australian Privacy Principals. (APP’s)

The Commonwealth Privacy Act was amended in 2012 and from March 2014 will incorporate 13 Australian Privacy Principles (the APP’s) that set out the rules for the handling of personal information in Australia. The APPs replace the previous 10 National Privacy Principles (NPP).

In the interests of providing quality health care this practice has developed a privacy policy that complies with the privacy legislation and the APPs.

The provision of quality health care is our principal concern. It requires a doctor patient relationship of trust and confidentiality. Your doctor regards patient health information as confidential and will only collect this information with patient consent.

A patient’s personal information is handled in accordance with this practice’s privacy policy and consistent with the privacy legislation. Patients are entitled to know what personal information is held about them; how and under what circumstances they may have access to it; why it is held; its use; to whom and under what circumstances it may be disclosed; when consent is required for these purposes; and how it is stored.

Every effort will be made to discuss these matters with patients at the time personal health information is collected from patients attending this practice. Because there will be occasions when it is not practical to make patients aware of these matters at the time of collection this brochure is designed to outline how this practice endeavours to protect the privacy of patients’ personal health information.

Where the practice receives a request in relation to any of the APPs outlined, it is generally accepted that the practice will respond within 30 days of the request being received.

Information about the APPs is available online at: – Fact Sheet 17

The Victorian Health Records Act 2001 is available online at:


If you are not satisfied with our service, please contact us. We take complaints seriously and aim to resolve them quickly and fairly. Please direct any complaints to the doctors or the practice manager, Louise Purtell.​

If you remain dissatisfied with our response, you may contact the Health Complaints Commissioner (HCC). The HCC responds to complaints about health services and the handling of health information in Victoria. Their service is free, confidential and impartial.

To lodge a complaint with the HCC: Fill out a complaint form online at or Phone 1300 582 113 between 9am and 5pm, Monday to Friday to discuss your complaint.

Drysdale Clinic supports good privacy practice