Privacy Policy

1. Introduction

Gosnells Family Practice is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health information in accordance with the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), and other applicable laws.

As a healthcare provider, we understand that your health information is sensitive and we take our obligations to protect your privacy very seriously.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Name, address, date of birth, and contact details
• Medicare number and healthcare identifiers
• Emergency contact information
• Employment details and next of kin information
• Financial information for billing purposes

2.2 Health Information

• Medical history and current health status
• Symptoms, diagnosis, and treatment information
• Pathology and diagnostic imaging results
• Medication and allergy information
• Mental health information and treatment records
• Specialist referrals and reports

2.3 Website Information

• Website usage data through Google Analytics and Vercel Analytics
• IP addresses and browser information
• Cookies and similar tracking technologies
• Contact form submissions and appointment requests

3. How We Collect Information

We collect information through:

• Direct consultation with you during appointments
• Registration and intake forms
• Our website contact forms and online appointment booking
• Correspondence via email, phone, or mail
• Other healthcare providers (with your consent)
• Pathology services and diagnostic imaging providers
• Government agencies (where required by law)

4. How We Use Your Information

We use your personal and health information for the following primary purposes:

4.1 Healthcare Provision

• Providing medical diagnosis, treatment, and care
• Managing your ongoing healthcare needs
• Coordinating care with specialists and other healthcare providers
• Emergency medical situations

4.2 Administrative Purposes

• Appointment scheduling and practice management
• Billing and insurance claims
• Quality assurance and improvement activities
• Communication about your care and appointments

4.3 Legal and Professional Obligations

• Compliance with mandatory reporting requirements
• Response to court orders or legal proceedings
• Professional indemnity and risk management
• AHPRA registration and professional standards compliance

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 With Your Consent

• Referrals to specialists and allied health professionals
• Sharing care information with family members or carers
• Coordination with other healthcare providers

5.2 Required by Law

• Mandatory reporting to government agencies
• Court orders and legal proceedings
• Public health and safety requirements
• Workers' compensation and insurance claims

5.3 Emergency Situations

In medical emergencies, we may disclose information necessary to protect your life or health.

6. Data Security

We implement appropriate technical and organisational measures to protect your information:

• Secure electronic health records systems with access controls
• Encrypted data transmission and storage
• Staff training on privacy and confidentiality obligations
• Regular security assessments and updates
• Physical security measures for paper records
• Secure disposal of confidential information

7. Website Cookies and Analytics

Our website uses:

• Google Analytics: To understand website usage and improve user experience
• Vercel Analytics: For website performance monitoring
• Functional Cookies: To remember your preferences and improve functionality

You can control cookie settings through your browser preferences. However, disabling cookies may affect website functionality.

8. Data Retention

We retain your information for the following periods:

• Medical Records: Minimum 7 years from last consultation (adults), until age 25 (children)
• Financial Records: 7 years from date of transaction
• Website Analytics: Google Analytics data retained for 26 months
• Contact Forms: 2 years unless ongoing patient relationship

9. Your Rights

Under Australian privacy law, you have the right to:

• Access: Request access to your personal and health information
• Correction: Request correction of inaccurate or incomplete information
• Complaint: Make a complaint about our handling of your information
• Restrict Processing: Request limitations on how we use your information

10. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within 72 hours, as required by the Notifiable Data Breaches scheme.

11. Third-Party Services

We may use third-party services that have access to your information:

• Practice Management Software: For appointment booking and medical records
• Pathology Services: For test results and specimen processing
• Billing Services: For insurance claims and payment processing
• IT Support Services: For system maintenance and security

All third-party service providers are required to maintain appropriate privacy and security standards.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website with a new effective date.

13. Contact Information

If you have any questions, concerns, or wish to exercise your rights regarding your personal information, please contact us:

External Complaints

If you are not satisfied with our response to your privacy concern, you may contact: