1. Our Commitment to Your Privacy
Coastal Respiratory & Sleep Specialists (the Service Provider) provides administrative, facility, and support services to independent medical practitioners (the Practitioners). We are committed to protecting the privacy of your personal information in accordance with the Privacy Act 1988 (Cth) (‘Privacy Act’), and the Australian Privacy Principles (‘APPs’).
2. Scope of this Policy
This policy governs the management of personal information for all clinical and administrative services conducted at Coastal Respiratory & Sleep Specialists. It applies to both the Service Provider and the independent Practitioners practicing at this facility to ensure a consistent, high-standard approach to data protection. References to “we”, “us”, or “the practice” refer to this unified service model.
The following terms are used throughout this Privacy Policy and carry the meanings given to them under the Privacy Act:
| Term | Definition |
| Personal information | Information or an opinion about a person who is identified or reasonably identifiable, regardless of whether it is true or recorded in a physical form (Privacy Act) |
| Health information | A subset of personal information relating to an individual’s health or disability, their wishes regarding future health services, or health services provided or to be provided to them (Privacy Act) |
| Sensitive information | Includes health information and information relating to race, religion, political opinions, and sexual preferences. Attracts a higher standard of protection under the Privacy Act |
If you have any queries about this Privacy Policy, please contact us using the details in clause 14.
3. Consent
You become a patient of this practice when you contact us directly, attend an appointment, or when a referring practitioner provides us with your information in connection with an upcoming consultation.
We obtain your consent through our patient registration forms, or through consent provided to your referring practitioner at the time of your registration with them. Your consent allows our Practitioners and practice staff to access and use your personal information to deliver healthcare to you. Access is restricted to those who require it for your care.
If we ever wish to use your personal information for a purpose other than healthcare provision, we will seek your additional consent before doing so.
4. What Information We Collect
We collect information necessary to provide you with medical care and manage our practice, including your name, contact details, date of birth, gender, medical history, medications, allergies, clinical records, Medicare and health insurance details, and billing information.
Can you deal with us anonymously?
You can deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. In most circumstances, we will only be able to deal with you anonymously or by pseudonym where you make a general enquiry and do not require specific information and advice. If you choose not to identify yourself, there may be consequences for your ongoing healthcare and/or ability to claim rebates through Medicare or your health fund.
5. How We Collect Your Information
We collect your personal information directly from you in person, by telephone, email, or through patient registration forms. We may also collect information from your referring practitioners, other treating health professionals, Medicare, your health insurer, the My Health Record system, or your emergency contacts where necessary.
We will only collect information from third parties where you have consented, where it is necessary for your care, where it is reasonably necessary to manage our practice, or where we are required by law to do so.
AI Scribes: We use AI technology for clinical note-taking during consultations. Notes are reviewed by your treating Practitioner and stored securely in your patient file. If you do not wish for AI scribe technology to be used during your consultation, please advise our staff prior to your appointment.
CCTV: Common areas of the building in which our practices are located, including elevators and lobbies, are currently subject to CCTV surveillance managed by the building owner or Body Corporate. We do not manage or have access to that footage. Should we install internal security cameras, their use will be restricted to public areas such as reception and will be handled in accordance with this Privacy Policy. Enquiries regarding building surveillance should be directed to the building manager.
Telehealth: Where consultations are conducted via telehealth from a Practitioner’s private premises, all reasonable steps are taken to maintain a private and secure environment.
6. How We Use Your Information
We use your personal information to provide you with medical care, communicate with your treating team, process billing and insurance claims, send appointment reminders and recalls, conduct practice audits and staff training, and comply with our legal obligations.
We will not use your health information for any purpose unrelated to your care without your express consent, except where required or permitted by law.
Disclosure of Your Information
We treat your personal information as strictly private and confidential. We may share it with other health professionals involved in your care, Medicare and health insurers for billing purposes, our administrative and IT staff under confidentiality obligations, and government bodies, courts, or regulators where required by law.
In a genuine medical emergency, we may share your information with treating medical professionals without waiting for your consent where we believe it is in your best interests.
We will only transfer your records to a new provider upon receipt of your written authority and payment of any applicable administrative fee. We will not sell or trade your personal information to third parties.
8. My Health Record
Where we access the My Health Record system, we will do so in accordance with the My Health Records Act 2012 (Cth) and all applicable rules and policies. For more information visit: www.digitalhealth.gov.au
9.Storage and Security
We take reasonable steps to protect your personal information from misuse, loss, and unauthorised access. Your information is stored electronically in a secure, encrypted service maintained by Australian-based IT professionals. All data is kept in Australia, backed up regularly, and paper copies are securely destroyed once digitised. We review our privacy and risk management practices annually.
No data transfer over the internet is 100% secure. Any information you transmit to us online or via email is transmitted at your own risk. We do not collect personal information through our website unless you contact us directly, in which case your information will be handled in accordance with this policy.
10. Retaining and Destroying Your Information
We retain medical records in accordance with applicable laws — generally a minimum of seven (7) years for adults, or until age 25 for patients who were minors at the time of treatment, whichever is later. Records are destroyed securely when no longer required.
11. Access and Correction
You have the right to request access to or correction of your personal information. Please put your request in writing using the contact details in clause 14. We will respond within 30 days. A reasonable fee may apply for copies of records. We may decline access in limited circumstances permitted by law and will always provide written reasons if we do so.
12 .Data Breach Notification
If an eligible data breach occurs, we will promptly assess and contain the breach and, where required under the Notifiable Data Breaches scheme under the Privacy Act, notify you and the Office of the Australian Information Commissioner (‘OAIC’). If you suspect a breach involving your information, please notify us immediately using the contact details in clause 14.
13. Complaints
If you have a privacy concern, please contact us in writing using the details in clause 14. You may do so anonymously, though this may limit our ability to respond fully. We will acknowledge your complaint within five (5) Business Days and aim to resolve it within 30 days.
If you are not satisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)
Telephone: 1300 363 992 | Website: www.oaic.gov.au
You may also contact the Privacy Commissioner in your State or Territory.
14. Contact Us
Privacy Officer
Coastal Respiratory & Sleep Specialists
Suite 503, 42 Inland Drive, Tugun QLD 4224
Telephone: (07) 5638 1259
Email: info@coastalrss.com.au
15. Policy Review
We regularly review this Privacy Policy to ensure it remains current and compliant. Any changes will be reflected on our website and significant changes may be communicated directly to patients. We encourage you to review this policy periodically.
Last Updated: 20.03.2026