Statera Health Pty Ltd. Privacy Policy: Last updated 26/2/2026

1.       Introduction

This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:

• the kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;

• how we collect and hold personal information;

• the purposes for which we collect, hold, use and disclose personal information;

• how you may access your personal information and seek the correction of that information;

• how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;

• whether we are likely to disclose personal information to overseas recipients;

2.       What kinds of personal information do we collect?

The type of information we may collect and hold includes:

• Your name, address, date of birth, email and contact details

• Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice

• Other health information about you, including:

  • notes of your symptoms or diagnosis and the treatment given to you

  • your specialist reports and test results

  • your appointment and billing details

  • your prescriptions and other pharmaceutical purchases

  • your genetic information

  • your healthcare identifier

  • any other information about your race, sexuality or religion, when collected by a health service provider.

• Credit card details to be held with our payment processor

3.       How do we collect and hold personal information?

We will generally collect personal information:

• from you directly when you provide your details to us. This might be via a face to face discussion, telephone conversation, registration form or online form

• from a person responsible for you

• from third parties where the Privacy Act or other law allows it - this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme

See: https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/content/home

4.       Why do we collect, hold, use and disclose personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

• to provide health services to you

• to communicate with you in relation to the health service being provided to you

• to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.

• to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems

• for consultations with other doctors and allied health professional involved in your healthcare;

• to obtain, analyse and discuss test results from diagnostic and pathology laboratories

• for identification and insurance claiming

• If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.

• Information can also be disclosed through an electronic transfer of prescriptions service.

• To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.

5.       How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information which we hold about you. We may charge you a reasonable fee for access if a cost is incurred by us in order to retrieve your information, but in no cause will we charge you a fee for your application for access.

For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’.

6.       How do we collect and manage your stored credit card details?

• Credit card details are stored through our payment processor gateway via tokenisation, so we do not have access to your underlying credit card details.

• Your credit card on file details is used to processes payments only for cancellation fees and otherwise work that has been discussed with you. This would include but not is not exclude to patient consultations, scripts, medication permit applications, replying to email or phone queries for medical advice, referral letters, documentation for 3rd parties.

• We will inform you every time we bill your credit card that is held on file.

• We will delete your credit card details once you are no longer an active patient.

7.       How do we hold your personal information?

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:

• Holding your information on an encrypted database

• Holding your information in secure cloud storage

• Our staff sign confidentiality agreements

• Confidential paper documents are destroyed once no longer required/uploaded into our encrypted database.

8.       Privacy related questions and complaints

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days.

If you are dissatisfied with our response, you may refer the matter to the OAIC:

• Phone: 1300 363 992

• Email: enquiries@oaic.gov.au

• Fax: +61 2 9284 9666

• Post: GPO Box 5218 Sydney NSW 2001

• Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

9.       Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.

It is our view that in the context of a medical practice this is largely impracticable and will impede the provision of your medical service.

10.    Overseas disclosure and use of digital platforms

We use a digital note-taking platform based in Australia that employs artificial intelligence (AI) to assist in documenting your consultation. This platform records the conversation during your consultation to accurately capture details and improve the quality of care. All data processing occurs locally within Australia and complies with Australian data privacy laws and regulations.

In addition, we may use other services, including AI-based services, which may be based in Australia or overseas, to support our practice. These services may include, but are not limited to, cloud storage, data transfer, and telehealth.

We take reasonable steps to ensure that any overseas recipients of your information comply with the Australian Privacy Principles and that your data is encrypted during transfer and storage.

You acknowledge and accept that there are inherent risks in electronic data storage and transmission, including potential unauthorised access, modification, or disclosure.

Communication

We may at times correspond with you, other health professionals and relevant third parties in your care via email if there is no other practical secure method of communication. The recipient email server may be overseas. You consent to email communication and acknowledge that email communication is unsecure and indemnify Statera Health, its principal(s), associates, staff from any damages related to misuse, interference and loss, from unauthorised access, modification or disclosure. If you do not wish to have any correspondence via email you agree to inform Statera Health and are able to opt out of any email communication.

We may at times correspond with you via SMS, which include but may not be limited to appointment bookings and telehealth web links. You consent to SMS communication and acknowledge that SMS communication is unsecure and indemnify Statera Health, its principal(s), associates, staff from any damages related to misuse, interference and loss, from unauthorised access, modification or disclosure. If you do not wish to have any correspondence via SMS you agree to inform Statera Health and are able to opt out of any SMS communication.

11.    Updates to this Policy

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be available on request from our reception.

12.    Privacy and websites

Our Website privacy policy is available on our website.

13.    Contact details for privacy related issues

For a copy of our Privacy Policy, please contact our Privacy Officer at reception@staterahealth.com.au
 Statera Health, Suite 12.6, Level 12, East Wing Tower, Epworth Eastern,
 1 Arnold Street, Box Hill, Victoria, 3128.