Patient Privacy Policy

Our practice is required to manage personal information we collect in a manner that complies with the Privacy Act 1988 (Cth) (‘thePrivacy Act’).  This Privacy Policy outlines the types of personal information (including health information) we collect and hold, how we collect, hold and use the information as well as what we disclose.

This Privacy Policy also explains how you may access your personal information, seek a correction of your personal information and to make a complaint if you are not satisfied with the way our practice has handled your personal information.

Types of personal information we collect

Our practice will collect personal information in a responsible and lawful manner. The type of information we may collect and hold includes:

  • Your name, date of birth, address and contact details
  • Medicare number, DVA number, Centrelink concession number, IHI number and other government identifiers that may be applicable
  • Other health and medical information about you may include:

    - notes of your symptoms or diagnosis and previous treatments given to you  
    - your specialist reports, test results and other medical history
    - your appointment and billing details
    - your prescriptions and any other medication you take
    - your genetic information if applicable  
    - information about your ethnicity, social and family history

How we collect and hold personal information

We generally collect personal information:

  • from you directly when you contact us. This might be via a telephone conversation, when you register as a patient with us on your initial visit and at subsequent appointments
  • from a person responsible for you or your guardian
  • from third parties where the Privacy Act or other law allows it - this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists,  hospitals, the My Health Record system[1], electronic prescription services, Medicare, the Pharmaceutical Benefits Scheme


Why we collect, hold, use and disclose personal information

We collect personal information from you for the purpose of providing health care services to you.

We use, hold and disclose your personal information for the following purposes:

  • to communicate with you in relation to the health service being provided to you to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation
  • to help us manage our accounts and administrative services, including billing and pursuing unpaid accounts
  • for consultations with other medical and allied health practitioners involved in your health care outside of this practice
  • to obtain, review and discuss investigation(s)     performed by diagnostic and pathology laboratories
  • to liaise with Medicare, the Department of Veteran's Affairs and other government and regulatory bodies

We do not use patient information for marketing or disclose your personal information to overseas recipients unless you have authorised our practice to do so or required by law.

Access and correction of your personal information

You have a right to seek access to the personal information which we hold about you. There may be a fee involved to cover administrative and time taken to comply with your request, which you will be notified of in advance. We will normally respond to your request within 30 days.

You may request our practice to correct or update your personal information that we hold.

If you wish to access or correct your personal information, please refer to the Contact Details at the end of this document.

Storage of your personal information

Your personal information is stored predominantly in electronic format. We take all necessary precautions to maintain your personal information securely and prevent unauthorised access, interference, modification or disclosure. Access to electronic records is limited to our practice personnel via a series of passwords.

Hard copies of old medical records are stored securely in locked cabinets. Once details of personal information are transferred from hard copies to your electronic file or old medical records are no longer required to be kept, the documents are then disposed of securely.

Our practice personnel are required to maintain and protect your privacy in accordance with this Privacy Policy and their confidentiality agreements.

Electronic records are backed up daily and our IT systems are protected by antivirus software, antispyware and firewalls.

Privacy related questions and complaints

If you have any questions about this Privacy Policy or you are not satisfied with the handling of your personal information by our practice, please send your complaint in writing to the Contact Details below.

We will normally respond to your request within 30 days. If you are not satisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992
Post: GPO Box 5218
Sydney NSW 2001

Anonymity and pseudonyms 

You have the option of not disclosing your identity or use a pseudonym when you request the services of our practice. However, our practice reserves the right to decline such requests if it is not practicable for us to provide you with the services that you request if you have not identified yourself.

Updates to this Policy

This Privacy Policy will be updated from time to time to reflect changes in regulations and our procedures.

Practice Contact Details

Suite 2001 Level 20
Westfield Tower
2101 Grafton Street
Bondi Junction
NSW 2022 


experts in skincare

Dermatologists consulting from Eastern Suburbs Dermatology provide consultative and procedural services are all Fellows of the Australasian College of Dermatologists.

Practising individual dermatologists consulting from Eastern Suburbs Dermatology have sub-specialisation interests in paediatric dermatology, surgical dermatology, and women’s and cosmetic dermatology.