02 9699 8111
REPEAT REFERRALS REPEAT PRESCRIPTIONS

Green Square Health Privacy Policy

Current as of: September 2025

Purpose of this policy

This policy explains how we collect, use, store, disclose and protect your personal information (including health information). It also sets out how you may access or correct your information, and how to lodge a privacy-related complaint.

Who can I contact about this policy?

For enquiries about this policy, please contact: Practice Manager — [email protected] | 02 9699 8111.

When and why is your consent necessary?

When you register as a patient, you provide consent for our GPs and practice team to access and use your personal information to deliver healthcare. Access is limited to those who need it for your care. If we wish to use your information for any other purpose, we will obtain additional consent.

Why do we collect, use, store and share your personal information?

We collect, use, store and share your personal information primarily to manage your health safely and effectively. This includes:

  • providing healthcare services and managing your medical record;
  • billing, financial claims and payments;
  • directly related business activities such as practice audits, accreditation and internal staff training; and
  • quality and safety improvement initiatives within the practice.

What personal information do we collect?

The information we collect about you includes:

  • names, date of birth, addresses and contact details;
  • medical information including medical history, medicines, allergies and adverse reactions, immunisations, social history, family history and risk factors;
  • Medicare number (where available) for identification and claiming purposes;
  • healthcare identifiers; and
  • health fund details.

Can you deal with us anonymously?

Where lawful and practicable, you may deal with us anonymously or use a pseudonym. However, in many cases it may be impracticable to provide clinical services without identifying you.

How do we collect your personal information?

We may collect your personal information in several ways, including:

  • when you make your first appointment and complete our patient registration;
  • during the course of providing medical services, including electronic prescribing and via My Health Record;
  • when you visit our website, send us an email or SMS, telephone us, make an online appointment, or engage with us on social media; and
  • from other sources where it is not reasonable or practicable to collect it from you directly, such as your guardian or responsible person; other healthcare providers (specialists, allied health, hospitals, community health services, pathology and diagnostic imaging services); your health fund; Medicare; or the Department of Veterans’ Affairs (if relevant).

Images, photos and CCTV

We may collect clinical photos and medical images for your care, with your consent. CCTV is used in waiting rooms and hallways for safety and security. Signage is displayed in areas under video surveillance. CCTV is not used in consulting or treatment rooms.

When, why and with whom do we share your personal information?

We sometimes share your personal information:

  • with other healthcare providers when it relates to your care (e.g., in referral letters);
  • with third parties who support our practice (e.g., accreditation agencies or information technology providers). These parties are required to comply with the Australian Privacy Principles and this policy;
  • when required or authorised by law (e.g., court subpoenas, statutory reporting obligations such as notifiable diseases);
  • when necessary to lessen or prevent a serious threat to life, health or safety, or to public health or safety, where it is impracticable to obtain consent;
  • to assist in locating a missing person;
  • to establish, exercise or defend an equitable claim; and
  • for confidential dispute resolution processes.

During the provision of medical services we may also share information through secure digital health tools (e.g., electronic prescribing and My Health Record). Only people who need to access your personal information will be able to do so. Other than as described in this policy, we will not share your personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances permitted by law) without your consent.

Use of de-identified information and quality improvement

We may use your information to improve the quality of our services (e.g., practice audits, accreditation and training). We also provide de-identified health information to the Central and Eastern Sydney Primary Health Network (PHN) via the POLAR data extraction tool to help plan and fund services for our community. You can opt out of having your de-identified data included—please tell reception or the practice manager if you do not wish to participate.

Will your information be used for marketing?

We will not use your personal information for direct marketing of our goods or services without your express consent. If you consent, you may opt out at any time by notifying us in writing.

Technology we use

We use secure clinical software Best Practice to generate documents such as referrals that contain only relevant medical information. All users have unique credentials and access appropriate to their role.

Our doctors may use AI scribe services to assist with note taking during consultations. These services comply with the Australian Privacy Principles. Audio from your consultation may be processed to generate a clinical note for your record. You can opt out of AI scribe use at any time—please tell your clinician.

How do we store and protect your personal information?

Your personal information may be stored in various forms, primarily as electronic records (which may include visual records such as images, videos and scans). All personal information is stored securely in protected information systems within a secured environment. All practice computers are password protected and electronic information is backed up regularly.

Email, online bookings and SMS

Email is not a secure form of communication unless encrypted. We may use email to send documents or communicate important information to patients. However, email should not be used as the first line of communication for time-critical matters, such as appointment management or clinical concerns.

Patients who provide an email address may receive correspondence such as administrative forms, notifications, or practice updates. If you do not wish to receive emails, please advise our reception team so we can update your communication preferences.

Please ensure your email address is kept up to date with the practice at all times to allow accurate and secure correspondence.

Online bookings and SMS reminders are facilitated through Hotdoc. If you subscribe to this service, Hotdoc will access necessary personal details (e.g., name, contact details) to provide the service. See Hotdoc’s privacy policy: https://www.hotdoc.com.au/privacy-policy.

How can you access and correct your personal information?

You have the right to request access to, and correction of, your personal information. Please submit requests in writing by completing our request for personal information form and addressing it to the practice manager. We aim to respond within 30 days. An administration fee may apply to produce records, depending on the format requested. You will not be charged for making the request—only for the reasonable costs of complying with it.

We will take reasonable steps to correct your personal information if it is inaccurate or out of date. From time to time, we may ask you to verify that the information we hold is correct and current.

How can you lodge a privacy related complaint, and how will it be handled?

We take privacy concerns seriously. Please submit any privacy complaint in writing to:

The Practice Manager, 4/965 Bourke Street, Waterloo NSW 2017. We aim to respond within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC). For more information visit www.oaic.gov.au or call 1300 363 992.

Privacy on our website and social media

If you provide personal information through our website, email or social media, we handle it securely and confidentially. Our website uses analytics and cookies. You can adjust your browser settings to refuse cookies, but some features may not function properly.

Policy review statement

This privacy policy will be reviewed regularly (at least annually) and updated to reflect changes in our operations or legal obligations.

Last reviewed: September 2025 | Next review due: September 2026

var rocket_beacon_data = {"ajax_url":"https:\/\/gshealth.com.au\/wp-admin\/admin-ajax.php","nonce":"929872813a","url":"https:\/\/gshealth.com.au\/privacy-policy","is_mobile":false,"width_threshold":1600,"height_threshold":700,"delay":500,"debug":null,"status":{"atf":true,"lrc":true,"preconnect_external_domain":true},"elements":"img, video, picture, p, main, div, li, svg, section, header, span","lrc_threshold":1800,"preconnect_external_domain_elements":["link","script","iframe"],"preconnect_external_domain_exclusions":["static.cloudflareinsights.com","rel=\"profile\"","rel=\"preconnect\"","rel=\"dns-prefetch\"","rel=\"icon\""]}