PainMed Privacy Policy

Last reviewed: 31 May 2026
Version: Website publication version

1. About this policy

PainMed is committed to protecting the privacy and confidentiality of patients, referrers, staff and other people who interact with our practice.

This Privacy Policy explains how PainMed collects, holds, uses and discloses personal information, including health information, in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and other applicable health privacy obligations.

This policy applies to information collected through our medical practice, our website, telephone and email communications, referral pathways, online forms, telehealth interactions and our administrative systems.

2. What information we collect

The information we collect depends on your relationship with PainMed and the services we provide. It may include:

• identity and contact details, such as your name, date of birth, address, telephone number and email address;
• Medicare, DVA, insurer, workers compensation, transport accident or other claim details where relevant;
• emergency contact and carer details;
• referral information and details of your treating practitioners;
• health information, including your medical history, symptoms, diagnoses, medications, allergies, treatment plans, procedure records, clinical notes, investigation results, imaging reports and specialist correspondence;
• billing, payment and appointment information;
• information needed to communicate with you, manage bookings and provide follow-up care;
• website and online interaction information, such as enquiry forms, IP address, device information, browser type, pages visited and cookie or analytics information; and
• any other information you choose to provide to us or that is reasonably necessary for us to provide healthcare and manage the practice.

3. How we collect information

We usually collect information directly from you when you contact us, complete forms, attend appointments, use our website, speak with our staff or communicate with us by telephone, email or other electronic methods.

We may also collect information from other sources where this is necessary for your care or permitted by law. These sources may include referring doctors, general practitioners, specialists, allied health practitioners, hospitals, diagnostic imaging providers, pathology providers, pharmacies, insurers, case managers, Medicare, DVA, workers compensation schemes, My Health Record, electronic prescribing services and a person responsible for you.

4. Why we collect, use and disclose information

We collect, use and disclose personal information for the purpose of providing healthcare and operating our specialist medical practice. This includes:

• assessing, diagnosing, treating and managing your health condition;
• communicating with you about appointments, referrals, results, treatment and follow-up care;
• communicating with your referring doctor, general practitioner and other members of your treating team;
• arranging investigations, procedures, prescriptions, hospital bookings and referrals where required;
• billing, claiming and account management, including Medicare, DVA, insurers, workers compensation and other funding bodies;
• quality improvement, audit, training, accreditation, risk management and practice administration;
• maintaining our clinical and administrative systems;
• responding to complaints, incidents, privacy enquiries and legal or regulatory requests; and
• complying with legal obligations, including public health, court, subpoena, mandatory reporting, professional indemnity and regulatory requirements.

5. Disclosure to third parties

We only disclose personal information where it is necessary for your care, reasonably expected, authorised by you, required or permitted by law, or necessary for the operation of our practice.

Depending on the circumstances, we may disclose information to general practitioners, specialists, allied health practitioners, hospitals, diagnostic providers, pharmacies, medical defence organisations, insurers, case managers, Medicare, DVA, workers compensation bodies, government agencies, regulators, IT providers, secure messaging providers, transcription providers, debt recovery providers and other service providers who assist us to operate the practice.

We do not sell patient information.

6. Website, online forms, cookies and analytics

When you use our website, we may collect information that you submit through online forms, email links or enquiry functions. Please do not use website forms for emergencies or urgent medical issues. In an emergency, call 000 or attend the nearest emergency department.

Our website may use cookies, analytics tools and similar technologies to understand website traffic, improve functionality and monitor website performance. Analytics information is generally aggregated and does not directly identify you. You can usually disable cookies through your browser settings, although some website functions may not work properly.

7. My Health Record, electronic prescriptions and secure messaging

Where relevant to your care and permitted by law, we may use secure electronic systems such as My Health Record, electronic prescribing services and secure messaging platforms to upload, download, send or receive health information. You may speak with us if you have questions about how these systems apply to your care.

8. Overseas disclosure and service providers

Some of our service providers may store or process information outside Australia, or staff or contractors located overseas may assist with administrative or transcription functions. Where we use such services, we take reasonable steps to ensure that personal information is handled securely and in accordance with applicable privacy obligations.

Examples may include secure cloud hosting, information technology support, transcription, virtual administration, communication platforms or other practice support services.

9. How we protect your information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. Measures may include secure clinical software, password controls, access permissions, encryption where available, secure cloud storage, staff training, confidentiality obligations, physical security, audit processes, document retention procedures and secure destruction or de-identification when information is no longer required.

10. Accessing and correcting your information

You may request access to personal information that we hold about you, including your health information. You may also ask us to correct information if you believe it is inaccurate, incomplete, out of date or misleading.

Please contact us in writing using the details below. We will usually respond within 30 days. We may need to verify your identity before providing access or making corrections. A reasonable fee may apply for administrative costs such as photocopying, printing or retrieval, but we will tell you before any fee is charged.

11. Retention of records

We retain medical records and other personal information for as long as required for clinical, legal, insurance, regulatory and business purposes. When information is no longer required, we take reasonable steps to securely destroy or de-identify it, unless we are required or permitted to retain it.

12. Data breaches

If a data breach occurs, we will take steps to contain the incident, assess the potential impact and reduce the risk of harm. Where a breach is likely to result in serious harm, and we are required to do so under the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner.

13. Privacy questions and complaints

If you have a question, concern or complaint about how PainMed handles your personal information, please contact us first so we can review and respond to your concerns.

Please send privacy enquiries or complaints to:

Practice Manager
PainMed
Email: contact@painmed.com.au
Phone: (02) 8999 1054

We will usually acknowledge and respond to privacy complaints within a reasonable time and generally within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

Phone: 1300 363 992
Website: www.oaic.gov.au

14. Updates to this policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, our systems or the way we operate. The current version will be published on our website.

PainMed Privacy Policy | Last reviewed 31 May 2026