Privacy Policy

The purpose of this policy is to set out how Brellah Holdings Group (including Brellah Pty Ltd ABN 28 629 913 882 and Movement HQ Pty Ltd ABN 40 618 084 610) collects and manages your personal information (including but not limited to patient health information).

Brellah Holdings Pty Ltd is committed to ensuring the privacy and confidentiality of personal information it collects. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

Personal information we may collect about you

Patients

If you are a patient, the personal information we collect about you may include: information about your medical history, test results, family medical history, ethnic background, Medicare, health fund and insurance details, billing/account details, current lifestyle, next of kin, emergency contact and other information that may be relevant to your diagnoses, treatment or healthcare. We may also collect information about your interactions with us, including your responses to patient surveys relating to service improvement. We may take photographs or audio-visual recordings of you in a clinical context in connection with your treatment or healthcare. We will only collect information about your health, or other sensitive information about you (including taking photographs or audio-visual recordings of you), if we have your consent to do so or if it is otherwise permitted by law.

Referring clinicians and other healthcare professionals

If you are a referring clinician or other healthcare professional who is involved in treating our patients, the personal information we collect about you may include your name, contact details, professional details (including qualifications) and information regarding your interactions or work with us.

Gym Members

If you are a gym member we will need to collect your billing/account details, your health and fitness profile, current lifestyle, emergency contact and any relevant current and past injuries. We may also collect information about your interactions with us, including your responses to member surveys relating to service improvement. We may take photographs or audio-visual recordings of you in a fitness content. We will only collect information about you (including taking photographs or audio-visual recordings of you), if we have your consent to do so or if it is otherwise permitted by law.

Others

We may also collect personal information about other members of the public, including visitors and families and medical professionals. The types of personal information we may collect about these individuals includes their name, contact details, identification information, and any relationship they may have to a patient or member.

How we collect your personal information

Where practicable, we will collect your personal information directly from you, but we may sometimes also collect information from third parties, including family members, referring clinicians and other healthcare professionals and service provider organisations. We will only collect health information from a third party if you have consented or where we are otherwise permitted by law to do so, such as in a medical emergency. We may also operate video surveillance systems at our facilities for the purposes of maintaining the safety of our staff, patients and other persons visiting our premises. This may (though not always) involve the collection of some personal information.

Why we collect and how we use your personal information

We collect and use personal information for the following purposes:

  • Providing our healthcare and fitness services;
  • Performing activities that are reasonably incidental to our ordinary course operations, such as:
    • administration functions, including scheduling appointments and billing; and
    • education, training, quality assurance and other analytical activities to evaluate and improve our patient management processes, patient outcomes, and broader healthcare and healthcare delivery;
  • Dealing with enquiries, complaints and legal proceedings;
  • Complying with our legal obligations, including in relation to statutory and public health reporting requirements, such as mandatory reporting of child abuse or the notification of diagnosis of certain communicable diseases;
  • Sending marketing and other communications to referring clinicians and other healthcare professionals, such as clinical updates, information about our services, events, and other news relevant to them or their practice; and
Other purposes with your consent.

Research and product development

In addition to the above, we may also use your information in de-identified form for the purposes of research and product development activities. For example, this may include the development of new diagnostic tools and products, treatment methods and pathways. As we only use de-identified information for these purposes, you will not be identified as part of any of these activities.

Occasionally we may receive requests from external researchers who wish to conduct research using information in identifiable form. Any such researchers must follow strict ethical guidelines, including by asking for your consent to be part of their research. We will not share any identifiable information for research purposes without your consent.

When we share your information

We may need to disclose your information for one or more of the purposes described above. For example, depending on the circumstances, we may need to disclose your information to:

  • Referring clinicians and other healthcare professionals, such as pathologists, radiologists, allied health professionals, pharmacists, in relation to the provision of healthcare services to you;
  • Government agencies, where we provide health services to you under a contract with that agency and are required to provide the information under the relevant contract;
  • Private hospitals and other private healthcare providers, where we provide health services to you under a contract with that provider and are required to provide the information under the relevant contract;
  • Your close relatives, close friends, and personal representatives who are legally responsible for your healthcare decisions (though we will not do this if you tell us not to);
  • Your lawyers and insurance companies that have been authorised by you to obtain personal information from us;
  • Government authorities where we are required to do so by law or in response to an order issued by a court or tribunal, such as where we are required to produce records in relation to court proceedings;
  • Medical defence organisations, insurers, medical experts or lawyers who work for us and help us to deal with enquiries, complaints and legal proceedings;
  • External service providers and advisors who help us run our business, including software vendors and service providers who help run our IT systems

My Health Records

If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if the access permissions you have set allow this. When requested to do so, we may disclose your personal information by uploading your health information electronically to the My Health Record system.

If you do not want us to access personal information stored in your My Health Record, or to upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.

How we hold and protect personal information

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of service providers who provide data storage, hosting and cloud computing services. In all cases we implement a range of measures to protect the security of that personal information. Please note that any information that you send to us by electronic means may not be secure in transit unless it is encrypted. We are not responsible for the security of your information before it comes into our possession.

Brellah Centres are subject to a range of rules relating to the periods for which health information and records must be retained.  We must generally retain health information about an individual:

  • for at least 7 years from the last occasion on which we provided a health service to the individual
  • if we collected the information when the individual was 18 years old or older; or at least until the individual turns 25
  • if we collected the information when the individual was less than 18 years old.

How you can access or seek correction of your personal information

You may request access to any personal information we hold about you by contacting our Privacy Officer using the contact details set out below.

Please also let us know if your personal details change (for example, your name or contact details), or if you notice errors or discrepancies in information we hold about you. You may do this at your next appointment with us or by contacting our Privacy Officer using the contact details set out below.

We may ask you to verify your identity when you make an access or correction request. There may also be circumstances in which we will not be able to comply with your request. In these cases, we will provide reasons for why we can’t comply and will explain what other options may be available to you.

Our websites

If you visit any of our websites, we may record various technical information such as your IP address, browser type, domain names, access times and referring website addresses. We use this information to run our websites and for analytical purposes.

Our websites may use cookies to help identify and interact more effectively with the access device you are using. A cookie is a text file that is placed on a user’s device by a web page server. Cookies cannot be used to run programs or deliver viruses to your device. The cookies we use help us to maintain the continuity of your browsing sessions and remember your details and preferences for when you return.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites.

We may use Google services such as Google Analytics to analyse usage of our websites from time to time. For more about how Google collects and processes data, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/.

What you should do if you have any privacy issues and complaints

If you have any concerns about how we handle your personal information, or you wish to make a complaint on the basis that we have breached the Australian Privacy Principles prescribed by the Privacy Act 1988 (Cth), please contact us so we can investigate it. You will need to send us a written complaint (see details on how to contact us below).

We will endeavour to respond to your complaint within a reasonable time after it is made.

If we are unable to resolve your complaint, we will escalate the issue to the relevant Area or State Manager for review and resolution.

Our contact details

You can contact our Privacy Officer in the following ways:

Email [email protected]
Telephone (02) 9122 0888
Post Suite 3, Building 8, No. 49 Frenchs Forest East, Frenchs Forest NSW 2086
Attention: Privacy Officer

Privacy Policy Last Updated: 18 November 2020

We may change this privacy policy from time to time.  A current version of our privacy policy will be available at our centres and will commence from the date it is made available.