Privacy Policy

1. Purpose and Commitment

Fulcrum Massage is committed to protecting the privacy, dignity and confidentiality of all personal information collected when providing allied health services in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, store, disclose and manage personal and sensitive information.

 

2. What Personal Information Do We Collect?

Health information is classified as sensitive information under Australian law and receives additional protection. We may collect personal and sensitive information including:

  • Name, address, email and telephone number

  • Date of birth and gender

  • Occupation and emergency contact details

  • Medical history and relevant health information

  • GP and specialist referral information

  • Assessment findings, treatment notes and progress reports

  • Exercise programs and functional assessments

  • Funding information (My Aged Care or private health insurance)

  • Billing and payment information

3. How We Collect Information

We collect information directly from you through consultations, intake forms, phone calls, emails, website enquiries and booking systems.
With your consent, we may also collect relevant information from your GP, specialist, funding body or other allied health provider.

 

4. Why We Collect Information

We collect and use information to:
– Provide Remedial Massage Therapy and Movement Services
– Develop individualised treatment plans
– Communicate with your GP or health professionals (with consent)
– Process My Aged Care and private health insurance claims
– Meet clinical documentation and legal requirements
– Improve service delivery and clinical outcomes
– Manage appointments and administrative processes
– Send service updates or newsletters where consent has been provided

5. Storage of Information and Overseas Disclosure

We use MyAppointments™ (MA) to collect information and manage appointments. MA has secure servers located in Australia and managed by Amazon Web Services, Inc. MA third party service providers are in Australia and the United States and may store your personal information outside of Australia. Personal information is encrypted when it is transmitted over the internet.

MA take all reasonable steps to protect personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. MA are certified as being compliant with HIPAA and ISO/IEC 27001:2013

 

6. Data Security

We do not sell personal information. We take reasonable administrative, physical and technical measures to protect information from misuse, loss, unauthorised access, modification or disclosure. Security measures include two-factor authentication, password protection, restricted system access, secure practice management software and confidentiality obligations for staff. In the event of an eligible data breach, we will comply with the Notifiable Data Breaches Scheme notifying the affected individuals.

 

7. Retention of Records

We retain health records in accordance with Australian legal requirements. Adult records are generally retained for a minimum of seven (7) years from the last consultation. For clients under 18 years of age, records are retained until age 25. Records are securely destroyed when no longer required.

 

8. Your Rights

You have the right to request access to your personal information and request correction of inaccurate information. You may withdraw consent for certain uses of your information, subject to legal or clinical obligations. Requests must be made in writing and proof of identity may be required.

 

9. Disclosure of Information

We may disclose your information where necessary to:
– Your GP or referring practitioner (with consent)
– My Aged Care or other funding bodies
– Medicare or the Department of Veterans’ Affairs
– Private health insurers
– Secure IT and cloud storage providers
– Accountants, legal advisers or regulators where required by law