top of page
kailash-gyawali-A8A6sFI8344-unsplash.jpg

Privacy Policy

Understanding your rights in privacy and protection of information

Current as of 23rd March 2026 

Introduction

Summers Family Practice is committed to protecting the privacy of patient information and to the handling your personal information (1) in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).

 

This Privacy Policy has been prepared by Summers Family Practice to explain how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation. This policy is intended as a guide to staff and patients of this practice and for the advice of the broader community, being a public document made available to any person requesting it.

 

For the purposes of this policy, the handling of personal information and sensitive information (3), including health information (2), are all referred to as “personal information” throughout this Policy.

 

From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.

Collection and Storage

We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, family history, Medicare number, credit card and direct debit details and contact details. This may also include your patient health record, which is any personal information relating to your health status including but not limited to medical history, medications, allergies, immunisations, family history. Summers Family Practice will not collect sensitive information (3) other than health information about you unless you consent, or another exception permitted by privacy law applies, including where required or authorised by law.

 

This information may be stored on our computer medical records system and/or in hand written medical records. The clinical software hosts information on local server on our premises with regular backups created and stored on physical storage media.

 

Personal information will only be collected by lawful and fair means and directly from you wherever possible. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers. If information is collected about you from another party, Summers Family Practice, will whenever possible, advise you of this.

 

We collect information in various ways, such as over the phone or in writing, in person in our Summers Family Practice rooms or over the internet. This information may be collected by medical and non-medical staff. Summers Family Practice requires its employees to observe obligations of confidentiality in the course of their employment with all staff/contractors signing Confidentiality Agreements. In emergency situations we may also need to collect information from your relatives or friends.

 

Your health information may be collected without your consent where the collection is required or authorised by or under an Australian law or a court/tribunal order, or where it is unreasonable or impracticable to obtain consent to the collection to the extent that we reasonably believe that the collection is necessary to prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

 

Our practice does not store nor duplicate audio/visual recording of consultations, either face-to-face or via telehealth. Specific individual consent is sought for the use of medical scribe technology, which temporarily creates an audio recording of a consultation which is destroyed immediately upon completion of transcription process. While retaining audio recording is an option on some platforms, our practice policy is to never retain such audio recordings. If medical scribe technology is used, our practice ensures that a written informed consent is explained and obtained first, with verbal consent obtained in every subsequent consultation the technology is used. Our patients and doctors have complete freedom not to use medical scribe technology for any or all consults.

 

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services. Summers Family Practice keeps health information for a minimum of 7 years from the date of last entry in the patient records unless the patient is / was a child in which case the record must be kept until the patient attains or would have attained 25 years of age.

Use and Disclosure

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays. There is also interface with online booking provider which also facilitates appointments and our recall/reminder system.

 

There are circumstances where we may share your personal information. Unless disclosure is mandated by law, individuals may choose to accept or refuse such use or disclosure. If a patient is physically or legally incapable of providing consent, a responsible person (4) may do so.

  • With third parties who work with our practice for business purposes, such as accreditation agencies, information technology providers, debt collection agencies. Third parties operating in Australia are under Australian privacy laws, and our practice takes reasonable contractual and practical steps to ensure third parties protect information and use it for authorised purposes. Outside contractors are required not to use information about you for any purpose except those activities we have asked them to perform.

  • Valid written consent is required before personal health information is disclosed to third parties, such as insurance companies and solicitors.

  • When it is required or authorised by law (e.g. court subpoenas)

  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

  • To assist in locating a missing person

  • To establish, exercise or defend an equitable claim

  • For the purpose of confidential dispute resolution process

  • When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)

  • During the course of providing medical services, My Health Record (e.g. via Shared Health Summary, Event Summary)

 

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

 

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data. We may also from time to time, provide statistical data to third parties for research purposes. Our practice participates in the Australian Government PIP Quality Improvement incentive which supports general practice to invest in ongoing quality improvement activities. These activities aim to improve the care you receive as a patient and your health outcomes. Your de-identified health data is shared with our Local Primary Health Network and the Australian Institute of Health and Welfare. Approved researchers and third parties might access the data set for secondary purposes. For example, a research purpose to compare the care options for people with similar health concerns in different areas. All providers and health data analysts in Australia have professional and legal obligations to protect patient information privacy. This information does not include your name, addresses or other identifying information. Please speak to the Practice Manager if you would like to opt out of your deidentified health data being part of quality improvement and research.

 

Regarding document automation technologies, our practice uses templates that are personalised with subsequent editing by staff to ensure that only relevant personal and medical information is included in produced documents and referral letters.

4

Data Quality and Security

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct when you attend a consultation.

 

To protect your personal information from misuse and loss and from unauthorized modification or disclosure, information that we hold is protected by:

  • Securing our premises

  • Placing passwords and varying access levels of databases to limit access and protect electronic information from unauthorized interference, access, modification and disclosure

  • Providing locked cabinets and rooms for the storage of records if in physical form

  • Being accessible by staff only on a “need to know” basis

  • Not being taken from the Summers Family Practice premises unless authorised and for a specified purpose.

  • Destroying or permanently de-identifying personal information that is no longer required.

  • Destroying any paper correspondence with identifying data using a secure shredding company.

Our data system is maintained by a dedicated IT expert to prevent the loss and corruption of data.

Access and Correction 

You are entitled to request access to your medical records. We request that all requests be provided in writing for us to respond within a reasonable time. Identification is also requested to ensure that a false application is not lodged. Under normal circumstances Summers Family Practice will provide you with access to your personal information within 30 days of receiving a request for access. Depending on complexity, there may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

 

You will be provided with an opportunity to discuss your personal information with an appropriate member of staff when access is sought, however a fee for the doctor’s time may be charged.

 

We may deny access to your medical records in certain circumstances permitted by law, for example:

  • If disclosure may cause a serious threat to your health, safety or wellbeing

  • If providing access would be unlawful or would prejudice a legal investigation.

  • If providing access would affect the privacy of others.

  • If the request for access is frivolous and/or vexatious.

We will always provide you an explanation why access is denied and the options you have to respond to our decision.

 

If you believe that the information we have about you is not accurate, complete, or up-to-date, we ask that you contact us in writing. Summers Family practice will take necessary steps to amend or correct the information.

​

Notifiable Data Breach 

The Notifiable Data Breaches (NDB) scheme under Part IIIIC of the Privacy Act 1988 (Privacy Act) establishes requirements for entities in responding to data breaches. Summers Family Practice has the obligation to notify you of a data breach where serious harm may result from personal information involved in the breach.

 

Transborder Data Flows 

We will not transfer your personal information to an overseas recipient unless we:

  • Have your consent; or

  • Are required to do so by law; or

  • Believe the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain consent.

Website Privacy 

The website of Summers Family Practice contains links to other sites. Please be aware that Summers Family Practice is not responsible for the privacy practices of any linked sites. We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit. All links to external sites are provided for your convenience. The information, products and advertisements contained in the linked sites are neither approved nor endorsed by Summers Family Practice, and Summers Family Practice is not responsible for such information, products or advertisements.

Complaints 

Any complaints in relation to Summers Family Practice and its handling of personal information should be directed to the practice manager preferably in writing. Our email and address details are included in the enquiry section below. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

 

We will contact you within 7 business days regarding your complaint. Unless a complaint can be dealt with immediately to the satisfaction of both parties, Summers Family Practice will aim to provide a written response to the complainant within 30 days of it being received after having conducted a full investigation of the circumstances.

 

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. You may communicate via mail or through the practice feedback box, located in the surgery waiting room.

 

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Office of the Australian Information Commissioner (OAIC) or the NSW Privacy Commissioner.

Policy Review Statement

Our policy is reviewed every 12 months to ensure it is in accordance with any changes that may occur. The new policy is then updated on the practice website.

​

Enquiries 

Any enquiries regarding this policy should, in the first instance, be directed to the practice manager of Summers Family Practice:

P: (02) 9482 3500

F: (02) 9482 3900

Email: reception@summersfp.com.au

523 Pacific Highway, Mount Colah, NSW 2079, Australia

​

Terminology 

(1) Personal information means:

  • Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

 

(2) Health information means:

  • information or an opinion about:

    • the health or a disability (at any time) of an individual; or

    • an individual’s expressed wishes about the future provision of health services to him or her; or

    • a health service provided, or to be provided, to an individual; that is also personal information; or

  • other personal information collected to provide, or in providing, a health service; or

  • other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances.

 

Health service means:

  • an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the person performing it:

    • to assess, record, maintain or improve the individual’s health; or

    • to diagnose the individual’s illness or disability; or

    • to treat the individual’s illness or disability or suspected illness or disability; or

  • the dispensing on prescription of a drug or medicinal preparation by a pharmacist.

The term health service provider means a provider of a health service and is not separately defined in the Privacy Act.

 

(3) Sensitive information means:

  • information or an opinion about an individual’s:

  • racial or ethnic origin; or

  • political opinions; or

  • membership of a political association; or

  • religious beliefs or affiliations; or

  • philosophical beliefs; or

  • membership of a professional or trade association; or

  • membership of a trade union; or

  • sexual preferences or practices; or

  • criminal record;

that is also personal information; or health information about an individual.

 

(4) A responsible person is defined as:

  • a parent;

  • a child or sibling at least 18 years of age;

  • a spouse or de facto spouse;

  • a relative at least 18 years of age and a member of the individuals household;

  • a guardian or a person exercising enduring power of attorney that can be exercised in relation to the individuals health;

  • a person who has an intimate personal relationship with the individual; or

  • a person nominated by the individual to be contacted in an emergency.​

​

SFP_Logo_White_Coloured.png

Summers Family Practice

523 Pacific Highway

Mount Colah NSW 2079

​

Phone : (02) 9482 3500

Fax: (02) 9482 3900

Follow Us On:

  • Facebook
We acknowledge the Traditional Owners of this land that we stand on, the Darug and Guringai people, and pay respect to their Ancestors and Elders past and present and to their Heritage.

© 2023 Summers Family Practice

bottom of page