Your Provider’s Privacy Policy

 

Your Provider’s Privacy Policy

This policy is being revised- please check back for any updates in the next few weeks.

This policy is about the Personal Health Information collected, used, and administered to provide paediatric healthcare, including developmental and behavioural care. The policy explains your provider’s policies to minimise the risks of

  • theft of, interference with and access to personal health information data held in the Prosper Paediatrics and Provider’s data storage and software systems;

  • breaches of privacy for a particular patient and

  • the responsibilities of parents, patients, associated providers and Prosper Paediatrics staff in regard to information covered by this Policy.

The manager of Prosper Paediatrics is the responsible officer for the administration and updating of this policy on behalf of your associated provider. From time to time, the manager may delegate their responsibilities to another staff member. The manager (or their delegate) can help with any questions or concerns about this policy and about your privacy.

The policy explains how you can request access to and check the information being held and used for the care of your child, how you can correct or change that information and how you may make a complaint about a breach of privacy.

Any privacy concerns should be notified to the manager without delay.

Your consent is necessary to commence or continue a healthcare relationship with a provider practising in association with Prosper Paediatrics

By requesting an appointment, establishing and continuing a health care relationship with a provider practising in association with Prosper Paediatrics, you will consent to the provider’s Privacy Policy set out here. This will include your consent to the creation of a file for the patient, and the collection, use, management and storage of the health and personal information required for the patient’s healthcare according to this Privacy Policy.

Your consent includes your agreement to review this Privacy Policy regularly, at least yearly or when advised to, and when you have any concerns or questions about your privacy and how personal information is collected, used, stored and protected. Your consent also includes your responsibility to advise the manager of any serious concerns about the privacy of your personal information without delay.

For patients aged less than 16 years, consent must be provided by their parent. Paediatric patients aged at least 16 years must provide their consent, and generally, a parent or guardian must also provide consent.

Relevant Information for this policy and its uses:

The collection, storage and use of this information allows your specialist to provide the best paediatric health care for your child, within the various regulatory, ethical requirements and financial constraints of healthcare and private practice.

Access to the files at Prosper Paediatrics containing your personal information is restricted

  • to your usual associated provider or providers;

  • to any associated locum providing care on your usual provider’s behalf;

  • and only when required for the patient’s care.

  • to your provider’s administrative team, the Prosper Paediatrics staff authorised to assist with bookings, billing and your requests, with access only permitted to the information needed at any time for these services;

Parent and patient access to the information

Most parents have joint parental responsibilities for their child. Unless court orders limit or restrict access, parents or guardians can access this information, both verbally and in writing, in appointments and by requesting access to or copies of documents on the file, until their child turns 16. Paediatric patients aged 16 or older will usually be required by their associated provider to consent to and permit their parents’ access and involvement in their care.

Serious concerns about disclosure of your address or specific other information to your child’s other parent or another person should be reported to the manager without delay.

Court Orders about parenting and contact should be provided to the manager without delay to allow them to consider any possible restrictions that may be required regarding access to your child’s health information. If separated or estranged, please review the Joint Parental Responsibilities Policy.

The information collected, used, and stored includes the following:

Information about your identity is needed for correct filing, communication, and rebate claiming.

Names, dates of birth, Medicare numbers of patients and their parents, the patients’ address, IHI (Individual Health Identifier number), and health fund membership details may be recorded and used. The uses of this information include the following.

  • Identifying the patient and their parents for contact, providing information, filing, clinical letters, and accounts.

  • for Medicare claiming and accounts.

  • Health fund membership numbers are used for billing neonatal admitted care or when Medicare does not rebate the service.

  • The Patient’s name and address, along with the parents’ names and contact phone number, are usually included in letters or request forms for most referrals, other correspondence to health providers, and various pathology and radiology requests. Public paediatric services usually require these for any referrals or requests.

  • Email addresses: The parents’ email addresses and phone numbers are used by the administrative staff and providers for contacting the patient or their parents. A personal email address and phone number is required for patients aged 16 or older.

  • This information is collected from forms submitted from our website, from medical referrals, from information you provide in emails to us.

  • This information may also be collected in conversation with you on the phone or at the reception desk.

  • Your provider may obtain some of this information when attending the patient.

Clinically relevant information:

Your paediatric specialist will also generally record, use and store clinically relevant information. Clinically relevant information includes parental medical and developmental history, family circumstances and relationships, parents’ concerns and perspectives regarding their child, reports and other correspondence from the patient’s other health and allied health providers, pathology and scan results, and reports from educators.

This information may be collected from information you provide in writing via email, in letters or reports from other providers or during consultations with your provider.

Digital photographs or videos of a patient provided, collected and stored for healthcare purposes are also health and personal information under this Privacy Policy. Under the Privacy Act, a photo of a patient is considered ‘personal information’ if an individual is reasonably identifiable in the image. A photo is considered ‘sensitive information’ if it contains health information about the individual or is collected for the purposes of providing a health service. Photos or videos may be sent by a parent or may be recorded by the provider and then transferred to the patient file.

Other uses

Additionally, we may utilise your information for internal quality and safety improvement processes such as practice audits, accreditation purposes, and staff training to maintain high-quality service standards.

If we ever propose to use your personal information for purposes other than outlined in this document, we will obtain additional consent from you.

Can you deal with us anonymously? 

You can deal with us anonymously or under a pseudonym unless it is impracticable for us to provide care, or we are required or authorised by law to only deal with identified individuals. Paediatric specialist providers will consider requests for anonymity or the use of a pseudonym in light of their ethical duty to prioritise the best interests of the patient. Anonymity or the use of a pseudonym will prevent us from claiming Medicare rebates or billing your health fund on your behalf.

Requests should be made to the manager and the associated provider when seeking to commence the healthcare relationship.



Our commitments and responsibilities in regard to this information

Paediatric healthcare patient records must be stored until a patient is 25 years of age.

We are committed to protecting the privacy of patient information and handling your personal information responsibly, in accordance with the Australian Privacy Legislation and Principles (privacy legislation).

This Privacy Policy is reviewed and updated regularly in accordance with changes to the Australian Privacy Principles, other regulatory changes, evolving cybersecurity threats, technical innovations, and our changing policies and strategies for protecting your privacy. As of 10/10/2025 the policy is being reviewed and amended. We may make changes to our policy, processes, and systems regarding how we handle your personal information or to improve the explanation of the policy. Our current privacy policy is published on our website.

Other policies with significant relevance to this Privacy Policy include Communication & Contact, Joint Parental Responsibilities, Patients aged 16 years or older, Transferring health records & consent, and Your provider’s fee payment policy.



How the information is collected

Both your health provider and the non-medical administrative staff of Prosper Paediatrics may collect, record and file this information. The administrative staff collect this information, on behalf of your provider, from forms submitted from the website by you, from information parents email to us, from referrals, letters or reports sent by your child’s other healthcare or other providers and information provided verbally. Your associated provider uses this information and also records information provided during consultations with you. They may also obtain information through liaising with your other providers, when you have provided your consent. Your provider may also obtain information necessary to their provision of care, from the My Health Record, Script Check, and radiology or pathology providers.

Parents, or patients aged 16 or older, can submit written requests to check, update or make corrections to the file at any time. Once a patient is aged 16 years or more, they may elect to provide or change personal and contact information and access to their records, subject to the agreement of their paediatric care provider.

Parents are asked to provide demographic information (names, dates of birth, Medicare, regular GP, contact details, etc) on our online Demographic Form, and the provided details are then saved in the patient file. Updates should be made by email or by re-completing this Demographic Form. Patients can request a PDF copy of their Demographic File to check it when attending the rooms, by email, or by phone.

We will take reasonable steps to ensure that personal information about you and your child is accurate, complete, up-to-date and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct when you attend a consultation.

Information is primarily collected by your provider’s administrative team, using our online forms (on this website), emails, SMS, over the phone and in conversations in the rooms. Your provider collects the information primarily from referral letters, the patient’s other health professionals’ or educators’ correspondence and reports, by email, using questionnaires and by consultation in appointments with the patient and their parents.

The patient's treating health providers may include medical specialists, radiologists, pathologists, hospitals, their GP or GPs, and allied health providers. Other information may be collected from Medicare, your health fund and the My Health record system. Your child’s teachers or carers may be asked for relevant information about the child if you consent to this.

When a patient or parent sends any document, digital photo or video as an attachment to an email to Prosper Paediatrics, they consent to the filing of that document or image in the patient’s file in the practice software and to the continued storage of the document or image as an attachment to the archived email stored in Prosper Paediatric’s email account.

The patient’s other healthcare providers or educators may also send documents or images to provide information relevant to the patient’s healthcare. We have carefully advised, facilitated and requested the use of Secure Messaging, such as Healthlink, for patient correspondence. Your consent to the Privacy Policy acknowledges this and includes your consent to our filing, using and storing these documents in the practice software patient file and also in our email account.

Where possible, parents should ensure that photos do not include any identifying or sensitive content and are only sent when necessary, given that email cannot be made fully secure against interception and associated theft or other misuse.

Digital photographs for clinical evaluation, assessment and records may also be collected by the provider using their personal mobile or camera device, where the patient or parent consents to this and to the use of the image for the care of that child. Associated providers will ensure that yhey promptly transfer a copy of that image to the practice software patient file. The provider should then ensure they delete from their device any photo that could provide information allowing the identification of the subject.

Digital photos will generally be attached to the patient file in pdf form.

Requesting changes to clinical information on file

Changes to the clinical information in the patient record, or to the associated provider’s correspondence about the patient should generally be requested and detailed in a booked appointment. If a change is considered urgent or minor, please submit your request by email to the administration team.



Storage and access

This information may be stored in our digital medical records system and software files, which are stored digitally on our off-site servers.   Information in emails and their attachments is also stored and archived in our Gmail account.

Handwritten medical records or hard copies of documents are scanned into the records system and then are shredded.

Credit card and direct debit details, if provided by you in writing, may be collected only in order to immediately process a payment of an invoice.


Our systems and software:

Our data storage systems are held on an Australian, Adelaide-based Server, accessed with passphrases and 2-factor authentication, patched, updated in line with industry best practice and backed up daily. Prosper Paediatrics and the associated providers use the practice software and patient filing systems of Genie. Patient information is stored in the Genie software and in our Gmail account with Google Workplace. We also use Microsoft Office systems for document storage and for the processing of faxes and scanned documents to link them to patient files.

The Associated providers may use Lyrebird AI transcription tools to record notes of and compile letters summarising consultations or for other purposes. The audio records are not saved but are used to transcribe notes and the drafting of letters with these notes and letters recorded and operated on within the patient file and Genie systems. The administrative staff may use Grammarly to help with composing emails, writing information handouts or website information.

Use and disclosure-further information

Information is collected and held for administration, communication, billing and healthcare purposes. We will treat you and your child’s personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your child’s healthcare, or in ways that you would reasonably expect that we may use it for ongoing care and treatment. For example, the disclosure of blood test results to your child’s specialist or requests for x-rays. Information will be communicated regularly to your child’s GP, concerning assessment and diagnostic findings and to assist them manage their care. Information will be provided to allied health or other medical providers that is judged to be relevant to and needed for their care of your child and pursuant to your child being referred to them.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, to your nominated pharmacist in the form of faxed, posted or electronically transferred prescriptions or to the My Health record system.

We may provide de-identified statistical data to third parties for research purposes, first seeking your informed consent if the research guidelines require it, but in either case, privacy and confidentiality will be protected. Practice audits and analysis may use patient information to improve the provision of health care to patients and their families. Privacy and confidentiality of records would be protected by de-identification but otherwise, your child’s information would not be provided or used without your/ your child’s Informed consent.

Data quality and security

Personal information that we hold is protected by:

  • securing our premises (with alarms, physical security and monitoring);

  • IT systems and software are secured with passphrases and 2-factor authentication.

  • storage of electronic data in Australian servers backed up frequently, to industry standards, and secured to industry standards.

  • except where an individual provider advises a variation to this policy to you,

    • we transfer, by scanning, all physical records or documents to our electronic database as soon as reasonably possible and then destroy the physical record unless you request we return the physical copy to you.

    • The patient’s personal and health information, including demographic and clinical details, is stored in the practice management software's patient files.

    • Any information provided by email, in the body or as an attachment, or by completed online forms is archived in Prosper Paediatrics’ email account.

Some physical records, such as CD records of EEG reports, or X-rays, may not be suited to scanning and transfer to the electronic database, but may be required for further review. Your Provider, or Prosper Paediatrics, on their behalf, will file any associated report and information about online links to the digital file and, if required by your provider, keep these records secured in dedicated storage containers in locked cabinets or store rooms within our secured premises for as long as clinically needed before offering to return these to the patient’s possession or destroying them if this offer is declined.

Other access

We may disclose information to outside entities but only to the extent necessary and subject to security and confidentiality requirements limiting their use of your personal information to what is strictly necessary for the purpose of the disclosure. We disclose information about you to Medicare to assist in the lawful claiming of Medicare rebates on your behalf. We may disclose information about you to outside entities such as contractors to perform activities on our behalf such as an IT service provider or a solicitor or debt collection agent.

We may disclose information necessary to advise a referring doctor or the private hospital where your baby was born of reasons that will preclude any acceptance of further neonate referrals.



My Health Record

Ordinarily, your child’s/ your health record may be uploaded to My Health Record unless you indicate that you do not want this. You can advise this at any time.

 Personal health information privacy in communications:

Prosper Paediatrics employs various measures to limit the risk of and mitigate against disclosure of personal information in communications. We request that parents’, guardians’ or the patient’s email and other addresses be provided in writing or by email reply to avoid transcription errors. Email is not recommended for parental communication of clinical or sensitive information, which should be conveyed and discussed in a booked consultation with your provider. Emails are sent with care, with various procedural measures, practice software and email and templates used, to avoid errors, unnecessary provision of personal information and with prominent warnings about privacy law and the responsibilities imposed when communications are sent in error to an unintended recipient.

Secure electronic messaging isused wherever possible for patient correspondence to other health providers. We advise other health providers that strongly prefer Secure Messaging, explain the reasons for this, facilitate it wherever possible. Faxing is discouraged, and we only fax when there is no email or Secure Messaging option.

Appointments with your provider are always recommended and provided for private consultation and health information recording.

Access

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records. Fees may be charged for any required redaction or we may recommend that you have your lawyer redact required records as they see fit.

Your provider may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to that decision.

Parents who are separated, especially if they are estranged or in conflict, are advised to ensure they have their own personal file and GP referral and to avoid having sensitive personal information recorded in their child’s file.

Complaints

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have. We will then attempt to resolve it in accordance with the resolution procedure. If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint, we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

If you do not feel we have resolved your issue, you may also contact the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner will require you to give them time to respond before they investigate.  For further information, visit www.oaic.gov.au or call the OAIC (Office of the Australian Information Commissioner) on 1300 363 992.  

Overseas transfer of data

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.

Any associated providers varying this Privacy Policy will provide written details to you of this variation.

A provider practising with the services of Prosper Paediatrics may vary this policy or adopt a different policy for their individual practice. In this case, they should provide details in writing of that variation or of their Privacy Policy.

Prosper Paediatrics, the associated providers and your child’s health records

Prosper Paediatrics provides a range of services to support our associated paediatricians and other paediatric specialist providers to conduct their individual practices. By providing administrative, reception, billing and other services and consulting space, we enable these providers to concentrate on their clinical work and their relationship with their patients and families in the conduct of their practices.  Prosper Paediatrics helps to compile, store and administer your provider’s records for their care of your child.  Prosper Paediatrics will continue to administer and store the record of your child’s healthcare of your provider unless your provider is able to do so. Prosper Paediatrics, your provider or its contractor or delegated entity, will retain and store paediatric medical records as required by law and currently, at least until a child’s 25th birthday. However, Prosper Paediatrics encourages and supports associated providers to routinely copy their clinical correspondence about their patients to the patient’s GP and family, and where parents have consented, to their child’s myHealth record. Hence, parents and older patients will be able to have a comprehensive and up-to-date health record of their/ their child’s health care with our associated specialists.

Your provider may request a digital copy of their records of their healthcare of their current or previous patients to hold for their personal professional use and access in a location separate from the storage and software systems of Prosper Paediatrics. If so they will ensure that the files are secured to the current healthcare industry standards for physical and digital security. They will only transfer or share a copy of a patient record to a third party, such as a new practice, new administrative system or service provider’s software and storage systems, with the current or previous patient’s consent.

Contact

Please direct any queries, complaints or requests for access to medical records to:

The Manager, Prosper Paediatrics

120 Kensington Road Toorak Gardens SA 5065

reception@pab.healthcare