This practice is bound by the Federal Privacy Act (1988) and the Australian Privacy Principles (APPs) and also complies with the NSW Health Records Act (2001). Katoomba Medical Practice recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document outlines how we collect and manage your health information.

What is your personal information?

Personal information is information that identifies you or could reasonably identify you. Personal health information a particular subset of personal information can include any information collected and held to provide a health service. Our privacy policy covers all people who use our services or otherwise provide their personal information to us.

What personal information do we collect and hold?

The information Katoomba Medical Practice collects includes medical details, family information, name, address, employment or other demographic data, past medical and social history, current health issues and future medical care, Medicare number, healthcare identifier, and any health information such as medical or personal opinions about a person’s, disability or health status.

We may also collect some information that is not considered personal information as it does not identify you or anyone else. For example, we may collect de-identified responses to patient feedback surveys.

How do we collect your personal information?

  • Directly from you when you attend our clinics
  • As disclosed by you during your consultation at our clinic
  • From third parties where the Privacy Act or other law allows it- this may include but is not limited to: members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, Medicare, your insurer, electronic prescription services, the Pharmaceutical Benefits scheme, law enforcement agencies and other government entities.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, the following may happen:

  • Katoomba Medical Practice may not be able to provide the requested service to you
  • Your diagnosis or treatment may be inaccurate or incomplete

For what purpose do we collect, hold, use and disclose your personal information?

  • To provide medical services and treatment to you
  • For administrative and billing purposes
  • Text messages via SMS for appointment and recall reminders with your consent.
  • Update our records and keep your details up to date
  • To process and respond to any complaints made
  • To comply with any law, rule and regulations
  • For the purpose of data research and analysis
  • For inclusion in a recall register for prevention of chronic disease
  • For the purpose of reporting back to your insurer
  • To answer any queries about the services we provide to you
  • To provide information to third parties with your consent
  • To meet the obligations of notification to our medical defence organisations or insurers

Who do we disclose your information to?

  • Personal information will only be used for the purpose of providing medical services and for claims and payments, unless consented otherwise
  • Disclosure may occur to third parties engaged by the practice or for business purposes e.g. accreditation
  • Katoomba Medical Practice will inform the patient where there is a statutory requirement to disclose personal information (eg mandatory reporting of certain diseases)
  • The practice will not disclose personal information to any third party other than those related to providing our medical services unless consent is obtained
  • Katoomba Medical Practice will not disclose personal information to anyone outside Australia without need and without patient consent.

Exceptions to disclose without patient consent are where the information is:

  • Required by law
  • Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • To assist in locating a missing person

How can you access and correct your personal information?

Katoomba Medical Practice acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing, and Katoomba Medical Practice will respond within a reasonable time. Katoomba Medical Practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, Katoomba Medical Practice will ask patients to verify their personal information to ensure it is accurate and up to date. Patients may also request for this information to be corrected / updated in writing.


Katoomba Medical Practice takes all reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant.  For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation.  Katoomba Medical Practice will take all reasonable steps to ensure your personal information is protected from loss and misuse. Katoomba Medical Practice holds your information on an encrypted data base. When your personal information is no longer needed it is destroyed or de-identified. Personal information that we hold is protected by:

  • Securing our premises with security alarms and monitoring.
  • Strong password protections.
  • Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure.
  • Multiple back up systems are in place to ensure your data can be recovered if required.
  • Our staff sign confidentiality agreements

Anonymity and pseudonyms

  • The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.
  • The AMA is of the view that in medical practices it is largely impracticable to deal with patients anonymously or via a pseudonym. The provision of medical services is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impracticable.
  • If you still believe that anonymity or pseudonym is appropriate please discuss this with your doctor and /or our Practice Manager.

Privacy and Websites

We do not interact with patients via social media or collect information or feedback from our website in order to protect patient privacy.

Contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy please contact Lorraine Parker on 0247 823888. Your requests and complaints will be treated confidentially. Our practice manager will contact you within a reasonable time after receipt of your complaint to discuss your concerns and your options. If you feel the clinic cannot resolve your complaint / concern please contact OAIC 1300 363 992

Please Note: We may change our privacy policy from time to time. Any updated versions of this privacy policy will be available at the reception desk and publicised on the practice website.

*Based on RACGP APP Privacy Policy – Management of Patient Health Information


Reviewed & updated 1st November 2022



Make an appointment and we’ll contact you.