Book a discovery call

Specialist Healthcare Clinics

Privacy Policy

Effective date: 1 May 2025  ·  Last updated: May 2026

Specialist Healthcare Clinics Pty Ltd is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, disclose, and safeguard your personal and health information.

By using our website or services, you consent to the practices described in this policy.

01About This Policy

This Privacy Policy applies to all personal information collected by Specialist Healthcare Clinics Pty Ltd (“SHC”, “we”, “us”, “our”) through our website, clinic operations, referral processes, and associated digital platforms.

We may update this policy from time to time. The current version will always be available on our website. Continued use of our services following any update constitutes your acceptance of the revised policy.

02What Information We Collect

We may collect the following types of personal information:

  • Identity information: name, date of birth, gender
  • Contact information: address, phone number, email address

Health records, Medicare details, insurance information, and clinical data are held within our partner clinics' own systems. SHC accesses this information on a read-only basis where necessary to deliver MSO services, but does not collect or store it on our own systems. See Section 09 for further detail.

03How We Use Your Information

We use personal information for the following purposes:

  • Delivering management and administrative services to our partner clinics
  • Managing billing, financial reporting, and operational analytics on behalf of partner clinics
  • Supporting accreditation, compliance, and regulatory obligations
  • Communicating with you in connection with our services (with your consent where required)
  • Improving our platform, systems, and service delivery

We will not use your information for any secondary purpose without your consent, except where permitted by law.

04Disclosure to Third Parties

We may disclose your personal information to third parties in the following circumstances:

Software providers & technology contractors

We use trusted third-party software platforms and technology service providers to operate our clinics efficiently. These may include practice management systems, patient communication platforms, cloud storage providers, data analytics tools, and IT support contractors. These parties may access your personal information solely to perform services on our behalf and are contractually bound to:

  • maintain the confidentiality of your information;
  • use it only for the purpose for which it was disclosed;
  • handle it in accordance with the Australian Privacy Principles; and
  • not disclose it to any further party without our express authorisation.

We may also disclose your information to regulatory and government bodies where required by law, and to legal and compliance advisors where necessary to protect our legal rights or comply with a court order.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

05Overseas Disclosure

Some of our software providers and cloud infrastructure partners may store or process data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.

By using our services, you consent to your information being held or processed overseas by such providers in accordance with this policy. Where we are unable to ensure an equivalent level of protection, we will seek your specific consent before any overseas disclosure, unless an exception under the Privacy Act applies.

06Security of Your Information

We take reasonable technical and organisational steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These include:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements for all staff
  • Regular security assessments of our systems and third-party providers
  • Staff training on privacy obligations and data handling

In the event of an eligible data breach under the Notifiable Data Breaches scheme, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by law.

07Access & Correction

You have the right to request access to the personal information we hold about you, and to request correction of information that is inaccurate, out of date, incomplete, or misleading.

Requests can be made by contacting our Privacy Officer (see below). We will respond within a reasonable period (generally 30 days). In some circumstances, we may be required by law to refuse access — if so, we will explain why in writing.

We do not charge a fee for making an access request, though we may charge a reasonable fee for producing copies of records.

08Complaints

If you believe we have handled your personal information in a manner that does not comply with the Privacy Act or the Australian Privacy Principles, you may lodge a complaint with our Privacy Officer. We will acknowledge your complaint promptly and aim to resolve it within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

09System Integration & Portal Access

To provide management services to our partner clinics, SHC connects to clinic-operated practice management and billing systems via secure, read-only integration. Under this model:

We do not store patient health records on our own systems.

SHC accesses operational and financial data held within clinic systems (such as appointment volumes, billing data, and practitioner activity) in real time. Patient clinical records — including medical histories, diagnoses, treatment notes, pathology and imaging results — remain on the clinic's own systems and are not replicated or retained on SHC infrastructure.

Where our portal or integration tools display clinic data, that data is retrieved directly from the relevant clinic's systems at the point of access.

SHC's access to clinic systems is governed by Data Access & Integration Agreements with each clinic partner, which require SHC to:

  • restrict access to authorised SHC personnel only;
  • use clinic data solely for the purpose of delivering agreed MSO services;
  • implement multi-factor authentication and audit logging for all system access;
  • notify the relevant clinic promptly in the event of any suspected data incident involving their data; and
  • comply with all applicable Privacy Laws as if SHC were the responsible entity for that data.

10Contact Us

Return to site

Questions about this policy can be sent to our Privacy Officer.

Back to homepage