At My Body Medical, we are committed to ensuring that patients feel confident in entrusting their personal and health information to us. This policy explains how we collect, use, store, and disclose your information, and the circumstances under which it may be shared with third parties. We handle personal information responsibly and in accordance with the Australian Privacy Principles (APPs), which form part of the Privacy Act 1988, as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012. These principles govern how we collect, hold, use, access, and correct your personal information, whether in paper or digital form. To maintain patient privacy, we continually train our staff and regularly review our policies, processes, and systems. This policy will be updated as required to reflect any changes.
The APPs provide a framework to protect personal information and ensure transparency and accountability in its handling. They apply to both paper-based and electronic records and complement the obligations of general practices to manage patient information in an open, secure, and regulated manner.
My Body Medical will:
Our staff take reasonable steps to ensure patients understand:
We will only use personal information for the primary purpose for which consent was given. If additional use is required, staff will seek further consent from the patient.
Collection, Storage, and Security of Information
We collect personal information as part of providing healthcare services, which may include:
Personal information may be stored in:
Information is collected via:
All personal information is stored securely in compliance with data protection standards.
Personal information is primarily used for providing medical care and managing claims/payments. We may also share information with third parties for legitimate business purposes (e.g., accreditation, IT services, research), and all third parties must comply with this policy.
We may be required to disclose information without consent in certain circumstances, including:
Patients wishing to authorise a relative or other person to access their information must complete a “3rd Party” authorisation form. We will not use personal information for direct marketing without patient consent, and patients may opt out at any time.
Patients may request access to their personal information, subject to certain exceptions (e.g., where access may compromise another’s privacy or safety).
Requests for medical records should be made via an appointment with the patient’s usual GP.
Records will be provided within a reasonable timeframe (typically 30 days).
Administrative fees may apply for retrieval and copying.
In cases involving court orders, relevant documentation must be provided.
Patients may request corrections to their information at any time, and will be asked periodically to verify their details are accurate and up to date.
We take privacy concerns seriously. Complaints should be submitted in writing to the Practice Manager via mail or email. Complaints will be investigated and addressed promptly in accordance with our procedures.
If you are unsatisfied with the outcome, you may lodge a complaint with the Health Complaints Commissioner:
Phone: 1300 582 113
Website: hcc.vic.gov.au
This policy will be reviewed regularly to ensure it remains up to date with changes in technology, social media, or relevant legislation.
(Last Updated: April 2026)
