Privacy Policy – Fortitude Physio

Effective Date: 01/07/2025
Last Reviewed: 30/06/2025
Applies to: All physiotherapy services provided at Fortitude Physio – Ivanhoe

1. Our Commitment to Privacy

At Fortitude Physio, we are committed to protecting your personal and health information. We manage your information in accordance with:

  • The Health Records Act 2001 (Vic)

  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) (where applicable)

  • Our professional obligations under the Australian Health Practitioner Regulation Agency (AHPRA) and the Australian Physiotherapy Association (APA)

This policy explains how we collect, use, store, disclose, and protect your personal and health information.

2. What Information We Collect

We collect only the information necessary to provide you with safe and effective physiotherapy services. This may include:

  • Name, address, phone number, and email

  • Date of birth, gender, Medicare, DVA, or insurer identifiers

  • Medical history, referral letters, imaging and test results, treatment notes

  • Payment and billing information

  • Appointment history and attendance records

3. How We Collect Information

We collect information:

  • Directly from you (in person, via phone, email, online booking, or forms)

  • From referring doctors or other health providers

  • From documentation such as imaging reports or insurance forms

  • From insurers, employers, or care coordinators—with your consent

4. Why We Collect Your Information

Your information is collected to:

  • Deliver personalised and clinically appropriate physiotherapy care

  • Communicate with your healthcare team

  • Process payments and communicate with funders (e.g. TAC, WorkSafe, NDIS, DVA)

  • Fulfil legal, regulatory, or contractual obligations

  • Improve and monitor the quality of our services

5. How We Store and Protect Your Information

We take reasonable steps to protect your personal and health information from loss, misuse, unauthorised access, modification, or disclosure.

Our safeguards include:

  • Encrypted practice management systems (Nookal)

  • Role-based access and password protection

  • Staff training on privacy obligations

  • Regular internal reviews of data handling processes

6. Disclosure of Information

We will only disclose your information:

  • With your express or implied consent

  • To other health professionals involved in your care

  • To insurers or funders (e.g. TAC, WorkSafe, NDIS) when authorised

  • Where legally required (e.g. court order, subpoena)

  • If necessary to prevent a serious threat to health or safety

We do not share your information for marketing or unrelated third-party use.

7. Handling of Emails and Electronic Communication

While we take care to verify recipients and ensure accuracy of all electronic communication, email transmission involves inherent privacy risks.

If you prefer to receive documents by secure portal, encrypted file, or hard copy, please let us know.

8. Data Breaches and Incident Response

In the event of a privacy incident, such as a misdirected email or unauthorised access, we will:

  • Contain and assess the breach promptly

  • Notify affected individuals if there is a risk of harm

  • Seek guidance from our insurer and relevant authorities

  • Implement improved safeguards where needed

  • Log the incident for review and accountability

9. Overseas Data Disclosure

Some of our technology providers (e.g. cloud-based practice management software) may store data on servers located outside Australia. We take reasonable steps to ensure these providers uphold privacy standards consistent with Australian law.

10. Accessing or Correcting Your Information

You have the right to request access to your health information or ask us to correct inaccurate or incomplete records.

Please make your request in writing. We will respond within 30 days.

11. Making a Privacy Complaint

If you believe your privacy has been breached:

  1. Please contact us first so we can address your concern:
    Tim Wolff – Practice Director
    Email: tim@fortitude.physio
    Phone: 0414647520

  2. If unresolved, you may contact:
    Health Complaints Commissioner (Victoria)https://hcc.vic.gov.au
    or
    Office of the Australian Information Commissioner (OAIC)https://www.oaic.gov.au

12. Consent

By attending our clinic and engaging our services, you consent to the collection, use, and disclosure of your personal and health information as outlined in this policy. You may withdraw your consent at any time by contacting us in writing.

13. Policy Updates

We may update this policy periodically to reflect legal changes or improvements in our practice. The most current version will always be available on our website or upon request.