Privacy Policy
Our Commitment to Your Privacy
Rachel Fitzpatrick Acupuncture (“I”, "we," "us," or "the Clinic") is committed to protecting the privacy of our patients. We manage personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant Queensland State Laws regarding health records and confidentiality.
Collection of Health Information
As a provider of acupuncture and allied health services, we collect "sensitive information" (health information). We only collect information necessary to provide you with healthcare services. This includes:
Identification: Name, address, date of birth, and contact details.
Clinical History: Medical history, family history, symptoms, medications, and lifestyle data.
Notes: Clinical observations and treatment plans recorded during your sessions.
Financials: Medicare details, private health fund information, and billing history.
Use and Disclosure
Your information is used primarily for your clinical care. We will not disclose your information to others unless:
Consent: You have given express consent (e.g., to share results with your GP or a specialist).
Duty of Care: Disclosure is necessary to lessen or prevent a serious threat to life, health, or safety (consistent with APP 6).
Legal Obligation: We are required by law, such as reporting notifiable conditions under the Public Health Act 2005 (Qld) or responding to a court subpoena.
Business Operations: For internal activities like quality assurance, accreditation, or processing health fund rebates.
Data Security and My Health Record
We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access.
Digital Security: We use encrypted, password-protected clinical software hosted on Australian servers.
My Health Record: If you use the Australian Government’s My Health Record system, we comply with the My Health Records Act 2012 regarding the uploading and accessing of your digital health summary.
Mandatory Data Breach Notification
In the event of a data breach (e.g., unauthorised access to your records) that is likely to result in serious harm, we are required under the Notifiable Data Breaches (NDB) scheme to notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
Retention and Disposal of Records
In accordance with Queensland health industry standards and the Health Sector (Clinical Records) Retention and Disposal Schedule:
Adult Records: Retained for a minimum of 7 years from the date of your last attendance.
Children’s Records: Retained until the child attains the age of 25 years. Once the retention period expires, records are destroyed securely (e.g., via professional cross-shredding or permanent digital deletion).
Accessing and Correcting Your Information
You have a right to access the personal information we hold about you.
Requests should be made in writing to our Clinic
If you believe the information we hold is inaccurate, out-of-date, or incomplete, we will take reasonable steps to correct it within 30 days.
Overseas Disclosure
We do not typically disclose personal information to overseas recipients. If we use third-party cloud services (such as booking platforms), we ensure they store data in compliance with Australian Privacy Laws.
Complaints
If you have a concern about how your privacy has been handled, please contact our Clinic directly. If you are unsatisfied with our response, you may contact:
The Office of the Australian Information Commissioner (OAIC): oaic.gov.au
The Office of the Health Ombudsman (Queensland): oho.qld.gov.au