Privacy Policy
This document describes the privacy policy of Chris Gilbert Psychology (ABN: 19 521 020 363; referred to as “we”, “our” or “us”) for the management of clients’ personal information. The psychological service provided is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW). and adheres to the AHPRA Code of Conduct for Psychologists (2025).
COLLECTION OF CLIENT INFORMATION
The majority of Client information is stored electronically on a secure and encrypted web-based healthcare software (Halaxy - Halaxy’s privacy policy) which complies with various privacy legislative requirements (i.e., the Privacy Act 1988 (Cth)) and is only accessible by authorised personnel.
The information on each file may include personal information such as:
name, address, contact phone numbers, email addresses and other contact details;
initial intake information, therapy notes, reports (i.e., diagnostic reports, NDIS plans, other professionals’ reports), completed surveys, copies of information recorded on the whiteboard in session, copies of written homework activities, all correspondences related to the client (email, SMS, logged phone calls);
medical history, medications, adverse events, social history, family history, referral letters and details of other health service providers involve in care;
Medicare number, healthcare and/or health fund details;
financial payment details (such as credit card number);
legal documents (such as Family Law Court Orders, Apprehended Violence Orders, etc.)
any other personal information collected as part of providing the psychological service.
Any printed out hard-copy files are digitally converted, securely stored digitally and then are shredded (security level P4) at the end of the working day so that no physical copies of client information exist.
Where information is collected from associated parties (such as teachers, family members, or other professionals) as part of providing services, clients and/or their legal guardians will be informed of the nature and purpose of such collection and how it will be stored and used. Consent can be withdrawn at any time.
PURPOSE OF HOLDING PERSONAL INFORMATION
We are required to collect personal information relevant to your situation as part of providing high quality psychological services. Information is stored securely via Halaxy, our practice management system, and used only to support your care. Access is limited to your psychologist and authorised staff, in line with our privacy procedures.
CONSEQUENCES OF NOT PROVIDING PERSONAL INFORMATION
You do not have to provide all personal information. If you choose not to provide personal information, we may not be able to deliver psychological services. You may request to remain anonymous or use a pseudonym, unless this is impracticable or where the law requires identification. In most cases, anonymity will not be possible.
ACCESS TO CLIENT INFORMATION
At any stage you are entitled to access your personal information kept on file, subject to limited exceptions (e.g., legislative restrictions, if access may cause serious harm or breach another person’s privacy) as stated in our privacy policy.
HOW LONG CLIENTS’ PERSONAL INFORMATION IS COLLECTED AND FOR HOW LONG?
A client's personal information is collected in a number of ways during psychological consultation, including when the client provides information directly using hardcopy forms, online forms, correspondence via email, when the client interacts directly with our personnel, and when other health practitioners provide personal information to us, via referrals, correspondence and medical reports.
Client information is stored and collected for a minimum of 7 years since last client contact. If a client was less than 18 years old when records were collected, a client’s records will be retained until the client turns 25 years of age.
CHILD CLIENT DEEMED “MATURE MINORS”
There may be circumstances where a child under the age of 18 (usually the mid teenage years) may be considered a “mature minor” if they “achieve a sufficient understanding and intelligence to enable him or her to understand fully what is proposed”, as deemed by the psychologist. Mature minors must give consent for parents/guardians to gain access to client or treatment information or be a part of services.
TECHNOLOGY FOR ASSISTANCE WITH PSYCHOLOGICAL SERVICES
Artificial Intelligence (AI): With your consent, we may use the secure AI tool, Heidi Health, to assist with the accuracy of data collection and the preparation of high quality clinical documentation. AI is not used for clinical decision-making and only operates under psychologist supervision. You can withdraw or limit AI use at any time without affecting your care. Transcriptions, draft notes or recordings are deleted within 90 days or when no longer needed (whichever occurs first). Reasonable safeguards (e.g., de-identification, encryption, secure storage) are used to protect your information and all AI use complies with AHPRA, APS and APP guidelines.
Security Cameras (Box Hill location only): We use security cameras (visual only) to monitor client arrivals and protect property, in line with the Australian Privacy Principles (Privacy Act, 1988) and NSW Surveillance Devices Act 2007. Therapy sessions are not recorded. Footage is stored securely, accessible only to authorised personnel and is automatically overwritten every 4-6 months or is destroyed/deidentified if no longer needed. You may request access to footage of yourself (see Privacy Policy). Services are provided in a professional home-based setting, with privacy, confidentiality and safety measures in place and full compliance with Council requirements.
PARENTS THAT ARE SEPARATED / SEPARATING
Involvement of both parents is generally recommended as being in the minor’s best interest. Both parents of a minor, unless restricted by a legal order, have equal rights to be involved in psychological services in an appropriate way and to access relevant information (e.g., session notes, communications, reports). Parents are responsible for sharing information with each other, not the practice. Any additional communication, reports or administration requested beyond the ordinary course of services must be arranged and paid for by the requesting parent. If parents cannot reach agreement about services or significant conflict exists, services may need to cease.
COURT ORDERS, VIOLENCE ORDERS OR ONGOING / PENDING LEGAL PROCEEDINGS
If you have orders that are still in effect (relevant to the client) or ongoing/pending legal proceedings, you will need to provide information or relevant documentation, and any future amendments, as there may be legal implications for services. If these cannot be provided services may not be able to be provided or continue.
DISCLOSURE OF PERSONAL INFORMATION
All personal information gathered for the purpose of psychological services remains confidential except when:
1. disclosure is required or authorised by law (e.g., subpoenas, court orders, mandatory reporting, legislative requirements);
2. there is a reasonable belief that disclosure is necessary to reduce or prevent a serious risk of harm to the client or another person; or
3. you give prior approval for sharing limited information for care coordination or administrative purposes (e.g., your GP, a third-party funder, a family member, a teacher, a professional, reports)
Your personal information is stored on Australian servers, is not disclosed to overseas recipients unless you provide consent or such disclosure is otherwise required by law. Your information will not be used, sold, rented or disclosed for any other purpose. If unauthorised access, disclosure or loss of your personal information occurs, we will take all reasonable steps to minimise any risk of consequential harm. In the event of an eligible data breach under the Notifiable Data Breaches scheme (Privacy Act 1988, Cth), we will notify affected individuals and the Office of the Australian Information Commissioner as required by law.
Supervision/Consultation: To support safe, high-quality and ethical care, your psychologist may discuss aspects of your situation with another psychologist. Only relevant, de-identified details will be shared to protect your privacy.
Mandatory Reporting: Your psychologist is a Mandatory Reporter. By law, suspected risk of harm, neglect or abuse of a young person must be reported to government authorities, in line with state child-protection legislation.
REQUESTS FOR ACCESS AND CORRECTIONS TO CLIENT INFORMATION
At any stage clients may request to see and correct the personal information about them kept on file. The psychologist may discuss the contents with them and/or give them a copy, subject to the following exceptions in the Privacy Act 1988 (Cth).
Exception 1 – Legislative Restrictions.
These may include situations in which:
Giving access would be unlawful
Giving access would pose a serious threat to the life, health or safety of any individual, or to public health or safety
Giving access would have an unreasonable impact on the privacy of others
The request is frivolous or vexatious
The information relates to existing or anticipated legal proceedings and the information would not be discoverable in those proceedings
Exception 2 – The giving of information can lead to serious harm to a young person or others.
Exception 3 – The giving of information can lead to the breach of another person’s privacy, including:
Notes that contain identifiable information about a third party — for example, details about another client or a family member who has not consented to disclosure
Information disclosed in confidence by one parent about the other that, if disclosed, would breach that parent's reasonable privacy expectations
Details about siblings or other family members embedded in session notes
Exception 4 – The young person is deemed a “Mature Minor” (the young person must consent)
If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected.
All requests by clients for access to or correction of personal information held about them should be lodged with Chris Gilbert(Clinical Psychologist, Business Owner, chrisgilbertpsychology.com/contact). These requests will be responded to in writing typically within 7-21 days and an appointment will be made if necessary for clarification or communication purposes. An administration or session fee will be charged to cover the time required to obtain, collate and communicate the information in an appropriate form. An invoice will be sent and upon confirmation of payment the requested information will be sent/session will commence/communication take place.
CHANGES TO THIS POLICY
From time-to-time changes may be made to this policy to reflect changes in the law or professional best-practice guidelines. Clients are encouraged to periodically review this policy to remain informed on current policies.
CONCERNS
For more information about your rights when seeing a psychologist please refer to the “Charter for Clients of APS Psychologists” (from the Australian Psychological Society). If clients have a concern about the management of their personal information, they may inform Chris Gilbert (Clinical Psychologist, Business Owner, chrisgilbertpsychology.com/contact). Upon request they can obtain a copy of the Australian Privacy Principles.If clients wish to lodge a formal complaint about the use of, disclosure of, or access to, their personal information, they may do so with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to:
Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.