Privacy Policy

SkinDoc Medical Practice Privacy Policy

Version 2.0 | Last Updated: December 2025

1. Introduction

SkinDoc is committed to best practice in relation to the management of information we collect. This practice has developed this policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (‘the Privacy Act’).

This Privacy Policy applies to all interactions with our practice, including in-person consultations, telephone communications, our website (skindoc.com.au), and online services. By using our services or website, you agree to the terms set out in this Privacy Policy.

Our policy informs you of:

• The kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act
• How we collect and hold personal information
• The purposes for which we collect, hold, use and disclose personal information
• Our use of artificial intelligence (AI) technologies in providing healthcare services
• How you may access your personal information and seek the correction of that information
• How you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint
• Whether we are likely to disclose personal information to overseas recipients
• How we manage information collected through our website

We reserve the right to modify or update this Privacy Policy at any time. Updates will be publicised on our website and displayed at our reception desk. This Privacy Policy should be reviewed periodically so that you remain informed of any changes.

2. What Kinds of Personal Information Do We Collect?

The type of information we may collect and hold includes:

Personal Details:

• Your name, address, date of birth, email and contact details
• Medicare number, DVA number and other government identifiers (although we will not use these for the purposes of identifying you in our practice)

Health Information:

• Notes of your symptoms, diagnosis and the treatment provided to you
• Your specialist reports and test results
• Your appointment and billing details
• Your prescriptions and other pharmaceutical purchases
• Your dermatological records, including clinical photographs
• Results from AI-assisted diagnostic tools
• Your genetic information
• Your healthcare identifier
• Any other information about your race, sexuality or religion, when collected by a health service provider

Website Information:

• Information submitted through online forms or registration
• IP addresses for diagnostic and security purposes
• Cookies and usage data to improve your website experience
• Information collected through website analytics

3. How Do We Collect and Hold Personal Information?

We collect personal information through various methods:

Direct Collection:

• Face-to-face discussions during consultations
• Telephone conversations
• Registration forms (paper and online)
• Website forms and online booking systems
• Patient portal interactions

Third Party Collection: We may also collect information from third parties where the Privacy Act or other law allows it, including:

• Other members of your treating team
• Diagnostic centres and pathology laboratories
• Specialists and hospitals
• The My Health Record system
• Electronic prescription services
• Medicare and the Department of Veterans Affairs
• Your health insurer
• The Pharmaceutical Benefits Scheme
• A person responsible for you (such as a guardian or authorised representative)

Website Collection:

• Information knowingly and voluntarily submitted through our website
• Technical information collected through cookies and analytics tools
• Information collected when you register for online services

4. Use of Artificial Intelligence in Our Practice

SkinDoc utilises artificial intelligence technologies to enhance the quality and efficiency of the healthcare services we provide.

How We Use AI:

• AI-assisted analysis of dermatological images to support clinical decision-making
• AI tools to help identify skin conditions and assess their characteristics
• Machine learning algorithms to analyse patterns in medical data
• AI-powered administrative tools to improve appointment scheduling and practice management

Important Information About AI Use:

• AI tools are used to support, not replace, clinical judgment by our qualified medical practitioners
• All AI-assisted diagnoses and recommendations are reviewed and validated by our doctors before any treatment decisions are made
• Your medical images and data used with AI tools are processed securely and in accordance with this Privacy Policy
• We only use AI systems that comply with Australian healthcare regulations and privacy laws
• You have the right to know when AI has been used in your care and to discuss any concerns with your treating practitioner

Consent for AI Use: By receiving care at SkinDoc, you consent to the use of AI technologies as part of your healthcare. If you have concerns about AI use in your treatment, please discuss this with your doctor, who can explain alternative approaches.

5. Why Do We Collect, Hold, Use and Disclose Personal Information?

We collect, hold, use and disclose your personal information for the following purposes:

Healthcare Provision:

• To provide health services to you
• To communicate with you in relation to the health service being provided
• For consultations with other doctors and allied health professionals involved in your healthcare
• To obtain, analyse and discuss test results from diagnostic and pathology laboratories
• To utilise AI-assisted diagnostic tools to support clinical decision-making

Legal and Regulatory Compliance:

• To comply with our legal obligations, including mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation
• For identification and insurance claiming
• To liaise with government and regulatory bodies such as Medicare, the Department of Veterans Affairs, and the Office of the Australian Information Commissioner (OAIC)

Administrative Purposes:

• To manage our accounts and administrative services, including billing
• Arrangements with health funds
• Pursuing unpaid accounts
• Management of our IT systems
• To provide you with further services or to answer or forward any requests or enquiries
• To send you updates and information (if you have opted in to receive such communications)

Website and Online Services:

• To provide you with access to our online booking and patient portal services
• To improve our website functionality and user experience
• To diagnose technical problems or support issues with our online services
• To display relevant information and advertising based on your interests (with appropriate consent)

6. How Can You Access and Correct Your Personal Information?

You have a right to seek access to, and correction of, the personal information which we hold about you.

Requesting Access: To request access to or correction of your health record, please contact our practice using the contact details provided in Section 13 of this Policy. We will normally respond to your request within 30 days.

Fees: A fee may be applicable if you request access to your personal information. Information about applicable fees can be obtained from our reception staff.

Online Access: If you have registered for our online patient portal, you may access certain information at any time by logging into your account.

7. How Do We Hold and Protect Your Personal Information?

We take the security of your personal information seriously. Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse, loss, unauthorised access, modification or disclosure.

Security Measures:

• All personal information is held on encrypted databases
• Strong password protections are applied to all systems
• Access to personal information is restricted on a ‘need to know’ basis
• All staff have signed individual confidentiality agreements prior to employment
• Our practice has document retention and destruction policies
• Regular security audits and updates to our IT systems
• Secure storage of physical records in locked filing systems
• AI systems used in our practice comply with healthcare security standards

Staff Obligations: Our employees and contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.

Limitations: While we strive to ensure the security, integrity and privacy of personal information, no data transmission over the Internet can be guaranteed to be totally secure. However, we will endeavour to take all reasonable steps to protect the personal information you transmit to us. We will not be held responsible for events arising from unauthorised access to your personal information beyond our reasonable control.

8. Privacy Related Questions and Complaints

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to our Privacy Contact Officer (see Section 13 for contact details).

We will normally respond to your complaint within 30 days. We take all privacy concerns seriously and will work to address these concerns promptly.

External Complaints: If you are dissatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC):

• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• Post: GPO Box 5218, Sydney NSW 2001
• Website: www.oaic.gov.au

9. Anonymity and Pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances.

Practical Limitations: It is generally impractical to deal with patients anonymously or via a pseudonym. The provision of medical services is likely to be significantly impacted, and you will be unable to access Medicare or Department of Veterans Affairs rebates where applicable. However, we will accommodate requests for anonymity or pseudonyms where it is reasonable and practicable to do so.

10. Overseas Disclosure

We may disclose your personal information to overseas recipients in the following circumstances:

• Any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred, or have treatment continuing from an overseas provider). You will need to provide us with your written permission for such disclosure.
• Anyone else to whom you authorise us to disclose it

Important Note:

• We do not use overseas transcription services. All letters and reports are typed on-site.
• We do not use overseas-based cloud storage. All data is stored securely in Australia.

11. Website Privacy and Analytics

Information Collection: Personal information about visitors to our website is collected only when knowingly and voluntarily submitted. For example, we may need to collect such information to provide you with services or to answer enquiries.

IP Addresses: Our web servers gather your IP address to assist with the diagnosis of problems or support issues with our services. This information is gathered in aggregate only and cannot be traced to individual users.

Cookies and Tracking: We use cookies to provide you with a better experience. These cookies allow us to:

• Increase your security by storing your session ID
• Monitor site usage and improve functionality
• Remember your preferences

This website uses features to target advertising to people based on Google Analytics and other data. This allows us to display ads that relate to products and services you have viewed on our website as you browse other sites on the Google Display Network.

Opting Out: You can opt out of customised Google Display Network ads using:

• Ads Preferences Manager: https://www.google.com/settings/ads/onweb/
• Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout/

Third-Party Services: When we use third parties to provide us with supplementary business services, we ensure that they adhere to strict security and privacy standards.

Data Usage: We do not trade or sell any information that is volunteered or logged through our website. Information collected is used only for the purpose for which it is submitted or for related secondary purposes, unless we disclose other uses at the time of collection.

12. Links to Other Sites

We may provide links to websites outside of our website, as well as to third-party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement.

13. Contact Details for Privacy Related Issues

For privacy-related questions, access requests, corrections, or complaints, please contact:

Privacy Contact Officer
SkinDoc Medical Practice
Email: privacy@skindoc.com.au

You may also contact our reception desk for privacy-related enquiries or to request a hard copy of this Privacy Policy.

14. Additional Resources

For more information about privacy issues in Australia and protecting your privacy, visit the Australian Federal Privacy Commissioner’s website: www.privacy.gov.au

For information about the My Health Record system, visit: https://myhealthrecord.gov.au

Document Control:

• Version: 2.0
• Effective Date: December 2025
• Next Review Date: December 2026
• Owner: SkinDoc Medical Practice
• Approved By: Practice Principal