Sydney Paediatric Neurosurgery Privacy Policy


We are committed to protecting the privacy of patient information. We handle your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and the Health Records and Information Privacy Act 2002 (NSW) (referred to as the Privacy Laws).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access your information and seek the correction of information.

From time to time we may make changes to our policy, processes and systems for the handling of your personal information. We will update this Privacy Policy to reflect any changes. A copy of the Privacy Policy is accessible on the Practice website, or in hard copy from reception staff.


We collect personal and health information that is necessary and relevant to provide you with medical care and treatment and to manage our medical practice. Information may be collected by medical and non-medical staff.

Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as your general practitioner, treating specialists, radiologists, pathologists, hospitals, and other health care providers. In emergency situations we may need to collect information from your relatives or friends.

The information collected may include your name, address, date of birth, gender, health
information, family medical history, billing information including Medicare and private health insurance particulars and direct debit details.

Personal and health information may be stored in our electronic medical records system and /or in handwritten medical records.

We are required by law to retain medical records for at least seven years, and in some cases for a longer period of time.

Use and Disclosure

We will use or disclose your information for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to other medical practitioners in your treating team or requests for admission with a hospital.

Information may be shared with our service providers including IT and finance/accounting. Such disclosures are limited to the information strictly necessary for them to discharge their responsibilities. All of our service providers are required to comply with the Privacy Laws.

If third parties such as insurers request your information, we will never provide your information without a current signed release from you permitting us to do so unless we are permitted or required to do so by law, for example, in answer to a notice from Medicare, a summons from the Police, subpoenas and notices to produce from courts and tribunals.

Data Quality and Security

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct when you attend a consultation.

Please let us know if any of the information we hold about you is incorrect or out of date.

Personal information that we hold is protected by:

  • Securing our premises;
  • The implementation of IT systems and processes that are maintained by specialist IT providers;
  • The provision of regular training for all staff regarding the Privacy Laws and our systems and processes.

Should your information be no longer required for your care and treatment, and we are no longer legally required to keep your records, the information will be destroyed in a manner that preserves the confidentiality of the information.

Access and Correction

You are entitled to request access to your medical records. We request that you put
your request in writing and we will respond within a reasonable time.

There may be a fee for the administrative costs of retrieving and providing you with access to your medical records.

We may decline access to your medical records in certain circumstances. Should we do so, we will always tell you why access has been declined and the options available to you.

If you believe that the information we have about you is not accurate, complete or up-to-date, we ask that you discuss this with us or alternatively contact us in writing (see details below).


If you have a concern or a complaint about how we handle your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

If you are dissatisfied with our handling of your concern or complaint you may make contact the Office of the Australian Information Commissioner.
*This Privacy Policy was last reviewed and updated in September 2021.