Privacy Policy

EMcOT Pty Ltd is committed to protecting your information and handling it responsibly. We collect, hold and disclose your personal and sensitive information in line with this Privacy Policy to assist us in providing the services you have requested. By providing your personal information to us, you (or your parent/guardian as applicable) agree to us handling your information as per this Privacy Policy. You do not have to provide us with any/all of the information we ask for, however if you do not we might not be able to provide the services you have requested. If you want to discuss anything in this policy you can email the practice Director at emma@emmamcot.onmicrosoft.com.

This privacy policy may be updated from time to time. Updates are considered effective immediately on being published on our website. You are encouraged to review this policy any time you want to remind yourself of how we collect and handle information you have given us. EMcOT Pty Ltd requires all staff and contractors to handle your information as stated in this policy.

Legislation that applies to us

Federal

Privacy Act 1988 (Cth)

Australian Privacy Principles (‘APP’)

State (Vic)

The Health Records Act 2001

Health Privacy Principles (‘HPP’)

Health Records Regulations 2023

Types of information that we manage

We collect personal and sensitive information for purposes directly related to a client’s therapy or as reasonably expected for a client’s ongoing care. Where parents or a legal guardian consent to this collection of information on behalf of a minor this policy applies to our handling of information about the parents and the child.

This means:

Information or opinion that identifies you.

Examples:

Name

Date of birth

Address

Contact details

Bank details

Occupation

How and why we collect your information

You do not have to consent to us collecting your personal information, however if you do not, we might not be able to provide you with the services you have asked for.

How:

Directly from you in-person, over the phone, online or from documents you give us. This includes information you send us via email and text message.

From other health care providers involved in your care.

From other professional people involved in your care – such as support workers and teachers.

From family or other non-professional support people.

From suppliers of assistive equipment you may require.

There may be times where we collect information during therapy sessions via AI transcription tools to assist us with accurate record keeping. These tools are carefully chosen and comply with relevant Australian privacy legislation. Adult consent will be obtained in every instance that we want to use these tools during your appointments.
Sometimes we might want to use these tools to help us take notes in meetings with your care team. If we do, we will ask the permission of the people present at the meeting. All information is permanently deleted from these platforms once clinical documentation from your session has been finalised in our practice management system.

Why:

To provide you services you have asked for and to give you information about these; to manage our business; to communicate with you; to investigate and resolve any complaints.

How we store your information and how we keep it safe

We store your information in hard copy and digital formats. We use a digital online practice management system called Splose and a medical AI note taking tool called Heidi Health. These systems are carefully chosen and comply with Australian privacy laws. Some information is stored in the cloud. The physical cloud servers are located in Australia.

Other things we do to minimise risk to the security of your health information are:

Securing our premises;

Using passwords, access controls on electronic databases, multi-factor authentication where available, and secure private networks;

Storing hard copy records in locked cabinets.

Following our identity verification protocols.

Regularly checking to make sure the companies that store your information for us continue to meet our data security requirements.

We may disclose your personal information to some third parties -

Sometimes we may need to disclose your personal information to other people or entities. We will only do this if you have given us permission unless there is a situation where we are required by law to disclose your personal information to others.

A) Courts, tribunals, regulatory bodies, police or other emergency services, child protection organisations, medical professionals.

B) Other medical or allied health professionals, medicare and other government funding schemes like the NDIS, private health funds, NDIS plan managers or support coordinators.

C) Any other person or entity you have provided consent for us to do so, such as your caregivers, other people you live with or your learning institution.

A) To comply with court ordered requests for your health information; laws requiring us to report risks to your safety or the safety of other people or animals; for auditing purposes; in an emergency.

B) To assist us or others on your care team in providing services to you related to your care or that contribute to your ongoing care; to meet our compliance obligations to funding bodies; for billing purposes.

C) To assist us to continue providing services that contribute to your ongoing care.

Because you have asked us to.

By law, we have to store information we collect for a minimum number of years before we permanently delete or destroy it

Adults - 7 years

Children - until they turn 25

Your right to access and request a correction of your personal information

You have a right to access or correct health information about you or your child.

You can request access or correction in writing to the practice Director via the contact details below. We will respond to your request within 30 days from the date of your request. We may need to verify your identity before providing you with the information you’re requesting. If we cannot verify your identity, by law we aren’t allowed to let you access it.

Depending on the reasons for your request, we might decide not to give you access to all of the information you’re asking for. If we make this decision we will explain why.

Name: Emma McMartin, Occupational Therapist

Mail: PO Box 5111, Geelong North VIC 3215

Email: emma@emmamcot.onmicrosoft.com

You have a right to make a complaint about how we manage your personal information

You have a right to tell us if you are unhappy with how your information has been managed or if you believe we have breached the APP’s. In these instances, your first step will be to submit a complaint in writing to the practice Director via the contact details below. We will respond to your complaint within 30 days.