Privacy Policy

1. Purpose and Scope

This policy outlines how Nepean Diagnostics manages personal and health information. As a provider of diagnostic imaging services, we are committed to protecting the privacy of our patients in accordance with the Australian Privacy Principles (APPs) and the NSW Health Privacy Principles (HPPs). This policy applies to all patients, staff, and contractors of Nepean Diagnostics.


2. Collection of Personal and Health Information

Nepean Diagnostics collects information that is necessary to provide safe and accurate diagnostic services.


2.1 Types of Information Collected

  • Personal Information: Full name, date of birth, gender, residential address, and contact details.
  • Sensitive Health Information: Clinical history, symptoms, previous imaging/pathology results, allergies, and the images/reports generated by our clinicians.
  • Government Identifiers: Medicare numbers, DVA numbers, and Individual Healthcare Identifiers (IHI).
  • Financial Information: Private health insurance details or credit card information for payment processing.


2.2 Methods of Collection

Information is collected primarily through:

  • Patient registration and consent forms (digital or paper-based).
  • Referral forms provided by your General Practitioner or Specialist.
  • Electronic transfer systems (e.g., Medical Objects, Argus, or HealthLink).
  • Directly from the patient during the clinical consultation or examination.


3. Use and Disclosure of Information

Information is handled in strict accordance with the "Primary Purpose" of providing diagnostic healthcare.


3.1 Primary Use

Your information is used to perform diagnostic scans, interpret results, and provide formal reports to your referring medical practitioner.


3.2 Disclosure to Third Parties

We may disclose your health information to:


  • The Referring Physician: And any other healthcare provider named on your referral.
  • Treating Teams: Hospitals or specialists involved in your immediate ongoing care.
  • Medicare Australia: For the purposes of bulk-billing or verifying eligibility.
  • My Health Record: Reports may be uploaded to the National My Health Record system unless you have exercised your right to "opt-out" at the time of service.


3.3 No Marketing Guarantee

Nepean Diagnostics does not sell or trade patient data to third parties. Your information will never be used for direct marketing purposes without your express, written consent.


4. Data Security and Integrity

Nepean Diagnostics takes all reasonable steps to protect data from misuse, interference, loss, or unauthorized access.


4.1 Digital and Physical Security
  • Encryption: All data transmitted via our Picture Archiving and Communication System (PACS) is encrypted using industry-standard protocols.
  • Access Control: Access to your records is restricted to authorized clinical and administrative staff on a "need-to-know" basis.
  • Data Sovereignty: All digital health information is stored on secure servers located within the jurisdiction of Australia.


4.2 Record Retention

In compliance with the Health Records and Information Privacy Act 2002 (NSW):

  • Adults: Records are retained for a minimum of 7 years from the date of last service.
  • Minors: Records are retained until the patient reaches 25 years of age.


5. Access and Correction

Patients have a legal right to access the health information we hold about them.


5.1 Requesting Access

Requests for images or reports should be directed to the Privacy Officer. While we provide digital access where possible, an administrative fee may apply for the provision of physical media (e.g., USB or film).


5.2 Correcting Information

If you believe your personal information is inaccurate or incomplete, we will take reasonable steps to correct our records within 30 days of a written request.


6. Data Sovereignty and Overseas Disclosure

Nepean Diagnostics stores and processes all personal and health information exclusively within Australia. We do not utilize overseas teleradiology providers or offshore data processing services. All diagnostic reporting is performed by Australian-based practitioners, and all data is hosted on secure servers located within Australian jurisdiction.


7. Notifiable Data Breaches (NDB)

We comply with the Commonwealth NDB Scheme. In the event of a data breach involving personal information that is likely to result in serious harm, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC).


8. Complaints and Contact Information

If you have a complaint regarding your privacy, please contact our Privacy Officer. We aim to resolve all complaints within 30 days.


Privacy Officer | Nepean Diagnostics

  • Address: Suite 1, Ground Floor, Nepean Private Hospital

  1-9 Barber Avenue, Kingswood NSW 2747