Privacy Statement

Fullarton Clinic is a private Psychiatric Hospital established by Luminar Health, focused on delivering Psychiatric and Addiction Recovery services. We are committed to maintaining the highest standards of patient privacy, confidentiality, and data security.

Fullarton Clinic complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other relevant legislation governing the handling of personal information by private healthcare providers. Fullarton Clinic complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other relevant legislation governing the handling of personal information by private healthcare providers.

This policy explains how we collect, use, disclose, secure, and manage personal and health information for the patients who access our services.

Personal Information

Personal information refers to any data that identifies an individual or enables identification. This includes:

• Details related to private or family life (e.g., name, signature, email address, date of birth).
• Employment-related information (e.g., job title, workplace, salary).
• Opinions or commentary about an individual (e.g., references, professional assessments, browsing preferences).

This information may be communicated verbally, stored electronically, documented in records, or presented on hospital signage.

Throughout this policy, references to "personal information" include both sensitive information and health information.

Sensitive Information

Some personal information is classified as sensitive information, which requires additional protections. This includes data on:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Sexual orientation
• Criminal history

Health Information

Health information is a subset of sensitive information and includes details about an individual’s medical history, psychological health, and treatment records. This information is subject to special protections under the Privacy Act 1988 (Cth) and Health Records Act 2001 (VIC).

Personal Information Collection

Fullarton Clinic collects only the personal information necessary for the performance of its functions or the provision of services to patients and employees. Individuals may request access to their personal information at any time

The type of information collected depends on who the individual is and their relationship with the hospital. Information is collected from:

• Patients admitted to the hospital
• Health service providers (e.g., other hospitals, pharmacy, pathology)
• Next of kin, guardians, emergency contacts, significant others
• Persons responsible for paying the account (Health Funds, TAC, DVA, WorkCover, etc.)
• Job applicants

Information Types

The following types of information may be collected.

• Contact details (name, address, phone number, email, next of kin).
• Demographic data (gender, date of birth, marital status, occupation, religion, country of birth, Indigenous status).
• Health information (medical history, social history, medications, imaging and pathology results, diagnosis, treatment plans).
• Financial and billing details (credit card information, Medicare or concession card numbers, health fund membership details).
• Employment records (job applications, background checks, work history).

Anonymity

Individuals have the option of dealing with the hospital anonymously; however, this will limit the services that Fullarton Clinic can provide if it is impractical for us to deal with you in such an unidentified manner. All admissions to the hospital require the use of the individual’s legal name.

Use of Personal Information

Fullarton Clinic uses personal information only for its primary intended purpose, which includes:

• Patient identification and verification.
• Medical treatment and care coordination among doctors, nurses, and allied health professionals.
• Ongoing healthcare management, including follow-ups with external providers.
• Administrative functions, such as admissions, discharges, and billing to the funding organisations.
• Mandatory or statutory reporting, as required by law.
• Compliance with government agencies, such as Medicare, WorkCover, TAC, and DVA.
• Emergency medical treatment, when an individual is unable to provide consent.
• Hospital performance monitoring, including patient experience surveys.
• Quality assurance and accreditation processes.
• Legal and indemnity matters, including insurance reporting and litigation.
• Research and public health reporting, using de-identified statistical data.
• Staff recruitment and job application processing.
• Legal and regulatory compliance under Australian law.

We do not use personal information for secondary purposes without explicit patient consent. Any unrelated activities, such as marketing, fundraising, or promotional campaigns, require individual approval before participation.

Personal Information Disclosure

Fullarton Clinic may disclose personal information to:

• Healthcare providers involved in patient care (e.g., pathology labs, pharmacies).
• Health insurers and financial entities for payment processing.
• Medical students and trainees, unless an individual has opted out.
• Responsible persons, such as parents, spouses, or guardians, where necessary.
• Regulatory bodies, in compliance with legal obligations.
• Legal representatives and insurers, in cases involving liability claims.

Consent is obtained before sharing personal information, unless disclosure is legally required or necessary for patient safety.

International Data Transfers

In some cases, Fullarton Clinic may need to transfer personal information to entities in other states or countries. Any international transfer is conducted in accordance with Australian privacy laws, and information is not sent interstate or overseas without the patient’s written consent.

Security and Data Protection

Fullarton Clinic maintains strict safeguards to protect personal information from misuse, loss, or unauthorised access. Security measures include:

• Confidentiality agreements for all staff handling patient data.
• Secure document storage in restricted access areas.
• Electronic security protocols, including individual logins and password protections.
• Privacy policies governing data access.

Medical records are retained for at least 7 years, in line with legal obligations, before being securely destroyed.

Data Accuracy and Updates

Fullarton Clinic takes reasonable steps to ensure all collected data is accurate, complete, and up to date.

Patients are encouraged to notify the Privacy Officer of any incorrect information. If a correction request is denied, the hospital will provide a written explanation and outline further options.

Information Access

Individuals may request access to their personal or health information by mail or email.

Access requests may incur fees, as outlined in the Privacy Act 1988 (Cth) and Health Records Act 2001 (VIC).

If access is denied, individuals will receive a written response explaining the decision and outlining available options for further action.

Data Breaches

Fullarton Clinic is committed to protecting personal and health information from unauthorised access, loss, misuse, or disclosure. In the event of a data breach, we follow a structured response plan in compliance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

If a data breach occurs, Fullarton Clinic will:

1. Identify and Contain – Immediately assess and take steps to contain the breach to prevent further unauthorised access or disclosure.
2. Evaluate the Impact – Determine the nature and scope of the breach, assess the risks, and identify affected individuals.
3. Notify Affected Individuals – If the breach is likely to result in serious harm, we will notify impacted individuals as soon as practicable and provide guidance on protective measures.
4. Report to Regulatory Authorities – If required, we will notify the Office of the Australian Information Commissioner (OAIC) and any relevant regulatory bodies.
5. Implement Remedial Actions – Investigate the cause of the breach, strengthen security controls, and take corrective measures to prevent future incidents.

For concerns regarding data security or breaches, individuals may contact the Privacy Officer via mail or email using the button below

Complaints

Individuals who believe their privacy rights have been violated may submit a formal complaint to the Privacy Officer.

Complaints can be lodged via email or mail, and will be acknowledged in writing within seven days. A formal response will be provided within a reasonable timeframe.

If unsatisfied with the hospital’s response, individuals may escalate their complaint to the Office of the Australian Information Commissioner (OAIC):

• By Mail: GPO Box 5218, Sydney NSW 2001
• Email: enquiries@oaic.gov.au
• Phone: 1300 363 992
• Website: www.oaic.gov.au

Contact Details for Corrections, Information Access or Complaints

Individuals can contact Fullarton Clinic via mail:

Fullarton Clinic, 8 Fullarton Drive, Epping, VIC 3076 OR email