Updated July 2024

At Empowered Minds Clinic we respect your privacy and take this very seriously; we are dedicated to protecting the privacy of all our customers and visitors to our website or service.

This Privacy Policy applies to all personal information collected by Empowered Minds Clinic (we, us or our) via the website located at www.empoweredmindsclinic.com (Website) or by accessing our services as a referrer, client (patient, consumer, you, yours), family member or guardian.

1. What information do we collect?

   The kind of Personal and Sensitive Information that we collect from you will depend on how you use the website or our services. The following information describes the steps we take to protect your personal information. Please inform us if you have any questions or concerns. The Personal and Sensitive Information which we collect and hold about you is defined below.




2. Types of information

   The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

   Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable. Examples of Personal Information which might be by us includes, but is not limited to, your name, date of birth, address, marital status, occupation, financial information log in credentials and IP address:

   1. whether the information or opinion is true or not; and
   2. whether the information or opinion is recorded in a material form or not.

   If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

   Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, sexual orientation, membership of a trade union or other professional body, criminal record or health information. Examples of Sensitive Information that might be recorded by us includes, but is not limited to, past and current diagnoses, treatments for health disorders, results from medical investigations and genetic testing.

   Sensitive Information will be used by us only:

   1. for the primary purpose for which it was obtained;
   2. for a secondary purpose that is directly related to the primary purpose;
   3. and with your consent where possible or appropriate, or where required or authorised by law.

   We will make every effort to provide you with the opportunity to provide your consent. However, there may be circumstances where we are unable to obtain your expressed consent. These circumstances may include, but are not limited to, situations where delaying the disclosure of relevant information may pose a risk to you or someone else, or where the disclosure is required or authorised by law.




3. How we collect your Personal Information

   1. We may collect Personal and/or Sensitive Information from you whenever you input such information into the Website, related Applications or provide it to Us or our partners in any other way.
   2. We may collect information included in any forms that you upload via our website.
   3. We may also collect cookies from your computer which enable us to tell when you use the Website and also to help customise your Website experience. Generally, however, it is not possible to identify you personally from our use of cookies. If you prefer for cookies to not be collected please adjust browser settings.
   4. We may collect Personal and/or Sensitive Information provided by you or your referring doctor to your clinician, our administrators or our partners at OfficeHQ
   5. When collecting Sensitive Information we will comply with the preceding paragraph.
   6. Where reasonable and practicable we collect your Personal and/or Sensitive Information from you only. However, sometimes we may be given information from a third party. In cases like this, we will take steps to make you aware of the information that was provided by a third party with the exception of instances where providing you with access to this information may endanger the life, health or safety of any individual or endanger public health or safety, in accordance to Australian Privacy Principals Guidelines with reference to the Privacy Act.



4. Why we collect or share Personal and Sensitive Information

   All reasonable steps will be taken to honour our clients’ preferences regarding the disclosure of information. When appropriate and feasible, consent to share information will be obtained and documented in the client’s notes. Reasons for collecting your Personal and/Sensitive Information include, but are not limited to:

   1. To effectively and efficiently deliver our services. To facilitate the booking of appointments and ensure that clinicians involved in your care remain informed about your health and relevant personal circumstances. We may record and share Personal and/or Sensitive Information with clinicians involved in your care and administrative staff upon whom we depend to provide our service. This includes administrators working for Empowered Minds Clinic, the virtual reception service (Office HQ), your general practitioner and/or referring specialist.
   2. To provide high quality, personalised care. To fulfil our commitment to high-quality, personalised care we need to remain well informed about your personal circumstances, health and treatment. This may involve the collection and recording of Personal and/or Sensitive Information that you, a referrer or third-party has provided to Us, this includes our clinicians, administrators and our partners at OfficeHQ as well as information entered into Halaxy or submitted via our Website.
   3. Referral, consultation and continuity of care. We routinely receive or share Personal and/or Sensitive Information with your referrer/General Practitioner. Your General Practitioner is placed at the centre of your healthcare and ensuring effective communication with them regarding health and personal circumstances where relevant is essential for effective monitoring and management of your treatment. It is also a legal requirement to provide documentation to your gene rebates. Additionally, if you accept a referral to another clinician within Empowered Minds Clinic or externally, you are consenting to your clinician sharing information about you with the new clinician and associated administrative staff.
   4. Communication.To ensure that you can access information pertaining to your assessment or treatment plans, Personal and/or Sensitive Information may be communicated via email, post or telephone to the contact details that you have provided to us.We specifically recommend you review the primary/main email address, postal address, and phone number provided as your primary contact details. By providing these details you are consenting to the potential transmission of Personal and Sensitive Information to these contact sources.To ensure meaningful engagement and recovery it may also be pertinent to share or receive information from family, friends or loved ones. Where appropriate, relevant Personal and Sensitive Information about your assessment and treatment may be shared with another key person involved in your care, for example, a community health service worker, parent or guardian. This is most relevant to those assessed as having impaired capacity in specific instances or children and adolescents. Please advise us up front if this is a concern for you.
   5. Safety.Confidentiality is essential for the provision of healthcare. There may however be extreme instances where your clinician is required by law to share relevant Personal and/or Sensitive information to protect the health, safety and well-being of patients, carers or the community. This may have to occur without your consent. In providing this information, the clinician is not considered to have violated the duty of confidentiality and is safeguarded by applicable legislation including but not limited to: Mental Health Act 2016 (MHA 2016) Information Privacy Act 2009 (IP Act) Child Protection Act 1999 (CP Act) Domestic and Family Violence Protection Act 2012 (DFVP Act) Weapons Act 1990 (Weapons Act) Guardianship and Administration Act 2000 (GA Act) Powers of Attorney Act 1998 (PA Act). Relevant Legislation may vary according to State, Territory or Commonwealth Law.
   6. Quality Assurance and Improvement.In order to maintain high quality and up-to-date services, we may access and utilise your information for the purposes of quality assurance and improvement processes, for example, clinical audits. In such instances every appropriate effort will be made to de-identify any information that might be used to personally identify you.
   7. Education.As a healthcare provider committed to delivering the highest standard of care, we also recognise the value of sharing our expertise with other healthcare professionals, including general practitioners, peer review group members, medical students, and advanced trainees in the field of Psychiatry. This may include presentations to individuals not directly involved in your care. In such circumstances, we will make every reasonable effort to remove or modify any information that could potentially be used to personally identify you.
   8. Service Experience.Providing you with the best service experience possible on the website and keeping in touch with you about developments with Empowered Minds Clinic. By using our website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information directly from you, and if it is material of a type which you would reasonably expect to receive from us. We do not use Sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.
   9. Billing, Medicare rebates and Insurance.Where applicable, we routinely inform Medicare of the information required for you to obtain a rebate. Where required, we may share Personal and Sensitive Information pertaining to your assessment, diagnosis or treatment with your nominated insurance provider. We record and utilise financial information provided by you, for example credit card details, for the purpose of billing for your appointments.
   10. Legal and regulatory compliance.We may need to share Personal and Sensitive Information about you when required by Law or for Regulatory compliance. In such instances, appropriate efforts will be made to limit the information shared to that which is essential to fulfill our obligations.



5. How we record or share Personal and/or Sensitive Information

   1. Where possible we use Halaxy, an internet-based application for the storage and transmission of personal information including clinical data and payment information. This is password protected with two-factor verification in addition to their own processes to maintain the security of your personal information. This information is only accessible to your clinician, and authorised practice personnel upon whom we depend in order to provide you with a service.
   2. We use the secure messaging service ReferralNet where possible when sending or receiving health information with general practitioners or referrers.
   3. We use the telehealth platform, Coviu.
   4. We may use Microsoft 365 and associated applications for the collection of certain information in specific circumstances, for example for the purposes of accounting, however, personal information will be kept to a minimum in such instances.
   5. We may use email, telephone, fax or post.
   6. We may download documents from email communications with you, the patient.
   7. We may download documents from Halaxy related to you, for the sole purpose of providing you with assessment and treatment.
   8. We may record and store information in paper files.
   9. We may share Personal Information with service providers who support the operation of the website or applications related to the provision of telehealth or clinical care. Your Personal Information may also be accessed by maintenance and support personnel as part of their regular duties.



6. How we protect your Personal and/or Sensitive Information:

   The safeguarding of your confidential information is of the utmost importance to us. The additional and developing challenges of maintaining the safety of electronic records is something that we take very seriously and will endeavor to remain up to date by reviewing this regularly. The security of this information is dependent on the steps taken by all parties involved to secure the transmission and storage of electronic records, including but not limited to those utilized by your referrer/GP, third party software providers, your email provider and personal devices. At Empowered Minds Clinic we will only entrust the access and handling of Personal and Sensitive Information to specific and vetted staff members as well as a limited number of third-party services with appropriately secure privacy policies at the time of engagement, including ReferralNet, OfficeHQ, Coviu and Halaxy.




7. Security, Access and Correction

   At Empowered Minds clinic we store your Personal Information in a way that reasonably protects it from unauthorized access, misuse, modification or disclosure.

   1. We adhere to the following periods for the retention of Personal and Sensitive Information in accordance with applicable Australian Laws and Regulations:
      1. Medical records are retained for specific periods of time, dependent on the age of the client:
         1. Children and adolescents - aged 17 and under - records will be kept until the client turns/would have turned 25 years of age, in line with VIC, ACT and NSW regulations.
         2. Adults - aged 18 and above - records will be retained for 7 years from the last date of entry.
      2. Financial records including billing information and financial details will be retained for 7 years from the last date of client contact.
      3. Communication records, including but not limited to, emails and phone call logs, will be retained for 7 years from the last date of entry, unless there is a requirement to retain them for longer e.g. if deemed to include health information, in which instance those relating to a child who has been under our care will be retained until the date of their 25th birthday.
   2. When we no longer require your Personal Information for the purpose that we obtained it, we will take reasonable steps to destroy or de-identify it:
      1. Electronic records containing personal information are encrypted, password- protected, and stored on secure servers to ensure their confidentiality and integrity. We may at times need to temporarily download electronic records containing Personal and /or Sensitive Information onto password-protected devices accessible only by staff at Empowered Minds Clinic. When electronic records are no longer required, we will either delete or request their deletion, at a minimum, records will be de-identified according to our data retention policies. This also applies to any back-up copies.
      2. Written records containing personal information are maintained as physical files and stored in a locked cabinet to prevent unauthorised access. When written records are no longer required, they will be securely shredded to make them unreadable or irretrievable, or de-identified in accordance with our document retention policies to maintain confidentiality and protect your personal information.
   3. In order to protect your safety and that of your personal data, all staff employed by Empowered Minds Clinic are subject to vetting processes designed to ensure the security and integrity of our services. This includes criminal record checks and, where appropriate, working with children checks. These vetting processes are conducted in accordance with applicable laws and regulations to maintain a secure environment for our clients.

   We have selected partner companies and applications that provide clear details around how they store or handle Personal and/or Sensitive Information. We are not responsible for the security of information provided to these partners or applications and recommend that you review their respective Privacy Policies.

   4. Halaxy data is protected by 256-bit security, encrypted and password protected. Access is monitored and only administrators and clinicians involved in your care and employed directly by Empowered Minds Clinic will be provided with access by us to view the content of your clinical notes. Office HQ staff will have access to uploaded documents such as referrals, personal information including but not limited to name, date of birth, address, contact details and your Medicare number for the purposes of facilitating bookings and passing on messages.
   5. We use the secure messaging application, ReferralNet to send clinical information from Halaxy to referrers/General Practitioners whenever possible. When a referrer or General Practitioner does not use a secure messaging service or one that is not compatible, we communicate with them via email, fax or post.
   6. We use the telehealth application, Coviu as this has been specifically designed to meet the security needs of patients and healthcare practitioners in Australia.
   7. Use of Email or Telehealth Applications: In the course of providing our services, we may utilise email or other tele-health applications to communicate with you. Email and Telehealth Applications are highly convenient, however, please be aware that the use of email or telehealth applications may pose security risks, and we cannot guarantee the confidentiality or security of information transmitted through these means. We take all reasonable measures to minimise these risks, including the use of a firewall, passwordprotected access to all systems, data encryption and secure servers for the storage and communication of information. By engaging in or requesting communication through email or tele-health applications, you acknowledge and accept the potential security risks associated with these means of communication.
   8. Virtual Reception Service: We engage OfficeHQ, a virtual reception service to handle incoming calls and messages. As part of their services, the virtual reception service may collect and process personal information on our behalf. Please note that the virtual reception service operates under its own privacy policy, and we encourage you to review their privacy policy to understand how they handle your personal information. While we take measures to ensure the protection of your personal information, the virtual reception services' privacy policy will also apply to any personal information collected or processed by them on our behalf.
   9. We may update our privacy policy occasionally to reflect changes in our practices and legal requirements. In case of updates, we will email you to inform you of the changes. We encourage you to review our privacy policy periodically to stay informed about how we are protecting your information.



8. How you can access your Information

   We endeavour to ensure that the information that we hold about you is both appropriate and correct and will support applications to access or modify this information whenever possible and/or appropriate.

   The Australian Privacy Principles:

   1. permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and
   2. allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).

   If you want to receive a copy of your information or if you think any information we have about you is incorrect, outdated, incomplete, irrelevant, or misleading, please contact us via the email listed at the bottom of the policy. There might be a small administrative fee for this service. However, please note that we may decline your request for information under certain circumstances outlined in the Privacy Act.




9. Complaint procedure

   1. If you have a complaint about how we maintain the privacy of your Personal Information, please contact us on the contact details at the bottom of this policy.
   2. All complaints will be considered by our Practice Manager, Claudi Hills and we may seek further information from you to clarify your concerns.
   3. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem.
   4. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.



10. Overseas transfer

    1. Your Personal Information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your Personal Information to an overseas recipient, the overseas recipient will not be required to comply with the Australian Privacy Principles and we will not be liable for any mishandling of your information in such circumstances.
    2. Information Transfer by Associated Applications: Please be aware that certain associated applications, such as Microsoft 365 and Halaxy, may transfer and store your personal information outside of Australia. We encourage you to review their respective privacy policy statements to understand how they handle your personal information. While we do not store data outside of Australia, these associated applications may do so, and we are not responsible for the handling of your personal information by these third-party providers.



11. How to contact us about privacy

    If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: info@empoweredmindsclinic.com.