top of page

Privacy Policy 

​Effective Date: 25/04/2026

 

1. Introduction

Eleve Osteopathy is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and store your personal information, including sensitive health information, as part of providing osteopathic care.

 

2. What Personal Information We Collect

We may collect and hold the following types of personal information:

  • Identification details (e.g., full name, date of birth)

  • Contact details (e.g., address, phone number, email)

  • Health information (e.g., medical history, presenting complaints, treatment notes, reports, referral letters)

  • Medicare details

  • Private health insurance details

  • Billing and payment information

  • Emergency contact and next of kin details

  • Any other information you provide relevant to your care

Health information is classified as sensitive information and is afforded a higher level of protection under Australian law.

 

3. How We Collect Personal Information

We collect personal information through:

  • Patient registration and consent forms

  • In-person consultations and treatment sessions

  • Telephone, email, and online communications

  • Online booking systems and our website

  • Referrals from other healthcare practitioners

Where reasonable and practicable, we collect information directly from you or your authorised representative. By providing your sensitive information and engaging in our services you consent to the collection, storage and retention of your data. 

 

4. Purpose of Collecting and Using Information

We collect, use, and hold your personal information for purposes including:

  • Providing safe and effective osteopathic care

  • Assessing, diagnosing, and treating health conditions

  • Maintaining accurate and up-to-date clinical records

  • Communicating with you regarding appointments and care

  • Processing payments, including Medicare, and private health insurance claims

  • Complying with legal, regulatory, and professional obligations

  • Practice management, quality assurance, and accreditation activities

 

5. Use of Practice Management Software

We use Cliniko to manage patient records, appointments, and communications.

This system may store:

  • Personal and contact details

  • Appointment history and reminders

  • Clinical notes and treatment records

  • Billing and payment information

We take reasonable steps to ensure that this provider handles your personal information securely and in accordance with Australian privacy obligations. Data may be stored on servers located outside Australia, and appropriate safeguards are in place. We take reasonable steps to ensure overseas recipients comply with APPs or equivalent standards.

 

6. Medicare

Where you elect to claim through Medicare we may collect, use, and disclose relevant personal and health information for the purpose of processing claims.

This may include:

  • Medicare identification details

  • Service and billing information

  • Referral details (e.g., Chronic Disease Management plans)

By providing this information, you consent to its use and disclosure for these purposes in accordance with applicable laws.

 

7. Disclosure of Personal Information

We may disclose your personal information to:

  • Other healthcare providers involved in your care (e.g. GPs, specialists)

  • Medicare or private health insurers for claims processing

  • External service providers (e.g., IT systems, secure cloud storage, payment processors)

  • Legal, regulatory, or government authorities where required or authorised by law

We only disclose the minimum necessary information and do not sell or rent personal information. If other healthcare providers are asking for specific treatment notes etc, patients will have to sign a personal information release form before information is disclosed. 

 

8. Children and Young People

We may collect and hold personal information about patients under 18 years of age.

  • Consent for treatment and data collection is obtained from a parent or legal guardian, unless the minor is assessed as having capacity to consent under applicable law. 

  • Where appropriate, we also seek the child’s assent

  • Parents or guardians may request access to their child’s information, subject to legal limitations

We handle children’s information with additional care and sensitivity.

 

9. Storage and Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

Security measures include:

  • Secure electronic clinical record systems

  • Password-protected access and user-level permissions

  • Encrypted or secure cloud-based storage

  • Secure storage of physical records

We use Google Workspace for email, document storage, and internal communications. Personal information may be stored within these systems. These providers use industry-standard security measures; however, data may be stored on servers located outside Australia. We take reasonable steps to ensure that any overseas disclosure complies with the Australian Privacy Principles.

Access to personal information is restricted to staff and only where necessary for their role. All staff are bound by confidentiality obligations. 

 

10. Data Retention

We retain health records in accordance with legal and professional requirements.

  • Adult records are generally retained for at least 7 years from the last date of service

  • Records for children are retained until the patient reaches age 25 (or as otherwise required by law)

When no longer required, records are securely destroyed via shredding, permanent deletion of electronic records or de-identified.

 

11. Notifiable Data Breaches (NDB) Scheme

We are committed to compliance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.

A data breach occurs when personal information is accessed, disclosed, or lost without authorisation and is likely to result in serious harm.

If a breach occurs, we will:

  • Take immediate steps to contain and assess the breach

  • Notify affected individuals as soon as practicable if there is a risk of serious harm

  • Provide recommendations on protective steps

  • Notify the Office of the Australian Information Commissioner where required

We maintain procedures to respond promptly to any suspected or actual data breach

 

12. Access and Correction

You have the right to request:

  • Access to your personal information

  • Correction of inaccurate, incomplete, or outdated information

Requests must be made in writing using the contact details below. We may require proof of identity. Access may be subject to legal exceptions.

 

13. Cookies and Website Data

Our website may use cookies or analytics tools to improve functionality and user experience. These may collect non-identifiable information such as browser type and pages visited.

 

14. Complaints

If you have concerns about how your personal information is handled, you may contact us in writing.

We will acknowledge and investigate your complaint with an aim to respond within a 30-day period. 

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

 

15. Contact Details

Eleve Osteopathy
1/20 Peel Street, Eltham VIC 3095
0431 481 501
admin@eleveosteopathy.com.au

 

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. The current version will be available at our clinic and/or on our website.

bottom of page