Privacy Policy

 

Paediatric Potentials Occupational Therapy ("we", "us", "our") is committed to providing quality services to you and your family, and to protecting your privacy. This policy outlines our ongoing obligations to you in respect of how we manage your Personal Information, including how we use software, technology and artificial intelligence (AI) tools in delivering and administering our services.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. As a provider of health services, we also handle health information in accordance with our obligations under applicable health privacy laws.

A copy of the Australian Privacy Principles may be obtained from the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include names, addresses, email addresses, and phone numbers, as well as information about a child and their family relevant to providing occupational therapy services.

This Personal Information is obtained in many ways, including through questionnaires, therapy sessions, assessments, interviews, correspondence, by telephone, by email, via our website www.paediatricpotentials.com.au, from other publicly available sources, and from third parties such as referrers, schools and other treating practitioners. We do not guarantee the content or privacy practices of websites or third parties we link to.

We collect your Personal Information for the primary purpose of providing our services to you, and for related administration and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing or marketing lists at any time by contacting us in writing.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or an opinion about such things as an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a professional or trade body, criminal record, or health information. Most of our clients are children, and the information we hold about them is health information, which is a type of sensitive information that we treat with particular care.

Sensitive information will be used by us only:

  • for the primary purpose for which it was obtained;

  • for a secondary purpose that is directly related to the primary purpose;

  • with your consent; or where required or authorised by law.

How we collect your Personal Information

Where reasonable and practicable to do so, we will collect your Personal Information only from you (or, where our client is a child, from their parent or legal guardian). However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Use of artificial intelligence (AI) tools

We use a range of software and technology tools to deliver and administer our services. Some of these tools - whether provided by third parties or developed internally - include artificial intelligence (AI) features, such as automated transcription, summarisation, drafting, scheduling, categorisation and analysis. Where we use AI tools that involve Personal Information, the APPs apply, and we are committed to the following safeguards:

  • De-identification. We do not input identifiable client Personal Information (including a child’s name or other identifying details) into AI tools. Where AI is used to assist with tasks such as drafting or summarising, information is de-identified beforehand so that the individual cannot reasonably be identified from the information provided to the tool.

  • Purpose limitation. We only use AI tools for purposes connected with delivering, administering and improving our services, consistent with this policy.

  • Human oversight. AI outputs are reviewed by a qualified member of our team before they are relied upon or added to your records. AI is not used to make clinical or other significant decisions about you or your child.

  • No training of third-party models on your information. We take reasonable steps to use AI tools in a way that does not permit your information to be used to train or improve a third party’s AI models, including by selecting tools and settings that prevent such use.

  • Vendor due diligence and security. Before adopting a third-party tool with AI features, we take reasonable steps to assess how the provider collects, uses, stores and secures information, including whether information is stored or processed overseas.

  • Internally developed tools. Where we develop our own AI-assisted tools, we apply a "privacy by design" approach, including de-identifying information used to build, test or operate those tools and restricting access to authorised personnel.

This section is intended to apply to AI tools generally, including new tools we may adopt in future. We will update this policy as our use of technology evolves.

Automated decision-making

We do not use computer programs to make decisions that have a legal, or similarly significant, effect on you without human involvement. If we introduce any such automated decision-making in future, we will update this policy to explain the kinds of Personal Information used and the nature of those decisions, consistent with our obligations under the Privacy Act.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances, including the following:

  • to service providers and contractors - including software, IT, AI and cloud-hosting providers - who assist us to deliver and administer our services, and who are required to handle your information consistently with this policy and the Privacy Act;

  • to third parties where you consent to the use or disclosure; and

  • where required or authorised by law.

Overseas disclosure

Some of our service providers - including cloud-hosting and software providers - may store or process information on servers located outside Australia. Where we disclose Personal Information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information in a way that is consistent with the APPs. As noted above, information is de-identified before it is processed by AI tools.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse, interference and loss, and from unauthorised access, modification or disclosure. We take reasonable technical and organisational measures to protect your Personal Information, including access controls, secure storage, and due diligence on the providers and tools we use.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify it. However, most Personal Information is, or will be, stored in client files, which we are required to retain for a minimum period. Where our client is a child, we generally retain clinical records until the child reaches 25 years of age, or for 7 years after our last contact, whichever is later, consistent with recommended practice for health records.

Data breaches

If we experience a data breach that is likely to result in serious harm to any individual whose information we hold, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the OAIC where required.

Children’s privacy

Most of our clients are children. Where our client is a child, we collect and handle their Personal Information with the involvement and consent of a parent or legal guardian, except where otherwise permitted or required by law. A child’s information is sensitive health information and we treat it with particular care - including in our use of AI tools, as described above.

Access to your Personal Information

You may access the Personal Information we hold about you, and ask us to update or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

We will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. In order to protect your Personal Information, we may require identification from you before releasing the requested information.

Maintaining the quality of your Personal Information

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we hold is not up to date or is inaccurate, please advise us as soon as practicable so that we can update our records and continue to provide quality services to you.

Policy updates

This policy may change from time to time and the current version is available on our website. We encourage you to review it periodically.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

 

By Post:         Level 5/57 Sanders Street, Upper Mount Gravatt, QLD, 4122

By Email:       reception@paediatricpotentials.com.au