We are committed to protecting your personal and health information in accordance with Australian privacy law and the highest standards of professional practice.
Balance and Move Physiotherapy ("we", "us", "our") is committed to protecting the privacy and confidentiality of all personal and health information we collect. We comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and all applicable health records legislation.
This Privacy Policy explains how we collect, use, disclose, and store your information when you engage with our services, visit our website, or contact us.
We collect personal and health information necessary to provide physiotherapy services. This may include:
We use your personal information to:
We will not disclose your personal or health information to third parties without your consent, except where required or permitted by law. Disclosures may occur to:
We will not sell, rent, or trade your personal information to any third party for marketing purposes.
Your information is stored securely using our practice management system (Cliniko), which employs industry-standard encryption, secure Australian-based servers, and strict access controls. Only authorised staff members can access your records.
Paper records, where used, are stored in secure, locked cabinets. We retain health records in accordance with applicable legislative requirements.
You have the right to access and correct the personal information we hold about you. To make a request, please contact our administration team. We will respond within a reasonable timeframe and in accordance with the Australian Privacy Principles.
In some limited circumstances, we may decline access — for example, where providing access would pose a serious threat to the health or safety of another person, or where it would be unlawful to do so. We will explain any such decision in writing.
Our website may use cookies and analytics tools (such as Google Analytics) to understand how visitors interact with our site. This data is collected anonymously and used only to improve the website experience. You may disable cookies through your browser settings.
If you have a concern about how we have handled your personal information, please contact us in the first instance. We take all privacy complaints seriously and will investigate promptly.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
Health service providers covered by the Federal Privacy Act are required to comply with the National Privacy Principles. These principles allow individuals to exercise rights and choices about how their personal and health information is handled in the private health sector. The Act also gives people these rights over personal information held by other private sector organisations.
Health information is defined in both Federal and State Acts as information or opinion about a client regarding such things as wellbeing, disabilities, health services provided or to be provided, and personal information generally. This also includes details such as a person's name, address, account details, Medicare number and health service appointments.
Privacy principles — the Federal Act encompasses National Privacy Principles which govern the management of client health information. The legislation promotes greater openness between health service providers and clients regarding the handling of health information. It gives clients a general right of access to their own health records and requires health service providers to develop a privacy policy that sets out how they manage health information.
In general, a health service provider is required to:
Our practice ensures that clients are informed about why their health information is being collected, who is collecting it, how it will be used, and to whom it may be given. Privacy legislation stipulates that a practice should only collect information that is necessary for the practice's functions or normal activities. The practice uses fair and lawful ways to collect health information and, where reasonable and practicable, collects health information directly from the individual.
The practice takes reasonable steps to help clients understand why information is being collected and who else it might be given to. Collection covers information kept by the practice even where the practice has not asked for the information or has come across it by accident.
Implied consent refers to circumstances where it is reasonable for the health professional to infer that consent has been given by the client. For example, if a client presents to a physiotherapist and discloses health information which is written down during the consultation, this will generally be regarded as the client giving implied consent to the collection of health information for certain purposes.
Express consent refers to consent that is clearly and unmistakably stated (either in writing, orally, or in another fashion where consent is clearly communicated).
Consent to the collection and handling of health information and consent to treatment are two separate authorities provided by the client. During the course of your treatment we may request permission to take photographs. These are used to assist treatment planning, exercise prescription, and to record progress.
Use of health information refers to the handling of client information within the practice. Disclosure refers to the transfer of information outside the practice. A health service provider may use or disclose health information:
Directly related secondary purposes may include: referral to another health provider; billing or debt recovery; reporting an adverse event to an insurer; disclosure to a lawyer for the defence of legal proceedings; quality assurance or clinical audit activities; and other lawful purposes.
The practice should only use and disclose health information for other purposes if the client gives consent or if an exception applies. Exceptions include uses or disclosures required by law; uses or disclosures necessary to manage a threat to someone's life, health or safety; and uses or disclosures for research provided certain conditions are met.
Health professionals in the practice must use or disclose health information if the law requires them to do so. For example, health professionals are required to report child abuse under care and protection laws, and notify the diagnosis of certain communicable diseases under public health laws.
Legal proceedings — if a health professional is served with a subpoena or other Court order requiring the production of documents, they are generally required to supply those documents. If a health professional is concerned about how to proceed, they may seek advice from the Registrar of the relevant Court or Tribunal, or from a lawyer.
Training and education — the use of health information for training and education will usually require the client's consent. Where consent is sought, the individual should have a genuine choice and not be pressured to agree. If the practice uses de-identified health information for training, client consent is not required.
The practice may use or disclose health information without consent for research or statistics relevant to public health or safety, provided that:
If a client wishes to transfer to a physiotherapist in another practice, they can authorise the disclosure of health information from the original practice to the new practice. For medico-legal reasons, our practice retains the original record and provides the new physiotherapist with a summary or copy. A copy of any summary provided should be kept on file for record purposes.
Our practice may charge a reasonable fee for transferring a client's health record to another practice. Client health information transmitted electronically over a public network poses significant privacy risks. Practices should not transfer client information by email unless it is encrypted.
If the original practice declines to transfer the health information, the client may seek access to the information, request a copy and take it to the new practice.
We may use your personal information to send you advertising that is customised or more relevant to your interests, characteristics or general location. This doesn't necessarily mean you will receive more advertising — it means the advertising you see will be more relevant to you. We may advertise by mail, phone, email, text, and online via the internet and in apps.
We will ensure that any marketing emails, texts and letters clearly tell you how to opt out, or you can inform our admin staff directly. You can opt out of receiving online advertising material at any time by clicking the unsubscribe button on digital advertising material.
We are committed to ensuring any information you provide is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable procedures to safeguard and secure the information we collect.
Cookies — a cookie is a small file which asks permission to be placed on your computer's hard drive. Cookies allow web applications to respond to you as an individual by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used and to improve our website. We use this information for statistical analysis only, after which the data is removed from the system. You can choose to accept or decline cookies in your browser settings.
You may restrict the collection or use of your personal information by:
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law.
Our website may contain links to other websites. Balance and Move Physiotherapy is not responsible for the privacy policies or practices of any third party.
For any privacy-related enquiries, access requests, or corrections, please contact: