Privacy Policy.

At Western Exercise Physiology, we are committed to protecting your personal and health information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This Privacy Policy outlines how we collect, use, store, and disclose your personal information.

1. What Information We Collect

We may collect the following personal and sensitive information:

  • Full name, date of birth, gender

  • Contact details (address, phone, email)

  • Medicare, DVA, and private health insurance details

  • Emergency contact information

  • Medical history, treatment plans, referral letters, and clinical notes

  • Reports from other health professionals

  • Appointment and communication history

  • Payment and billing information

  • Information collected during telehealth consultations

  • Information submitted or received via Heidi

2. How We Collect Your Information

We may collect personal information in the following ways:

  • Directly from you (in person, by phone, email, or online)

  • Through telehealth consultations (via secure video platforms)

  • Via the Heidi platform (used for appointment management, secure messaging, and administrative tasks)

  • From your GP, specialist, or other healthcare providers

  • From third-party health services (e.g., pathology or imaging providers)

We will always aim to collect information directly from you unless it is unreasonable or impracticable to do so.

3. Why We Collect Your Information

We collect personal and health information to:

  • Provide allied health services, including assessments and tailored treatment plans

  • Deliver telehealth consultations when in-person visits are not possible or preferred

  • Manage appointments, referrals, and clinical documentation via Heidi

  • Communicate with you regarding your treatment and care

  • Collaborate with other healthcare providers involved in your treatment

  • Process billing, payments, Medicare, and health insurance claims

  • Meet legal and regulatory requirements

4. Telehealth Services

Western Exercise Physiology provides telehealth consultations using secure, encrypted video platforms. During these sessions, personal and health information may be discussed and documented. All telehealth sessions are conducted in private settings to protect your confidentiality.

By using our telehealth services, you consent to the collection and handling of your information in this manner.

5. Use of the Heidi Platform

We use Heidi, a secure digital health platform, to assist with:

  • Managing bookings and appointments

  • Sending and receiving secure messages

  • Handling digital intake forms and clinical notes

  • Storing limited health and administrative data in a secure, encrypted environment

Heidi complies with Australian privacy and data security standards, and all data shared via the platform is protected using encryption and secure authentication protocols.

6. How We Store and Protect Your Information

We take reasonable steps to ensure your personal information is stored securely, whether in paper records, electronic files, or via platforms like Heidi. We protect your data through:

  • Secure electronic systems

  • Encryption of data in transit and at rest

  • Role-based access restrictions for staff

  • Regular backups and IT security protocols

Only authorised personnel have access to your information, and all staff are bound by confidentiality obligations.

7. Disclosure of Your Information

We may disclose your information to:

  • Your referring GP or other treating health professionals

  • Medicare, health funds, compensation bodies (e.g., WorkCover)

  • Technology service providers such as Heidi, who assist us in securely managing health information

  • Regulatory authorities when legally required

We do not disclose your personal information to overseas recipients unless required by law or with your explicit consent.

8. Access and Correction

You have the right to request access to or correction of your personal information. To do so, please contact us in writing. We may need to verify your identity before releasing any information.

If we are unable to provide access, we will explain why in writing.

9. Complaints

If you believe your privacy has been breached, please contact us directly so we can address your concerns promptly.

10. Changes to This Policy

This Privacy Policy may be updated periodically. The latest version will always be available on our website or upon request at our clinic.