Your Privacy at Queen Street Medical Centre
Current as of 1 May 2026
Who can I contact about this policy?
When and why is your consent necessary?
It is important to us that as our patient, you understand why we collect and use your personal information.
By acknowledging this Privacy Policy you consent to us collecting, holding, using, retaining and disclosing your personal information in the manners described below.
Why do we collect, use, store, and share your personal information?
What personal information is collected?
- Names, date of birth, addresses, contact details
- Medical information including medical history, medicines, allergies, adverse reactions, immunisations, social history, family history, and risk factors
- Medicare number (where available) for identification and claiming purposes
- Healthcare identifiers
- Health fund and government services (Centrelink) details
Can you deal with us anonymously?
How is personal information collected?
When you make your first appointment, the practice team will collect your personal and demographic information via your registration.
We may also collect your personal information when you visit our website, send us an email or SMS, telephone us or make an online appointment.
In some circumstances, personal information may also be collected from other sources, including:
- Your guardian or responsible person.
- Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services.
- Your health fund, Medicare, Centrelink concessions, or the Department of Veterans’ Affairs (if relevant).
- While providing medical services, further personal information may be collected via:
- electronic prescribing
- My Health Record
- online appointments.
- CCTV footage: Collected from our premises for security and safety purpose
- Photos and medical images: These can be taken using personal devices for medical purposes, following the guidelines outlined in our guide on using personal devices for medical images.
- with third parties for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles (APPs) and this policy
- with other healthcare providers (e.g. In referral letters)
- when it is required or authorised by law (e.g. court subpoenas)
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for the purpose of confidential dispute resolution process
- when it is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
- when it is provision of medical services, through electronic prescribing, My Health Record (e.g. via Shared Health Summary, Event Summary).
We do not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Will your information be used for marketing purposes?
How is your information used to improve services?
We may provide de-identified data to other organisations to improve population health outcomes. If we provide this information to other organisations, patients cannot be identified from the information we share, the information is secure and is stored within Australia. You can let reception staff know if you do not want your de-identified information included.
At times, general practices are approached by research teams to recruit eligible patients into specific studies which require access to identifiable information. You may be approached by a member of our practice team to participate in research. Researchers will not approach you directly without your express consent having been provided to the practice. If you provide consent, you will then receive specific information on the research project and how your personal health information will be used, at which point you can decide to participate or not participate in the research project.
How are document automation technologies used?
The practice uses document automation technologies to create documents such as referrals, which are sent to other healthcare providers. These documents contain only your relevant medical information.
These document automation technologies are used through secure medical software Best Practice.
All users of the medical software have their own unique user credentials and is password protected and can only access information that is relevant to their role in the practice team.
The practice complies with the Australian privacy legislation and APPs to protect your information.
All data, both electronic and paper are stored and managed in accordance with the Royal Australian College of General Practitioners Privacy and managing health information guidance.
How are Artificial Intelligence (AI) Scribes used?
- does/does not share information outside of Australia.
- destroys/stores the audio file once the transcription is complete.
- removes/retains sensitive, personal identifying information as part of the transcription.
How is your personal information stored and protected?
The practice stores all personal information securely, and because of the nature of information collected and stored by us to provide our services, extra precautions are taken to ensure the security of the information. Our systems and electronic files are password protected on several levels, and the computer backup tapes are stored securely offsite. Access to various parts of the medical record is not available to all employees, and access is granted on a need’s basis.
We require all our employees and contractors to observe obligations of confidentiality in the course of their employment and contract process. We require independent contractors and staff to sign a confidentiality agreement.
Personal information is stored securely in practice's electronic systems and protected using multiple layers of security controls designed to safeguard the confidentiality, integrity, and availability of data. Access to clinical and administrative systems is restricted to authorised staff based on their role and operational requirements, and systems are protected through secure passwords that are required to be changed every 60 days, user access controls, firewalls, antivirus protection, and regular software updates.
Critical IT infrastructure, including servers, networking equipment, and backup systems, are housed within a secure server room on the premises, with restricted physical access limited to authorised personnel only. Backup data is securely maintained to support business continuity and disaster recovery processes.
Our practice has CCTV cameras installed on the premises for security and safety purposes only. Cameras are installed inside the building, excluding consult and treatment rooms, and externally at both front and rear entrances, as well as the rear carpark. Access to the recordings is strictly limited to authorised persons only. In the event of an emergency or security incident, we will provide necessary recordings to the relevant authorities.
How can you access and correct your personal information at the practice?
- Disclosure of health information may result in physical harm or mental harm to you or any other person
- The information may impact on the privacy of other individuals
- Information relates to existing or anticipated legal proceedings
If you are requesting a transfer of your medical records to another practice, you will be advised by the new practice to fill out a request form for “transfer of medical records”. You will need to ensure you sign this and return it to the new practice. You will also need to contact our practice, as there will be an administration fee payable prior to the release, to cover the transfer of your medical records.
The practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. Sometimes, we will ask you to verify your personal information held by the practice is correct and current. This is necessary to ensure we have the correct patient file. It is important we have the most up to date contact information, especially in the event we need to contact you or your emergency contact, in a timely matter or in an emergency. You may request we correct or update your information at any time. To do this please contact reception via phone on 02 4474 2222.
How can you lodge a privacy-related complaint, and how will the complaint be handled at the practice?
If you would like to discuss any privacy-related complaints, please contact the surgery on 02 4474 2222 and ask to speak with the practice manager Shelley Pritchett, or our practice principal and privacy officer Dr Neil Starmer. Alternatively, you could send an email to admin@queenstreetmedical.com.au, or letter to 45-49 Queen Street Medical, NSW 2537, with attention practice manager or privacy officer.
We will endeavour to address any concerns as soon as possible. Please contact the practice if you have not heard anything in the following week.
If you do not feel we have resolved your issue, you may also contact the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner will require you to give them time to respond before they investigate. For further information visit www.oaic.gov.au or call the OAIC (Office of the Australian Information Commissioner) on 1300 363 992. Alternatively, you may wish to contact the Health Care Complaints Commission HCCC on 1800 043 159 Monday to Friday 9am – 5pm or visit their website.
How is privacy on the website maintained? At Queen Street Medical Centre, any personal information you share with us through the website and email, is handled securely and confidentially. This practice uses analytics and cookies.
Policy review statement
- They will be reflected on the website.
- Significant changes may be communicated directly to patients via email or other means.



