Privacy Policy

Last updated: 19 May 2026

Grace Family Practice (“the Practice”, “we”, “us” or “our”) is committed to protecting the privacy of every patient, visitor and member of the public who interacts with us. This Privacy Policy explains how we collect, use, disclose, store and secure your personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Health Records and Information Privacy Act 2002 (NSW), the My Health Records Act 2012 (Cth) and the Royal Australian College of General Practitioners (RACGP) Standards for general practices (5th edition).

Who we are

Grace Family Practice is a family-oriented general practice located at Unit 5/10 Hassall Street, Smithfield NSW 2164. You can contact us on (02) 9604 7377 or visit gracefamilypractice.com.au.

The information we collect

To provide you with safe, accurate and continuous medical care we collect personal information that is reasonably necessary for our functions. This typically includes:

  • Your name, date of birth, gender, address, contact details and emergency-contact details;
  • Medicare number, DVA number, private-health-fund details, pensioner / health-care-card details and other government identifiers needed for billing or claiming;
  • Your medical history, current medications, allergies, immunisations, family medical history and lifestyle information relevant to your care;
  • Clinical notes, examination findings, pathology and imaging results, referrals, hospital discharge summaries and correspondence from other treating practitioners;
  • Information collected through our website, online-booking system and patient feedback forms (including IP address, browser type and pages visited — see Website & cookies below).

How we collect your information

Where practical we collect information directly from you — when you book an appointment, fill in a new-patient form, attend a consultation, telephone the practice or use our online booking tool. With your consent we may also collect information from:

  • Other treating doctors, specialists, allied-health providers and hospitals involved in your care;
  • Pathology and diagnostic-imaging providers;
  • Your parent, guardian, carer or authorised representative;
  • The My Health Record system, the Australian Immunisation Register and Medicare, where you are registered.

Why we collect, use and hold your information

Your personal and health information is collected and used so that we can:

  • Provide you with safe, high-quality medical care and follow-up;
  • Communicate with you about appointments, recalls, reminders, test results and health-promotion activities relevant to your care;
  • Process Medicare, DVA, private-health-fund and workers’ compensation claims and accounts;
  • Meet our legal, professional and accreditation obligations, including mandatory reporting and audit requirements;
  • Conduct quality-improvement, accreditation, training and clinical-audit activities (using de-identified data wherever possible);
  • Manage complaints, incidents and the day-to-day operation of the practice.

Who we disclose your information to

We treat your information as confidential. We will only disclose it to third parties where you have provided consent, where disclosure is reasonably necessary for your care, or where we are required or authorised by law. Recipients may include:

  • Other treating doctors, specialists, allied-health providers and hospitals;
  • Pathology and diagnostic-imaging providers we have referred you to;
  • Medicare Australia, the Department of Veterans’ Affairs, private health insurers and workers’ compensation insurers, for billing and claims;
  • The My Health Record system (if you have a record and you have not opted out of a particular upload), the Australian Immunisation Register and disease registers required by law;
  • Our IT service providers and electronic-health-record vendors who host or maintain our clinical software under strict confidentiality and security obligations;
  • Law enforcement, courts, tribunals, the Coroner and other government agencies, where we are legally compelled to do so;
  • Our medical defence organisation, lawyers, accountants and accreditation assessors, on a need-to-know basis.

We do not sell, rent or trade your personal or health information, and we do not use it for marketing purposes without your express consent.

Overseas disclosure

Your information is generally held within Australia. Some of our cloud-hosted clinical or business software providers may store data in secure data centres outside Australia. Where this occurs, we take reasonable steps to ensure those providers comply with the Australian Privacy Principles and contractual confidentiality obligations.

How we store and protect your information

Your medical record is kept electronically in our practice management system. We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification or disclosure, including:

  • Password-protected, role-based access to clinical systems;
  • Regular encrypted backups stored in secure facilities;
  • Up-to-date anti-virus, firewall and operating-system patching;
  • Confidentiality agreements signed by all staff and contractors;
  • Secure paper-record storage and secure destruction of records when no longer required.

In line with NSW health-records legislation, adult medical records are retained for at least seven (7) years from the date of last entry, and children’s records until the patient turns 25 years of age, after which they are securely destroyed.

Accessing and correcting your information

You have the right to request access to the personal and health information we hold about you, and to request correction of any information you believe is inaccurate, incomplete or out of date. Requests should be made in writing to the Practice Manager at the address below. We will respond within a reasonable period (generally within 30 days) and may charge a reasonable fee for retrieval, copying or postage. In limited circumstances permitted by law we may refuse access — if we do, we will give you written reasons.

Communicating with you

We may contact you by telephone, SMS, email or post to confirm appointments, communicate test results, send recalls and reminders for preventive care, or to follow up on your treatment. You can opt out of non-clinical communications at any time by telling reception. Clinically important communications (such as significant abnormal results) will still be made because of our duty of care.

Website & cookies

Our website does not require you to provide personal information to browse it. When you visit the site we may automatically collect non-identifying technical information — such as IP address, browser type, referring page and pages visited — through standard web-server logs and analytics tools (for example Google Analytics and Google Search Console) to help us understand how the site is used and to improve it. Cookies may be used to remember your preferences; you can disable cookies in your browser settings, though parts of the site may not function as intended.

Our website may contain links to third-party websites (for example online booking, government information services, or social media). We are not responsible for the privacy practices of those websites and recommend you review their own privacy policies.

Data breach notification

If we become aware of an actual or suspected data breach involving your personal or health information that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988, including notifying you and the Office of the Australian Information Commissioner (OAIC) where required.

Complaints

If you have a concern or complaint about how we have handled your personal or health information, please contact our Practice Manager in the first instance. We take all complaints seriously and will acknowledge receipt promptly and investigate fairly.

Grace Family Practice
Unit 5/10 Hassall Street, Smithfield NSW 2164
Phone: (02) 9604 7377

If you are not satisfied with our response you may contact:

  • The Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au, 1300 363 992;
  • The NSW Information and Privacy Commission — www.ipc.nsw.gov.au, 1800 472 679;
  • The Health Care Complaints Commission (NSW) — www.hccc.nsw.gov.au, 1800 043 159.

Changes to this Privacy Policy

We review this Privacy Policy from time to time and may update it to reflect changes in our practice, technology or the law. The most current version is always available on this page and supersedes any earlier version.