Privacy Policy

Create Allied Health Services Pty Ltd (ABN pending) is committed to protecting the privacy of your personal and health information. We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), the Health Records and Information Privacy Act 2002 (NSW), and any other applicable state or territory health records legislation.

This policy explains how we collect, use, store, disclose, and protect your personal and health information. It applies to all clients, referrers, website visitors, and other individuals whose information we handle in the course of providing our services.

Last updated: April 2026

1. Information We Collect

Personal Information

We may collect the following personal information:

• Full name, date of birth, and gender
• Residential and postal address
• Phone number and email address
• Emergency contact details
• NDIS participant number and plan details
• Medicare number, health care card details, or other government identifiers where required
• Cultural and linguistic background, including Aboriginal and Torres Strait Islander status
• Next of kin, guardian, or nominated representative details

Health Information

As a healthcare provider, we collect sensitive health information necessary for service delivery, including:

• Medical history and current diagnoses
• Mental health history and current presentations
• Psychosocial assessments and clinical notes
• Treatment plans, progress notes, and outcome reports
• Medication information
• Risk assessments and safety plans
• Functional capacity and support needs
• Information about disabilities, including NDIS-related assessments

Referral Information

When you are referred to our service, we may receive information from the referring party, which can include:

• Referral letters and supporting documentation from hospitals, GPs, specialists, or other health professionals
• NDIS service agreements and support coordination documentation
• Court orders, guardianship orders, or tribunal documentation
• Reports from other allied health providers, case managers, or support workers

2. How We Collect Information

Directly from You

We collect most information directly from you (or your authorised representative) during:

• Initial intake and assessment sessions
• Ongoing clinical consultations and service delivery
• Phone calls, emails, and written correspondence
• Consent forms and service agreements
• Feedback forms and surveys

From Referrers and Other Providers

With your consent or where otherwise authorised by law, we may collect information from:

• General practitioners and medical specialists
• Hospitals and emergency departments
• NDIS planners, Local Area Coordinators, and support coordinators
• Other allied health professionals involved in your care
• Government agencies such as the NDIA, Centrelink, or the NSW Civil and Administrative Tribunal (NCAT)
• Guardians, family members, or carers involved in your support

Through Our Website

When you visit our website, we may automatically collect non-identifying information such as your browser type, operating system, pages visited, and time spent on our site. We do not collect personal information through our website unless you voluntarily submit it via a contact or referral form.

3. Why We Collect Information

We collect and use your personal and health information for the following purposes:

Service Delivery

• Conducting psychosocial assessments and clinical social work interventions
• Developing and implementing treatment and support plans
• Coordinating care with other providers involved in your support
• Monitoring progress and evaluating outcomes
• Providing clinical supervision where relevant to your care

NDIS Reporting and Compliance

• Fulfilling our obligations as an NDIS-registered provider
• Preparing reports for NDIS plan reviews and reassessments
• Processing NDIS service claims and invoicing
• Meeting NDIS Quality and Safeguards Commission requirements
• Responding to audits and compliance checks

Legal Obligations

• Complying with mandatory reporting obligations (e.g., child protection, risk of harm)
• Responding to subpoenas, court orders, or tribunal directions
• Meeting record-keeping requirements under applicable legislation
• Fulfilling our duty of care and professional obligations under the Australian Association of Social Workers (AASW) Code of Ethics

Business Operations

• Managing appointments and scheduling
• Billing, invoicing, and financial record-keeping
• Staff training and clinical supervision (using de-identified information where possible)
• Quality improvement and service evaluation

4. How We Store and Protect Information

We take reasonable steps to protect your personal and health information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include:

• Digital security: Encrypted cloud-based practice management systems with role-based access controls, multi-factor authentication, and regular security updates
• Physical security: Any paper records are stored in locked cabinets in secured premises with restricted access
• Staff obligations: All staff and contractors are bound by confidentiality agreements and receive training on privacy and information security
• Access controls: Access to client records is limited to authorised personnel who require it for service delivery or legitimate business purposes
• Data retention: We retain health records in accordance with applicable legislation, including a minimum of seven years from the date of last service (or until a minor client turns 25, whichever is later), as required under NSW health records legislation
• Secure disposal: When records are no longer required to be retained, they are securely destroyed through shredding (paper) or permanent deletion (electronic)

5. Sharing and Disclosing Information

We will only share your personal or health information in the following circumstances:

With Your Consent

We may share information with other healthcare providers, support coordinators, or relevant parties when you have provided informed consent. This commonly includes sharing reports or clinical summaries with:

• Your GP, psychiatrist, or other treating practitioners
• NDIS support coordinators and plan managers
• Other allied health professionals involved in your care
• Family members or carers you have nominated

NDIS and Government Agencies

As an NDIS-registered provider, we may be required to share information with:

• The National Disability Insurance Agency (NDIA)
• The NDIS Quality and Safeguards Commission
• Other government agencies as required by law

Legal Requirements

We may disclose information without your consent where required or authorised by law, including:

• Mandatory reporting of child abuse or neglect
• Reporting to prevent a serious threat to life, health, or safety
• Responding to a court order, subpoena, or tribunal direction
• Reporting incidents to the NDIS Quality and Safeguards Commission
• Cooperating with law enforcement agencies in accordance with the law

Professional Obligations

In the course of clinical supervision and professional development, case discussions may occur. In these circumstances, we use de-identified information wherever possible to protect your privacy.

We do not sell, rent, or trade your personal or health information to any third party. We do not disclose your information to overseas recipients unless required to do so by law or with your explicit consent.

6. Your Rights

Access to Your Information

You have the right to request access to the personal and health information we hold about you. To make an access request, please contact us using the details at the end of this policy. We will respond to your request within 30 days. In some circumstances, we may refuse access in accordance with the exceptions set out in the Privacy Act or applicable health records legislation (for example, where access may pose a serious threat to health or safety).

Correction of Your Information

If you believe that information we hold about you is inaccurate, incomplete, out of date, or misleading, you have the right to request that we correct it. We will take reasonable steps to correct the information and notify any third parties to whom we have previously disclosed it. If we do not agree to make the requested correction, you may request that a statement of the correction sought be associated with the record.

Withdrawing Consent

Where we rely on your consent to collect, use, or disclose your information, you may withdraw that consent at any time. Please note that withdrawing consent may affect our ability to provide certain services to you. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal.

Complaints

If you believe that we have breached your privacy or mishandled your personal or health information, you have the right to make a complaint. We encourage you to contact us directly in the first instance so that we can work with you to resolve the matter.

If you are not satisfied with our response, you may lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC)
  Website: www.oaic.gov.au
  Phone: 1300 363 992
• NSW Health Care Complaints Commission (HCCC)
  Website: www.hccc.nsw.gov.au
  Phone: 1800 043 159
• NDIS Quality and Safeguards Commission
  Website: www.ndiscommission.gov.au
  Phone: 1800 035 544

7. Website Cookies and Analytics

Our website may use cookies and similar technologies to improve your browsing experience and help us understand how visitors use our site. Cookies are small text files stored on your device by your web browser.

Types of Cookies We Use

• Essential cookies: Required for the website to function properly, such as maintaining session state and security
• Analytics cookies: Help us understand how visitors interact with our website by collecting information such as pages visited, time on site, and referral source. We use Google Analytics, which collects anonymous, aggregated data

Managing Cookies

You can control or delete cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Please note that disabling cookies may affect the functionality of some parts of our website.

Third-Party Services

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal information.

8. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, the updated policy will be published on our website with a revised date. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

9. Contact Us

If you have any questions about this privacy policy, wish to make an access or correction request, or want to raise a privacy concern, please contact us:

• Privacy Officer
  Create Allied Health Services Pty Ltd
• Email: admin@createalliedhealth.com.au
• Phone: 1800 930 350
• Location: Sydney, NSW, Australia

We will acknowledge receipt of your enquiry and aim to respond within 30 days.