Privacy Policy

1. Policy

The staff of Paediatricians at Westmead Practice are committed to protecting the privacy of patient/guardians. Information collected is kept strictly confidential and used only for the medical and health care of patient/guardians.

This practice complies with Federal and State privacy regulations including the Privacy Act 1998 and the Australian Privacy Principles (APP’s) from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

2. Purpose

To ensure patient/guardians who receive care from the practice are comfortable in entrusting their health information to the practice. This policy provides information to patient/guardians as to how their personal information is collected and used within the practice and the circumstances in which we may disclose it to third parties.

3. Scope

This policy applies to all staff and patient/guardians of Paediatricians at Westmead Practice.

We require your consent to collect and use information about you. This will be done when you attend the practice by completing and signing our new patient/guardian form. You can amend your consent at any time, by speaking with your doctor. Staff and will not discuss or in any way reveal patient/guardian conditions or documentation to unauthorised staff, colleagues not involved in patient/guardian’s care, other patient/guardians, family or friends, whether at the practice or outside it, such as in the home or at social occasions or on social media. This includes patient/guardian’s accounts, referral letters or other clinical documentation.  and staff are aware of confidentiality requirements for all patient/guardian encounters and recognise that significant breaches of confidentiality may provide grounds for disciplinary action or dismissal. Every employee of this practice is aware of the privacy policy and has signed a privacy statement as part of their terms and conditions of employment. This privacy statement continues to be binding on employees even after their employment has terminated.

4. Practice Procedure

Paediatricians at Westmead Practice will:

  • Provide a copy of this policy upon request

  • Ensure staff comply with the policy and deal appropriately with inquiries or concerns

  • Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with APP and deal with inquiries or complaints

  • Collect personal information for the primary purpose of managing a patient/guardian’s healthcare and for financial claims and payments

The staff will take reasonable steps to ensure patient/guardians understand:

  • What information has been and is being collected

  • Why the information is being collected and whether this is due to a legal requirement

  • How the information will be used or disclosed

  • Why and when their consent is necessary

  • The Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy

Patient/Guardian Consent:

The practice will only interpret and apply a patient/guardian’s consent for the primary purpose for which it was provided. The staff must seek additional consent from the patient/guardian if the personal information collected may be used for any other purpose.

5. Collection, Use & Disclosure

Paediatricians at Westmead Practice recognises that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the privacy compliance standards relevant to Paediatricians at Westmead Practice to ensure personal information is protected.

For administrative and billing purposes and to ensure quality and continuity of patient/guardian care, a patient/guardian’s health information is shared between the staff of Paediatricians at Westmead Practice, as applicable.

Collected personal information will include patient/guardian’s:

  • Your full name (As held by Medicare)

  • Date of birth

  • Residential address and postal address

  • Contact phone numbers

  • Current Medicare number

  • Current Health Care Card number where appropriate

  • Details of any allergies or suspected allergies

  • Current drugs or treatments used by the patient/guardian

  • Previous and current medical history, including where clinically relevant a family medical history

  • The name of any health service provider or medical specialist to whom the patient/guardian is referred

  • Copies of any letters of referrals and copies of any reports back.

  • Your Next of Kin &/or an emergency contact

  • Lifestyle information such as nutrition, exercise, smoking & alcohol

  • Cultural information such as languages spoken and country of origin

A patient/guardian’s personal information may be held at the practice in various forms:

  • As paper records

  • As electronic records

  • As visuals (i.e., x-rays, CT scans, videos & photos)

  • As audio recordings

The practice’s procedures for collecting personal information are set out below:

  • Practice staff collect patient/guardian’s personal and demographic information via registration when patient/guardians present to the practice for the first time or over the phone when patient/guardian calls to make the first appointment. Patient/guardians are encouraged to pay attention to the collection statement that they complete as a new patient/guardian.

  • During the course of providing medical services the practice’s healthcare practitioners will consequently collect further personal information.

  • Personal information may also be collected from the patient/guardian’s guardian or responsible person (where practicable and necessary) or from other involved healthcare specialists.

  • The practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.

Personal information collected by Paediatricians at Westmead Practice may be used or disclosed in the following instances:

  • Administrative purposes in running our medical practice

  • Billing purposes, including compliance with Medicare and Health Insurance Commission requirements

  • Disclosure to others involved in your healthcare including treating and specialists outside this medical practice. This may occur though referral to other, or for medical tests and in the reports or results returned to us following referrals

  • Disclosure to other in the practice, locums etc. attached to the practice for the purpose of patient/guardian care and teaching

  • For research and quality assurance activities to improve individual and community health care and practice management. Usually, information that does not identify you is used but should information that will identify you be required you will be informed and given the opportunity to “opt out” of any involvement

  • To comply with any legislative or regulatory requirements e.g., Notifiable diseases or a Subpoena

  • For reminder letters which may be sent to you regarding your health care and management

  • For preventative health programs

Personal information collected by us may be used or disclosed:

  • For the purpose the patient/guardian was advised of at the time of collection of the information by us

  • As required for delivery of the health service to the patient/guardian

  • As required for the ordinary operation of our services (i.e., to refer the patient/guardian to a medical specialist or other health service provider)

  • As required under compulsion of law; or

  • Where there is a serious and imminent threat to an individual’s life, health, or safety, or a serious threat to public health or public safety.

  • For the purpose of a confidential dispute resolution process

  • Some disclosure may occur to third parties engaged by or for the practice for business purposes such as accreditation or for the provision of information technology. These third parties are required to comply with this policy.

The practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient/guardian or the recipient, the reason for the information transfer and full consent from the patient/guardian.

The Practice will not disclose personal information to anyone outside Australia without need and without patient/guardian consent.

The Practice will not use any personal information in relation to direct marketing to a patient/guardian without that patient/guardian’s express consent.

The practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed.

Paediatricians at Westmead Practice will employ all reasonable endeavours to ensure that a patient/guardian’s personal information is not disclosed without their prior consent.

6. Data Quality

Patient/guardian information collected and retained in our records for the purpose of providing quality health care will be complete, accurate, and up to date at the time of collection. 


All due care will be taken to ensure the protection of patient/guardian privacy during the transfer, storage and use of personal health information.

Retention of medical records is for a minimum of 7 years from the date of last entry into the patient/guardian record unless the patient/guardian is a child in which case the record must be kept until the patient/guardian attains the age of 25 years of age.

Paper based information that is no longer required is destroyed by shredding.


The following will apply with regard to accessing personal and private medical information by an individual:

  • An individual has the right to request access their own personal information and request a copy or part of the whole record

  • Individuals have the right to obtain their personal information in accordance with the Federal Privacy Act from 20 December 2001 onwards. Requests must be made in writing and an acknowledgement letter will be sent to the patient/guardian within 14 days confirming the request and detailing whether the request can be complied with and an indication of any costs associated with providing the information. Time spent and photocopying costs when processing a request can be passed on to the requesting patient/guardian. Information can be expected to be provided within 30 days.

  • Requests for information prior to 20 December 2001 will be considered by the practice

  • Whilst the individual is not required to give a reason for obtaining the information, a patient/guardian may be asked to clarify the scope of the request

  • In some instances, the request to obtain information may be denied, in these instances the patient/guardian will be advised

  • The material over which the doctor has copyright might be subject to conditions that prevent or restrict further copying or publication without the permission

  • The practice will take reasonable steps to correct personal information where it is satisfied, they are not accurate or up to date. From time to time the practice will ask patient/guardians to verify the personal information held by the practice is correct and up to date

  • Patient/guardians may also request the Practice corrects or updates their information and patient/guardians should make such requests in writing

  • Upon request by the patient/guardian, the information held by the Paediatricians at Westmead Practice will be made available to another health provider.


To protect the rights of a child’s privacy, access to a child’s medical information may at times be restricted for parents and guardians. Release of information may be referred back to the treating Doctor where their professional judgement and the law will be applied.


Paediatricians at Westmead Practice understands the importance of confidentiality and discretion with the way we manage and maintain the personal information of our patient/guardians. The practice takes complaints and concerns about the privacy of patient/guardian’s personal information seriously. Patient/guardians should express any privacy concerns in writing. The practice will then attempt to resolve it in accordance with its complaint resolution process.

All Paediatricians at Westmead Practice staff and doctors are required to observe the obligations of confidentiality in the course of their employment/contract.

In the instance where you are dissatisfied with the level of service provided within the practice, we encourage you to discuss any concerns relating to the privacy of your information with your doctor.

If the complaint has not been resolved to your level of satisfaction all complaints should be directed to:

The Federal Privacy Commissioner
Level 8 Piccadilly Tower
133 Castlereagh Street
Sydney NSW 2000
Privacy Hotline: 1300 363 992