Privacy Policy

The objective of this privacy notice is to provide you, our patient, with clear information on how your personal information is collected, used, stored and disclosed within the practice. Occasionally we may need to share your personal information to involve others in your healthcare. This policy outlines when, how and why we share your information.

This practice complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records (Privacy and Access) Act 1997 (ACT).

1. Who can I contact about this policy?

For enquiries concerning this policy, you can contact Her Matters Reception:

Call: 0466 004 570Email: hello@hermatters.com.au

2. When and why is your consent necessary?

When you register as a patient of this practice, you provide implied consent for our GPs, allied health practitioners and practice staff to access and use your personal information to facilitate the delivery of healthcare.

Access to your personal information is restricted to practice team members who require it for your care.

We may collect, use or disclose your information without consent where required or authorised by law, including under ACT health records legislation.

3. Why do we collect, use, store and share your personal information?

The type of information we may collect and hold includes information necessary to look after you as a patient of this practice. We collect, use, store and share your personal information to:

  • Provide healthcare services

  • Maintain accurate medical records

  • Communicate with you and other healthcare providers

  • Process billing and payments

  • Comply with legal and regulatory obligations

  • Support accreditation, quality improvement and staff training

  • To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary

Health information is classified as sensitive information under law and is afforded a higher level of protection.

4. What personal information is collected?

We may collect:

  • Name, date of birth, address and contact details

  • Medical history, medications, allergies, immunisations, family and social history, including:

    • Notes of your symptoms or diagnosis and treatment provided

    • Specialist reports and test results

    • Appointment and billing details

    • Prescriptions and other pharmaceutical purchases

    • Dental records

    • Genetic information

    • Information about your race, sexuality or religion, where collected by a health service provider

  • Medicare number and healthcare identifiers

  • Health fund details

5. Can you deal with us anonymously?

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.

We will assess whether our practice is able to provide health services to individuals who wish to remain anonymous on a case-by-case basis. It is vital that we are able to provide an accurate and comprehensive health service to our patients and this may not be possible in the event you are unwilling to identify yourself.

6. How is personal information collected?

We collect your personal information:

  • During registration and consultations

  • Via phone, email, SMS, website and online bookings

  • Through social media, where relevant

We may also collect information from:

  • Parents, guardians or responsible persons

  • Other healthcare providers (specialists, hospitals, allied health)

  • Medicare, health funds and government agencies

We may also collect information through:

  • Electronic prescribing

  • My Health Record

  • Clinical images and medical photography (with consent)

7. When, why and with whom do we share your personal information?

We may share your personal information:

  • With healthcare providers involved in your care

  • With service providers (e.g. IT systems, accreditation bodies)

  • Where required or authorised by law

This includes mandatory reporting requirements under ACT public health legislation, such as notification of certain communicable diseases to ACT Health.

We use secure cloud-based systems, including Halaxy, and third-party providers who assist in delivering our services. These providers are required to comply with Australian privacy laws.

We do not disclose your personal information overseas without your consent unless permitted by law.

8. Will your information be used for marketing purposes?

We will not use your personal information for direct marketing without your consent. You may opt out at any time.

9. How is your information used to improve services?

We may use your information for quality improvement, accreditation, research and staff training.

We may provide de-identified data to organisations to improve public health outcomes. You may opt out by notifying reception.

10. How is your personal information stored and protected?

Your information may be stored in:

  • Electronic medical records

  • Paper records

  • Clinical images and recordings

We take reasonable steps to protect your information, including:

  • Secure, password-protected systems

  • Role-based access controls

  • Data encryption where applicable

  • Secure backups and monitoring

  • Staff confidentiality agreements

  • Secure destruction of records

11. Data retention

We retain medical records in accordance with ACT and Commonwealth legal requirements. Generally:

  • Records are retained for at least 7 years from the last patient contact

  • Records for patients under 18 are retained until at least the age of 25

Records are securely destroyed or de-identified when no longer required.

12. Data breaches

In the event of a data breach likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme and notify affected individuals and the Office of the Australian Information Commissioner as required.

13. Access and correction of your information

You have the right to request access to, and correction of, your personal information under both Commonwealth and ACT legislation.

Requests can be made through reception. We will respond within a reasonable timeframe (generally within 30 days).

A fee may apply.

Access may be refused in limited circumstances permitted by law, including where access may pose a serious threat to health or safety.

14. Children and young people

For patients under 18, parents or guardians may access health information unless the patient is assessed as a mature minor and has requested confidentiality.

We handle such situations in accordance with applicable laws and professional standards.

15. Privacy related questions and complaints

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details):

We will respond within 30 days.

If you are dissatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner:

You may also have rights under ACT health records legislation.

16. Website privacy

Our website may use cookies and analytics tools to improve user experience. This may include IP address, device information, browser type, and pages visited. We use this information to operate, maintain, improve, and secure our website, and to analyse usage. We may disclose this information to service providers who assist us with website hosting, analytics, or technical services, some of whom may be located outside Australia. Any personal information collected through electronic tracking is handled in accordance with this Privacy Policy.

17. Policy review

This policy is reviewed regularly to ensure compliance with applicable laws.

Last updated: 3 April 2026

Changes will be published on our website and communicated where appropriate to patients.