Reviewed 01/10/2020
Reviewed Again 01/10/2021
Reviewed Again 01/10/2022

This practice is bound by the Federal Privacy Act (1988) and the Australian Privacy Principles (APPs). Drayton Medical Centre recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document outlines how we collect and manage your health information.

Table of Contents

What is your personal information?

Personal information is information that identifies you or could reasonably identify you. Personal health information a particular subset of personal information can include any information collected and held to provide a health service. Our privacy policy covers all people who use our services or otherwise provide their personal information to us.

What personal information do we collect and hold?

The information Drayton Medical Centre collects includes medical details, family information, name, address, employment or other demographic data, past medical and social history, current health issues and future medical care, Medicare number, account details and any health information such as medical or personal opinions about a person’s, disability or health status. We may also collect some information that is not considered personal information as it does not identify you or anyone else. For example, we may collect de-identified responses to patient feedback surveys.

A Health Record

A health record is a collection of clinical information pertaining to a patient’s physical and mental health, compiled from different sources. Health records contain demographic data, next of kin, GP details, and most of the following: medical history; examinations; diagnoses; treatment (including surgical procedures and drug therapy, results of investigations, labs (e.g. biochemistry, haematology, pathology), imaging (e.g., plain films, scans); alerts and warnings (e.g., allergies, blood group, obligatory drugs, etc.); record of preventative measures (immunisations, screening breast, cervical, faecal, occult blood); nursing records; clinical correspondence and referrals for treatment; consent forms for surgical procedures; theatre reports; discharge letters; post-mortem reports. Health records are maintained by, or on behalf of, the health professional concerned with the patient’s care and maintained as private documents under strict guidelines.

How do we collect your personal information?

  • Directly from you when you attend our clinics
  • As disclosed by you during your consultation at our clinic
  • From third parties such as a referring health professionals, employers, law enforcement agencies and other government entities.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, the following may happen:

  • The practice may not be able to provide the requested service to you
  • Your diagnosis or treatment may be inaccurate or incomplete

For what purpose do we collect, hold, use and disclose your personal information?

  • To provide medical services and treatment to you
  • For administrative and billing purposes
  • Update our records and keep your details up to date
  • To process and respond to any complaints made
  • To comply with any law, rule and regulations
  • For the purpose of data research and analysis
  • For inclusion in a recall register for the prevention of chronic disease
  • For the purpose of reporting back to your employer
  • To answer any queries about the services we provide to you
  • To provide information to third parties with your consent
  • To meet the obligations of notification to our medical defence organisations or insurers

Who do we disclose your information to?

  • Personal information will only be used for the purpose of providing medical services and for claims and payments unless consented otherwise
  • Disclosure may occur to third parties engaged by the practice or for business purposes e.g. accreditation
  • Drayton Medical Centre will inform the patient where there is a statutory requirement to disclose personal information (e.g. mandatory reporting of certain diseases)
  • The practice will not disclose personal information to any third party other than those related to providing our medical services unless consent is obtained
  • Drayton Medical Centre will not disclose personal information to anyone outside Australia without need and without patient consent.

Exceptions to disclose without patient consent are where the information is:

  • Required by law
  • Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • To assist in locating a missing person
  • To establish, exercise or defend an equitable claim
  • For the purpose of a confidential dispute resolution process.

Direct Marketing

Drayton Medical Centre does not use or disclose the information we collect about you for direct marketing unless an exception applies, including where the individual either consents to the disclosure or has a reasonable expectation that their personal information will be used for direct marketing and the organisation notifies the individual on how to ‘opt out’ of direct marketing communications. Direct marketing communications from Drayton Medical Centre may include information about our products and services and may be in the form of email, SMS, fax and mail.

How can you access and correct your personal information?

Drayton Medical Centre acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing, and Drayton Medical Centre will respond within a reasonable time. Drayton Medical Centre will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, Drayton Medical Centre will ask patients to verify their personal information to ensure it is accurate and up to date. Patients may also request for this information to be corrected/updated in writing.


Drayton Medical Centre takes all reasonable steps to ensure that your personal information is protected from loss and misuse. Drayton Medical Centre holds your information in both electronic and hard copy formats. When your personal information is no longer needed it is destroyed or de-identified.

Contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please contact Zoey Harper at 07 4630 1588. Your requests and complaints will be treated confidentially. Our practice representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and your options. If you wish to remain anonymous, you can post us an anonymous letter or leave an anonymous note in our complaint box in our waiting room. If you feel the clinic cannot resolve your complaint/concern, please contact the Office of the Health Ombudsman at 133646 or email

Please Note: We may change our privacy policy from time to time, and you will be advised accordingly.

*Based on RACGP APP Privacy Policy – Management of Patient Health Information