top of page

Privacy Policy

Last updated: 04 March 2026

Sunrise Endocrinology is committed to protecting the privacy of patient information and handling personal information responsibly. We manage personal and health information in accordance with:

  • The Privacy Act 1988 (Cth)

  • The Australian Privacy Principles (APPs)

  • The Privacy Amendment (Enhancing Privacy Protection) Act 2012

  • The Health Records and Information Privacy Act 2002 (NSW) and its Health Privacy Principles (HPPs)

 

Health information is classified as “sensitive information” under the Privacy Act and receives a higher level of protection.

 

This Privacy Policy explains how we collect, use and disclose personal information, how you may access or correct your information, and how to lodge a complaint if you believe your privacy has been breached.

1. Collection of Personal and Health Information

 

We collect information that is necessary to provide you with safe and effective healthcare and to manage our medical practice. This includes:

 

  • Your name, date of birth, address, contact details, Medicare number, and health fund information

  • Medical history, medications, allergies, family history, lifestyle factors, and any relevant test results

  • Information collected from other healthcare providers (e.g., specialists, radiologists, hospitals)

  • Payment details including credit card or direct debit information (if applicable)

 

Where practicable, we collect this information directly from you. We may also collect it:

 

  • From other health providers (with your consent or as permitted by law)

  • Through telehealth consultations, online forms, phone calls, or written correspondence

  • In emergency situations, from your relatives or carers

 

In accordance with legal requirements, we retain medical records for at least 7 years from the last date of service, or until a child turns 25, whichever is longer.

 

2. Purpose of Collecting Information

 

We collect and use personal information primarily to provide healthcare services and manage our practice.

 

Your information may be used for:

 

  • diagnosis and treatment of medical conditions

  • communicating with you and other healthcare providers involved in your care

  • referrals to other healthcare professionals or services

  • managing appointments and sending appointment reminders

  • billing, Medicare claims and health fund claims

  • maintaining accurate medical records

  • complying with legal and regulatory obligations

 

We may also collect and use information with your informed consent or where permitted by law to prevent serious threats to health or safety.

3. Use and Disclosure of Information

 

Your personal information is treated as strictly confidential.

 

We will only use or disclose your information for purposes directly related to your care, or for purposes you would reasonably expect.

 

Examples include:

 

  • sharing relevant information with your referring doctor or treating specialists

  • sending referrals to pathology, imaging providers or hospitals

  • uploading information to the My Health Record system where appropriate

  • appointment reminders via SMS, phone or email

  • administrative purposes including appointment reminders, billing and practice management systems used to coordinate patient care

 

Information may also be disclosed where required or permitted by law, including to:

 

  • Medicare, private health insurers or government agencies

  • courts, tribunals or law enforcement authorities

  • regulatory or accreditation bodies

  • IT service providers supporting our practice systems

  • auditors, legal or financial advisors

  • debt recovery agents where necessary

 

Where possible, we limit disclosures to the minimum information necessary.

 

De-identified information may be used for clinical audit, quality improvement, research or educational purposes.

Identifiable information will only be used for research with your explicit written consent.

 

4. My Health Record Participation

 

If you are registered for the My Health Record, we may upload relevant clinical information to your record in accordance with your preferences. You may manage access or opt out of the My Health Record at any time by visiting www.myhealthrecord.gov.au.

 

5. Telehealth Consultations

 

Our practice offers Telehealth consultations.

 

In some cases, and only with your explicit consent, consultations may be temporarily processed using AI-assisted documentation tools to assist in generating clinical notes.

 

You will always be informed in advance if this is being considered.

 

You may decline to participate without affecting your care.

6. Use of AI-Powered Clinical Note Generation Tools

 

Some of our practitioners use AI-assisted tools to help prepare clinical notes from consultations. These tools may involve secure third-party technology providers who assist with processing information. Such providers are required to comply with strict privacy and confidentiality obligations.

With your consent, a consultation may be temporarily processed to generate a draft clinical summary, which is then:

 

  • reviewed

  • edited

  • approved

 

by your treating doctor before becoming part of your medical record.

 

AI-assisted tools are used only to assist with documentation. All clinical decisions and final medical records remain the responsibility of your treating doctor.

Recordings or transcripts are not retained longer than necessary to generate clinical documentation, and access is restricted to authorised healthcare staff.

 

Participation in this process is voluntary, and you may withdraw your consent at any time.

7. Patient Portal

Our practice may provide access to a secure patient portal operated by our clinical software provider to assist with managing your care. The patient portal may allow you to complete forms, view documents, communicate with the practice, and update personal details.
 
Information submitted through the patient portal becomes part of your medical record and is handled in accordance with this Privacy Policy. The portal provider is required to comply with strict privacy and security obligations.

8. Website and Online Services

When you visit our website, limited information may be collected automatically, such as:

 

  • your IP address

  • browser type

  • pages visited

 

This information helps improve website performance and security and does not identify you personally unless you submit information through online forms.

9. Data Quality and Security

 

We take reasonable steps to ensure your information is accurate, complete, and up to date. This includes confirming your contact details at each visit. Please notify us of any changes to your information.

 

We protect patient information through measures including:

  • Secure premises with restricted access

  • Password-protected electronic systems with access controls

  • Access controls within clinical software

  • Secure storage of physical records

  • Confidentiality obligations for staff and contractors

 

10. Access to Medical Records

 

You are entitled to access the personal information we hold about you. Requests must be made in writing. We will respond within 30 days, as required by law. We may require proof of identity before releasing records.

 

An administrative fee may apply to cover the cost of copying or retrieving your records.

 

In limited circumstances, access may be denied (e.g., if it poses a serious threat to your health or safety). We will explain the reasons for any refusal and your options for further action.

 

11. Correction of Information

 

If you believe the information we hold about you is inaccurate, incomplete, or out of date, you may request a correction by contacting us in writing. We will take reasonable steps to update your record promptly.

 

12. Overseas Transfer of Information

 

In general, we do not transfer personal information outside Australia.

 

However, some technology providers used by our practice may store or process information on secure servers located overseas.

 

Where this occurs, we take reasonable steps to ensure those providers handle information in accordance with privacy standards substantially similar to Australian law.

 

13. Complaints

 

If you have a concern or complaint about how your personal information has been handled, please contact our Privacy Officer.

 

We will investigate the matter and respond as soon as possible.

 

If you are not satisfied with our response, you may contact:

 

Office of the Australian Information Commissioner (OAIC)

www.oaic.gov.au

1300 363 992

 

NSW Information and Privacy Commission (IPC)

www.ipc.nsw.gov.au

1800 472 679

 

14. Policy Updates

We may update this policy from time to time to reflect changes in laws or our practices. The latest version is available on our website or upon request.

15. Contact Information

 

Privacy Officer – Sunrise Endocrinology

📍 Suite 203, Level 2, South Tower, 1-5 Railway Street, Chatswood NSW 2067

📧 reception@sunriseendo.com.au

📞 +61 2 9159 9158

bottom of page