Facebook Instagram Envelope

Patient Privacy

Privacy Policy

Our commitment to your privacy

My Therapy Space is committed to protecting your personal and health information in accordance with:

  • The Privacy Act 1988

  • The Australian Privacy Principles (APPs)

  • NDIS Practice Standards, including the requirements for privacy and confidentiality of client information.

This policy explains how we collect, use, store, and disclose your information and how you can access or correct it.

Consent

By using our services or submitting your personal information, you consent to its collection and use for:

  • Assessment and therapy services

  • Communication with you and your support network

  • Billing and claims (NDIS, Medicare, private health funds)

  • Compliance with legal or regulatory obligations

We will request your additional consent before using your information for purposes outside these areas.

What information we collect

We collect personal information needed to provide quality care, including:

  • Identity and contact details (name, date of birth, address, phone, email)

  • Emergency and next of kin contacts

  • Health information (medical history, assessments, therapy notes, treatment plans)

  • Referral information from doctors, schools, or other providers

  • Medicare, NDIS, and private health insurance details

  • Billing and payment information

  • Website and communication data (IP address, cookies, enquiry forms)

How we collect information

  • From you directly via intake forms, service agreements, online booking, phone, or email

  • During therapy sessions and consultations

  • With your consent from third parties (parents/guardians, doctors, NDIS, schools, insurers)

How we use your information

We use your information to:

  • Provide safe, high-quality therapy and allied health services

  • Communicate with you, your family, and your support team

  • Manage appointments, billing, and claims

  • Comply with legal and NDIS reporting obligations

  • Improve our services through audits, quality assurance, and research (de-identified data only)

How we store and protect your information

Information is stored securely:

  • Electronically in Splose (practice management) and Xero (billing/accounting)

  • Paper records are scanned into Splose and shredded

  • Video or image records securely stored

  • Protected with passwords, two-factor authentication, encryption, and antivirus measures

  • Staff and contractors sign confidentiality agreements

CCTV is used in public areas for client and staff safety.

Disclosure of your information

We only share your information when necessary:

  • With healthcare providers involved in your care

  • With NDIS, Medicare, or insurers for claims and compliance

  • With schools or support services (with consent)

  • When legally required (e.g. mandatory reporting, subpoenas)

  • With authorized third-party service providers (Splose, Xero, IT/cloud providers)

We do not share your information outside Australia without consent unless legally required.

Access, correction, and complaints

You have the right to:

  • Access your personal and health information

  • Request corrections if your information is inaccurate

  • Make a privacy-related complaint

Requests should be made in writing:

  • Email: reception@mytherapyspace.com.au

  • Privacy complaints: managers@mytherapyspace.com.au

We aim to respond within 14 days. If unresolved, contact the Office of the Australian Information Commissioner: 1300 363 992 or www.oaic.gov.au.

Use of AI

AI tools may be used for clinical documentation (e.g., reports, progress notes). All outputs are reviewed by authorised clinicians to ensure accuracy and confidentiality.

Website and cookies

  • We may collect IP addresses, browser type, and website usage data for analytics and improvement

  • Cookies are used to improve functionality; users can disable cookies via browser settings

  • Our website may link to third-party sites, for which we are not responsible

Data retention

  • Health records are retained until:

    • Age 25 if collected before age 18

    • Otherwise, 7 years from the last service

  • When no longer needed, records are securely destroyed or de-identified

Policy updates

This policy is reviewed regularly and updated as needed. The current version is always available on our website.

Last updated: 09/04/2026