Nova Physio & Rehab

Privacy Policy

Last updated: 1st July, 2025

Nova Physio & Rehab (“we”, “our”, “us”) is a private physiotherapy and rehabilitation clinic located in Lutwyche, Queensland, Australia.

We are a health service provider and we respect your right to privacy and the security of your personal information. We are required to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, which set out how we must handle your personal information, including your health information.

This Privacy Policy explains how we collect, use, disclose and protect your personal information, and how you can access and correct it or make a complaint.

1. What laws apply

As a private physiotherapy clinic in Queensland, Nova Physio & Rehab is primarily regulated by Australian federal privacy law, including:

  • Privacy Act 1988 (Cth); and

  • Australian Privacy Principles (APPs).

We are also required to comply with the Notifiable Data Breaches scheme, which sets out when we must notify you and the Office of the Australian Information Commissioner if a data breach occurs that is likely to result in serious harm.

2. What personal information we collect

We collect information that is reasonably necessary to provide physiotherapy and rehabilitation services and to operate our practice. This may include:

Identifying and contact information

  • Full name

  • Date of birth and gender

  • Residential and postal address

  • Email address and telephone numbers

  • Medicare number, Department of Veterans’ Affairs number, healthcare identifiers (where relevant)

  • Private health insurance details

Health and treatment information

  • Medical history and presenting condition

  • Referral letters from your GP, specialist, or other health providers

  • Medication details, surgical history, relevant family history

  • Imaging reports and test results

  • Clinical notes, treatment plans and progress notes

  • Outcome measures and assessment results

  • Photographs or videos used for clinical assessment (for example, posture or movement analysis), where you consent to this

Administrative and payment information

  • Billing and payment records

  • Details needed for workers’ compensation, compulsory third party (CTP), DVA or other insurers or funding bodies

  • Appointment history and communication records

Website and digital information (if applicable)

  • Information you provide via website contact forms or online bookings

  • Technical information such as IP address and browser type, to the extent collected by our systems

Health information is considered “sensitive information” under the Privacy Act and is subject to higher protections.

3. How we collect your information

Where it is reasonable and practicable, we will collect personal information directly from you. For example, when you:

  • Make an enquiry or book an appointment (online, in person or by phone)

  • Complete our new patient or consent forms

  • Provide information during consultations or telehealth appointments

  • Communicate with us by email, telephone or SMS

  • Interact with us through our website or social media

We may also collect information from third parties, where you have provided consent or where it is otherwise permitted or required by law, including:

  • Your GP, specialist or other treating practitioners

  • Hospitals and other health service providers

  • Diagnostic providers such as imaging and pathology services

  • Insurers, workers’ compensation authorities and rehabilitation providers

  • Your legal representative, guardian or attorney

  • Family members or carers, where appropriate and authorised

If you provide personal information about another person (for example, an emergency contact), you should ensure that they are aware you have done so and that they are aware of this Privacy Policy.

4. Why we collect, use and disclose your information

We collect, hold, use and disclose your personal information for purposes including:

Clinical care

  • Assessing your condition and providing physiotherapy and rehabilitation services

  • Developing, reviewing and documenting treatment plans

  • Coordinating care with other healthcare providers involved in your treatment

Communication

  • Confirming and managing appointments and sending reminders

  • Providing follow-up information related to your care

  • Responding to your questions, requests and feedback

Practice management and business operations

  • Administering accounts, billing and payments

  • Working with insurers, compensable bodies and other funders

  • Managing staff training, quality assurance and internal audits

  • Maintaining and improving our clinical, administrative and IT systems

Legal, regulatory and safety requirements

  • Fulfilling our obligations to regulators, professional boards and insurers

  • Handling complaints, incident reports and legal claims

  • Complying with court orders, subpoenas or other lawful requests

Research, teaching and quality improvement

  • Using de-identified or aggregated information for statistics, service evaluation and quality improvement

  • Using identifiable information for research or education only with your specific consent, unless an exception under the law applies

We will not use or disclose your personal information for purposes other than those described in this policy, unless you have consented or the use or disclosure is required or authorised by law.

5. Disclosure of your information to third parties

We may disclose your personal information to third parties where it is necessary for the purposes described above, where you have provided consent, or where the law permits or requires disclosure. This may include:

  • Your GP, specialists and other allied health professionals involved in your care

  • Hospitals and other health service providers

  • Imaging and pathology service providers

  • Insurers, workers’ compensation authorities, DVA and other funding bodies

  • Rehabilitation providers and case managers

  • Your authorised representative, guardian or attorney

  • Our professional advisers, such as accountants and lawyers, where reasonably necessary for our business

  • IT service providers, practice management software providers, backup and data storage providers

  • Government agencies, regulators, tribunals and courts, as required or authorised by law

Where practicable, we will work to ensure you understand why your information is being disclosed and will seek your consent when required, particularly when sharing with other health providers or insurers.

6. Overseas disclosure

Some of our IT, practice management, communication or data storage providers may store information on servers located outside Australia.

Where we are aware that personal information is stored overseas, we will take reasonable steps to ensure that any overseas recipient does not breach the Australian Privacy Principles in relation to your personal information. These steps may include contractual requirements, due diligence on the provider’s privacy and security practices, and access controls.

If you have any questions or concerns about the overseas storage of your information, please contact us using the details in section 13.

7. How we store and protect your information

We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

Physical security

  • Lockable cabinets or rooms for paper records

  • Restricted access to areas where personal information is stored

Technical security

  • Use of reputable practice management and record systems with access controls

  • Password protection and user authentication for electronic systems

  • Regular software updates and security patches

  • Regular backups of electronic data

  • Security measures on clinic devices such as computers and mobile devices

Administrative safeguards

  • Staff confidentiality obligations and privacy training

  • Policies and procedures for handling, transferring and disposing of personal information

  • Secure methods for sending health information, where reasonably practicable

We will retain personal information for as long as required by law and professional standards. When personal information is no longer required and it is lawful to do so, we will take reasonable steps to destroy or permanently de-identify it.

8. Direct marketing

We may, from time to time, use your contact details to provide you with information about:

  • Our services, classes or programs

  • Health information and updates that may be relevant to your condition or general wellbeing

You may opt out of receiving direct marketing communications from us at any time by:

  • Using any unsubscribe facility provided in the communication (where available); or

  • Contacting us directly using the details in section 13.

We will not sell or rent your personal information to third party marketing organisations.

9. Access to your personal information

You have the right to request access to the personal information we hold about you, including your health records, subject to some limited exceptions set out in the Privacy Act.

To request access, please contact us in writing or by phone using the details in section 13 and let us know what information you are seeking.

We will:

  • Respond to your request within a reasonable time; and

  • Provide access in the manner you request, where it is reasonable and practicable to do so (for example, copies, a summary, or an opportunity to view your records).

We may charge a reasonable fee to cover the administrative cost of providing access (for example, copying or postage). We will not charge a fee for you to make a request.

If we refuse access, in whole or in part, we will provide you with a written notice setting out the reasons (where it is reasonable for us to do so) and how you may complain about our decision.

10. Correction of your personal information

If you believe that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request that we correct it.

You can ask us to correct your information during a consultation or by contacting us using the details in section 13. We may ask you to provide additional information or documentation to support your request.

We will respond to your request within a reasonable time and take reasonable steps to correct your information. If we decide not to make the requested correction, we will tell you why (where it is reasonable to do so) and explain what you can do if you are not satisfied with our response.

11. Anonymity and pseudonymity

Where it is lawful and practicable, you have the option of not identifying yourself or using a pseudonym when dealing with us (for example, when making a general enquiry).

However, due to the nature of physiotherapy and rehabilitation services, it is usually not practicable for us to provide clinical care, process claims or meet our legal obligations without identifying you. In most cases, we will need to know who you are in order to treat you safely and appropriately.

12. Data breaches

Despite our efforts to protect your information, no system can be completely secure. If we become aware of a data breach involving your personal information, we will:

  1. Take immediate steps to contain and assess the breach;

  2. Determine whether the breach is likely to result in serious harm to any individual; and

  3. If the breach is likely to result in serious harm, notify affected individuals and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme.

We may also take steps such as resetting passwords, strengthening security controls and reviewing our processes to reduce the risk of a similar incident in future.

13. Questions, concerns or complaints

If you have any questions about this Privacy Policy, or if you have a concern or wish to make a complaint about how we have handled your personal information, please contact us:

Privacy Officer
Nova Physio & Rehab
[Insert street address]
Lutwyche QLD [postcode]
Telephone: [insert number]
Email: [insert email address]

Please provide as much detail as you can about your question or concern. We will acknowledge your communication and aim to respond within a reasonable time.

If you are not satisfied with our response, you may contact:

  • Office of the Australian Information Commissioner (for privacy complaints under the Privacy Act); and/or

  • Office of the Health Ombudsman in Queensland (for complaints about health services).

Contact details for these offices are available by searching their names online or by calling national directory assistance.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our practices or our services. The most current version will be available at our clinic and, where applicable, on our website.

We encourage you to review this Privacy Policy periodically so that you are aware of how we manage your personal information.