Your health information, handled with care.

Three commitments shape everything we do with your information. They sit above the legal mechanics below — and where they conflict with anything else on this page, the principles win.

Beyond these principles, Rosedale Medical Practice operates under the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the My Health Records Act 2012, the NSW Health Records and Information Privacy Act 2002, and the RACGP Standards for general practices. This page explains how those obligations translate into the day-to-day care of your information.

The information we collect depends on the care you receive and the systems you interact with. In broad terms, we collect three categories of information.

Personal & demographic information

• Your full name, date of birth, gender, residential address, and contact details
• Medicare number, DVA number, private health insurance details, and pension or concession card details where relevant
• Emergency contact and next-of-kin information you choose to provide
• Cultural or language preferences relevant to your care, including Aboriginal or Torres Strait Islander status (only collected when you choose to share it, used to support culturally appropriate care)

Health & clinical information

• Your medical history, current medications, allergies, immunisations, and family medical history
• Clinical notes, examination findings, diagnoses, and treatment plans from each consultation
• Pathology results, imaging results, specialist correspondence, and discharge summaries received about you
• Mental health and substance use history, where clinically relevant to your care
• Documentation from third-party clinicians involved in your care (e.g. psychiatrists, paediatricians, allied health practitioners)

Administrative & operational information

• Records of appointments, including bookings, cancellations, and attendance
• Billing and payment information, including Medicare claims and account history
• Records of communications with you — phone calls, SMS, secure messages, and emails
• Practice CCTV footage (recorded for safety and security; not routinely accessed; retained for limited periods)

Your information is used primarily for your clinical care. Secondary uses are limited, specific, and either based on your consent or permitted by law.

Primary uses — clinical care

• Consulting with you, diagnosing, prescribing, referring, and coordinating your care over time
• Sharing relevant clinical information with other practitioners involved in your care (specialists, allied health, hospitals, pharmacies) — typically by your request or with your consent
• Following up on test results, recalls, reminders for screening, vaccinations, and chronic disease management
• Discussing your care internally where another Rosedale GP needs context to provide safe continuity

Secondary uses — limited and specific

• Billing & Medicare claims — submitting claims to Medicare, DVA, private health funds, and processing payments on your behalf
• Quality & safety activities — de-identified clinical audit, accreditation reviews under the RACGP Standards, and continuous improvement of our care
• Practice administration — appointment management, account follow-up, reception communications
• Mandatory reporting — communicable disease notification, child protection concerns, and other reporting obligations imposed by Australian law
• Insurance, legal, or workers' compensation matters — only with your written consent or court order

What we never do

• We do not sell your personal or health information to any third party — under any circumstance
• We do not use your health information for marketing or advertising purposes
• We do not share your information with insurers, employers, or family members without your specific, documented consent (with the exception of urgent clinical situations involving incapacity)

Rosedale Medical Practice maintains physical, technical, and procedural safeguards aligned with the RACGP Standards and the Australian Privacy Principles. These are reviewed annually and audited under our AGPAL accreditation.

Technical safeguards

• Clinical records are stored in Best Practice (BP Premier), an Australian-hosted clinical software platform certified to the Royal Australian College of General Practitioners' (RACGP) Standards for general practices
• All data is encrypted in transit (TLS 1.2+) and at rest
• Access requires individual user accounts, role-based permissions, and strong password requirements; multi-factor authentication is enabled for remote access
• Servers and backups are located in Australia and are subject to regular security patching
• Network access is firewalled and monitored; unauthorised access attempts are logged

Physical safeguards

• Premises are alarm-monitored outside of operating hours
• Workstations are positioned to prevent inadvertent disclosure of information to other patients
• Paper records (where retained) are stored in locked cabinets in restricted-access areas
• CCTV is installed in public areas of the practice for security purposes only

Procedural safeguards

• All staff sign a confidentiality agreement at commencement and receive privacy training annually
• Access to clinical records is on a strict need-to-know basis — administrative staff do not access clinical records beyond what their role requires
• Audit logs record every access to your record; logs are reviewed periodically
• De-identified data may be used for clinical audit and quality improvement; identifiable data is never shared for these purposes outside the practice

To deliver modern care we rely on a small number of trusted third-party platforms. Each of these is bound by Australian privacy law, and each has been chosen specifically for its compliance posture, data residency, and security practices.

HotDoc — online booking & patient communication

When you book online or receive SMS reminders, we use HotDoc, an Australian-owned and Australian-hosted patient engagement platform used by more than 23,000 doctors nationally. HotDoc receives your name, contact details, and appointment details — but does not have access to your clinical record. HotDoc's privacy practices are governed by Australian privacy law and their own privacy policy at hotdoc.com.au/privacy.

Best Practice (BP Premier) — clinical software

Your clinical record is held within Best Practice, the most widely used clinical software in Australian general practice. BP Premier is hosted on Australian servers and accessed only by authorised Rosedale clinicians and authorised administrative staff (within their role permissions).

My Health Record

If you have a My Health Record, Rosedale clinicians may upload clinical documents (such as shared health summaries or event summaries) and view documents uploaded by other practitioners — with your knowledge. You can control what is uploaded, what is viewable, and who can view it via your My Health Record settings at myhealthrecord.gov.au. You may opt out of My Health Record entirely without any impact on the care you receive at Rosedale.

Pathology & imaging providers

When we order pathology or imaging, your request is sent to the provider of your choice (or your nominated default). These providers have their own privacy policies and are bound by Australian privacy law. Results are returned electronically and stored in your Rosedale clinical record.

Pharmacies

Prescriptions are issued either as paper scripts or electronic scripts (eScripts) sent to a pharmacy of your choice. We do not retain a copy of your dispensing history; that is held by the pharmacy and (if relevant) by SafeScript or PBS records.

Practice website & analytics

Our website (rosedalemedicalpractice.com.au) uses cookies and basic analytics tools to understand traffic patterns and improve content. We do not use analytics or marketing technologies that involve sharing your identifiable information with third parties, and we do not run retargeting or behavioural advertising. You can disable cookies in your browser settings at any time.

Telehealth consultations and electronic messaging extend the convenience of care, but they introduce additional considerations worth understanding.

Telehealth consultations

• Video and phone consultations are conducted using secure platforms that meet Australian healthcare standards
• You should attend telehealth consultations from a private environment where you can speak freely
• Clinical notes from telehealth consultations are documented in your Rosedale record exactly as for in-person care
• Recording of telehealth consultations (by either party) is not permitted without explicit, documented mutual consent

SMS, email & secure messaging

• We use SMS for appointment reminders and brief administrative messages — never for clinical content
• Email is used for sending non-urgent administrative information; we recommend it not be used for clinical questions, which should come via a consultation
• If you contact us by email or SMS, please understand that these are not encrypted end-to-end and we cannot guarantee absolute confidentiality of message contents
• For urgent matters, please call the practice on 02 9680 9644 or, if life-threatening, call 000

You have the right to access the personal and health information we hold about you, and to correct anything that is inaccurate. We will respond to your request in the timeframes set out by Australian privacy law.

Requesting access

• Submit a written request to our Privacy Officer (contact details below) — by post, email, or by completing a request form available at reception
• We will verify your identity before releasing any records
• We aim to respond within 30 days of receiving a complete request
• We may charge a reasonable administrative fee for the time required to compile and provide copies; this fee will be advised in advance

Transferring records to another practice

• If you are moving to a new GP, you can request a copy of your record (or a clinical summary) to be transferred
• Requests should be made by you, in writing, with verification of identity and the receiving practice's details
• We do not release records directly to a new practice without your request
• A reasonable fee may apply for record transfers — this is standard general practice across Australia and is consistent with RACGP guidance

Correcting your record

• If you believe information held in your record is incorrect, please raise it with reception or your GP
• Demographic information (address, contact details) can typically be corrected immediately
• Clinical information will be reviewed by your GP; corrections are documented in your record with a note explaining the change and its source

When access may be limited

In limited circumstances, Australian privacy law allows a practice to decline a request for access — for example, where release would pose a serious risk to your health or safety, or to the safety of others, or where the information relates to ongoing legal proceedings. If we ever need to decline a request, we will explain why in writing, and provide information about how to seek review of the decision.

If you believe your privacy has not been respected, or that any aspect of your care or interaction with our practice has fallen short of what you expected, we want to know.

Talk to us first

The fastest resolution is almost always a direct conversation. Speak with our Practice Manager, Jennifer Williams, or write to our Privacy Officer (details in Section 9). We will acknowledge your concern within 5 business days and aim to resolve it within 30 days. Where the matter is complex, we will keep you updated on progress.

If you'd like to escalate

If you remain dissatisfied with our response, or prefer to raise your concern with an independent body, the following are available to you:

• Office of the Australian Information Commissioner (OAIC) — for federal privacy matters and the My Health Record. oaic.gov.au · 1300 363 992
• NSW Information and Privacy Commission (IPC) — for NSW health information privacy matters. ipc.nsw.gov.au · 1800 472 679
• Health Care Complaints Commission (HCCC) — for complaints about clinical care. hccc.nsw.gov.au · 1800 043 159
• Australian Health Practitioner Regulation Agency (AHPRA) — for complaints about individual practitioners. ahpra.gov.au · 1300 419 495