top of page
Untitled (4)_edited.jpg

​Effective Date 31-09-2025

Independent Practitioners 

Flinders Health and Wellness Clinic operates as a multidisciplinary environment where independent health practitioners provide services to patients. Each practitioner is responsible for their own clinical decision-making, professional indemnity insurance, and compliance with AHPRA registration requirements and professional standards.

The clinic maintains operational oversight of the practice environment, however, clinical treatment decisions remain the responsibility of the practitioner. Patients may direct clinical feedback concerns to the individual practitioner or the clinic, and matters will be managed in accordance with applicable professional and regulatory obligations. 

Privacy Policy

Flinders Osteo Privacy Policy


1. Flinders Osteo Clinic is committed to protecting the privacy of our patients and complying with the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). This policy outlines how we collect, use, store, and disclose personal and health information.


2. Collection of Personal and Health Information:
We collect personal and health information necessary to provide osteopathic services, including:

  • Full name, date of birth, contact details, emergency contact, address, email address, pronouns

  • Medical history, health conditions, treatment records

  • Medicare, private health insurance details, and payment information

We collect this information directly from you or from third parties with your consent (e.g., referring doctors or allied health professionals). We can receive this information via email/ fax/ phone/ face to face and via your online forms. We may additionally access online radiology information as required. The data can be stored: electronically using the Cliniko software, physitrack, via harddrive and via password protected digital computer files. Note this information can be via yourself, referring Health Professionals, others involved in your care team as well as persons responsible for you.

Some third-party software providers used by the clinic may store data on secure servers located outside of Australia. We take reasonable steps to ensure providers comply with Australian privacy obligations and appropriate security standards. 


3. Use of Information
Your personal and health information is used for:

  • Providing osteopathic care and treatment

  • Managing appointments and patient records

  • Billing and processing payments

  • Compliance with legal and regulatory obligations

  • Communication with other healthcare providers when necessary for your treatment

  • Ensuring your safety for yourself

  • REQUEST FOR TREATMENT USING PSEUDONYM: Where it is practicable by law, you are able to request to be treated using a pseudonym – this can be in situations where patient may be in protection due to safety or other circumstances.

4. Storage and Security
We take all reasonable steps to protect your personal and health information from unauthorized access, modification, or disclosure. This includes:

  • Secure digital and physical storage systems – we utilise secure cloud storage, encrypted database and hold physical information in a locked cabinet. Where access is on a physical computer/ ipad, we use password protection on the device or face-id with all files pertaining to private information.

  • Restricted access to sensitive data – information is shared on a ‘need to know basis’ where possible when your health situation changes and this will impact on provision of care.

  • Ongoing professional development on privacy data.

  • Where patients have provided consent, we may use Heidi or note taking services to ensure our records document all relevant information – this is only used to provide additional consult information. 

  • We implement appropriate technical and organisational security measures to protect personal health information from unauthorised access, modification, disclosure, or loss. 

  • Policy relating to cyberattack: In the event of a cyber attack or data breach, we will:

    • Identify and contain the breach to prevent further compromise

    • Assess the risk and impact on affected individuals

    • Notify affected individuals, the Office of the Australian Information Commissioner (OAIC), and the Australian Health Practitioner Regulation Agency (AHPRA) if required

    • Implement measures to mitigate further risks and strengthen cybersecurity protections

    • Conduct a post-incident review to enhance data security protocols

5. Disclosure of Information
We will not share your personal information except where required or permitted by law, or with your consent, including:

  • To other healthcare professionals involved in your care this may include: your General Practitioner, Specialists, other Health Providers as well as gathering information such as radiology reports/ MyHealthRecord or other clinically relevant information. In situations where you have provided either written or verbal consent we can obtain verbal/ written communication from previous practitioners where clinically required.

  • To Medicare, private health insurers, and billing agencies

  • When legally required (e.g., court orders, public health obligations) –

    • Such as for a missing persons, to

    • Lessen or prevent a serious threat to a patient’s life, health or safety or a serious threat to public health or safety

    • Where the information is needed for legal proceedings

  • DISCLOSURE OF INFORMATION TO OVERSEAS PRACTITIONER:

    • Should you request your information to be sent to a provide over-seas, we require signed consent to be provided from the patient. This can be either via paper form, otherwise a digital form with signature can be provided. In these cases we will then share the information with the patient – who can share with their provider unless an explicit request is made with confirmed information provided. This then will be provided under a password protected format (typically with use of the patients D.O.B). Should there be any access issues, the receiving provider must notify us in reference to being unable to receive. Where information is transferred to overseas providers, we take reasonable steps to ensure secure transmission; however, once transferred, handling of the information by the receiving provider is governed by their applicable jurisdiction and privacy practices. 

6. Right to access and correction: You have the right to seek access to and correction of the personal information we hold about you. We will require an authority to release information signed by yourself, we then will respond to your request within 30 days. To make a request please contact: Brooke Stevenson at info@flindersosteoclinic.com.au.
requests will be processed within a reasonable timeframe in accordance with privacy legislation. 
If you think that the information we hold about you is not correct, let us know in writing. We will take reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time to time, we may also ask you to verify that the information we hold about you is correct and current, we typically will use a Medical History Update Form.  


7. Retention and Disposal of Records: Health records are retained for the period required by law (minimum seven years for adults and until age 25 for minors) and securely disposed of when no longer needed. We will periodically provided a ‘medical history update’ form, when situations arise where your health conditions may have changed, you have not attended for an extended period.

8. Digital Communication and Informal Enquiries: The clinic may receive personal or health information via email, website forms, SMS, or other electronic communication platforms. While reasonable steps are taken to protect information transmitted in these channels, electronic communication may not be completely secure. 

Information provided through information communication does not constitute clinical assessment, diagnosis, or treatment advice unless provided as a part of a scheduled consultation. 

Patients are encouraged not to transmit sensitive health information via unsecured platforms where possible. Where clinically relevant, it may be incorporated  into your clinical record in accordance with our documentation obligations. 


9. Complaints and Concerns: If you have concerns about how we handle your personal information, you may contact directly at info@flindersosteoclinic.com.au


10. Updates to this Policy
This policy may be updated periodically. Any changes will be published on our website or made available at our clinic.


Contact Us
For further information, please contact:
Brooke Stevenson, Osteopath
Shop 3/ 48 Cook Street, Flinders VIC 3929
0403 759 943, info@flindersosteoclinic.com.au

Privacy Policy

bottom of page