This page describes the privacy policy of Adaptive Change Psychology (ABN: 89 152 968 735) (“Adaptive Change Psychology”, “we”, “us”) for protecting the privacy of personal information we collect about you, including through our website, located at www.adaptivechange.com.au as well as through the provision of psychological services or directly from you.

The psychological service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, we may not be in a position to provide the psychological service to you. In some circumstances, you may request to be anonymous or to use a pseudonym, unless it is impracticable for Adaptive Change Psychology to deal with you or if we are required or authorised by law to deal with identified individuals.

Client information

The types of personal information we collect may include:

• Name, date of birth, address(es), contact numbers, email address and other contact details;

• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;

• Details of other health service providers involved in your care and copies of any referral letters and/or medical reports and test results;

• Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent);

• Medicare number, healthcare identifiers and health fund details;

• Financial payment details (such as your credit card number);

• Other information disclosed by you, if relevant when providing our services directly to you (such as your relationships with other persons, employment information and qualifications, gender, race, sexuality or religion); and

• Information or opinion (including our clinical treatment notes) about our client’s health and expressed wishes about future care. Client files are held in an encrypted, cloud-based storage and online booking system with medical grade security which is only accessible to your psychologist and authorised personnel. The information on each file includes personal information such as name, address, contact phone numbers, medical history, and other personal information collected as part of providing the psychological service.

Purpose of holding personal information

A client’s personal information is gathered and used for the purpose of providing psychological services, which includes assessing, diagnosing and treating a client’s presenting issue. The personal information is retained in order to document what happens during sessions and enables the psychologist to provide a relevant and informed psychological service.

We collect, hold, use and disclose client’s personal information as is reasonably necessary for us to provide our health services, including for the following purposes:

• to contact and communicate with clients;

• for the purpose of providing psychological services to clients, which include assessing, diagnosing and treating;

• accessing and transfer of electronic client records;

• when communicating with other healthcare providers involved in your care;

• to liaise with Medicare, your health fund, insurer or government department;

• to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;

• when it is necessary to lessen or prevent a serious threat to your life, health or safety or public health or safety or when it is impractical to obtain your consent;

• to handle a complaint or respond to anticipated or existing legal action;

• when required for administrative and internal record keeping for a minimum of 7 years after our last contact (or if the client is under 18, until they turn 25);

• for statistical purposes; and

• as required by law.

Disclosure of personal information

All personal information gathered during the provision of services will remain confidential except when:

• it is subpoenaed by a court, or disclosure is otherwise required or authorised by law; or

• failure to disclose the information would, in the reasonable belief of the psychologist,) place a client or another person at serious risk to life, health or safety; or

• the client’s, or consent of a parent or guardian who is legally authorised to act on their behalf, prior approval has been obtained to:

a) provide a written report to another agency or professional, e.g., a GP or a lawyer; or

b) discuss the material with another person, e.g. a parent, employer, health provider, or third-party funder; or

c) clinical consultation with another professional is required to provide better clinical services (identifying details will remain confidential); or

d) disclose the information in another way; or

e) disclose to another professional or agency (e.g., your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected.

A client's personal information is not disclosed to overseas recipients unless the client consents or such disclosure is otherwise required by law. Clients' personal information will not be used, sold, rented or disclosed for any other purpose.

In the event that unauthorised access, disclosure, or loss of a client’s personal information occurs the psychologist will activate a data breach plan and use all reasonable endeavours to minimise any risk of consequential serious harm.

Requests for access and correction to client information

At any stage a client may request to see and correct the personal information about them kept on file. The psychologist may discuss the contents with them and/or give them a copy, subject to the exceptions in the Privacy Act 1988 (Cth). If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. All requests by clients for access to or correction of personal information held about them should be lodged with your treating psychologist. These requests will be responded to in writing within 21 days, and an appointment will be made if necessary for clarification purposes.

Maintaining the security of personal information 

We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:

• our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;

• we limit access to personal information to a “need-to-know” basis;

• we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;

• our devices are protected by cryptographic keys and are stored in secure premises;

• data is securely stored on cloud servers;

• our email data is encrypted;

• all hard copies of personal information are kept in secure storage with access by authorised personnel only;

• all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and

• if we no longer need personal information, we take reasonable steps to delete or de-identify the information.

If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify that client as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.

Concerns

 If clients have a concern about the management of their personal information, they should contact Adaptive Change Psychology. The Australian Privacy Principles describe client’s rights and how their personal information should be handled.

If a client is unsatisfied with our response, they may lodge a formal complaint about the use of, disclosure of, or access to, their personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at https://www.oaic.gov.au/privacy/privacy-complaints/ or by post to:

Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001