Privacy Policy
Northbridge Medical Practice Privacy Policy (Including Use of AI)
Updated 12th June 2026
This policy explains how the practice collects, uses, stores, discloses and protects personal and health information, including where Artificial Intelligence (AI) tools may be used.
The practice may collect personal information, contact details, Medicare information, health information, clinical records, billing information and other information required for the provision of healthcare services.
Information may be collected directly from patients, referring to practitioners, healthcare providers, government agencies, and through practice management systems. Information is used to provide healthcare services, communicate with patients, manage appointments, process payments, comply with legal obligations, and support quality improvement activities.
The practice may use approved AI technologies to assist with administrative tasks, document drafting, clinical note support, workflow efficiencies, and quality improvement activities. AI tools will not replace clinical judgement. Any use of AI involving patient information will be subject to appropriate privacy, security, and confidentiality safeguards. Patient information will only be shared with AI systems where permitted by law, approved by the practice, and subject to appropriate contractual and security controls.
Information may be disclosed to other healthcare providers, hospitals, specialists, pathology providers, insurers, government agencies, or other parties with consent by the patient or required by law.
The practice takes reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure through physical, technical, and administrative safeguards. Patients may request access to or correction of their personal information in accordance with applicable legislation.
Health records will be retained and disposed of in accordance with legal and regulatory requirements.
Privacy complaints should be directed to the Practice Manager.
Complaints will be investigated and managed in accordance with the practice complaints process.
Electronic Communication Policy
Updated 12th June 2026
This policy outlines the acceptable use of electronic communication systems within the practice and helps ensure privacy, security, professionalism, and compliance with relevant legislation.
This policy applies to all employees, contractors, practitioners, students, volunteers, and authorised users of practice electronic communication systems. Includes email, SMS, instant messaging, patient portals, videoconferencing, electronic health records, social media messaging, and other digital communication platforms.
Electronic communication with patients must protect confidentiality, be clinically appropriate, and comply with privacy legislation and practice procedures. Practice email accounts must be used professionally. Confidential information should only be shared when authorised and appropriate security measures are in place. SMS may be used for appointment reminders and approved communications. Sensitive clinical information should not be transmitted unless authorised and secure.
Approved telehealth platforms must be used. Staff must take reasonable steps to ensure privacy and confidentiality during consultations.
Users must maintain strong passwords, avoid phishing risks, and immediately report suspected security incidents. Approved AI and digital communication tools may be used in accordance with practice policies, privacy requirements, and human oversight obligations.
Relevant patient communications must be documented in the patient's health record where appropriate.
Breaches of this policy may result in disciplinary action, including termination of employment or engagement where appropriate.