Privacy Policy

1. Introduction

Based ("we", "us", "our") is committed to protecting the privacy and confidentiality of our clients’ personal and health information. We operate in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) and applicable health privacy laws in Western Australia.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you engage with our services or visit our website.

2. Collection of Personal Information

We may collect personal and sensitive information necessary for providing occupational therapy services, including:

  • Personal information: full name, date of birth, address, phone number, email, and emergency contacts

  • Health information: medical history, diagnosis, treatment notes, referrals, and assessments

  • Billing and payment details: Medicare, NDIS number, health fund details, invoices, and payment methods

  • Website and digital interactions: forms submitted, appointment requests, and communications

We collect this information through face-to-face consultations, phone calls, emails, our website, and third-party referrals. In some cases, we may collect information from other health professionals, carers, or support workers with your consent.

3. Use of Your Personal Information

We use your personal information to:

  • Deliver occupational therapy services

  • Develop and document treatment plans and reports

  • Communicate with you or authorised representatives

  • Manage appointments, billing, and administrative requirements

  • Meet legal, regulatory, or professional obligations

4. Use of Heidi Health AI Scribe

We may use Heidi Health, an AI scribe tool, to support clinical documentation. Heidi Health complies with the Privacy Act 1988 and securely processes session transcripts, which are deleted from their system within 7–10 days. Your consent will be obtained before using this tool in your care.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With your consent, to other healthcare providers involved in your care

  • With third-party service providers who assist us (e.g., IT, administration), under strict confidentiality obligations

  • For Medicare, private health fund, or NDIS claims and audits

  • When required or authorised by law, such as in cases of serious risk to health, safety, or mandatory reporting

  • To professional indemnity insurers or legal representatives in the event of a claim or complaint

We do not disclose your information to overseas recipients unless legally required or with your explicit consent.

6. Your Rights and Choices

You have the right to:

  • Access your personal and health records

  • Request correction of any inaccurate or incomplete information

  • Withdraw consent to share or use your information (subject to legal or clinical limitations)

  • Complain if you believe your privacy has been breached

To make a request or complaint, contact us using the details at the end of this policy. We will respond within a reasonable timeframe. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

7. Children’s Privacy

We may collect personal and health information about children under the age of 18 when providing therapy services. This information is collected with the consent of a parent or legal guardian and is treated with the same level of privacy and protection as adult records.

8. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes implementing physical, electronic, and managerial security measures.

We also use Splose, a practice management software, to securely manage client information. Splose complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, ensuring transparent and responsible data handling. All data is securely stored on Amazon Web Services (AWS), adhering to stringent privacy policies and industry-leading security measures. Data is protected using robust encryption methods, including AES-256 for data at rest and TLS 1.2+ for data in transit. Splose also implements user management features such as role-based access controls, two-factor authentication, and session timeouts to enhance security.

9. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in legal requirements, technology, or our practice operations. Updates will be posted on our website and available upon request. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact below

Contact us.

info@basedhealth.com.au
0421228528

85 Guthrie Street
Osborne Park, WA 6017