Book an Appointment

Privacy Policy

Middle Camberwell Medical Centre – Privacy Policy
Effective Date: 04/02/2026
Review Date: 04/02/2027

At Middle Camberwell Medical Centre, doctors and staff are committed to protecting the privacy of your personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

  1. Purpose

This policy outlines how we collect, use, disclose, and store your personal and health information, and how you can access or correct your information or make a privacy-related complaint.

  1. When and why is your consent necessary?

When you register as a patient of this practice, you provide consent for the GPs and practice staff to access and use your personal information to facilitate the delivery of healthcare. Access to your personal information is restricted to practice team members who require it for your care. If we ever use your personal information for purposes other than outlined in this document, we will obtain additional consent from you. By acknowledging this Privacy Policy, you consent to us collecting, holding, using, retaining and disclosing your personal information in the manners described below.

  1. Why do we collect, use, store, and share your personal information?

The practice collects, uses, stores, and shares your personal information primarily to manage your health safely and effectively. This includes providing healthcare services, managing medical records, and ensuring accurate billing and payments. Additionally, we may utilise your information for internal quality and safety improvement processes such as practice audits, accreditation purposes, and staff training to maintain high-quality service standards.

  1. What personal information is collected?

The information we will collect about you includes your:

  • Names, date of birth, addresses, contact details
  • Medical information including medical history, medicines, allergies, adverse reactions, immunisations, social history, family history, and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • Healthcare identifier numbers
  • Health fund details

 

  1. Can you deal with us anonymously?

You can deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

  1. How is personal information collected?

The practice may collect your personal information in several different ways:

  • When you make your first appointment, the practice team will collect your personal and demographic information via your registration.
  • We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment, or communicate with us using social media.
  • In some circumstances, personal information may also be collected from your guardian or responsible person, other healthcare providers (e.g. specialists, allied health professionals, hospitals, pathology services), Medicare, your health fund, or the Department of Veterans’ Affairs.

 

While providing medical services, further personal information may be collected via:

 

Images may also be collected and used:

  • CCTV footage: collected from our premises for security and safety purposes
  • Photos and medical images: taken for medical purposes in line with RACGP guidelines

 

  1. When, why and with whom do we share your personal information?

We sometimes share your personal information:

  • With third parties for business purposes (e.g., accreditation agencies, IT providers)
  • With other healthcare providers (e.g., in referral letters)
  • When required or authorised by law (e.g., subpoenas, public health reporting)
  • To prevent or lessen a serious threat to life, health, or public safety
  • For statutory requirements (e.g., mandatory disease notifications)
  • Through electronic prescribing and My Health Record

 

We will not share your personal information outside Australia unless under exceptional circumstances and with your consent, or as it relates to our use of secure offshore administration support

  1. Secure offshore administrative support

To ensure the efficient administration of the practice and the delivery of high-quality patient care, we may engage an offshore administrative support agency.

  • Nature of Access:Our overseas administrative assistants access our Practice Management Software (PMS) via secure, encrypted connections (VPN) to perform tasks such as appointment scheduling, processing referrals, and general clinical administration.
  • Data Sovereignty:No patient health records are downloaded or stored locally on overseas servers or devices. All data remains within our practice’s primary secure database located in Australia.
  • Security Standards:We take reasonable steps to ensure that offshore administration support agencies we engage, comply with the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).  This includes the use of HIPAA-certified staff, 3-factor authentication, and strict “clean-room” environments where physical data storage (USB/CD) and external communications are disabled.

 

By providing your personal information to us, you consent to the disclosure of your information to offshore administrative support agencies we may engage from time to time, for administrative support purposes only, as outlined above.

  1. Will your information be used for marketing purposes?

The practice will not use your personal information for marketing goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying the practice in writing.

  1. How is your information used to improve services?

The practice may use your information to improve service quality, conduct research, analyse data, and train staff. De-identified data may be shared with organisations to improve population health outcomes. Patients cannot be identified from shared data. You can let reception staff know if you do not want your de-identified information included.

At times, general practices are approached by research teams to recruit eligible patients into specific studies which require access to identifiable information. You may be approached by a member of our practice team to participate in research.  Researchers will not approach you directly without your express consent having been provided to the practice.  If you provide consent, you would then receive specific information on the research project and how your personal information will be used, at which point you can decide to participate or not participate in the research project..

  1. How are document automation technologies used?

The practice uses secure software (Best Practice) to generate documents such as referrals, which are sent to other healthcare providers. These documents contain only relevant medical information. Access is restricted to authorised users with secure credentials. The practice complies with the Australian Privacy legislation and APPs to protect your information.

All data, both electronic and paper, is stored and managed in accordance with the RACGP’s Privacy and managing health information guidance.

  1. How are Artificial Intelligence (AI) scribes used?

Individual practitioners may use an AI scribe software to support clinical note keeping. This tool:

  • Uses audio recording to generate a transcript
  • No audio files are recorded during transcription
  • Any data processed remains only in Australia

The practice will only use data from our digital AI scribe service to provide healthcare to you.

  1. How is your personal information stored and protected?

Your information may be stored electronically, in imaging systems, or scanned documents. All records are stored securely with restricted access, confidentiality rules, and encryption. We do not retain hard copies unnecessarily.

  1. How can you access and correct your information?

You have the right to request access to, and correction of, your personal information.  The practice acknowledges patients may request access to their medical records.  You may request access to or request correction of your personal information in writing to contact@mcmcgp.com.au. Requests will be answered within 30 days, and administrative fees may apply. We will take reasonable steps to ensure your information is correct and up to date.

  1. How can you lodge a privacy-related complaint?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have.  Concerns should be addressed in writing to contact@mcmcgp.com.au  . We will respond within 30 days. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) via https://www.oaic.gov.au/ or 1300 363 992.

  1. Policy review statement

This policy is reviewed regularly to ensure compliance with current obligations. Updates will be posted on our website, and significant changes may be communicated directly to patients.