Privacy Policy

WA Menopause Clinic Privacy Policy

Entity: United Health Australia Pty Ltd
ABN: 73 641 046 675
Trading As: WA Menopause Clinic
Effective Date: November 10, 2024
Reviewed / Updated: October 2025

United Health Australia Pty Ltd (“we”, “our”, “us”) is the legal entity responsible for the collection, use, and management of all personal and health information associated with WA Menopause Clinic.

We are committed to protecting your privacy and managing your personal information responsibly in accordance with:

The Privacy Act 1988 (Cth)
The Privacy Amendment (Enhancing Privacy Protection) Act 2012
The Australian Privacy Principles (APPs)
The Privacy and Other Legislation Amendment Act 2024 (Cth)
The RACGP Standards for General Practices
The AHPRA Code of Conduct and relevant State legislation

This policy outlines how we collect, store, use, disclose, and protect your information.

1. Collection of Information

We collect information necessary for medical care, administration, and compliance. This includes:

Identifying information (name, address, contact details, date of birth)
Health information (medical history, symptoms, test results, treatments, allergies, family history)
Payment and Medicare details
Information provided by other healthcare providers or diagnostic services
Consultation records, including notes, photos, or videos where clinically necessary

Information may be collected:

Directly from you (in person, by phone, online, or through digital forms)
From other healthcare providers or institutions (with your consent or as legally required)
Automatically via secure integrations between our systems

All information is stored securely in electronic and/or physical form within Australia.

2. Use of Best Practice Software

We use Best Practice practice management software to maintain our clinical and administrative records.
This system is:

Hosted on our own secure server, physically located in Australia
Compliant with RACGP data security standards and the Australian Privacy Principles
Protected by encryption, multi-factor authentication, and controlled access

United Health Australia Pty Ltd retains full ownership and custodianship of all data stored in Best Practice.
Best Practice Software Pty Ltd acts only as a data processor under our instruction and does not own, sell, or share patient data.

Backups and data storage are performed in line with RACGP and AHPRA guidelines for clinical record retention and disaster recovery.

3. Integration with AutoMed Systems

Our practice integrates with AutoMed Systems to support secure online bookings, patient reminders, recalls, consent forms, and digital check-ins.

Data Handling: AutoMed processes limited information such as patient names, contact details, and appointment data to provide these services.
Ownership: AutoMed does not own or control your personal information. United Health Australia Pty Ltd remains the sole data custodian.
Security: AutoMed uses end-to-end encryption, bank-grade security, and Australian-based data storage.
Legal Compliance: AutoMed adheres to the Australian Privacy Principles (APPs) and acts as a data processor only.
Third-Party Policy: For details, see AutoMed Systems Privacy Policy.

We have a written data processing agreement with AutoMed requiring:

Confidentiality, integrity, and availability of patient data
No transfer or sale of patient data
Immediate cooperation in the event of a data breach
Compliance with all obligations under the Privacy Act and APPs

4. Use of Heidi AI for Transcription

We utilise Heidi AI, an AI-powered medical scribe, to transcribe consultation notes.

Heidi AI complies with the Australian Privacy Principles.
Data is encrypted end-to-end and processed securely.
Transcriptions are de-identified wherever possible before AI processing.
Only authorised staff have access to clinical notes generated by Heidi AI.
Heidi AI acts solely as a data processor; United Health Australia Pty Ltd remains the data controller.

For details, see the Heidi AI Privacy Policy.

5. Recording of Notes, Videos, and Photos

During consultations or procedures, we may record notes, photographs, or videos for medical documentation.
These are stored within Best Practice and/or Halaxy, encrypted, and accessible only to authorised staff.
All data is backed up and retained according to RACGP and AHPRA retention guidelines.

6. Use and Disclosure of Information

Your information is used only for purposes directly related to your medical care and lawful practice operations, including:

Clinical assessment, diagnosis, and treatment
Sharing with specialists or other healthcare providers involved in your care
Billing and administrative processes (e.g. Medicare, insurers)
Compliance with professional, legal, or accreditation requirements

Disclosure occurs only when:

You have provided explicit or implied consent
Required by law (e.g. public health reporting, court order)
Necessary to prevent a serious threat to life, health, or safety

We do not sell or rent your information to any third party.

7. Data Quality, Retention, and Security

We take reasonable steps to ensure your personal information is accurate, complete, and up to date.
Security measures include:

256-bit encryption for all electronic records
Password-protected systems and access controls
Secure Australian data centres
Locked physical record storage
Multi-factor authentication for all staff access
Regular system audits and compliance reviews

Records are retained as required by law and destroyed securely when no longer needed.

8. Access and Correction

You may request access to your medical record in writing.
We will respond within a reasonable timeframe.
A small administrative fee may apply for processing or copying costs.

If we deny access (for example, due to legal constraints or safety risks), we will provide a written explanation.
If any information is inaccurate, please contact us to request correction.

9. Complaints and Breach Notification

If you believe your privacy has been breached, please contact our Privacy Officer in writing.
We will acknowledge receipt within 7 business days and investigate promptly.

Privacy Officer
United Health Australia Pty Ltd (ABN 73 641 046 675)
📧 contact@wamenopauseclinic.com.au

📞 (08) 6336 0129
📍 WA Menopause Clinic

If you are dissatisfied with our response, you may contact:
Office of the Australian Information Commissioner (OAIC)
📞 1300 363 992
🌐 www.oaic.gov.au

In accordance with the Notifiable Data Breaches (NDB) Scheme, we will notify both affected individuals and the OAIC if a data breach likely to cause serious harm occurs.

10. Overseas Data Transfer

Your information is stored within Australia and will not be transferred overseas without your consent or unless required by law.
If overseas processing becomes necessary, we will ensure compliance with APP 8 and obtain your consent.

11. Automated Decision-Making Transparency

Where artificial intelligence or automated systems assist in administrative or transcription processes, such as Heidi AI, we maintain human oversight.
All clinical decisions remain under the professional judgment of a qualified healthcare practitioner.

12. Updates to This Policy

This policy may be updated from time to time to reflect changes in law, technology, or practice operations.
The most current version will always be available on our websites and in-clinic.

Legal Statement

This Privacy Policy constitutes the current and binding privacy statement of United Health Australia Pty Ltd (ABN 73 641 046 675), trading as WA Menopause Clinic, made pursuant to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
By receiving medical services from us, you acknowledge and consent to the terms of this policy as they apply to your personal and health information.

United Health Australia Pty Ltd — Corporate Privacy Policy (Version 1.0, Effective November 2024)

Reviewed annually or as required by law.