Health and Medical Services privacy policy

This privacy policy is to provide information to you, our client, on how your personal information (which includes your health information) is collected and used within our service, and the circumstances in which we may share it with third parties.


This privacy policy is to provide information to you, our client, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

How do you provide consent?

When you register as a client of our practice, you provide consent for us to collect, access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for a purpose other than as considered by this policy, we will seek additional consent from you to do this.

What personal information do we collect?

The information we will collect about you includes:

  • name, date of birth, ID numbers, next of kin, addresses, email address and telephone numbers
  • medical history, medications, allergies, adverse events, immunisations, social history, cultural background, family history, test results, clinical digital images, referral details and risk factors
  • Medicare number or OSHC policy number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details.

Why do we collect, use, hold and share your personal information?

Patient care

We collect, maintain, use and disclose personal information about you in order to assist us to provide you with appropriate care, treatment and services. Your personal information is used by us:

  • to provide you with medical care and services;
  • to provide you and/or a nominated third party with information that may assist you in managing and improving your health; and
  • as a medical history for you that allows us to provide you with better care as it assists with identifying changes to your health over time.

Operating our business

We use your personal information as necessary to manage our administration, including storage of data, and management of accounts and payment for the services provided to you.  Specifically, we will use and, where necessary, disclose your personal information:

  • to obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
  • if the circumstances require, we may disclose your personal information to our insurers or those of our GP’s;
  • to manage and store your personal information in a secure fashion (via our on-premise software),
  • for data entry and data analytics purposes; and

We may use your personal information to communicate with you, including to:

  • respond to your online enquiries or process requests for appointments;
  • advertise to you particular products and services that may be of interest to you; and
  • send you appointment reminders (including by SMS or email) in relation to obtaining services from our practice. This enables us to contact you, for example, to make follow-up appointments to discuss test results, or to remind you that you, or a dependant, are due for an immunisation, pap smear, annual health assessment or other type of consultation or test.

Teaching and research

We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our practices.  We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.

Other disclosures

We may be required by law to disclose your personal information without your consent.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

Please note that all Medicare and OSHC claims need to be made using your correct details.  Should you choose to visit the practice under a pseudonym, rebates may not apply.

How do we collect your personal information?

We collect personal information about you in several ways, including from:

  • you directly;
  • someone who has responsibility for you (your parent, carer or guardian);
  • information collected by an employee of our practice, such as a receptionist or nurse;
  • information from external health providers which is provided to our practice and placed on the record of the patient; and
  • information collected through websites in the form of online enquiries or requests for appointments.

When you attend our practice to obtain services from our GP’s, we create a unique digital medical record for you.  Every time a medical service is provided for you, new information is added to your medical record.


When you visit our website, a small data file called a “cookie” is stored on your computer or mobile device by our server. Cookies can only store information that is explicitly provided by the visitor in the first place, or information that the website already has about the user, such as their IP address.

We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites.  Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.

Who do we share your personal information with?

We sometimes share your personal information:

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • With other healthcare providers

  • When it is required or authorised by law (e.g. court subpoenas)

  • When it is necessary to lessen or prevent a serious threat to a client’s life, health or safety, a third parties life, health or safety or public health or safety
  • To assist in locating a missing person
  • To establish, exercise or defend an equitable claim
  • For the purpose of confidential dispute resolution process
  • When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)

Only people that need to access your information will be able to do so. Other than while providing medical services or as otherwise described in this policy, our service will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms including: electronic records, paper-based records and as visual records (X-rays, CT Scans, videos and photos).

We take reasonable steps, and implement reasonable safeguards, to ensure the protection of the personal information that we hold. Our practice stores all personal information securely. The Health and Medical Service network is operated on a secure network maintained by firewalls, within a secure Griffith University framework.

All staff require an individual username and password to access the University network, and a username and passwords are required to access any Health Service software. Passwords are changed regularly to restrict access to the network.

All paper records are secured in locked filing cabinets and drawers. The keys are securely stored and can only be accessed by staff.

As the Health and Medical Service is part of the University, we are bound by the applicable Queensland State Archives disposal and retention schedules, regarding how long we keep your records.

How can you access and correct your personal information at our practice?

You may request access to the personal information we hold about you.  You can also request that corrections be made to it.  We will respond to your request within a reasonable time.

There are some circumstances where we are not required to give you access to or correct your personal information, for example, if disclosure may cause a serious threat to your health or safety.  We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.

There is no fee for requesting access to your personal information or for us to make corrections.  However, we will charge a fee for our costs involved in collating and providing you with access to any personal information.  That fee is payable before access is given.

Clients from the European Economic Union have additional rights under the General Data Protection Regulation (GDPR), please see the University’s Privacy Plan for additional information.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to:

Director, Student Health, Counselling and Wellbeing

G33 Gold Coast campus



Contact number: +61 07 55527148

Upon receipt of a complaint we will consider the details and manage it in accordance with the University’s Privacy Plan.

Policy review statement

Our privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. All changes will be displayed on the Health and Medical Services website.

Current as of: August 2019.

Review date: August 2020.

Contact Health and Medical Services

Get in contact with us or book an appointment to see how we can help.

Stay connected

Get the latest updates from us on Facebook and Instagram.