Legal

Privacy Policy

North Perth NP & Co, Elayne Murray, Nurse Practitioner

Last Updated: March 2026

North Perth NP & Co (operated by Elayne Murray, Nurse Practitioner) is committed to protecting your privacy and managing your personal and health information in accordance with applicable Australian law. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal information.

This policy applies to all personal information we collect, including through this website, by telephone, email, and during the course of providing health care services, including telehealth consultations delivered via video or phone.

1. Legislative Framework

Our privacy practices are governed by the following legislation:

  • Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) set out in Schedule 1 of the Act, which regulate the handling of personal information by organisations and agencies.
  • My Health Records Act 2012 (Cth), governing access to and use of information in the My Health Record system.
  • Health Records and Information Privacy Act 2002 (NSW) and equivalent state and territory legislation where applicable.
  • Health Identifiers Act 2010 (Cth), relating to the use of Health care Identifiers (HI Service).
  • Spam Act 2003 (Cth), governing electronic communications.
  • AHPRA registration requirements and the Nursing and Midwifery Board of Australia (NMBA) Code of Conduct and professional standards.
  • Medicare Benefits Schedule (MBS) requirements applicable to Nurse Practitioner services, including telehealth eligibility criteria under the MBS Online framework.

2. What is Personal Information?

"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether recorded in a material form or not (s 6, Privacy Act 1988).

"Sensitive information" includes health information and is afforded a higher level of protection under the APPs. Health information includes information or an opinion about the health, disability, or expressed wishes about future health services of an individual.

3. Information We Collect

3.1 Personal Information

We may collect the following personal information:

  • Full name, date of birth
  • Contact details, address, telephone number, email address
  • Emergency contact details
  • Medicare card number and individual health care identifier (IHI)
  • Private health insurance details
  • Payment and billing information
  • Information relevant to establishing an established clinical relationship for MBS telehealth eligibility purposes (e.g., date and nature of prior in-person consultations at this practice)

3.2 Health Information (Sensitive Information)

As a health care provider, we may collect sensitive health information including but not limited to:

  • Medical history, presenting complaints, and clinical findings
  • Diagnoses, treatment records, and clinical notes
  • Medications, allergies, and adverse drug reactions
  • Pathology results, radiology reports, and specialist correspondence
  • Immunisation history
  • Family history relevant to paediatric and neonatal care
  • Information about developmental, behavioural, and neurodevelopmental concerns
  • Information about the parents and/or guardians of patients
  • Information relevant to telehealth exemption eligibility (e.g., homelessness status, natural disaster declaration, Blood Borne Virus or Sexual/Reproductive Health consultation category), which is recorded in clinical notes as required by MBS guidelines

3.3 Website Information

When you visit our website, we may collect non-personally-identifying information such as browser type, referring pages, and website usage data through standard web server logs and analytics tools. This is collected in an aggregated and de-identified form where possible.

4. How We Collect Your Information

We collect personal and health information in the following ways:

  • Directly from you (or your child's parent/guardian), via our website contact form, email, telephone, or in person during a consultation
  • During telehealth consultations (video or phone) where you have met the MBS established clinical relationship requirements or qualify for an applicable exemption
  • From other treating health care providers (with your consent or where otherwise permitted by law), including referral letters, specialist reports, and discharge summaries
  • From My Health Record, where you have provided access and consent
  • From pathology, radiology, and other diagnostic service providers

Where practicable, we will collect information directly from you. If we collect information about you from a third party, we will take reasonable steps to ensure you are aware of this.

5. Purpose of Collection: Why We Collect Your Information

We collect, use, and disclose personal and health information for the primary purpose of providing health care services, and for secondary purposes that are directly related to the primary purpose and that you would reasonably expect. These include:

  • Providing clinical assessment, diagnosis, treatment, and care management
  • Communicating with you and your treating team regarding care
  • Maintaining accurate clinical records and continuity of care
  • Billing for health care services provided, including Medicare (MBS) and private health insurance claims
  • Assessing and documenting eligibility for MBS Nurse Practitioner telehealth services, including confirming an established clinical relationship or applicable exemption as required by the MBS telehealth eligibility criteria (effective 1 November 2025)
  • Responding to enquiries submitted via our website or by email
  • Adding you to our mailing list where you have provided consent
  • Complying with legal and regulatory obligations, including mandatory reporting requirements
  • Quality improvement, clinical audit, and professional development activities

6. Disclosure of Your Information

Your personal and health information will not be sold, rented, or shared with third parties for marketing purposes. We may disclose your information in the following circumstances:

6.1 With Your Consent

We will disclose your information to other health care providers, specialists, and allied health professionals involved in your care or your child's care, with your express or implied consent.

6.2 Without Consent: Where Permitted or Required by Law

Disclosure without consent may occur in the following circumstances:

  • Mandatory reporting obligations, under the Children and Community Services Act 2004 (WA) and equivalent legislation, we are required to report suspected child abuse or neglect to the relevant authorities. This obligation overrides confidentiality.
  • Public health and safety, as required or authorised under public health legislation, including notification of notifiable diseases to WA Health or the Department of Health.
  • Legal proceedings, where required by court order, subpoena, or other legal process.
  • AHPRA and regulatory bodies, where required as part of professional registration, disciplinary proceedings, or accreditation processes.
  • Medicare and Services Australia, where required for the billing and processing of MBS claims, including Nurse Practitioner telehealth items, and for compliance with MBS audit and compliance activities.
  • Serious threat to life or safety, as permitted under APP 6.2(c) where we reasonably believe disclosure is necessary to prevent a serious threat to the life, health, or safety of an individual or the public.
  • Research, to researchers in certain circumstances where required by law or with appropriate approvals, in a de-identified form where possible.

6.3 Service Providers

We may share personal information with trusted third-party service providers who assist us in operating our practice, including:

  • Health care software and practice management providers
  • Pathology and radiology providers
  • Secure medical record and correspondence platforms
  • IT and website service providers
  • Telehealth platform providers used to deliver video and phone consultations

These providers are bound by confidentiality obligations and are not permitted to use your information for any purpose other than to assist us in our operations.

7. Storage and Security of Your Information

We take all reasonable steps to protect your personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

  • Use of password-protected and encrypted systems for storing electronic health records
  • Secure transmission of information using industry-standard protocols (SSL/TLS)
  • Access controls restricting information to authorised personnel only
  • Physical security measures for any paper-based records
  • Regular review of our security procedures and practices

In the event of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches (NDB) scheme (Part IIIC, Privacy Act 1988).

8. Retention of Records

Health care records are retained in accordance with applicable legislation and professional standards. Under general Australian health care guidance:

  • Adult records are retained for a minimum of 7 years from the date of last entry
  • Children's records are retained until the patient turns 25 years of age (i.e., at least 7 years from the date of last entry, or until age 25, whichever is later)
  • Records that form part of legal proceedings or complaints are retained until those matters are resolved
  • Documentation of MBS telehealth eligibility (including established clinical relationship and any exemptions applied) is retained as part of the clinical record for Medicare compliance purposes

9. Children's Health Information

Where we provide services to children, we collect information from parents and/or legal guardians who are authorised to consent to treatment on behalf of the child. We handle children's health information with additional care given its sensitive nature.

As children mature and gain capacity, they may be entitled to access their own health information and exercise privacy rights independently. We will consider the age and maturity of the child when handling requests for access or correction of a child's records.

Children under the age of 12 months are exempt from the MBS established clinical relationship requirement for telehealth services, allowing their parent or guardian to access telehealth NP services without a prior in-person consultation.

10. Telehealth Services and MBS Eligibility

We provide telehealth consultations (video and phone) as part of our Nurse Practitioner services. From 1 November 2025, MBS telehealth eligibility for Nurse Practitioner services requires an established clinical relationship between the patient and this practice, consistent with the MBS Review Advisory Committee (MRAC) recommendations.

To be eligible for an MBS Medicare rebate for a telehealth consultation, patients must have had at least one face-to-face consultation with a practitioner at this practice within the preceding 12 months. Patients who do not yet meet this requirement are encouraged to book an in-person consultation to establish eligibility for ongoing telehealth services.

Certain patients and service types are exempt from the established clinical relationship requirement, including:

  • Children under the age of 12 months
  • People who are homeless
  • Patients of an Aboriginal Medical Service or Aboriginal Community Controlled Health Service
  • People isolating due to a COVID-related State or Territory public health order or in COVID-19 quarantine
  • People affected by a natural disaster declared by a State or Territory government
  • Patients attending for Blood Borne Virus and Sexual or Reproductive Health (BBVSRH) consultations (excluding assisted reproductive technology or antenatal care)

Where an exemption applies, this will be documented in your clinical notes, including which exemption has been applied and the clinical justification, in accordance with MBS requirements. This information is treated as sensitive health information and handled accordingly under this Privacy Policy.

Please note that telehealth services not meeting MBS eligibility criteria may not attract a Medicare rebate. Patients are encouraged to speak with us about the most appropriate consultation type for their circumstances.

11. Access and Correction of Your Information

Under APP 12 and APP 13, you have the right to request access to the personal and health information we hold about you, and to request corrections where the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To make a request for access or correction, please contact us using the details in Section 15. We will:

  • Respond to access requests within a reasonable timeframe (generally 30 days)
  • Provide access in the form requested where it is reasonable and practicable to do so
  • Explain any reason for refusal in writing, including information about how to lodge a complaint

We may charge a reasonable fee to cover the cost of providing access (e.g. copying and administrative costs), but we will not charge you for making the request itself.

In some circumstances we may refuse access, for example where providing access would be unlawful, may cause a serious threat to health or safety, or is subject to legal professional privilege. Any such refusal will be provided in writing.

12. My Health Record

We may access or upload information to your My Health Record where you have granted access, in accordance with the My Health Records Act 2012 (Cth). You may control access to your My Health Record through the MyGov portal. We will not access your My Health Record without your consent except as expressly permitted by the Act.

13. Marketing and Mailing List

We will only add you to our mailing list and send you health-related updates or communications if you have given us express consent to do so (e.g., by completing our contact form and selecting the mailing list option).

You may withdraw your consent at any time by contacting us or clicking the unsubscribe link in any communication. We will not use your contact information for unsolicited marketing.

14. Complaints

If you believe we have breached your privacy or failed to comply with the APPs, you are encouraged to contact us in the first instance so that we can attempt to resolve the matter.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

You may also contact the Health and Disability Services Complaints Office (HaDSCO) in Western Australia:

15. Contact Us

For all privacy-related enquiries, requests for access or correction, or complaints, please contact us at:

  • Practice: North Perth NP & Co
  • Practitioner: Elayne Murray, Nurse Practitioner (AHPRA)
  • Email: admin@northperthnpco.com.au
  • Location: North Perth, Western Australia

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legislation. The current version of this policy will always be available on our website. We encourage you to review it periodically. Material changes will be communicated to patients where practicable.

This Privacy Policy has been prepared with reference to the Privacy Act 1988 (Cth), the Australian Privacy Principles, the My Health Records Act 2012 (Cth), the Medicare Benefits Schedule (MBS) and relevant Western Australian legislation. It is intended as a general guide. For specific legal advice, please consult a qualified Australian health law practitioner.

Return Home Contact Us