Privacy Notice

Thank you for choosing my speech pathology services. This notice explains why I collect your personal information and how I handle it.

Why do I collect your information?

I collect your personal information, including sensitive health information, for the primary purpose of providing you with safe and effective speech pathology assessment and therapy. I also use it for related administrative tasks, such as scheduling appointments and managing billing (including any NDIS claims).

What happens if I don't collect your information?

If I do not collect the necessary personal and health information from you, I will be unable to provide you with speech pathology services. It would be unsafe and unprofessional for me to do so without a complete understanding of your history and needs.

Who do I usually share your information with?

To provide you with coordinated care, I may need to share information with others. This is only ever done when necessary and, where required, with your consent. I may share information with:

  • Your General Practitioner (GP) or other specialists involved in your care.

  • Other allied health professionals in your care team (e.g., occupational therapist, psychologist).

  • The National Disability Insurance Agency (NDIA), if you are an NDIS participant.

  • My professional contractors (e.g., an administrative assistant) or IT service providers, who are bound by strict confidentiality obligations.

  • I will not send your information to anyone overseas without a compliant basis under Australian privacy law.

My Full Privacy Policy

This is a summary notice. My full Privacy Policy contains more detailed information about how I handle your information, including how you can access or correct your records, how long I keep them, and how to make a complaint.

You can access my full Privacy Policy on my website below or ask me for a copy.

Privacy Policy

ABN: 37 876 526 366

Effective Date: 1/7/2025

 

1. My Commitment to Your Privacy

Your privacy is important to me. As a speech pathologist, I am committed to protecting the privacy and confidentiality of your personal information in all my dealings with you.

This policy explains how I collect, hold, use, and disclose your personal information in the course of providing my services. It also explains your rights regarding your information and how you can make a complaint.

In providing my services, I am bound by the Privacy Act 1988 (Cth) and its Australian Privacy Principles (APPs), the Personal Information Protection Act 2004 (Tas) and its Personal Information Protection Principles (PIPPs), the NDIS Code of Conduct, and the Speech Pathology Australia Code of Ethics.

Contact Details:

  • Name: Briar Walker

  • Email: briar@briarspeechpathology.com.au

  • Phone: 0461 481 056

 

2. Privacy, Dignity, and the NDIS

Privacy is a fundamental human right. I respect the privacy of all my clients, including people with a disability. As an unregistered NDIS provider, I am subject to the NDIS Code of Conduct, which requires me to respect and protect the privacy of everyone who receives services from me.

This commitment goes beyond legal compliance. It is about the way I deliver my services. I will always strive to be aware of your privacy needs and preferences and to deliver my services in a way that maintains your personal dignity. This includes:

  • Explaining and seeking your permission before performing any procedures that involve physical touch or entering your personal space.

  • Ensuring that any discussions about your assessment, progress, or personal circumstances are conducted in a private and confidential setting.

  • Considering your everyday personal needs in a way that prevents embarrassment and discomfort.

  • Obtaining your explicit concent before sharing any of your details with another party, for example the NDIA, your general practitioner (GP), or your child’s classroom teacher.

 

3. What Personal Information Do I Collect?

To provide you with safe and effective speech pathology services, I need to collect and hold personal information. "Personal information" is any information or opinion that identifies you or could reasonably identify you. The types of information I collect include:

  • Identity and Contact Details: Your name, age, date of birth, gender, address, and contact information.

  • Sensitive Health Information: This is a specific category of personal information that includes:

  • Developmental, medical, ethnic, language, cultural, and social histories (including medications, diagnoses, and allergies).

  • Details about disabilities, impairments, and challenges.

  • Family histories relevant to your care.

  • Audio and/or video recordings made for assessment purposes (e.g., language samples).

  • Other Relevant Information:

  • Work and education histories.

  • Hobbies, motivations, and interests.

  • NDIS plan details and related information.

  • Financial information required for billing and payment.

I will only collect information that is reasonably necessary for me to provide my services to you.

 

4. How Do I Collect Your Personal Information?

I collect personal information in several ways, including:

  • Directly from you or your representative: I will always try to collect information directly from you (or your parent/guardian/carer). This may happen via:

  • Telephone calls.

  • Client intake forms and questionnaires.

  • Face-to-face or telehealth consultations.

  • Emails, SMS, and other electronic messages.

  • From third parties: Sometimes I may need to collect information from others involved in your care, such as your GP, paediatrician, other allied health professionals, or your child's school. I will only do this with your consent.

  • From my website: I may collect technical data, such as your IP address and browser details, when you visit my website. This is necessary to maintain the security and functionality of the site.

 

5. Consent: Your Choice and Control

Your consent is the cornerstone of how I handle your information. I am committed to ensuring your consent is always informed, voluntary, and freely given.

  • General Consent: Your signature on my Client Service Agreement at our first appointment will provide overall consent for me to collect and manage your personal information for the purpose of providing you with care.

  • Specific Consent: For specific activities, such as making an audio or video recording for assessment, sharing your report with a third party, or using your information for any secondary purpose, I will seek your separate verbal or written consent at that time.

  • Withdrawing Consent: You may withdraw your consent at any time by contacting me in writing. Please be aware that withdrawing consent for the collection of information that is essential for providing safe and effective care may result in my inability to continue providing services to you.

 

6. Why Do I Use and Share Your Information?

I collect and use your personal information for the primary purpose of providing you with high-quality speech pathology assessment, diagnosis, and management. Specifically, I use it for:

  • Developing and implementing your therapy plan.

  • Administrative purposes, such as scheduling appointments and managing my business.

  • Billing and payment management (including processing Medicare or NDIS claims).

  • Communicating with you and others involved in your care.

  • Fulfilling my legal and professional obligations.

I may share your information with the following parties, but only when necessary and, where required, with your consent:

  • Other healthcare providers involved in your care (e.g., your GP, specialist, or other therapists).

  • The National Disability Insurance Agency (NDIA) and its agents, for NDIS participants.

  • Medicare or your private health insurer, for claiming purposes.

  • Any administrative contractors I engage (e.g., a virtual assistant), who are also bound by strict confidentiality and privacy obligations.

  • My professional advisors (e.g., accountant, lawyer) for business management purposes.

  • My IT service providers (e.g., my practice management software provider), who are required to protect your data.

From time to time, I may wish to send you news or information about my services. I will only do so with your express, opt-in consent, and you can opt-out at any time.

 

7. My Commitment to Children's Privacy

I am deeply committed to protecting the privacy of the children and young people I work with. I handle their personal information in accordance with the Privacy Act and recognised best practices.

Consent for Minors:

The Privacy Act does not specify an age at which a person can provide their own consent. My approach is as follows:

  • For children under the age of 15: I will generally seek consent from a parent or legal guardian.

  • For young people aged 15 and over: I will typically seek their own consent, provided I am confident they have the capacity to understand what they are consenting to.

Information Sharing and Confidentiality:

A positive therapeutic relationship is built on trust. I will discuss with both the child/young person and their parents/guardians how information will be shared, respecting the confidentiality of my conversations with a young person where it is appropriate and safe to do so.

 

8. How I Keep Your Information Secure

I take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:

  • Physical Security: Storing any hard copy records in a locked filing cabinet.

  • Digital Security:

  • Storing electronic records on password-protected devices and in encrypted cloud storage.

  • Using multi-factor authentication (MFA) on all key systems and accounts that hold your information.

  • Ensuring all software on my devices is kept up-to-date with the latest security patches.

  • Using secure, end-to-end encrypted email for transmitting sensitive reports.

  • Maintaining regular, encrypted backups of all client information, stored securely and separately.

 

9. Record Retention and Destruction

I manage and retain client health records in accordance with my legal and professional obligations. The minimum retention periods are as follows:

  • For clients who are adults (18 years or older): Records will be retained for a minimum of 7 years from the date of their last consultation.

  • For clients who were minors (under 18 years): Records will be retained until the client turns 25 years of age.

After these periods, all records will be securely and permanently destroyed.

 

10. Privacy and Telehealth Services

I may offer consultations via telehealth (video or phone call). I am committed to ensuring these sessions are private and secure.

  • Technology: I use a telehealth platform specifically designed for healthcare, which provides end-to-end encryption for video calls. The storage servers may be in the USA, however they would be encrypted in transit and meet the Australian privacy standards.

  • Consent: Before our first telehealth session, I will seek your specific informed consent. This will include confirming you are comfortable with the technology and discussing how to ensure your own privacy at your end. Your consent will be documented in your clinical record.

 

11. Do I Send Your Information Overseas?

I use third-party service providers for essential business functions, such as email and data storage. I take care to select providers that prioritise security and privacy. Where possible, I choose providers that store data within Australia.

However, some services, such as my email provider, may use global data centres, which could result in your information being stored on servers located in countries such as the United States or Singapore. Before using any such service, I take reasonable steps to ensure the provider has privacy and security standards comparable to those required by Australian law.

 

12. Your Rights Regarding Your Information

You have important rights under Australian privacy law.

  • Right to Access: You have the right to request access to the personal information I hold about you. You can make a request in writing, and I will respond within a reasonable time (usually 30 days). A reasonable fee may be charged to cover the cost of retrieving and providing the information.

  • Right to Correction: If you believe the information I hold about you is inaccurate, out-of-date, or incomplete, you have the right to request that I correct it.

  • Right to Anonymity: You have the right to interact with me anonymously or by using a pseudonym. However, in a healthcare setting, this is generally impracticable and unsafe. To provide you with effective care and manage billing, I require clients to be properly identified.

 

13. Data Breach Management

In the unlikely event that the security of your information is compromised, I have a clear plan to manage the situation. My response will follow the four key steps recommended by the OAIC: Contain, Assess, Notify, and Review. If a data breach is likely to result in serious harm, I will notify you and the Office of the Australian Information Commissioner (OAIC) as required by law.

 

14. How to Make a Complaint

If you have any concerns about how I have handled your privacy, please contact me directly.

  • Please direct all privacy-related complaints to me in writing at briar@briarspeechpathology.com.au

  • I will acknowledge receipt of your complaint within 2 business days.

  • I will then investigate the matter and provide you with a formal written response within 30 days.

If you are not satisfied with my response, you have the right to lodge a complaint with the relevant external body:

  • Office of the Australian Information Commissioner (OAIC): For general privacy matters. Visit www.oaic.gov.au.

  • NDIS Quality and Safeguards Commission: For matters related to NDIS services. Visit www.ndiscommission.gov.au.

  • Tasmanian Ombudsman: For matters related to the Personal Information Protection Act. Visit www.ombudsman.tas.gov.au.