Privacy Policy

Privacy policy for the handling of personal information

This document describes the privacy policy of Nelson Bay Allied Health for the management of your personal information. The psychological service you receive is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 and the Health Records and Information Privacy Act 2002 (NSW). It is also informed by the requirements of the Psychology Board of Australia’s Code of Conduct for Psychologists (2025) and is guided by the Australian Psychological Society Professional practice guidelines.

Personal information

Your information is stored securely and accessed only by your psychologist and the authorised staff of the practice, as required. Your information is stored using secure electronic and paper filing systems that adhere to Australian Privacy laws, ensuring all personal records are protected from unauthorised access or misuse. 

The information collected includes your personal details such as name, address and contact phone numbers, Medicare and health fund details. As part of providing a psychological service, such as a psychological assessment or treatment, we will also need to collect and record other personal information that is relevant to your current situation. This includes keeping a record of what happens during sessions, any psychological tests you complete, and any information received from others, such as your GP, lawyer or insurance company.  

How your personal information is collected

There are a number of ways your personal information is collected, including when: 

  • You provide information directly to your psychologist in your session and in writing such as letters, email or text messages.
  • You interact directly with Nelson Bay Allied Health employees such as administration staff.
  • Other health practitioners, such as your GP, provide personal information to Nelson Bay Allied Health, through referrals, correspondence and medical reports.
  • We receive personal information from other sources, such as lawyers, employers or insurance companies through correspondence or reports. 

If you have concerns that the information recorded is not correct, please discuss your concerns with our administration staff or your psychologist.   

Purpose of holding personal information

Your personal information is gathered and used for the purpose of providing a psychological service to you. Your personal information is retained in order to document what happens during sessions and enables your psychologist to provide a relevant and informed psychological service to you. This information and record keeping is a necessary part of the services provided and guides treatment.

Consequence of not providing personal information

Psychologists are required to keep clear and accurate client records as part of their professional obligations.

If you do not wish for your personal information to be collected, we may not be able to provide the psychological service to you. Please discuss any concerns you have with your psychologist.

Confidentiality of information

Personal information gathered by your psychologist will remain confidential except for certain circumstances. In most cases, any sharing of information will only occur with your consent.

Our practice asks for your consent to share information when:

  • Sharing information with a family member, guardian or carer.
  • Discussing with others, such as your GP, employer, or any agencies which may be paying for your attendance.
  • Providing a written report regarding your assessment or treatment to another professional or agency, such as your GP, lawyer or insurance company.
  • For disclosing the information in any other way not referenced in this document.

Psychologists are required to consult and receive supervision from colleagues from time to time. If your information is shared in this context, all care is taken to deidentify your information in such a way that you remain anonymous.

Exceptions to confidentiality

There are times when your psychologist may release your information without obtaining your consent such as:

  • When a court requires information by issuing a subpoena, or providing information is otherwise required or authorised by law.
  • When it is required because the psychologist must make a mandatory report on a concern.
  • When the psychologist discloses information because they believe you or someone else is at risk of serious harm.

Requests for access and correction to client information  

At any stage, you can request to access and correct your personal information kept on file. There may be some exceptions that impact your ability to access the information, which are outlined in the relevant legislation.  

If you would like to access your information, please discuss it with us or you can request in writing. All written requests for access to information will be responded to in writing within  30 days per the Privacy Act and an appointment will be made if necessary for clarification purposes.  

Your psychologist may discuss the contents with you and/or give you a copy, subject to the exceptions in the Privacy Act 1988 (Cth).  

If your psychologist is satisfied that your personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. All requests by you for access to or correction of personal information held about you should be lodged with your psychologist or our administration staff.  

Data breach policy

In the event that any unauthorised access, disclosure or loss of your personal information occurs Nelson Bay Allied Health will activate its data breach plan and use all reasonable endeavours to minimise any risk of consequential serious harm. 

Storage and protection of  personal information

We prioritise the security of your personal  information.  Paper files are secured in access-controlled cabinets within secure premises.  Electronic files are stored securely on protected information systems. Only your treating practitioner will access your personal information. Administrative staff will have access limited to the information necessary to perform their administrative duties. Confidentiality agreements form part of the employment contract for our employees.

Retention of health information

A private sector person who is a health service provider must retain health information relating to an individual as follows:

  • In the case of health information collected while the individual was an adult – for 7 years from the last occasion on which health service was provided to the individual by the health service provider,
  • In the case of health information collected while the individual was under the age of 18 years – until the individual has attained the age of 25 years. 
  • When records are no longer required, they will be securely destroyed in a manner that protects the privacy and confidentiality of the individual, in accordance with applicable privacy legislation and professional standards.

Concerns

If you have a concern about the management of your personal information, you may inform your psychologist or our reception staff. Upon request you can obtain a copy of the Australian Privacy Principles, which describe your rights and how your personal information should be handled.  

Ultimately, if you wish to lodge a formal complaint about the use of, disclosure of, or access to, your personal information, you may do so with the Office of the Australian Information Commissioner:  

Commonwealth Privacy Act (1988) : This federal law applies to all private sector health service providers in Australia.

Health Records and Information Privacy Act 2002 (HRIP Act): This is the primary legislation for health information in NSW.

This privacy policy will be reviewed regularly to ensure ongoing compliance with legal professional requirements.

Reviewed 09/04/2026