top of page

Byron Baby Privacy Policy

Current as of the 30/03/23


This privacy policy is to provide information to our patients on how your personal information (which includes your health information) is collected and used within our practice and the circumstances in which we may share it with third parties.


We are required by law to make this policy available to you.


We manage your personal information respectfully and our policies are similar to most General Practices in Australia.


When you register as a patient of our Practice, either online or face to face, you will be provided with a registration form that informs you that our GPs and Practice staff will access and use your personal information so we can provide you with high quality and safe healthcare.


Your doctors and nurses need information about your past and present health to provide you with high quality and safe healthcare.


Our patient registration form also informs you that we may send health reminders by email and by Short Message Service (SMS).


What personal information do we collect?

The information we will collect about you includes:

  • names, date of birth, addresses, contact details.

  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

  • Medicare number (where available) for identification and claiming purposes.

  • healthcare identifiers

  • health fund details.


How do we collect your personal information?

When you make your first appointment our practice staff will collect your personal and demographic information via your registration form. During the course of providing medical services we may collect further personal information.


Our Practice is registered for the My Health Record system and if you are also registered for the My Health Record system we may draw down information e.g. via Discharge Summaries, Shared Health Summaries and Event Summaries, Medical Benefits Schedule Information, Pharmaceutical Benefits information, Pathology and Imaging reports and other documents.


We send our prescriptions electronically by eScript and we may view the dispensing history of your prescriptions. Our Practice may also request information about prior prescriptions from the Government’s Prescription Information Services, The Federal Government's Prescription Shoppers Program and NSW Health’s SafeScript.


Personal information will also be collected if you complete online forms from our website and when you send us an email, SMS, telephone us, make an online appointment or communicate with us using social media through the collection of contact details and recording the information provided to us.


In some circumstances, personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:


  • your guardian or responsible person

  • other involved Healthcare Providers such as Specialists, Allied Health Professionals, Hospitals, Community Health Services and Pathology and Diagnostic Imaging Services

  • your Health Fund, Medicare, or the Department of Veteran’s Affairs (as necessary).



When, why and with whom do we share your personal information?


·      With third parties who work with our practices e.g. accreditation agencies or information technology providers.These third parties are required to comply with the Australian Privacy Principles and this policy.

  • With other healthcare providers

  • When it is required or authorised by law e.g. court subpoenas

  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or it is impractical to obtain the patient’s consent.

  • To assist in locating a missing person


Only people that need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our Practice will not share personal information with any third party without your consent.


We will not share your personal information with anyone outside Australia without your consent (unless under exceptional circumstances that are required by law).


Our Practice will not use your personal information for the marketing of goods or services to you without your consent. If you do consent, you may opt-out at any time by notifying our Practice in writing.




Who do we share your personal information with?

We may share your personal information:

  • if you have requested or consented to the disclosure or

  • with other Healthcare Providers involved in your care

  • through the Electronic Transfer of Prescriptions (eTP), using the My Health Record system (e.g. via Shared Health Summaries and Event Summaries) and through the use of our online booking, results and reminder services 

  • if the disclosure is necessary because you are at risk of harm without treatment and you are unable to give consent - for example, you might be unconscious after an accident or

  • if the information is necessary to obtain Medicare payments or other Health Insurance rebates


Your Doctor and Nurse collect information they feel is relevant to your medical care. If you are uncertain as to why the information is being requested, please ask your Doctor or Nurse.


The Doctors, Nurses and Staff of this Practice respect your right to decide how your personal health information is used or disclosed (for example to other doctors, hospitals and allied health providers).


It is important that other people involved in your care, such as other Doctors, or other Healthcare Providers are informed of relevant parts of your medical history so they can best care for you. After discussion with you, your doctor may write a letter or referral to a Specialist or another Healthcare Provider such as a Physiotherapist. This referral will generally be given to you to take to them, some referrals may also be sent electronically via Secure Message Delivery.


If you have any concerns about this process please discuss this with your doctor at the time of the referral.


Our Practice minimises the risks of prescription errors through the electronic transfer of prescriptions to an encrypted repository where your pharmacy can draw down the details of the prescription safely and without the risk of transcription errors.


Our Practice is registered with the National Electronic eHealth Record System called the My Health Record system, and if you are also registered for the My Health Record system we may share information with other Healthcare Providers involved in your care via Shared Health Summaries, Event Summaries, Pathology and Imaging reports and other documents. In registering for the My Health Record system, patients provide all Healthcare Providers ‘standing consent’ to upload clinical information. There is no requirement to obtain consent on each occasion before uploading information. If you do not want information shared and you are registered for the My Health Record system, you will need to tell your healthcare provider that you do not want information shared at the time of the consultation. You may also effectively remove the information yourself through the MyGov portal link to your record. 


In most group Practices it is customary for all Doctors in the practice to have access to all the medical records. If you have any concerns about the Doctors at this Practice being able to see your records, please discuss your concerns directly with your Doctor. 


Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, Practice audits and accreditation and in business processes (e.g. staff training).


Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym, unless it is impracticable for us to do so, or unless we are required or authorised by law to only deal with identified individuals.


Please note that by accessing care anonymously or under a pseudonym, we may not be able to contact you to follow up on abnormal results or recalls and you will not be able to access Medicare rebates, Pharmaceutical Benefits or Private Insurance rebates.


Quality Improvement and Research

De-identified health information is used within the Practice to improve the quality of care we provide. Research may also be undertaken using de-identified data if an appropriately constituted ethics committee has approved the activity. Our Practice shares de-identified health data with our Primary Health Network through the Federal Government's Quality Improvements Program, to improve patient outcomes and deliver best-practice care.


Recalls, Reminders and Patient Education

Our Practice may send out reminders and invitations by phone, SMS, email and by mail from time to time for scheduled health care services or to provide health education resources and we may text you to confirm appointments, provide information on results or seek feedback on the quality of our services.

Our Practice may also send out links to education resources to you by SMS and email. 


Closed-circuit television (CCTV)

CCTV cameras are located inside the premises to maintain the security of the Practice and your records. The cameras may maintain live feeds and footage may be stored.  


Unless required by law CCTV footage will not be released as it may contain recordings of other people and it may, therefore, have an unreasonable impact on the privacy of those people. CCTV footage may be disclosed to the police or with a valid subpoena or other disclosure requirements as part of a legal proceeding.


How do we store and protect your personal information?

Your personal information may be stored in our Practice in various forms e.g. as electronic records, as visual records (X-rays, CT scans, videos and clinical photos)

 Our Practice stores all personal information securely. We protect your personal information in protected information systems. Our backups are encrypted and our computers are password protected.


How to access and correct your personal information at our Practice

You have the right to request access to, and the correction of, your personal information.


Information in your record can be provided to you by way of an accurate and up to date summary of your care, for instance, if you are moving away and are transferring to a new doctor. Do not hesitate to ask your doctor if you want a summary of your care for any reason.


Our Practice acknowledges patients may also request access to their full medical records. We require you to put this request in writing and address this request to our Practice Manager.  Our Practice will respond within 30 days. If we can provide the information you seek it will be printed out for you. We will charge $1.35 per page in copying and administrative fees. We recommend you discuss the information provided with your GP so you fully understand the context of the information provided.


How can you lodge a privacy related complaint and how will the complaint be handled at our Practice?

We take any complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve your concerns. Please send any concerns to 


Byron Baby

60/1 Porter St

Byron Bay

NSW 2481


We will respond to your concerns within 30 days.


You may also contact the Office of the Australian Information Commissioner (OAIC). Generally the OAIC will require you to give them time to respond before they will investigate. For further information visit or call the OAIC on 1300 336 002.


Or the Health Care Complaints Commission NSW on 1800 043 159 or 02 9219 7444

bottom of page