fbpx Skip to main content

Your Privacy

Management of your personal information: 
This practice has a Privacy Policy and is committed to maintaining the confidentiality of your personal health information.

We abide by the 13 Australian Privacy Principles available at:


Copies of our privacy policies are available below or at reception. We will keep your medical information secure at all times ensuring it is only available to authorised members of staff.

At times we may collect de-identified information from this practice for research purposes. If you do not wish your anonymous information to be passed on please advise your doctor.

Privacy Policy

The purpose of this policy is to outline how the Mt Sheridan Medical Practice complies with its confidentiality and privacy obligations. The practice will make this Privacy Policy available to anyone who asks for it. From the 21st December 2001, the Privacy Amendment (Private Sector) Act 2000 extended the operation of the Federal Privacy Act 1988 to include the private health sector throughout Australia. Going forward, patients will be assured that their privacy will be protected when visiting our practice; that the information collected and retained in our patient records is correct and up-to date; and that they can access their information for review. Your doctor needs information about your past and present health in order to provide patients with high quality care. The ways in which this practice complies with the legislation and National Privacy Principals.

Collection, Use & Disclosure
Patient consent for the transfer of personal health information to other agencies is now obtained on the first visit. This form is found on the reverse side our  ‘New Patient Information’ form. We recognise that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the highest privacy compliance standards relevant to ensure personal information is protected. The practice will only collect information which is relevant to patient care to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient health care. For administrative and billing purposes, and to enable the patient to be attended by other practitioners in our practice, patient information is shared between the practitioners who attend a patient.

We (on behalf of) and the practitioners may collect personal information (including health information) regarding patients for the purpose of providing medical services and treatment to patients. Personal information collected will generally include: the patient’s name, address, telephone number and Medicare number; health care fund; current drugs or treatments used by the patient; previous and current medical history, including where clinically relevant a family medical history, and the name of any health service provider or medical specialist to whom the patient is referred, copies of any letters of referrals and copies of any reports back.

We may access information:
• provided directly by the patient;
• provided on the patient’s behalf with the patient’s consent;
• from a health service provider who refers the patient to medical practitioners
• from health service providers to whom patients are referred.

Personal information collected by us may be used or disclosed:
• for the purpose the patient was advised of at the time of collection of the information by us;
• as required for delivery of the health service to the patient by all clinical and administrative staff;
• as required for the ordinary operation of our services (i.e. to refer the patient to a medical specialist or other health service provider);
• as required under compulsion of law; or
• where there is a serious and imminent threat to an individual’s life, health, or safety;

• information is necessary to obtain Medicare payments or other health insurance rebates
• a serious threat to public health or public safety.

Other than as described in this Policy or permitted under the National Privacy Act, Mt Sheridan Medical Practice uses its reasonable endeavours to ensure that identifying health information is not disclosed to any person.

We keep health information for a minimum of 7 years from the date of last entry in the patient record (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age).

Because of the sensitive nature of the information collected by us to provide its services, extra precautions are taken to ensure the security of that information. Our electronic files are password-protected on several levels, and the computer backup tapes are stored offsite. Our data security ensures that the storage, use and where necessary the transfer of personal health information will be undertaken in a secure manner that protects patient privacy. We ensure that the patient record is accurate, comprehensive, up to date and have enough information to ensure another doctor can continue patient care.

Members of the practice team who have access to patient health records (varying levels of access) includes, GPs, GP Registrars, General Practice Nurses and Reception staff and Medical/Nursing students. We require all our employees and contractors to observe obligations of confidentiality in the course of their employment/contract. We require independent contractors to sign a confidentiality undertaking.

Medical practitioners who provide services at our practices may refer patients to the following services:
• pathology services
• radiology services;
• public hospitals;
• private hospitals;
• day procedure centres;
• specialist medical practitioners and other health providers involved in the relevant patient’s care which may include surgeons, nurses, occupational therapists, pharmacists, physiotherapists, psychologists, dieticians, audiologists, podiatrists and the ambulance service.

Secondary purposes which are directly related to the primary purpose of collection for which we may use or disclose personal information may be for quality assurance, training, billing, liaising with government offices regarding Medicare entitlements and payments and as may be required by our insurers.

Accessing information, correction of information, complaints and obtaining further information

Patients may request access to their personal health information health by this practice. All requests for access (either verbally or by written request) will be referred to the treating doctor and the Practice Privacy Officer as appropriate.

The practice encourages patients to ensure that information is accurate and up to date and to amend any information that is inaccurate. There are some circumstances in which access will be restricted or denied and the reason for this will be explained to the patient.

A charge may be payable where the practice incurs a cost in providing access. This is for administrative costs such as photocopying.

Complaints / Concerns

The best way to deal effectively with concerns and complaints is to communicate openly and respectfully. The Practice Privacy Officer or the treating doctor is available to allay any concerns or complaints at a local level. If a patient is dissatisfied with any aspect of our privacy policy, and satisfaction is not gained with consultation with our practice, the patient can contact:

Office of the Health Ombudsman

Ph 133 646    www.oho.qld.gov.au

PO Box 13281  BRISBANE  QLD 4003

Social Media Privacy Policy

Using social media in our practice


‘Social media’ is defined as online social networks used to disseminate information through online interaction.

Regardless of whether social media is used for business related activity or for personal reasons, the following standards apply to members of our practice team, including general practitioners. Practitioners and team members are legally responsible for their postings online. Practitioners and team members may be subject to liability and disciplinary action including termination of employment or contract if their posts are found to be in breach of this policy.


Our practice has appointed Julie Michael (Practice Manager/RN) as our social media officer with designated responsibility to manage and monitor the practice’s social media accounts. All posts on the practice’s social media websites must be approved by this person.

When using the practice’s social media, all members of our practice team will not:

  • Post any material that:
    • Is unlawful, threatening, defamatory, pornographic, inflammatory, menacing, or offensive
    • Infringes or breaches another person’s rights (including intellectual property rights) or privacy, or misuses the practice’s or another person’s confidential information (e.g. do not submit confidential information relating to our patients, personal information of staff, or information concerning the practice’s business operations that have not been made public)
    • Is materially damaging or could be materially damaging to the practice’s reputation or image, or another individual
    • Is in breach of any of the practice’s policies or procedures
  • Use social media to send unsolicited commercial electronic messages, or solicit other users to buy or sell products or services or donate money
  • Impersonate another person or entity (for example, by pretending to be someone else or another practice employee or other participant when you submit a contribution to social media) or by using another’s registration identifier without permission
  • Tamper with, hinder the operation of, or make unauthorised changes to the social media sites
  • Knowingly transmit any virus or other disabling feature to or via the practice’s social media account, or use in any email to a third party, or the social media site
  • Attempt to do or permit another person to do any of these things:
    • Claim or imply that you are speaking on the practice’s behalf, unless you are authorised to do so
    • Disclose any information that is confidential or proprietary to the practice, or to any third party that has disclosed information to the practice
  • Be defamatory, harassing, or in violation of any other applicable law
  • Include confidential or copyrighted information (e.g. music, videos, text belonging to third parties), and
  • Violate any other applicable policy of the practice.

All members of our practice team must obtain the relevant approval from our social media officer prior to posting any public representation of the practice on social media websites. The practice reserves the right to remove any content at its own discretion.

Any social media must be monitored in accordance with the practice’s current polices on the use of internet, email and computers.

Our practice complies with the Australian Health Practitioner Regulation Agency (AHPRA) national law, and takes reasonable steps to remove testimonials that advertise our services (which may include comments about the practitioners themselves). Our practice is not responsible for removing (or trying to have removed) unsolicited testimonials published on a website or in social media over which we do not have control.

Any social media posts by members of our practice team on their personal social media platforms should:

  • Include the following disclaimer example in a reasonably prominent place if they are identifying themselves as an employee of the practice on any posting: ‘The views expressed in this post are mine and do not reflect the views of the practice/business/committees/boards that I am a member of’, and
  • Respect copyright, privacy, fair use, financial disclosure and other applicable laws when publishing on social media platforms.

Social media activities internally and externally of the practice must be in line with this policy.

Electronic & Email Communication Policy

Communication with patients by electronic means including email


Our practice is mindful that even if patients have provided electronic contact details, they may not be proficient in communicating via electronic means and patient consent needs to be obtained before engaging in electronic communication. Electronic communication includes email, facsimile and Short Message Service (SMS).

Communication with patients via electronic means is conducted with appropriate regard to privacy.


Our practice’s primary reason for communicating electronically to patients is to issue appointment reminders and we verify the correct contact details of the patient at the time of the appointment being made.

Whilst not encouraged, our practice allows patients an opportunity to obtain advice or information related to their care by electronic means, but only where the general practitioner determines that a face-to-face consultation is unnecessary and that communication by electronic means is suitable. Our practice will only provide information that is of a general, non-urgent nature and will not initiate electronic communication (other than SMS appointment reminders) with patients. Any electronic communication received from patients is also used as a method to verify the contact details we have recorded on file are correct and up-to-date.

Communication with patients via electronic means is conducted with appropriate regard to privacy. Before obtaining and documenting the patient’s consent, patients are fully informed through information contained in the new patient leaflet and practice website of the risks associated with electronic communication in that the information could be intercepted or read by someone other than the intended recipient as t is not a secure encrypted email.

When an email message is sent or received in the course of a person’s duties, that message is a business communication and therefore constitutes an official record. Patients are informed of any costs to be incurred as a result of the electronic advice or information being provided, and all electronic contact with patients is recorded in their health record.

All members of the practice team are made aware of our policy regarding electronic communication with patients during induction, and are reminded of this policy on an ongoing basis. They are made aware that electronic communications could be forwarded, intercepted, printed and stored by others. Each member of the practice team holds full accountability for emails sent in their name or held in their mailbox, and they are expected to utilise this communication tool in an acceptable manner. This includes, but is not limited to:

  • Limiting the exchange of personal emails
  • Refraining from responding to unsolicited or unwanted emails
  • Deleting hoaxes or chain emails
  • Email attachments from unknown senders are not to be opened
  • Virus checking all email attachments
  • Maintaining appropriate language within electronic communications
  • Ensuring any personal opinions are clearly indicated as such, and

Our practice reserves the right to check an individual’s email accounts as a precaution to fraud, viruses, workplace harassment or breaches of confidence by members of the practice team. Inappropriate use of the email facility will be fully investigated and may be grounds for dismissal.

The practice uses an email disclaimer notice on outgoing emails that are affiliated with the practice stating :

Mount Sheridan Medical Practice

6-8 George Cannon Drive, Mt Sheridan QLD 4868

Ph  07 4036 4333      Fax 07 4036 4222

IMPORTANT – This message is confidential and should only be used by the intended addressee.  If you were sent this email by mistake, please inform us by reply email and then destroy this message.  The contents of this email are the opinions of the author and do not necessarily represent the views of Mt Sheridan Medical Practice.

Download our privacy policies

Privacy Policy          Social Media Privacy Policy          Electronic & Email Communication Privacy Policy