Privacy policy.

The Barossa Osteo is committed to safeguarding the privacy, confidentiality, and security of all personal and health information entrusted to us. We handle your information responsibly and in accordance with:

  • Privacy Act 1988 (Cth)

  • Australian Privacy Principles (APPs)

  • Privacy Amendment (Enhancing Privacy Protection) Act 2012

  • South Australian health record and information management obligations

  • AHPRA and National Law requirements for record-keeping and privacy in allied healthcare

This Privacy Policy outlines how we collect, use, store, disclose and protect your personal information, how you may access or correct that information, and how you can raise a privacy concern.

From time to time, this policy may be updated. Any changes will be published on our website and made available in our clinic.

1. Collection of Personal Information

We collect information that is necessary to provide high-quality osteopathic care and to operate our practice safely, ethically, and in compliance with legislation. This information may include:

  • Your name, address, date of birth and contact details

  • Emergency contact information

  • Health information, medical history, family history and lifestyle details

  • Referrals, imaging reports, test results and clinical correspondence

  • Medicare, DVA or private health insurance details (for claiming purposes)

  • Payment information

  • Appointment and communication history

Where practicable, we will collect this information directly from you. However, when relevant to your care, we may also collect information from:

  • Your GP, other health practitioners, specialists or allied health providers

  • Hospitals, radiologists, pathologists or other clinical services

  • Your carers, guardian, or family members (with your consent)

  • Your legal representative

  • Emergency contacts when required

  • Other authorised third parties, where permitted by law

Information may be collected in person, by phone, by email, in writing, through online forms, or through digital platforms used by the clinic.

In emergencies, we may need to collect information from relatives, friends, carers or other healthcare providers if necessary to ensure safe, timely care.

Retention of Records

As required by law and AHPRA guidelines:

  • Adult patient records must be retained for at least seven (7) years from the last date of service.

  • Records relating to patients under 18 must be kept until they turn 25.

When collecting personal information, we will explain—where appropriate and possible—why the information is being collected and how it will be used.

2. Use of Digital Services and Cookies

The Barossa Osteo uses social networking, communication and analytics services, including Facebook, Instagram, Mailchimp, Google Analytics and Facebook Pixel. We may collect information when you engage with us through these platforms.

These third-party services have their own privacy policies and may store data outside Australia. You may unsubscribe from marketing communications at any time by opting out or contacting us in writing.

We use cookies on our website to assist performance and functionality. You may disable cookies on your device if you prefer.

3. Use and Disclosure of Personal Information

Your personal information is treated as strictly confidential. We will only use or disclose it for:

  • Providing osteopathic treatment and managing your ongoing healthcare

  • Communicating with other health practitioners involved in your care (with your consent)

  • Obtaining results such as imaging or pathology

  • Medical, clinical or administrative purposes directly related to your care

  • Practice management, billing, and administrative tasks

  • Compliance with AHPRA, statutory, and legal obligations

Where disclosure is necessary for coordinated care, your consent will be obtained unless an exception under law applies.

Personal information may be stored in secure electronic practice management systems, encrypted cloud-based storage platforms, secure email systems, and physical records maintained by The Barossa Osteo. Information is stored only for as long as required by law and for the purposes outlined in this policy.

Disclosure without consent may occur when:

  • Required or authorised by law

  • There is a serious threat to your life, health or safety

  • Mandatory reporting obligations apply

  • It is necessary for Medicare, health insurer or audit purposes

  • A court order or legal directive requires it

De-identified data

We may provide de-identified information to third parties for research, quality improvement or analytics. No individual patient can be identified.

Overseas Disclosure

Some third-party service providers used by The Barossa Osteo, including website hosting (Google Workspace), email marketing (MailChimp), analytics, practice management software (Cliniko, Physitrak), cloud storage, and social media platforms, may store or process information outside Australia. Depending on the provider used, information may be stored in countries including the United States, Canada, New Zealand, Singapore, the United Kingdom, or other jurisdictions where the provider operates data centres. These providers must comply with strict privacy and data security requirements consistent with Australian standards.

4. Security of Personal Information

We take reasonable steps to protect all personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. This includes:

  • Secure physical premises

  • Password-protected computer systems

  • Encrypted data storage, where applicable

  • Secure intrusion detection and IT monitoring

  • Role-based access controls for staff

  • Confidentiality agreements for all staff

  • Secure disposal or deletion of information when legally permitted

Once personal information is no longer required for the purpose for which it was collected and any legal retention requirements have expired, The Barossa Osteo will take reasonable steps to securely destroy, permanently delete, or de-identify the information in accordance with applicable laws and professional record-keeping obligations.

We ask that you inform us promptly if your personal details change so we can keep your records accurate, complete and up to date.

5. Access to and Correction of Your Personal Information

You may request access to the personal information we hold about you or request corrections if the information is inaccurate or incomplete.

Requests must be made in writing.

We do not charge a fee for access requests, but administrative or copying fees may apply for providing physical or electronic copies.

To protect your privacy, we may require proof of identity before releasing information.

In certain circumstances, we may be legally required to decline access. In such cases, we will explain the reason in writing.

6. Complaints and Enquiries

If you have any questions, concerns or complaints about this Privacy Policy or the way your personal information is handled, please contact us:

The Barossa Osteo
49b Murray St, Angaston SA 5353
www.thebarossaosteo.com
0419 154 984 | hello@thebarossaosteo.com

We take privacy concerns seriously and will respond promptly. We aim to acknowledge privacy complaints within 7 business days and investigate and respond within 30 days where reasonably practicable. We will work with you to resolve any concerns fairly and promptly.

If you are not satisfied with our response, you may contact:

  • Office of the Australian Information Commissioner (OAIC)

  • AHPRA (if the issue relates to professional conduct or National Law obligations)