Privacy Policy

1. Purpose

My Physio Approach is committed to protecting the privacy, dignity and confidentiality of personal and health information.

This Privacy Policy explains how personal information is collected, used, stored and disclosed in connection with the services we provide.

This Policy is intended to align with:

• the Privacy Act 1988 (Cth)
• the Australian Privacy Principles (APPs)
• relevant obligations relating to privacy, dignity and confidentiality in the NDIS environment

2. What Information We May Collect

We may collect personal information and sensitive information, including health information, such as:

• name, date of birth and contact details
• emergency contact details
• NDIS number and funding information
• medical history and relevant health information
• clinical notes, assessments, reports and treatment plans
• information about functional capacity, mobility and therapy goals
• GP, specialist and other healthcare provider details
• billing, payment and service agreement information
• incident, feedback or complaint information
• behaviour support information where relevant to service delivery
• photographs or videos used for clinical purposes where consent is provided

3. How Information Is Collected

Information may be collected:

• directly from Participants, clients, parents, guardians, nominees or authorised representatives
• through intake forms, service agreements and other documents you provide
• during assessments, therapy sessions and other service delivery
• through phone calls, email, website contact forms and other electronic communication
• from referrers, healthcare providers, support coordinators, plan managers or other parties, where consent is provided or where otherwise permitted by law

4. Why Information Is Collected

Personal information is collected so that My Physio Approach can:

• provide safe and effective physiotherapy services
• assess needs and plan appropriate supports
• develop, deliver and review therapy interventions
• communicate with participants, families, carers and relevant providers
• prepare reports or clinical documents requested as part of service delivery
• process invoices, payments and NDIS-related claims
• manage risks, complaints, incidents and quality improvement activities
• comply with legal, professional and regulatory obligations

If relevant information is not provided, we may not be able to deliver services safely or appropriately.

5. How Information May Be Used Or Disclosed

We may use or disclose personal information for the primary purpose for which it was collected, including the delivery and administration of physiotherapy services. Health information may generally be used or disclosed for the primary purpose of collection, and in some related circumstances permitted by law.

Information may be disclosed:

• with the Participant's or client's consent
• to relevant health professionals or service providers involved in care
• to plan managers, support coordinators, the NDIA or other funding bodies where relevant to service delivery or billing
• where required or authorised by law
• where necessary to lessen or prevent a serious threat to life, health or safety
• where required for regulatory, insurance, legal or complaint-handling processes

We do not sell personal information or disclose it for direct marketing purposes.

6. Storage And Security

My Physio Approach takes reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. The OAIC expects organisations to take reasonable security steps and to destroy or de-identify information when it is no longer needed, unless an exception applies.

Information may be stored:

• in secure electronic practice management systems
• on password-protected devices
• in secure cloud-based systems or software platforms used for practice operations
• in hard copy records stored securely where applicable

Access to personal information is limited to authorised persons who require it for service delivery, administration or compliance purposes.

7. Data Retention

My Physio Approach retains records in accordance with applicable legal, regulatory and professional obligations.

As a general guide:

• adult health records are usually retained for at least 7 years from the last date of service
• records relating to children are generally retained until the person turns 25

Retention periods may vary depending on the type of record, legal requirements and professional obligations, so records may be kept longer where required or appropriate. Ahpra guidance on managing health records points practitioners to relevant record management standards, and consultation materials published by Ahpra refer to retaining children's records until age 25.

When records are no longer required to be kept, they will be securely destroyed or de-identified where appropriate.

8. Access And Correction

You may request access to personal information we hold about you, or request correction of information that is inaccurate, incomplete or out of date.

Requests should be made in writing using the contact details below.

We will respond within a reasonable timeframe. In some circumstances, access may be declined or limited where permitted by law.

Reasonable administrative fees may apply for extensive file retrieval, copying or preparation.

9. Digital Media

With appropriate consent, clinical photographs or videos may be collected for purposes such as:

• documentation
• progress monitoring
• clinical review
• reporting related to service delivery

Such material will be stored securely and will not be used for advertising, promotional or public purposes without separate and specific consent.

10. Website, Cookies And Electronic Communication

Our website may use cookies or similar technologies to support website functionality, improve user experience, understand website traffic and maintain security.

This may involve the use of third-party tools such as website analytics services. These tools may collect technical information such as:

• IP address
• browser type
• device type
• pages visited
• time spent on pages

You can usually adjust your browser settings to refuse cookies, although some website features may not function properly as a result.

If you submit information through a website contact form, that information is used for the purpose of responding to your enquiry and managing follow-up communication.

Electronic communication, including email and online forms, carries inherent privacy and security risks. While My Physio Approach takes reasonable steps to protect information, complete security cannot be guaranteed.

Our website may also contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties, and you should review their privacy policies separately.

This site may use third-party security services such as reCAPTCHA where applicable.

11. Privacy Complaints

If you have a concern or complaint about how your personal information has been handled, please contact:

We will aim to consider and respond to privacy concerns within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner or, where relevant, the NDIS Quality and Safeguards Commission.

12. Policy Updates

This Privacy Policy may be updated from time to time to reflect changes in legislation, regulatory requirements, technology or practice operations.

The most current version will be made available on the website.