top of page

Privacy Policy

1. Our Commitment to Your Privacy

Shepherds Hill Psychology is committed to protecting your privacy and the confidentiality of your personal and health information. This policy explains how we collect, use, store and disclose your personal information, and how you can access or correct your information or make a complaint.

We comply with:

  • The Privacy Act 1988 (Cth)

  • The Australian Privacy Principles (APPs)

  • The Notifiable Data Breeches Scheme

  • Professional Obligations under AHPRA and the APS code of Ethics

2. What Information We Collect

We may collect the following types of information:


Personal Information

  • Name, date of birth, address, phone number, email

  • Emergency contact details

  • Medicare or private health insurance details

  • Referral information

  • Mental health history

  • Treatment notes

  • Symptom Measures 

  • Previous psychology assessment reports

  • Correspondence from or to other health professionals

We only collect information that is necessary to provide psychological services and manage your care and appointments.

3. How We Collect Your Information

We may collect your information when you:

  • Complete intake or consent forms

  • Attend sessions

  • Provide information over the phone, email, or online systems

  • Are referred by your GP or another professional

  • Referring provider information

4. Why We Collect and Use Your Information

We collect and use your information to:

  • Provide psychological treatment

  • Manage appointments

  • Communicate with you about your care

  • Process Medicare or insurance claims

  • Meet legal, professional, and regulatory obligations

If you do not provide necessary information, we may not be able to provide appropriate services.

5. Consent

By engaging with sessions at Shepherds Hill psychology and providing your information, you are providing informed consent for us to collect, use and store your information for the purposes of providing psychological services and managing your care. You may withdraw or limit consent for certain disclosures at any time in writing.

Consent is specifically required before we:

  • Provide reports to third parties (e.g., lawyers, insurers, employers)

  • Share information with family members or other non-treating parties

6. Who We May Share Your Information With

We may disclose your information to:
 
Clients’ personal information will remain confidential except when:

  • It is subpoenaed by a court; or

  • Failure to disclose the information would in the reasonable belief of Shepherds Hill Psychology to place a client or another person at serious risk to life, health or safety; or

  • The client’s prior approval has been obtained to:

    • provide a written report to another professional or agency, e.g., a GP or a lawyer; or

    • discuss the material with another person, e.g. a parent, employer or health provider; or

    • disclose the information in another way; or

  • You would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected; or

  • Disclosure is otherwise required or authorised by law.

 
Where possible, we will discuss this with you before disclosure.

7. Overseas Storage and Cloud Systems, Use of AI Scribe

Shepherds Hill Psychology uses secure electronic practice management systems. Some data may be stored on servers located outside Australia, depending on the service provider. 

At Shepherds Hill Psychology we use an AI enhanced note taker to focus more on communication and your care during sessions. Our AI note taker, NovoNote, helps by transcribing the session and then providing a summary of that session. The transcript of the session will be deleted and will not make up part of your patient file, while the summary is saved as part of your file. Audio of the session is never saved. NovoNote complies with the Australian Privacy Principles and is compliant with AHPRA and HIPAA standards. It adheres to industry encryption and security protocols. NovoNote operates on a secure server in Australia and your data does not contribute to training AI models. For more detailed information on the security measures and protocols of NovoNote, please visit the security page: NovoPsych.com.au/NovoNote_Security

8. How We Store and Protect Your Information

We take reasonable steps to ensure that your personal information is stored securely and protected from unauthorised access, disclosure, or misuse. This includes:

  • Using secure electronic systems for storing and transmitting personal information.

  • Implementing access controls, Multi Factor Authorisation and restrictions on who can access your information.

  • Only authorised staff and your treating psychologist can access your clinical information.

9. How Long We Keep Your Information

We retain client records in line with professional and legal requirements:

  • Adults: at least 7 years after last contact

  • Children: until the client turns 25 years of age

After the retention period, records are securely destroyed using approved destruction methods.

10. Accessing and Correcting Your Information

You have the right to:

  • Request access to your personal information

  • Request correction of inaccurate or incomplete information

To request access or correction, please contact us in writing by email. We may require proof of identity before releasing information.


Access may be limited in rare circumstances where releasing information could pose a serious risk to your safety or another person, or where permitted by law.

11. Communication Outside of Sessions

We may contact you via phone, SMS, or email for:

  • Appointment reminders

  • Billing and administrative matters

  • Practice updates (with your consent)

We aim to avoid sending sensitive clinical information via email or SMS.

However, electronic communication carries some privacy risks, and by providing your contact details you acknowledge and accept these risks. You may opt out of non-essential communications at any time.

12. Data Breaches and Notification

A data breach occurs when personal information is accessed, disclosed, or lost without authorisation.

If a data breach occurs that is likely to result in serious harm, we will:

  • Investigate promptly

  • Take steps to reduce risk

  • Notify affected individuals

  • Notify the Office of the Australian Information Commissioner (OAIC), as required by law

13. Complaints and Concerns

If you have concerns about how your information has been handled, please contact practice admin on info@shepherdshillpsychology.com. We will investigate your complaint and respond as soon as possible.

 

If clients wish to lodge a formal complaint about the use of, disclosure of, or access to, their personal information, they may do so with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us or by post to: Office of the Australian Information Commissioner, GPO Box 5288, Sydney, NSW 2001.


You may also raise concerns with relevant professional bodies such as AHPRA or the APS.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website, and we encourage you to review this Privacy Policy periodically for any changes.

bottom of page