Privacy Policy

Last updated: 30 October 2025

Lilyfield Physiotherapy (we, us, our) is committed to protecting the privacy and confidentiality of your personal information, including your health information. As a private sector health service provider, we are bound by the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and relevant state laws such as the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act). We also comply with the Physiotherapy Board of Australia Code of Conduct and Ahpra guidelines on managing health records.

This Privacy Policy explains how we collect, use, store, disclose and protect your information. It also outlines your rights and how to contact us.

1. What personal information do we collect?

We collect personal information necessary to provide high-quality physiotherapy services. This includes:

• Personal details: Name, address, date of birth, contact details (phone, email).
• Health information (sensitive information): Medical history, symptoms, diagnoses, treatment plans, progress notes, imaging/test results, Medicare/private health fund details.
• Other information: Appointment details, payment/billing information, referral letters, consent forms.

We collect this when you:

• Book or attend appointments.
• Contact us by phone, email, website, or telehealth.
• Complete forms or provide feedback.

We only collect information you provide directly, or from third parties (e.g., your GP) with your consent.

2. How do we collect your information?

• Directly from you: During consultations, forms, or communications.
• From third parties: With consent, e.g., doctors, specialists, allied health providers.
• Automatically: Website usage data (e.g., IP address, cookies) for site functionality – see our Cookies Policy for details.

Collection is usually obvious, but where not, we provide a privacy collection notice (e.g., on forms).

3. Why do we collect, use and disclose your information? (Primary and secondary purposes)

Primary purposes (direct provision of services):

• Assessing and treating your condition.
• Managing appointments and follow-ups.
• Billing (Medicare, private health, workers' comp).
• Communicating care updates.

Secondary purposes (related to primary):

• Quality improvement, audits, accreditation.
• Referral to other providers.
• Research/statistics (de-identified).

We do not sell or rent your information.

4. When do we disclose your information?

We disclose only as necessary and with consent where required:

No consent needed for:

• Legal requirements (e.g., court orders, public health).
• Serious threats to health/safety.

Overseas disclosure: Rare (e.g., cloud backups in Australia only). We comply with APP 8.

5. How do we protect your information?

• Security: Encrypted electronic records, secure filing, access controls, firewalls.
• Staff training: Privacy obligations.
• Data breaches: We assess and notify affected individuals/OAIC if eligible (Notifiable Data Breaches scheme).
• Retention: 7 years post-last contact (adults); 7 years post-18 (minors), then securely destroy.

6. Your rights

• Access: Request your records (free/low cost, usually within 30 days).
• Correction: Update inaccurate info.
• Anonymity: Where practical (may limit services).
• Complaints: Contact us first; escalate to OAIC (1300 363 992) or NSW Information and Privacy Commission.

How to request: Email info@lilyfieldphysio.com.au or speak to reception.

7. Updates to this policy

We review annually or as laws change. Current version on our website.

Contact us

Lilyfield Physiotherapy
780 Darling Street, Rozelle NSW 2039
Ph: (02) 9810 2203
Email: info@lilyfieldphysio.com.au

Opening Hours:

• Mon–Tue: 7am–7pm
• Wed: 7am–7:30pm
• Thu: 7am–6pm
• Fri: 7am–4pm
• Sat: 8am–1pm
• Sun: Closed

For complaints: We aim to resolve in 30 days. Unresolved? OAIC at oaic.gov.au.

Your trust matters – we're here to help you move better!