隐私政策

1. Overview

Brilliant Minds Clinic (“we”, “our”, “us”) is committed to protecting the privacy and confidentiality of personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy outlines how we collect, use, disclose, store, and protect your personal and health information, and your rights under the law.

2. Scope

This policy applies to all personal information we collect from:

Patients (current, former, prospective) and their guardians

Parents or guardians involved in child/adolescent assessments or treatment

Referring professionals (e.g., teachers, GPs)

Our staff, contractors, and job applicants

Personal information may include sensitive information, including health data, medical history, diagnosis, and treatment details.

3. What Information We Collect & How
(a) Types of Information

We may collect the following:

Identifying details: name, date of birth, gender, contact details

Health information: medical history, developmental history, psychological assessments, diagnosis, treatment plans

Educational / school information: teacher reports, school attendance, learning progress

Family/social history: living situation, guardianship, cultural background

Billing, payment, insurance or funding information (e.g. NDIS / Medicare)

(b) How We Collect

We collect information:

Directly from you (during intake, assessments, appointments)

From parents, guardians, teachers, or other professionals with your consent

From records or referrals provided by other health or education services, with consent when required

We will only collect personal/sensitive information that is reasonably necessary for the purposes of providing assessment or therapy services, or other legitimate clinic operations.

4. Purpose of Collection, Use & Disclosure

We use and disclose personal information only for purposes which are:

Directly related to the primary purpose for which the information was collected (e.g. assessment, diagnosis, therapy, reporting)

Required or authorised by law

With your consent

Examples of our use / disclosure include:

Providing psychological services and assessments

Sharing relevant information with schools, funding bodies (e.g. NDIS), or other health professionals involved in your care, with your consent

Billing and administrative purposes

Quality assurance, audit or accreditation activities

We will not use or disclose your personal/health information for unrelated secondary purposes without your explicit consent, unless required by law.

5. Storage & Security

We take reasonable steps to protect your personal and health information from misuse, loss, unauthorised access, modification or disclosure by:

Secure storage (locked cabinets for paper records; encrypted digital storage)

Using access controls (passwords, permissions, secure networks)

Staff training on privacy and confidentiality obligations

Regular review of our information security measures

When information is no longer required for its primary purpose or as required by law, we will securely destroy or de-identify it.

6. Access, Correction & Patient Rights

You have the right to:

Access personal and health information we hold about you

Request correction of information that is inaccurate, out of date, incomplete or misleading

Make complaints about our handling of your personal information

To make an access or correction request, or to raise a privacy concern, please contact our Privacy Officer (see Section 8). We will respond in writing within a reasonable timeframe (normally within 30 days) unless legislation requires otherwise.

7. Data Breach Response

We maintain a Data Breach Response Plan. If a breach occurs which is likely to result in unauthorised access, use or disclosure of personal information that poses a real risk of serious harm, we will:

Contain and assess the breach

Notify affected individuals when required

Cooperate with the OAIC and follow their guidance on breach notification

Take steps to reduce the risk of similar breaches in future

8. Privacy Officer & Accountability

We appoint a Privacy Officer responsible for:

Ensuring compliance with this policy, the Privacy Act, and APPs

Staff training and oversight

Responding to access, correction, and privacy complaints

Managing data breach incidents

In the absence of a dedicated Privacy Officer, the Director of Brilliant Minds Clinic assumes these responsibilities.

9. Complaints Process

If you believe this policy has been breached or you have concerns about the handling of your information, please:

Email or write to our Privacy Officer, providing as much detail as possible (nature of the concern, date, persons involved).

We will investigate and respond in writing usually within 30 days of receiving your complaint.

If you are not satisfied with our resolution, you may contact the Office of the Australian Information Commissioner (OAIC) via their website or telephone (1300 363 992).

10. Overseas Disclosure

If we need to disclose your personal or health information to an entity located outside Australia, we will:

Take reasonable steps to ensure the overseas recipient handles the information in a way that is consistent with the APPs

Inform you (if required) and obtain consent where appropriate

11. Updates to Policy

We will review and update this Privacy Policy:

At least annually, or more frequently if required by changes in law or clinic practice

When substantial changes are made to how we handle personal information

We will notify you of material changes by updating this policy on our website and making hard copies available upon request.

12. Contact Information

If you have any questions, wish to access your personal information, correct it, or make a complaint, please contact:

Privacy Officer
Brilliant Minds Clinic
Address: 30 Lyndhurst Cres, Box Hill North VIC 3129
Phone: 0411 891 829
Email: yafeipsych@gmail.com

References & Legal Basis

Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) are the legislative basis. 


OAIC’s Guide to Health Privacy provides guidance specific to health service providers on collection, use/disclosure, access, correction, breach notifications, etc.