Privacy Policy

  1. Summary

Dermatology North Sydney’s Privacy Policy (Policy) complies with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This Policy clearly sets out the data collection, use and disclosure practices of Dermatology North Sydney (DNS).

This Policy was last reviewed on 14 October 2025.

  1. Policy Statement

Dermatology North Sydney (DNS, we, us, our) is committed to protecting the privacy of individuals (you, your). DNS complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and the Health Records and Information Privacy Act 2002 (NSW).

  1. Purpose of this Policy

DNS is committed to protecting the privacy of the personal and sensitive information it collects. This Policy outlines how DNS collects, uses, discloses and stores personal information and explains:

the kinds of information that DNS may collect and how it is held;

how DNS collects and holds personal information;

the purposes for which DNS collects, holds, uses and discloses personal information;

how you can access or correct your personal information; and

how to make a complaint about a potential privacy breach and how DNS will handle that complaint.

  1. Definitions

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

Sensitive information includes personal information or opinions about an individual’s:

racial or ethnic origins;

political opinions or associations;

religious or philosophical beliefs;

sexual preferences or practices;

criminal record;

photographs; or

health information.

Health information includes:

details about an individual’s physical or mental health or disability;

an individual’s express wishes about future health services; and

information collected in the course of providing health services.

  1. Responsibilities

All staff at DNS are responsible for ensuring compliance with this Policy.

  1. Collection and Use of Personal Information

DNS collects information that is necessary to provide healthcare services or to manage the business operations of the practice. This includes:

Patients/clients: Information to facilitate healthcare delivery, including name, address, medical history, treatment history, photographs and other relevant health details.

VMOs, students, contractors and volunteers: Information required for managing and overseeing business operations, including qualifications and employment history.

Referring doctors: Information to maintain professional communication and coordination of care.

Job applicants: Information necessary to assess suitability for employment.

If you voluntarily provide sensitive information, you consent to its collection and use in accordance with this Policy.

If you choose not to provide required information, DNS may not be able to deliver services to the desired standard or at all.

6.1 How We Collect Personal Information

Personal information is primarily collected directly from you, including in person, by phone, online, or via forms and photographs. DNS may also collect information from other healthcare providers, past employers or referees, where you consent or as permitted by law.

6.2 How DNS Uses Personal Information

DNS uses personal information for its primary purpose of collection, including:

Providing healthcare services;

Managing and maintaining patient records;

Conducting quality assurance and compliance activities;

Billing and administration; and

Training and research (where appropriate consent is obtained).

Information may also be used for directly related secondary purposes that a person would reasonably expect, or where permitted or required by law.

6.3 Disclosure of Personal Information

DNS may disclose personal information to:

Healthcare professionals involved in your care;

Government agencies and health departments;

Third-party contractors assisting with practice management or accreditation;

Research institutions (with consent);

Medicare Australia, private health insurers or the Department of Veterans’ Affairs;

Other parties where authorised or required by law.

  1. Third-Party Service Providers

DNS may engage third-party providers to assist in the delivery of services. These parties are required to handle personal information in accordance with Australian privacy laws and contractual obligations ensuring confidentiality, security, and use solely for authorised purposes.

Where data is processed or stored overseas, DNS takes all reasonable steps to ensure that equivalent privacy protections are in place.

  1. Data Storage, Quality, Security and Retention

DNS takes reasonable steps to ensure all personal information is accurate, secure, and up to date. Information is stored securely in electronic and/or hard-copy formats with appropriate physical, administrative and technical safeguards.

Data quality: DNS strives to maintain accuracy and completeness of all records.

Storage and security: Access to data is restricted to authorised personnel.

Online security: While DNS maintains strong safeguards, no internet transfer is 100% secure.

Data retention: Personal information is retained for as long as necessary for its purpose or as required by law, after which it is securely destroyed or de-identified.

  1. Use of Cookies

DNS uses cookies to improve the functionality and performance of its website. Users may disable cookies via browser settings; however, some features of the website may not function as intended without them.

  1. Links to Other Sites

Our website may contain links to external sites not operated by DNS. We are not responsible for their content or privacy practices and encourage you to review the privacy policies of any linked websites.

  1. Accessing and Amending Your Personal Information

You have the right to request access to, or correction of, your personal information. DNS may require verification of identity before granting access. Access may be limited where permitted by law.

  1. Contact and Complaints

If you wish to make an enquiry or lodge a complaint regarding privacy, please contact:

Dermatology North Sydney

Phone: (02) 8376 0050 (ask for the Practice Manager)

Email: clinic@dermatologynorthsydney.com.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au

 

  1. Artificial Intelligence (AI) Policy – Use of Heidi AI

Dermatology North Sydney utilises Heidi AI, an artificial intelligence–based transcription support tool, to assist clinicians in accurately documenting patient consultations.

DNS ensures that any use of AI technology aligns with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and this Privacy Policy.

Specifically:

Purpose: Heidi AI is used exclusively for real-time transcription of consultation notes to improve accuracy and efficiency.

Data Protection: Heidi AI does not store, record, or retain any patient data. All information transcribed remains anonymous within the Heidi AI system.

Patient Anonymity: No identifiable patient information (such as name, date of birth, or contact details) is entered into or stored by Heidi AI.

Record Management: Doctors review and copy the transcribed notes into each patient’s secure medical file within Genie, DNS’s encrypted and compliant clinical management software.

Security and Compliance: Heidi AI operates within strict security frameworks and does not have access to DNS’s patient databases or files.

Human Oversight: All transcriptions are verified and edited by DNS clinicians before being included in the patient’s permanent record.

The use of this tool is designed to enhance documentation accuracy without compromising patient confidentiality