The Eye Clinic Privacy Policy


1.   Introduction

The Eye Clinic is committed to providing quality healthcare for its patients.  As a fundamental part of this commitment, doctors and staff of the practice recognize the importance of ensuring that our patients are fully informed and involved in their healthcare.

The Eye Clinic is a NSW healthcare provider and we are required, by law to comply with the Health Records and Information Privacy Act 2002 (NSW) and the Federal Privacy Act 1988. This includes both the Australian Privacy Principles – Commonwealth Privacy Amendment (Enhancing Privacy protection Act 2012) and the NSW Health Privacy Principles.



  • Personal Information: is any information or an opinion about you where your identity is apparent or can be reasonably ascertained.
  • Health Information: is all identifying “personal information” collected to provide a health service.
  • Consent: means ‘expressed consent or implied consent’. The four key elements of consent are:

    The individual is adequately informed before giving consent

    The individual gives consent voluntarily

    The consent is current and specific and

    The individual has the capacity to understand and communicate their consent.

    Note: Willingly provided information is usually sufficient to imply consent to collection of information.

  • Expressed consent: is given explicitly, either orally or in writing.
  • Implied consent: arises where consent may reasonably be inferred in the circumstances from the conduct of the individual and The Eye Clinic.


2.  Collection of personal information



As part of our commitment to providing quality healthcare it is necessary for us to maintain files pertaining to your health. We will only ask you for information where we believe it is necessary for us to know that information in the course of providing our services.  The type of information we may collect and hold includes:

  • Our name, date of birth, address, email address, telephone number
  • Medicare, DVA and/or Health Fund details
  • Reason for attendance/symptoms
  • Medical history and prescriptions
  • Examination and test results, treatment, and care information from other healthcare service providers




  • We collect information which is
  • Provided directly by you
  • Provided on your behalf with your consent
  • Received from other third parties where the Privacy Act allows – this may include, but not limited to: other members of your treating team such as the health service provider who refers you to The Eye Clinic, Medicare, your health insurer and the Pharmaceutical Benefits Scheme.


Your medical file is handled with the utmost respect for your privacy. This file will be accessed by your doctor and when necessary, for example in the absence of your usual doctor by another doctor in the practice. While every effort will be made to ensure the security of data transfer you should know that sometimes this information may be sent unencrypted such as by post.  In general, we collect, hold, use and disclose your information for the following purposes.

  • To provide health services to you
  • The Eye Clinic will usually send correspondence to your referring practitioner and/or nominated practitioner following any care or treatment received. This is in accordance with the generally accepted health industry practice and intended to inform your referrer of information that may be relevant to any ongoing care or treatment provided by them. If at any time your nominated or referring practitioners’ details have changed, please notify our staff so that your records can be updated.
  • Information can also be disclosed through an electronic transfer of prescription service.
  • To liaise with your health fund, government and regulatory bodies such as Medicare and DVA.
  • To provide you with reminders, for example appointments and follow-up care. These may be made by text message, email, letter or phone.
  • Accreditation activities



If you do not provide us with accurate or complete information when we request it, we may not be able to provide you with a proper level of service. You have the right to be dealt with anonymously or through the use of a pseudonym, provided this is lawful and practicable. However, in a medical context this is not likely to be practical or possible for Medicare and insurance rebate purposes.



The Eye Clinic does not intend to disclose your personal information outside of Australia unless it is to your healthcare provider and with your consent.



  • The Eye Clinic will not release the contents of your medical file without consent. However, we advise that there may be occasions when we might be required by law to disclose the details of your file irrespective of whether your consent to the disclosure of information has been given. For example: Information may be used to comply with all applicable laws such as responding to a subpoena or compulsory reporting to State and Federal authorities such as the reporting of communicable diseases.
  • Information may be provided to prevent or lessen a serious or imminent threat to somebody’s life or health.


3. How the eye clinic holds your personal information 

The Eye Clinic takes all necessary and reasonable steps to ensure that your personal information is accurate, complete, up to date and secure. We may store your health information in both hard copy and on computer. The hard copy information is kept under lock and key. Information stored on computer is password protected. We will keep your health record for a minimum of 7 years after your visit and minors till they reach the age of 25. After that time, if the record is no longer necessary, it will be disposed of securely. All health information and patient data are stored on servers hosted with Australia.



If at anytime you believe that any of your personal information that we store is not accurate or is out of date, please let us know by contacting The Eye Clinic.

You may request access to your personal information held by The Eye Clinic. Requests need to be made in writing. The Eye Clinic needs to be satisfied that ta request for personal information is made by you or by someone who is authorized to make a request on your behalf. An identity document will need to be sighted to verify your identity or, if you are authorizing another to access on your behalf, then a letter of authority and confirmation of your identity will be required prior to release of your personal information.

A fee maybe payable where the clinic incurs costs in providing access. If applicable, you will be advised of the fee upon receipt of your request.

Access will be granted within 30 days. Access to patient records in the presence of your doctor will be charged a consultation fee.


4.  Updates To This Policy

This policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be displayed at our reception desk.


5.   Contact Details

Should you at any time have a query or complaint in relation to the privacy policies please contact the practice manager who would be happy to address any concerns you may have.