Table of Contents

    Privacy Policy

    Last Updated: 08 November 2024

    1. Introduction

    PhysioChoice Pty, Ltd. ABN 68 114 601 204 ("we," "our," or "us") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information through our practice management and booking system ("the System").

    2. Scope

    This Privacy Policy applies to:

    • All users of the System
    • Information collected through our website and booking platform
    • Data shared with healthcare providers through the System
    • Integration with Medicare and private health insurance providers

    3. Types of Information We Collect

    3.1 Personal Information

    • Full name and title
    • Date of birth
    • Contact details (phone, email, address)
    • Medicare number and reference number
    • Private health insurance details
    • Emergency contact information
    • Payment information

    3.2 Sensitive Information

    • Health information and medical history
    • Injury details and treatment notes
    • Referral information
    • Treatment preferences
    • Clinical documentation
    • Appointment history

    3.3 Technical Information

    • IP address
    • Browser type and version
    • Device information
    • Login times and duration
    • Booking patterns and preferences
    • System usage statistics

    4. How We Collect Information

    We collect information:

    • Directly from you during registration
    • Through your use of the System
    • From healthcare providers using the System
    • Via Medicare and health insurance integrations
    • Through secure payment processing
    • Via system analytics and logs

    5. Purpose of Collection

    We collect and use your information to:

    • Facilitate appointment bookings
    • Process payments and insurance claims
    • Communicate appointment reminders
    • Maintain accurate healthcare records
    • Comply with legal and regulatory requirements
    • Improve our services
    • Protect against fraud and unauthorized access
    • Generate de-identified statistical data

    6. Storage and Security

    6.1 Data Storage

    • All data is stored in Australia
    • Regular security audits are conducted
    • Encryption at rest and in transit
    • Regular backup procedures
    • Disaster recovery protocols

    6.2 Security Measures

    • Multi-factor authentication
    • Role-based access control
    • Audit logging and monitoring
    • Regular security updates
    • Staff training and security policies
    • Incident response procedures

    6.3 Data Retention

    • Active accounts: Data retained while account is active
    • Medical records: Retained for 7 years (or as required by law)
    • Payment information: Retained as required for financial regulations
    • System logs: Retained for 12 months

    7. Disclosure of Information

    7.1 We Share Information With:

    • Healthcare providers you book appointments with
    • Medicare and private health insurers (with consent)
    • Payment processors
    • System maintenance providers
    • Legal and regulatory authorities (when required)

    7.2 We Do Not:

    • Sell your personal information
    • Share information for marketing purposes
    • Disclose information to overseas recipients (except with explicit consent)
    • Release information to unauthorized third parties

    8. Access and Correction

    You have the right to:

    • Access your personal information
    • Request corrections to your information
    • Obtain copies of your records
    • Lodge a complaint about privacy concerns

    Requests should be made in writing to [email protected].

    9. Medicare and Healthcare Identifiers

    We comply with:

    • Healthcare Identifiers Act 2010
    • Medicare Requirements
    • PCEHR/My Health Record requirements

    Your healthcare identifiers are:

    • Stored securely
    • Used only for approved purposes
    • Protected from unauthorized access

    10. Data Breaches

    In the event of a data breach:

    • We will assess the risk of harm
    • Notify affected individuals if required
    • Report to the Office of the Australian Information Commissioner if necessary
    • Take steps to prevent future breaches

    11. Analytics and Cookies

    We use:

    • Session cookies for system functionality
    • Analytics tools for system improvement
    • Security monitoring tools

    12. Children's Privacy

    We:

    • Require parental consent for users under 18
    • Collect only necessary information from minors
    • Provide additional protection for children's data
    • Allow parents to access and control their children's information

    13. Changes to This Policy

    We may update this Privacy Policy:

    • To reflect system changes
    • To comply with new regulations
    • To improve privacy protections

    Changes will be:

    • Posted on our website
    • Notified via email for significant changes
    • Effective 30 days after posting

    14. Complaints and Contact Information

    14.1 Privacy Complaints

    1. Contact our Privacy Officer at [contact details]
    2. We will respond within 30 days
    3. If unsatisfied, you may contact the OAIC

    14.2 Regulatory Contacts

    Office of the Australian Information Commissioner Website: www.oaic.gov.au Phone: 1300 363 992

    15. Specific Rights and Choices

    You have the right to:

    • Opt out of communications (except essential notifications)
    • Request data portability
    • Restrict processing of your information
    • Be forgotten (subject to legal requirements)
    • Object to automated decision-making