Skip to content
Blue Fig Clinic

Policies

Privacy Policy

How Blue Fig Clinic collects, holds, uses and discloses personal information — including health information about minors — in compliance with the Privacy Act 1988.

Last updated 1 January 2026

Introduction

Our clinic is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (C) (‘the Privacy Act’).

Our policy is to inform you of:

  • The kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act.

  • How we collect and hold personal information.

  • The purposes for which we collect, hold, use and disclose personal information.

  • How you may access your personal information and seek the correction of that information.

  • How you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint.

  • Whether we are likely to disclose personal information to overseas recipients.

What kinds of personal information do we collect?

The type of information we may collect and hold includes:

  • Your name, address, date of birth, email and contact details

  • Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice

  • Other health information about you, including:

    • notes of your symptoms or diagnosis and the treatment given to you

    • your specialist reports and test results

    • your appointment and billing details

    • your prescriptions and other pharmaceutical purchases

    • your genetic information

    • your healthcare identifier

    • any other information about your race, sexuality or religion when collected by a health service provider.

How do we collect and hold personal information?

We will generally collect personal information:

  • From you directly when you provide your details to us. This might be via a face-to-face discussion, telephone conversation, registration form or online form.

  • From a person responsible for you.

  • From third parties where the Privacy Act or other law allow it - this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system[1], electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme.

Why do we collect, hold, use and disclose personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

  • To provide health services to you.

  • To communicate with you in relation to the health service being provided to you.

  • To comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.

  • To help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ICT systems.

  • For consultations with other doctors and allied health professional involved in your healthcare.

  • To obtain, analyse and discuss test results from diagnostic and pathology laboratories for identification and insurance claiming.

  • If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.

  • If you need to disclose your information through an electronic transfer of prescriptions service.

  • To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.

How can you access and correct your personal information?

You have a right to seek access to, and correction of, the personal information we hold about you. For details on how to access and correct your health record, please contact our practice. We will normally respond to your request within a reasonable time frame but within 30 days.

Use of email

Email is not a secure form of communication, which is why:

  • We will accept personal information via email from other healthcare providers and organisations involved in the management of your health, but the use of secure messaging (Healthlink or Argus) is preferred.

  • We can accept emails relating to appointment scheduling, modifications to referrals or certificates. Medical symptoms or proposed treatments will not be discussed via email.

  • Email communication must never be used in the case of a medical emergency.

Use of SMS

Appointment and health reminders will be sent via SMS. You can be removed from the SMS reminder system upon request.

How do we hold your personal information?

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:

  • Holding your information on an encrypted database.
  • Holding your information in secure cloud storage meeting strong encryption standards.
  • Holding your information in a lockable cabinet.
  • Use of strong password protections.
  • Our staff sign confidentiality agreements.
  • Access to personal information is restricted on a ‘need to know’ basis.
  • Our practice has document retention and destruction policies.

If you have any questions about privacy-related issues, or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing (see contact details below). We will normally respond to your request within 30 days.

If you are dissatisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992

Fax: +61 2 9284 9666

Post: GPO Box 5218

Sydney NSW 2001

Website

Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice. Except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.

Overseas disclosure

We will not disclose your personal information to any overseas recipients unless these disclosures are explicitly authorised by you or if we are required to do so by law (by court order, for example.)

Updates to this Policy

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be published on our website.

Please contact us with any privacy related issues.

← Back to policies overview

Questions about our privacy policy?

Contact reception for a full copy of any policy document or to clarify how a policy applies to your situation.

Email Reception 02 7202 7061

Ready to book? Our reception team is here to help.

Book an Appointment