top of page

Privacy Policy

At Timeless Healthcare, we are committed to protecting the privacy and confidentiality of our patients' personal and health information that we collect, use and disclose in the course of providing physiotherapy services. This privacy and confidentiality document outlines our policies and procedures for handling patient information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW) (HRIPA). This policy also sets out how we manage the personal information we collect, use and disclose, and how individuals can access and correct their personal information, as well as how to make a complaint about a breach of the Australian Privacy Principles (APP).


Privacy provisions of the Privacy Act 1988 govern the collection, storage and sharing of personal information provided to TIMELESS HEALTHCARE by clients, staff, and stakeholders. Confidentiality applies to the relationship of confidence. 

Confidentiality ensures that information is accessible only to those authorised to have access and is protected throughout its lifecycle. Confidential information may be marked as such or deemed confidential by its nature; for example, it is information that is not available in the public domain. 

Consent means ‘expressed consent or implied consent’. The four key elements of consent are: 

  1. The client is adequately informed before giving their consent; 

  2. The client gives consent voluntarily; 

  3. The consent is current and specific

  4. The client has the capacity to understand and communicate their consent

Expressed Consent is given orally or through writing.

Implied Consent refers to a person indicating their agreement through their actions or by cooperating with the health professional’s instructions. Implied consent is adequate for minor or routine procedures and is not required to be documented in the clients record. 

Health Information is all identifying “personal information collected to provide a health service. In the Australian Privacy Principles (APP’s) ‘Health information’ comes under the definition of ‘sensitive information. Individual means any person such as a client, staff member, stakeholder or a member of the public. 

Organisational information includes publicly available, and some confidential, information about organisations. Organisational information is not covered in the Privacy Act 1988, but some organisational information may be deemed confidential. 

Personal information means information or an opinion (including information or an opinion forming part of a database) about an individual (Office of the Federal Privacy Commissioner, 2001). It may include information such as names, addresses, bank account details and health conditions and interventions. The use of personal information is guided by the Federal Privacy Act 1988. The public domain in relation to confidentiality is “common knowledge”; that is, information that can be accessed by the general public. Solicited and Unsolicited Personal Information is all personal information received by an APP entity is either solicited or unsolicited personal information. Section 6(1) defines ‘solicit’ but does not define ‘unsolicited’. Therefore, personal information reviewed by an entity that does not fall within the definition of ‘solicited’ is ‘unsolicited’ personal information.

Collection of Personal Information

We may collect personal information about individuals, including but not limited to their name, contact details, date of birth, health information, and information about their physiotherapy treatment, to provide our services. This information may be collected in person, via telephone, email, or through our website.

Use and Disclosure of Personal Information

We use and disclose personal information only for the purposes for which it was collected, unless the patient has consented to a secondary purpose, or we are permitted or required by law to use or disclose the information.  Personal information may be used and disclosed to provide physiotherapy services, to communicate with individuals regarding their treatment, to manage and improve our services, and for billing and administrative purposes.

All staff are to have an appropriate level of understanding about how to meet the organisation’s legal and ethical obligations to ensure privacy and confidentiality

The purposes for which we may use and disclose personal information include:

  1. Providing healthcare services to patients

  2. Managing and administering our business

  3. Billing and account management

  4. Compliance with legal and regulatory requirements

  5. Quality assurance and clinical audit activities

  6. Communicating with patients and their healthcare providers

  7. For the purpose of actioning a referral including sharing personal information with Timeless Healthcare and other healthcare providers 

  8. Administrative activities, including human resources management 

  9. Sector development activities including external governing bodies such as e.g. My Aged Care, NDIS 

  10. Community development activities including case study presentations and provision to training to staff

We may disclose personal information to third-party service providers who assist us in providing healthcare services and managing our business, such as billing and IT services. We will take reasonable steps to ensure that third-party service providers are bound by confidentiality and privacy obligations that are consistent with this privacy and confidentiality document. We may also use and disclose personal information for other purposes with the individual's consent, or as required or authorised by law.

When collecting health and personal information, Timeless healthcare provides handouts which allow access to privacy and confidentiality policy. This includes information such as:

  1. The purpose for collecting information

  2. How information will be used 

  3. Assess if an interpreter or family member is required for cultural reasons before proceeding to collect information from Aboriginal and Torres Strait Islander clients 

  4. To whom (if anyone) information may be transferred and under what circumstances information will be transferred 

  5. Limits to privacy of personal information 

  6. How a client can access or amend their health information 

  7. How a client can make a complaint about the use of their personal information

Security of Personal Information

We take reasonable steps to protect personal information from unauthorised access, use, and disclosure. We maintain physical, electronic, and procedural safeguards that comply with industry standards to ensure the security and integrity of patient information.

Timeless Healthcare will take steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include reasonable physical, technical and administrative security safeguards for electronic and hard copy or paper records as identified below: 

  1. Reasonable physical safeguards include:

  1. Locking filing cabinets and unattended storage areas

  2. Physically securing the areas in which the personal information is stored 

  3. Not storing personal information in public areas 

  4. Positioning computer terminals and fax machines so that they cannot be seen or accessed by unauthorised people or members of the public 

  1. Reasonable technical safeguards include: 

  1. Using passwords to restrict computer access, and requiring regular changes to passwords 

  2. Establishing different access levels so that not all staff can view all information 

  3. Ensuring information is transferred securely where possible or where not possible ensuring that appropriate safeguard measures have been taken 

  4. Installing virus protections and firewalls 

  5. Training to ensure staff are competent in this area.

Patients have the right to access their personal information held by us, subject to certain exceptions under the APPs and HRIPA. If patients wish to access their personal information, they can make a request in writing to our administration team. We will respond to the request within a reasonable timeframe and provide access to the information in the manner requested unless it is unreasonable or impracticable to do so.


All staff agree to adhere to the Timeless Healthcare’s Code of Conduct when commencing employment. The Code of Conduct outlines the responsibilities to the organisation related to the use of information obtained through their employment. If Staff members are deemed to have breached privacy and confidentiality standards set out in this policy, they may be subject to disciplinary action.

Access to and Correction of Personal Information

Individuals have the right to access their personal information that we hold, and to request its correction if they believe it to be inaccurate, incomplete, or out of date. Requests for access or correction should be made in writing to the administration team at our contact details provided below. 


If a client or stakeholder is dissatisfied with the privacy and confidentiality conduct of a Timeless Healthcare, a complaint should be raised in accordance with the Compliments, Complaints and Feedback Policy and Procedure directed at a Director. We will investigate the complaint and respond to the individual as soon as possible.


Contact our Timeless Healthcare office by email: or by phone: 0434 929 639.

bottom of page