PRIVACY POLICY

Download PDF version

1. Introduction

YourGP is committed to protecting the privacy of your personal information and health information. This privacy policy explains how we manage your personal information and complies with the requirements of the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records (Privacy and Access) Act 1997 (ACT).

This policy was reviewed in February 2026.

2. Why and When Your Consent Is Necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it.

If we need to use your information for anything other than the primary purpose for which it was collected, we will seek additional consent from you, unless the use or disclosure is otherwise permitted or required by law.

3. Why Do We Collect, Use, Hold and Share Your Personal Information?

We collect your personal information to provide you with the highest level of healthcare. We may also use your information to:

• Manage your ongoing healthcare and communicate with other healthcare providers involved in your care
• Remind you of upcoming appointments or follow-up care
• Process claims through Medicare, the Department of Veterans' Affairs (DVA), or your private health fund
• Comply with our legal obligations, including mandatory reporting requirements
• Improve our services through clinical audits and quality assurance activities

4. What Personal Information Do We Collect?

The information we collect may include, but is not limited to:

• Names, date of birth, addresses, and contact details
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history, and risk factors
• Medicare number, DVA number, and private health fund details for snapshot claiming and identification purposes
• Healthcare identifiers as required under the Healthcare Identifiers Act 2010
• Clinical photographs where relevant to your care, with your informed consent

5. Dealing With Us Anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so, or unless we are required or authorised by law to deal with identified individuals. In most cases, to provide you with appropriate healthcare, we will need to know who you are.

6. How Is Personal Information Collected?

We collect information in several ways, including:

• When you complete a registration form at the practice (either paper-based or electronic)
• During the course of providing medical services, through consultations and examinations
• Via our website, email, SMS, or other electronic communications
• From your authorised guardian or responsible person if you are unable to provide information yourself
• From other healthcare providers such as specialists, hospitals, allied health professionals, and pathology or imaging services
• From your private health fund, Medicare, or DVA
• Through electronic prescribing, My Health Record, and online appointment booking services
• Through CCTV surveillance in common areas of the practice for security purposes

7. When, Why and With Whom Do We Share Your Personal Information?

We may share your personal information with third parties in the following circumstances:

• With other healthcare providers involved in your care, such as specialists, allied health professionals, hospitals, pathology and imaging services
• With Medicare, DVA, or your private health fund for claiming and billing purposes
• When required or authorised by law, including mandatory reporting obligations
• When necessary to lessen or prevent a serious threat to a patient's life, health, or safety, or to public health or safety
• In the case of a missing person, to assist in locating them
• For the establishment, exercise, or defence of an equitable claim

Some of our administrative and support functions are performed by staff based in Malaysia. These staff may access limited patient information (such as appointment details or billing information) as required to perform their duties. All such staff are bound by strict confidentiality agreements and operate under the same privacy obligations as our Australian-based staff.

Other than the above, we will not share your personal information with overseas recipients without your express consent.

8. Will Your Information Be Used for Marketing Purposes?

We will not use your personal information for marketing purposes without your express consent. If you do provide consent, you may opt out of receiving marketing communications at any time by notifying us in writing.

9. How Are Artificial Intelligence (AI) Scribes Used?

Our practice may use AI-powered clinical scribes to assist doctors with documentation during consultations. The following safeguards are in place:

• Your informed consent is obtained at the beginning of each consultation before any AI scribe is activated
• Audio recordings used by the AI scribe are destroyed immediately after the clinical note is generated
• No patient data is stored or processed outside Australia
• All personally identifiable information (PII) is removed from any data used for AI model improvement

10. How Do We Store and Protect Your Personal Information?

We store your personal information in a combination of electronic and paper-based records. We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Electronic records stored in secure, access-controlled clinical software systems
• Paper records stored in locked filing cabinets within secure areas of the practice
• Secure IT infrastructure with firewalls, encryption, and regular security updates
• Confidentiality agreements for all staff and contractors who access patient information

11. How Can You Access and Correct Your Personal Information Held by Us?

You have the right to request access to, or correction of, your personal information held by us. To do so, please submit a written request to our practice. We will respond to your request within 30 days. An administration fee may apply for the provision of records.

In some circumstances, we may refuse access or correction in accordance with the Privacy Act 1988. If we refuse, we will provide you with written reasons and advise you of your right to complain.

12. How Can You Lodge a Privacy-Related Complaint?

If you believe your privacy has been breached or you wish to lodge a complaint, please contact us:

• Email: admin@ygp.au
• Post: YourGP@Crace, 1/5 Baratta Street, Crace ACT 2911
• Post: YourGP@Lyneham, 62 Brigalow St, Lyneham ACT 2602
• Post: YourGP@Denman, 1B Felstead Vista, Denman Prospect ACT 2611
• Phone: 02 6109 0000

We will investigate your complaint and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Phone: 1300 363 992
• Website: www.oaic.gov.au

13. Policy Review Statement

This privacy policy is reviewed regularly and updated as required. Any changes will be published on our website. In some cases, we may also communicate changes to you directly.