Privacy Policy

Home » Privacy Policy

Eastern Suburbs Psychiatry’s Privacy Policy

Current as at [7 October 2022]

  1. Introduction:
    This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.This policy complies with the Australian Privacy Principles contained in thePrivacy Act 1988 (Cth) (Privacy Act) and the Health Privacy Principles contained in the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act). This document details how we collect, maintain, secure, use and disclose your Personal Information, Sensitive Information and Health information.

  2. Definitions:
    In this policy, the following terms have the following meanings:
    Personal information is any information or opinion about an identified individual, or an individual who is reasonably identifiable whether true or not, and whether recorded in a material form or not.
    Health information means personal information that is any information or opinion about the health, including an illness, disability or injury (at any time) of an individual, including but not limited to health services provided, or to be provided.
    Sensitive information is information or an opinion about a person. It may include information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record and includes personal information, health information, genetic information that is not otherwise health information and biometric information. In this policy, unless otherwise stated, reference to personal information includes sensitive information.
    Services means psychotherapy, counselling and pharmacotherapy (including assessment and treatment) services provided by doctors in our practice excluding the following services:

    1. WorkCover reports;

    2. legal reports to patients to challenge Australian Government benefits, payments, pensions, housing or any other support services;

    3. medicolegal reports unless you are referred by a third party solicitor for the purpose of an independent report and not treatment. If you are your own
      legal representative no report will be provided;

    4. counselling services for NSW Victims Services;

    5. assessments for driving and gun licences; and

    6. prescriptions for  benzodiazepines, opioids, CBD oil or cannabinoid derivatives, LSD or ketamine infusions.

  3. Why and when your consent is necessary
    When you register as a patient of our practice, you provide consent for our doctors and practice staff to access and use your Personal Information, Sensitive Information (including Health Information) so they can provide you with the Services. You will have seen and signed our Health Information Collection and Use Consent Form. This policy provides additional information about how we safeguard the privacy and confidentiality of your Personal Information, Sensitive Information (including Health Information).Only staff who need to see your Personal Information, Sensitive Information (including Health Information) will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.In most cases we cannot communicate with a patient’s family member or any third party without having the patient’s written consent to do so regarding all matters of a confidential nature, including but not limited to confirming, rescheduling and cancellation of appointments. This does not apply to patients under the age of 18.

  4. Why do we collect, use, hold and share your personal information?
    As a patient of our practice at Eastern Suburbs Psychiatry, our practice will need to collect your Personal Information, Sensitive Information (including Health Information) in order to provide Services to you.

    Our primary purpose for collecting, using, holding and sharing your Personal Information, Sensitive Information (including Health Information) is to provide our Services to you and properly assess, diagnose, treat, and be proactive in your health care needs (including by communicating about your care between doctors in the practice and with your GP and other health practitioners outside our practice for the purpose of addressing your health care needs). We also use it for directly related business activities, such as:

    1. administrative purposes in running our practice. practice audits and accreditation, and business processes (e.g. staff training);

    2. financial claims and payments including billing purposes (including compliance with Medicare and Health Insurance Commission requirements;

    3. research and quality assurance activities to improve individual and community health care and practice management [note: usually information that does not identify you is used but, should information that will identify you be required, you will be informed and given the opportunity to “opt out” of any involvement]; and

    4. for reminders which may be sent to you regarding your health care and management.

      We must also comply with any legislative or regulatory requirements that require us to hold or share your Personal Information, Health Information or Sensitive Information (such as compliance with Health Privacy Principles 10 and 11 set out in HRIP Act  and section 16A of the Privacy Act) which includes use and disclosure for the following purposes:

    5. to lessen or prevent a serious threat to life, health or welfare of any individual or public health and safety including:

      1. when the patient needs to be protected from harming themselves (e.g. if suicidal or self-harming);

      2. where others may need to be protected (if the patient has threatened to harm others or will do so inadvertently);

      3. when the patient poses a threat to themselves or any individual including medical/nursing/reception staff, or to public health or public safety.  Privacy obligations must be balanced with the health service obligation to ensure a safe workplace under the Work Health and Safety Act 2011;

      4. if the health and/or welfare of a child or young person is at risk, we are also required, as mandatory reporters, to contact Family and Community Services (FACS) and notify them of any concerns as per Sections 23 and 27 of the Children and Young Persons (Care and Protection) Act 1998 (NSW);

    6. to assist in finding a missing person;

    7. as part of investigating and reporting wrong conduct, suspected unlawful activity or serious misconduct;

    8. use or disclosure to or by a law enforcement agency or investigative agency such as if records are subpoenaed by a court of law;

    9. use or disclosure asserting a legal or equitable claim or conducting an alternative dispute resolution process; and

    10. disclosure made on compassionate grounds.

  5. What information do we collect
    Information is collected that is reasonably necessary for, or directly related to, our ability to perform the Services. The information that is collected and held, used or disclosed may include but is not limited to:

    1. names, date of birth, addresses, contact details;

    2. medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;

    3. Medicare number or DVA number (where available) for identification and claiming purposes;

    4. healthcare identifiers;

    5. health fund details;

    6. details of other treating health practitioners (such as your referring GP);

    7. next of kin names and contact details; and

    8. occupation.We may also collect information about your gender and details about your lifestyle activities. Sensitive Information may also be collected.If the necessary information is not accurate, up-to-date or complete, we may not be able to provide the Services to you.

  6. How we collect your information
    Where possible, reasonable and practical to do so, Personal Information, Sensitive Information and Health Information will be obtained directly from you, in person either on-site or via Telehealth, in writing, over the phone, through text messages, or by email. You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

    Your Personal Information, Sensitive Information or Health Information may also be provided from third parties who are permitted to share your information with us for the purposes of providing our Services, including from:

    1. tour carer or representatives (where relevant);

    2. the person or organisation who referred you to our service such as your GP;

    3. other third parties who have been asked to provide your information to us;

    4. your treating healthcare providers; and

    5. government and law enforcement agencies.Information may be collected about your visit to our website including the date and time of your visit, internet address, ISP, the pages of our website that you access, and the website that referred you to us. This is used only for the purpose of allowing us to understand how to improve our services. We may also collect any personal information you submit to us via our website or other electronic means in any forms, registration requests or queries.

  7. How we treat unsolicited information
    If unsolicited information is received, all reasonable attempts will be undertaken to determine whether we are authorised to have received that information. If it is determined that we are not authorised, where it is lawful and reasonable to do so, we will take all reasonable steps as soon as practicable to permanently and securely destroy the information. If we are not authorised to have received that information, we will also take all reasonable and practicable steps to notify the parties involved.

  8. How can you access and correct your personal information at our practice?
    You have the right to request access to, and correction of, your Personal Information and Sensitive Information (including Health Information).

    Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing by email and our practice will respond within 30 days.  [For any release of medical records there will be a charge per page that is printed. For information on our fees please ask our friendly receptionists].

    It is important that we collect and retain information that is accurate, complete and current. Our practice will take reasonable steps to correct your Personal Information and Sensitive Information (including Health Information) where the information is not accurate or up to date. We ask that you advise us of any changes to your Personal Information or Sensitive Information (including Health Information).
    From time to time, we may ask you to verify that your Personal Information and Sensitive Information (including Health Information) held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to our Practice Manager.
    Unless otherwise authorised or required by law, upon request, reasonable steps will be undertaken to enable individuals to ascertain whether we hold health information relating to them, the nature of that information, the purposes for which it will be used, and their entitlement to request access to the information.
    If you supply Personal Information, Sensitive Information or Health Information to us about another individual, you must ensure that you have their consent for this information to be provided to us. We ask also that they are informed of how they may request access to this information and that you direct them to our Privacy Policy. We will also provide these details to individuals upon request. If we receive personal information from you about an individual, it will be assumed that the appropriate notification and consent, as outlined above, have been obtained.

  9. Use and Disclosure of your information
    We will only use and disclose your Personal Information or Sensitive Information (including Health Information) for the primary purpose for which it was collected or directly related to a secondary purpose as set out in this policy (see section 4 above). Additionally, we may be required by law to disclose your information including to comply with a Court or Tribunal order.

    We sometimes share your personal information:

    1. with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with the Privacy Act and this policy;

    2. with other healthcare providers;

    3. when it is required or authorised by law (e.g. court subpoenas)

    4. when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent;

    5. to assist in locating a missing person;

    6. to establish, exercise or defend an equitable claim;

    7. >for the purpose of a confidential dispute resolution process; and

    8. during the course of providing Services, through My Health Record (e.g. via Shared Health Summary and / or Event Summary).Only people who need to access your Personal Information or Sensitive Information (including Health Information) will be able to do so. Other than in the course of providing Services or as otherwise described in this policy, our practice will not share this information with any third party without your consent.We will not share your Personal Information or Sensitive Information (including Health Information)with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

  10. How do we store and protect your personal information?
    Your Personal Information and Sensitive Information (including Health Information) may be stored at our practice in various forms, electronic records, visual records (scans, videos, photos and audio recordings).
    Our practice stores all Personal Information and Sensitive Information (including Health Information) securely.

    All reasonable precautions are taken to ensure that Personal Information and Sensitive Information (including Health Information) is protected from misuse, unauthorised access, modifications or disclosure. Information may be stored in both, or either, hard copy or electronic format. We have in place a range a policies and procedures to ensure protection of your information including:

    1. signed agreements with confidentiality obligations with all employees, contractors, consultants and third party organisations that undertake services for Eastern Suburbs Psychiatry;

    2. external and internal security systems restricting access to stored Personal Information and Sensitive Information (including Health Information); and

    3. regularly updated security system to prevent unauthorised electronic access. We will take all reasonable steps to securely destroy, permanently erase or permanently de-identify any personal information that is no longer required for any purpose described in this policy or under any applicable laws.

  11. Contact Us
    If you have any queries or feedback regarding our Privacy Policy, or you need to update your Personal Information and Sensitive Information (including Health Information), or if you feel the policy has been breached in any way, please contact our office on

  12. Complaints
    Complaints about a breach of the Australian Privacy Principles or the Health Privacy Principles should be directed to the office details above. We will respond to your complaint within 30 days. If you are not satisfied with the response, you may refer the matter to the Office of the Australian Information Commissioner by visiting, or by calling 1300 363 992. You can also refer the matter to the NSW Privacy Commissioner by visiting

  13. Modification to our Privacy Policy
    Our Privacy Policy undergoes periodic review. An up to date copy of this Privacy Policy will be published on our website.

    A copy of our current Privacy Policy can also be made available upon request by contacting us at the details listed above.

Eastern Suburbs Psychiatry Logo
Royal Australian & New Zealand College of Psychiatrists
St Vincent's Clinic