Privacy Policy


We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and the NSW privacy legislation (referred to as privacy legislation).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is current from 21st February 2017. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.


We collect information that is necessary and relevant to provide you with medical care and treatment, and mange our medical practice. This information is stored within our electronic medical records system and will include, but is not limited to:

  • –  your name, address, date of brith, gender, email and contact details.
  • –  Medicare number, DVA number and Health Fund number.
  • –  health information (symptoms, diagnosis, treatment, reports, test results, prescriptions) andrelevant family history.
  • –  credit card and direct debit details .

In most instances, we will only collect information from you personally. However, we may also need to collect information from other sources, but is not limited to: other treating specialists, radiologists, pathologists, hospitals, other health care providers, Medicare, or your health insurer. In emergency situations we may also need to collect information form your relatives or friends.

We collect this information in various ways, such as over the phone or in writing, in person at our consulting rooms or over the internet if you transact with us online. This information may be collected by medical and non-medical staff.

We are required by law to retain medical records for certain periods of time depending on your age at the time we provide services.


We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment.

In general, we collect, hold, use and disclose your personal information for the following purposes:

  • –  to provide health services to you
  • –  to communicate with you in relation to the health service being provided to you
  • –  to help us manage our accounts and administrative services, including billing, arrangements withhealth funds, pursuing unpaid accounts and management of our ITC systems
  • –  for consultations with other doctors and allied health professional involved in your healthcare
  • –  to obtain, analyse and discuss test results from diagnostic and pathology laboratories
  • –  for identification and insurance claiming

– to liaise with your health fund, Medicare, the Department of Veterans Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy compliant to the OAIC), as necessary.

We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.


The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice. However, at Macspine, we believe that if you choose not to identify yourself, the provision of our service to you is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impossible.


Sometimes, your digital images (photographs) and other forms of imaging , such as Xrays, MRI and CT scans may be used for teaching purposes and/or medical research projects. In these situations, these images will be de-identified.


We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.

Our staff are trained and required to respect and protect your privacy. Personal information that we hold is protected by:
– securing our premises

  • –  placing passwords and varying access levels on databases to limit access and protect electronicinformation form unauthorised interference, access, modification and disclosure
  • –  stored data being encrypted
  • –  all staff members signing confidentiality agreements
  • –  document retention and destruction policiesCORRECTIONSIf you believe that the information we have about you is not accurate, complete or up-to-date, we ask that you contact us.ACCESS TO YOUR MEDICAL RECORDSYou are entitled to request access to your medical records. We ask that you put your request in writing and we will respond to it within 30 days.There may be a fee for the administrative cost of retrieving and providing you with copies of your medical records.We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.


We will not transfer you personal information to an overseas recipient unless we have your consent or we are required to do so by law. In any case, we will take reasonable steps to ensure that such recipients do not breach the Privacy Act 1988 and the Australian Privacy Principles.

Please direct any queries, complaints, and/or requests for access to medical records to:

Attention: Marie Gray
PO Box 2031
Gateshead NSW 2290
Phone: 02 4040 1139
Fax: 02 4027 5766


If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

If you are dissatisfied with our handling of a complaint or the outcome, you may make an application to the:

Office of the Australian Information Commissioner (OAIC): Phone: 1300 363 992
Email: enquires
Fax: +61 2 9284 9666

Post: GPO Box 5218
Sydney NSW 2001