Privacy and dignity policy

  • Outreach Physiotherapy is committed to safeguarding the privacy and dignity of all clients, including those accessing services on a private-fee basis. We believe every individual has the right to maintain their privacy and dignity when receiving physiotherapy services.

    We are dedicated to ensuring all personal and health information is managed in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and uphold best practices in confidentiality, communication, and respectful client interactions.

    Objectives

    This policy aims to:

    • Ensure personal information and dignity of private clients are respected at all times.

    • Guide staff in communicating privacy rights and procedures clearly and appropriately.

    • Explain what personal and health information is collected, why it is needed, and how it is stored and used.

    Scope

    This policy applies to all Outreach Physiotherapy staff, management, contractors, students, and volunteers engaged in service delivery or administration.

    Guiding Principles

    Outreach Physiotherapy adheres to the following key privacy principles:

    • Transparency – Clients are informed about how their information is collected and used.

    • Consent – Information is collected and shared only with the client’s consent unless otherwise required by law.

    • Confidentiality – Health and personal data are kept secure and accessed only on a need-to-know basis.

    • Access and Correction – Clients may request to view or amend their records at any time.

    Client Records

    We collect personal and clinical data through appointments, emails, referrals, phone calls, and administrative forms. Information collected includes:

    • Full name, date of birth, and contact details

    • Health history relevant to physiotherapy care

    • Treatment notes and assessments

    • Referring GP (if applicable), Medicare/EPC details

    • Payment and billing information

    Records are maintained in secure electronic systems and are retained for a minimum of 7 years in line with legal obligations.

    Consent and Communication

    Clients are asked to provide written consent via our Personal Information Consent Form or referral documentation. Consent includes:

    • Agreement to collect and store information

    • Understanding how it will be used for care and billing

    • Awareness of rights to access or correct their record

    • The process for making a complaint about privacy breaches

    Staff explain these terms in clear, respectful language. Interpreters or alternate communication methods will be used if needed.

    Disclosure of Information

    Client information is only disclosed to third parties (e.g., GPs, allied health practitioners) with the client’s consent or when legally required. Examples of lawful disclosure include:

    • Medicare, for processing EPC claims

    • Health funds, when a rebate is applicable

    • Legal authorities if subpoenaed

    • When serious harm may occur and disclosure is necessary

    Client Access to Records

    Clients may request access to their records by contacting the Practice Manager. Requests are responded to within 30 days. Proof of identity is required. A fee may apply for substantial printing or administrative time.

    Data Security and Retention

    All records are securely stored using encrypted digital systems and backed up appropriately. Paper records (if any) are stored in locked locations. Records are archived securely and destroyed only in accordance with legal retention requirements.

    Complaints and Concerns

    Clients who believe their privacy has been breached are encouraged to raise the issue with our Practice Manager. Complaints are managed in line with our Feedback and Complaints Policy.