Privacy Policy

Enhance Physiotherapy – Privacy Policy

Effective from August 2025

Purpose and Scope

Enhance Physiotherapy is committed to protecting the privacy of our patients and complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, and all other relevant health records and data protection laws.

This policy explains how we collect, use, store, and protect your personal information, including health information, and how you can access or correct it.

What Is Personal Information?

“Personal information” is any information or opinion about you that identifies you or could reasonably identify you, whether true or not and whether recorded in material form or not.

This includes “sensitive information” such as your health information, which is subject to stricter protections under the Privacy Act.

Collection of Personal Information

We collect personal information only where it is reasonably necessary for our functions and activities, such as providing assessment, diagnosis, treatment, and ongoing care.

We may collect information:

• Directly from you in person, by phone, email, or via our website
• Through online booking forms, intake forms, and patient questionnaires
• From other health practitioners, insurers, or authorised third parties, with your consent or as permitted by law
• From publicly available sources where appropriate

Types of information we collect may include:

• Your name, address, contact details, and date of birth
• Medical history, symptoms, treatment records, test results, and referral notes
• Medicare, DVA, NDIS, or health fund details
• Payment and billing information
• Next of kin or emergency contact details

Why We Collect Your Information

We collect, use, and disclose your information for purposes including:

• Providing safe and effective physiotherapy care
• Communicating with you about your care and appointments
• Liaising with other health professionals involved in your treatment
• Claiming payment from Medicare, private health insurers, or other funding bodies
• Administrative, billing, and practice management purposes
• Meeting our legal, ethical, and professional obligations

Where practical, we will inform you of the reason for collection at the time we collect your information.

Sensitive Information and Consent

We will only collect sensitive information (including health information) with your consent unless:

• It is required or authorised by law, or
• It is necessary to prevent or lessen a serious threat to life, health, or safety

If You Choose Not to Provide Information

You are not obliged to provide personal information. However, if you do not, this may affect our ability to provide safe, effective, and appropriate care.

Disclosure of Personal Information

We will only disclose your personal information:

• For the purpose for which it was collected, or a directly related secondary purpose you would reasonably expect
• With your consent
• As required or authorised by law

This may include disclosure to:

• Other treating health professionals
• Medicare, DVA, NDIS, and private health insurers
• Pathology, imaging, or other diagnostic services
• IT providers, administrative contractors, or debt collection agencies (bound by confidentiality obligations)

If we are likely to disclose information overseas (e.g., if our practice management software stores data on overseas servers), we will inform you, including the relevant countries.

Notifiable Data Breaches

If a data breach occurs that is likely to cause serious harm, we will notify both you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

9. Security of Personal Information

We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes:

• Secure physical storage of paper records
• Password-protected electronic systems
• Encryption, firewalls, and regular software updates
• Access controls limiting information to authorised staff only

When information is no longer required, we securely destroy or permanently de-identify it in accordance with legal and professional obligations.

Access and Correction

You have the right to request access to the personal information we hold about you and to request corrections if it is inaccurate, incomplete, or out-of-date.

We will respond to all requests within a reasonable timeframe. In some cases, we may refuse access (e.g., where required by law), but we will provide reasons for any refusal.

Accuracy of Information

We take reasonable steps to ensure the personal information we hold is accurate, complete, and up-to-date. Please let us know if your details change.

Opt-Out of Communications

You may opt out of receiving non-essential communications (e.g., marketing or health promotion emails) at any time, at no cost.

Privacy Complaints

If you have a question, concern, or complaint about how we handle your information, please contact the practice.

0895835165 or hello@enhancephysiotherapy.net.au

If you are not satisfied with our response, you may lodge a complaint with the OAIC:

Website: www.oaic.gov.au

Phone: 1300 363 992

Policy Updates

We review this privacy policy annually or when our practices or the law change. The latest version will always be available on our website and on request at reception.