top of page

Privacy Policy

Understanding your rights in privacy and protection of information

Current as of 8th of August 2023. Review date 8th of February 2024.


Summers Family Practice is committed to protecting the privacy of patient information and to the handling your personal information   in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation). 

This Privacy Policy has been prepared by Summers Family Practice to explain how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation. This policy is intended as a guide to staff and patients of this practice and for the advice of the broader community, being a public document made available to any person requesting it. 

For the purposes of this policy, the handling of personal information and sensitive information  (including health information  ) are all referred to as “personal information” throughout this Policy. 

From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice. 





We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, family history, Medicare number, credit card and direct debit details and contact details. This may also include your patient health status including but not limited to medical history, medications, allergies, immunisations and family history. Summers Family Practice will only collect sensitive information other than health information about you if the you consent or the collection is required by law.  

This information may be stored on our computer medical records system and/or in hand written medical records. 

Personal information will only be collected by lawful and fair means and directly from you wherever possible. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers. If information is collected about you from another party, Summers Family Practice, will whenever possible, advise you of this. 

We collect information in various ways, such as over the phone or in writing, in person in our Summers Family Practice rooms or over the internet. This information may be collected by medical and non-medical staff. Summers Family Practice requires its employees to observe obligations of confidentiality in the course of their employment with all staff/contractors signing Confidentiality Agreements. In emergency situations we may also need to collect information from your relatives or friends. 

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services. Summers Family Practice keeps health information for a minimum of 7 years from the date of last entry in the patient records unless the patient is / was a child in which case the record must be kept until the patient attains or would have attained 25 years of age. 

Your health information may be collected without your consent where the collection is required or authorised by or under an Australian law or a court/tribunal order, or where it is unreasonable or impracticable to obtain consent to the collection to the extent that we reasonably believe that the collection is necessary to prevent a serious threat to the life, health or safety of any individual, or to public health or safety.


Use and Disclosure

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays. When health information is provided to another medical practice on your request we email or fax the request.

There are circumstances where we may share your personal information. Unless disclosure is mandated by law, individuals may choose to accept or refuse such use or disclosure. If a patient is physically or legally incapable of providing consent, a responsible person  may do so.

  • With third parties who work with our practice for business purposes, such as accreditation agencies, information technology providers, debt collection agencies. Security and confidentiality requirements are imposed on these third parties who are required to comply with APPs and this policy. Outside contractors are required not to use information about you for any purpose except those activities we have asked them to perform.

  • Written consent is required before personal health information is disclosed to third parties, such as insurance companies and solicitors

  • When it is required or authorised by law (e.g. court subpoenas)

  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

  • To assist in locating a missing person

  • To establish, exercise or defend an equitable claim

  • For the purpose of confidential dispute resolution process

  • When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)

  • During the course of providing medical services, My Health Record (e.g. via Shared Health Summary, Event Summary)

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data. We may also from time to time, provide statistical data to third parties for research purposes. Our practice participates in the Australian Government PIP Quality Improvement incentive which supports general practice to invest in ongoing quality improvement activities. These activities aim to improve the care you receive as a patient and your health outcomes. Your de-identified health data is shared with our Local Primary Health Network and the Australian Institute of Health and Welfare. Approved researchers and third parties might access the data set for secondary purposes. For example, a research purpose to compare the care options for people with similar health concerns in different areas. All providers and health data analysts in Australia have professional and legal obligations to protect patient information privacy. This information does not include your name, addresses or other identifying information. Please speak to the Practice Manager if you would like to opt out of your deidentified health data being part of quality improvement and research.

Regarding document automation technologies, our practice uses templates that are personalised, particularly so that only relevant medical information is included in referral letters.


Data Quality and Security

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct when you attend a consultation. 

To protect your personal information from misuse and loss and from unauthorized modification or disclosure, information that we hold is protected by: 

  • Securing our premises 

  • Placing passwords and varying access levels of databases to limit access and protect electronic information from unauthorized interference, access, modification and disclosure 

  • Providing locked cabinets and rooms for the storage of records if in physical form 

  • Being accessible by staff only on a “need to know” basis 

  • Not being taken from the Summers Family Practice premises unless authorised and for a specified purpose. 

  • Destroying or permanently de-identifying personal information that is no longer required

  • Any paper correspondence with identifying data is destroyed by a secure shredding company.

​Our data system is maintained by a dedicated IT expert to prevent the loss and corruption of data.

Access and Correction 

You are entitled to request access to your medical records. We request that all requests be provided in writing for us to respond within a reasonable time. Identification is also requested to ensure that a false application is not lodged. Under normal circumstances Summers Family Practice will provide you with access to your personal information within 30 days of receiving a request for access. Depending on complexity, there may be a fee for the administrative costs of retrieving and providing you with copies of your medical records. 

You will be provided with an opportunity to discuss your personal information with an appropriate member of staff when access is sought, however a fee for the doctor’s time may be charged. 

We may deny access to your medical records in certain circumstances permitted by law, for example: 

  • If disclosure may cause a serious threat to your health, safety or wellbeing 

  • If providing access would be unlawful or would prejudice a legal investigation. 

  • If providing access would affect the privacy of others. 

  • If the request for access is frivolous and/or vexatious. 

We will always provide you an explanation why access is denied and the options you have to respond to our decision. 

If you believe that the information we have about you is not accurate, complete, or up-to-date, we ask that you contact us in writing. Summers Family practice will take necessary steps to amend or correct the information.

Notifiable Data Breach 

The Notifiable Data Breaches (NDB) scheme under Part IIIIC of the Privacy Act 1988 (Privacy Act) establishes requirements for entities in responding to data breaches. Summers Family Practice has the obligation to notify you of a data breach where serious harm may result from personal information involved in the breach


Transborder Data Flows 

We will not transfer your personal information to an overseas recipient unless we: 

  • Have your consent; or 

  • Are required to do so by law; or 

  • Believe the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain consent. 

Website Privacy 

The website of Summers Family Practice contains links to other sites. Please be aware that Summers Family Practice is not responsible for the privacy practices of any linked sites. We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit. All links to external sites are provided for your convenience. The information, products and advertisements contained in the linked sites are neither approved nor endorsed by Summers Family Practice, and Summers Family Practice is not responsible for such information, products or advertisements. 


Any complaints in relation to Summers Family Practice and its handling of personal information should be directed to the practice manager preferably in writing. Our email is available on request, or you can write a letter to our address. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures. 

We will contact you within 7 business days regarding your complaint. Unless a complaint can be dealt with immediately to the satisfaction of both parties, Summers Family Practice will aim to provide a written response to the complainant within 30 days of it being received after having conducted a full investigation of the circumstances.

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. You may communicate via mail or through the practice feedback box, located in the surgery waiting room.

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.

Policy Review Statement

Our policy is revised every 6 months to ensure it is in accordance with any changes that may occur. The new policy is then updated on the practice website. 


Any enquiries regarding this policy should, in the first instance, be directed to the practice manager of Summers Family Practice: 

P: (02) 9482 3500 

F: (02) 9482 3900 


 1. Personal information means: 

  • Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. 

2. Health information means: 

  • information or an opinion about: 

    • the health or a disability (at any time) of an individual; or 

    • an individual’s expressed wishes about the future provision of health services to him or her; or 

    • a health service provided, or to be provided, to an individual; that is also personal information; or 

  • other personal information collected to provide, or in providing, a health service; or 

  • other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances. 

Health service means: 

  • an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the person performing it: 

    • to assess, record, maintain or improve the individual’s health; or 

    • to diagnose the individual’s illness or disability; or 

    • to treat the individual’s illness or disability or suspected illness or disability; or 

  • the dispensing on prescription of a drug or medicinal preparation by a pharmacist. 

The term health service provider means a provider of a health service and is not separately defined in the Privacy Act. 

3. Sensitive information means: 

  • information or an opinion about an individual’s: 

  • racial or ethnic origin; or 

  • political opinions; or 

  • membership of a political association; or 

  • religious beliefs or affiliations; or 

  • philosophical beliefs; or 

  • membership of a professional or trade association; or 

  • membership of a trade union; or 

  • sexual preferences or practices; or 

  • criminal record; 

that is also personal information; or health information about an individual. 


4. A responsible person is defined as: 

  • a parent; 

  • a child or sibling at least 18 years of age; 

  • a spouse or de facto spouse; 

  • a relative at least 18 years of age and a member of the individuals household; 

  • a guardian or a person exercising enduring power of attorney that can be exercised in relation to the individuals health; 

  • a person who has an intimate personal relationship with the individual; or 

  • a person nominated by the individual to be contacted in an emergency. 

bottom of page