top of page
Keyboard and Mouse

Privacy Policy

CT Heart Clinic Pty Ltd (ACN 635 893 113) (we, us or ours) is committed to protecting the privacy of all our patients (you). We collect, use, store, manage and disclose your personal information in accordance with this Privacy Policy, the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and the Health Privacy Principles (HPPs) set out in the Health Records and Information Privacy Act 2002 (NSW).


This Privacy Policy provides information on how your personal information (e.g. contact details, health information, concession and other information) is collected and used within our practice, and the circumstances in which we may share it with third parties. This Privacy Policy applies to all personal information submitted to or collected by us through the use of our website ( or where you otherwise contact or interact with us through other forms of communication, including by phone or in person. 

Why do we collect your personal information? 

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as facilitating payments and financial claims, practice audits and accreditation and in the course of business processes (e.g. staff training). 
If you do not wish for us to collect, use or disclose certain information about you, you will need to tell us and we will discuss with you any consequences this may have for your health care. 


Providing your consent

When you register as a patient of our practice, you provide consent for our doctors and practice staff to access, use and disclose your personal information in accordance with this Privacy Policy so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this. 

On some occasions, we may seek your consent to use (and authorise other parties to use) your health information for medical research purpose, including for compilation or analysis of statistics in the interest of public health. If you provide your consent, your health information will be used and analysed in a de-identified manner.  

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing. 

What personal information do we collect? 

Examples of personal information we will collect from you includes your:


  • names, date of birth, addresses, contact details; 

  • medical information including medical history, medications, blood test results, pathology test results, allergies, adverse events, immunisations, social history, family medical history and lifestyle health risk factors; 

  • Medicare number (where available) for identification and claiming purposes; 

  • healthcare identifiers; 

  • health fund details;

  • concession details; and

  • debit or credit card details for payment purposes.


Dealing with us anonymously 

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. However, if you choose to withhold personal information, we may not be able to provide you with some or all medical services or resolve a particular matter raised by you.

How do we collect your personal information? 

Our practice may collect your personal information in several different ways, including:

  • when you make your appointment, our practice staff will collect your personal and demographic information

  • via our Patient Registration Form completed on first consultation; 

  • during the course of providing medical services; and 

  • when you visit our website, send us an email or SMS, telephone us, or communicate with us using any other online platform. 


We collect information directly from you wherever possible. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

  • your guardian, family member, carer or responsible person;

  • other involved healthcare providers, such as your GPs, specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services; 

  • through electronic transfer of prescriptions (eTP), My Health Record, e.g. via Shared Health Summary, Event Summary; and

  • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary). 


Use or disclosure of information

Your personal information may be used by us to enable appropriate health care and treatment to be provided to you. Only people who need to access your information for this purpose will be able to do so. Other than in the course of providing medical services or as otherwise described in this Privacy Policy, our practice will not share personal information with any third party without your consent.

Your personal information may be used or disclosed as follows:

  • to assess, diagnose and treat your medical conditions;

  • for purposes relating to the operation of this medical practice, e.g. billing and debt recovery (including compliance with Medicare requirements), to contact you for follow-up appointments and managing complaints;

  • disclosure to other healthcare providers and authorities, such as your GPs, medical specialists, allied health professionals, hospitals, community health services, pathology and diagnostic imaging services and Medicare (including via the My Health Record system and electronic transfer of prescriptions (eTP)) for referrals or further medical tests;

  • disclosure to third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs, the HPPs and our Privacy Policy; 

  • where you have provided your consent, for use (and authorise other parties to use) your health information (in de-identified form) in medical research, including compilation or analysis of statistics in the interest of public health; and

  • where you have provided your consent, to allow medical students and staff to participate in your consultation for the purpose of teaching and training.


The law also allows or requires for your personal information to be disclosed to other parties, for example:

  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent;

  • when it is required by the courts (e.g. court subpoenas); 

  • to assist in locating a missing person;

  • to establish, exercise or defend an equitable claim;

  • for the purpose of confidential dispute resolution process; or 

  • when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification).


We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.


Your personal information may be stored at our practice in various forms. Most commonly, your information may be held as a paper health record, and/or an electronic health record forming part of a secure computer database. Some information may also be held in the form of an image including x-ray or photograph, or as an audio or video recording. 

To minimize the risks of unauthorized access to, disclosure, misuse or loss of, or interference with your personal information, we follow strict rules and policies regarding the secure storage of personal information in all formats. For example:

  • entering into confidentiality obligations with all staff and contractor which may handler your personal information;

  • implementing procedures (e.g. password protection) to safeguard your information; and

  • continually reviewing privacy procedures and arrangements to ensure we are doing all that we can reasonable and technically feasible at the time.


Access to your information

You are entitled to request access to your personal information including your health information held by us. However, in order to protect your privacy and security, we will take reasonable steps to verify your identity before granting you access. You may be charged a fee if you request copies of your personal information or health record.

Access to your personal information may be declined in special circumstances, such as where giving access would put you or another person at risk of mental or physical harm. 

If you believe the information we hold about you is incorrect or an error has been made, please let us know and we will correct it or add a notation to your health record. 

Our objective is to respond to any request to access personal information within a reasonable timeframe, and no later than thirty (30) days. We will endeavor to inform you if this timeframe is not achievable.

Contact us

If you have any questions about our Privacy Policy, or have any concern or complaints, please let us know in writing. We will respond to a complaint as soon as possible, but within ten (10) working days, to let you know who is responsible for managing your complaint. We will also try to resolve the complaint within thirty (30) days after notification to you. When this is not possible, we will endeavor to contact you within that time to let you know how long it will take to resolve the complaint.

Our contact details are:

Address: Suite G04, Ground Floor, 3 Carlingford Road, Epping NSW 2121
Telephone: (02) 9188 1520


If you believe you have not adequately dealt with your complaint, you may also contact the Office of Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit or call the OAIC on 1300 363 992. 

This Privacy Policy is last updated on 15 March 2020.

bottom of page