Privacy Policy

1. Introduction

Reliance Care and Support (ABN: [ABN]) is committed to protecting the privacy and confidentiality of personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records Act 2001 (Vic).

We are a registered NDIS provider (NDIS Number: 4-4331-4851) delivering allied health and support services from our clinic at 341C Forsyth Road, Truganina VIC 3029.

This policy explains how we collect, use, store, disclose, and protect your personal information and health information. It applies to all interactions with our practice, including in-person visits, phone calls, and submissions made through our website at reliancecareandsupport.com.au.

2. What Information We Collect

Personal Information

• Full name, date of birth, and gender
• Residential address and postal address
• Phone number(s) and email address
• Medicare number and healthcare identifiers
• NDIS participant number (where applicable)
• Emergency contact details
• Billing and payment information

Health Information

• Medical history, current diagnoses, and conditions
• Referral letters and reports from other health professionals
• Treatment plans, progress notes, and clinical assessments
• NDIS plans and funding information
• Medications, allergies, and adverse reactions
• Uploaded documents such as referral forms, reports, and supporting documentation

Information Collected via Web Forms

When you submit a form through our website (including appointment requests, NDIS referrals, psychology referrals, and general enquiries), we collect the information you enter into the form fields, any files you upload, the date and time of your submission, and your consent confirmation.

3. How We Collect Information

We collect personal and health information through the following means:

• Directly from you — during in-person consultations, phone calls, and when you complete intake or registration forms at our clinic
• Online forms — when you submit appointment requests, referrals, or enquiries through our website
• From referring practitioners — when your GP, specialist, or other health professional sends us a referral or clinical report
• From the NDIS — when we receive your NDIS plan, service bookings, or funding information in the course of delivering your supports
• From your guardian or nominee — where you have authorised another person to act on your behalf
• From other healthcare providers — hospitals, pathology labs, imaging centres, and other allied health professionals involved in your care

4. Why We Collect Information

We collect your personal and health information for the primary purpose of providing you with allied health services and NDIS supports. Specifically, we need your information to:

• Assess your needs and provide appropriate therapy and support services
• Process referrals from GPs, specialists, and NDIS coordinators
• Develop and implement treatment and support plans
• Coordinate your care with other health professionals
• Manage NDIS service agreements, service bookings, and funding claims
• Meet our obligations under NDIS legislation and quality standards
• Comply with Medicare and health records legislation
• Contact you about appointments and follow-up care

5. How We Use Your Information

Your information is used for:

• Delivering allied health services including physiotherapy, occupational therapy, speech pathology, psychology, dietetics, osteopathy, exercise physiology, and positive behaviour support
• Managing your appointments, waitlists, and scheduling
• Preparing clinical reports, progress notes, and assessments
• Submitting claims and reports to the NDIS, Medicare, WorkCover, and TAC
• Internal quality improvement and clinical audit purposes
• Communicating with you about your care, including appointment reminders and follow-up correspondence
• Meeting accreditation and regulatory requirements

We will not use your personal information for direct marketing without your express consent. If you do consent, you may opt out at any time by contacting us.

6. Who We Share Information With

We may share your personal and health information with the following parties, with your consent or as required or authorised by law:

• Your referring GP or specialist
• Other healthcare providers involved in your care (e.g. hospitals, pathology, imaging services)
• The National Disability Insurance Agency (NDIA) and NDIS-related entities for service delivery and reporting
• Medicare Australia for billing and claiming purposes
• WorkCover and the Transport Accident Commission (TAC) where applicable
• Accreditation bodies and regulatory authorities (e.g. AHPRA, NDIS Quality and Safeguards Commission)
• Our technology service providers who assist with data storage and processing (see Section 11 — Third-Party Services)

We will not share your information with anyone outside Australia without your consent, except under exceptional circumstances permitted by law.

Information may also be disclosed without consent where required by law (e.g. court subpoenas, mandatory notifications), where necessary to prevent a serious threat to life, health, or safety, or for the purpose of locating a missing person.

7. How We Store and Protect Your Information

We take the security of your personal and health information seriously. We implement the following measures:

• All electronic records are stored on secure cloud infrastructure hosted in Sydney, Australia (AWS ap-southeast-2 region)
• Our database is hosted on Supabase, with servers located in Sydney, Australia
• Uploaded files (such as referral documents) are stored in Amazon Web Services (AWS) S3 with server-side encryption (AES-256), located in Sydney, Australia
• All data is encrypted in transit using TLS/SSL
• Access to patient information is restricted to authorised staff on a need-to-know basis
• We use access controls, authentication, and audit logging to track who accesses information and when
• Physical records (where applicable) are stored in locked, secure areas

8. Data Retention

We retain personal and health information in accordance with applicable health records legislation:

• Health records for adult patients are retained for a minimum of 7 years from the date of the last entry, in accordance with the Health Records Act 2001 (Vic)
• Health records for children are retained until the patient turns 25 years of age, or for 7 years after the last entry, whichever is later
• Files uploaded through our website (such as referral documents and supporting documentation) are automatically deleted from our file storage after 90 days. The information contained in those files is retained in our clinical records system for the retention periods stated above.
• NDIS records are retained in accordance with NDIS Practice Standards and relevant legislation

When records are no longer required to be retained, they are securely destroyed using appropriate methods for the type of record (e.g. secure digital deletion, shredding of paper records).

9. Your Rights

Under the Australian Privacy Act 1988 and the Health Records Act 2001 (Vic), you have the right to:

• Access your information — you may request a copy of the personal and health information we hold about you
• Request corrections — if you believe information we hold about you is inaccurate, incomplete, or out of date, you may request that we correct it
• Withdraw consent — you may withdraw your consent for us to collect, use, or disclose your information at any time, although this may affect our ability to provide services to you
• Deal with us anonymously — you have the right to deal with us anonymously or under a pseudonym where practicable, although this is generally not possible for the provision of health services
• Lodge a complaint — if you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, please contact us using the details at the bottom of this page. We will respond to access and correction requests within 30 days.

10. Web Forms and Online Collection

Our website at reliancecareandsupport.com.au provides online forms for appointment requests, NDIS referrals, psychology referrals, general enquiries, and feedback. When you submit a form through our website:

• The information you enter into the form fields is transmitted securely using TLS/SSL encryption
• Form submissions are stored in our database hosted in Sydney, Australia
• Any files you upload (e.g. referral letters, reports) are stored securely in AWS S3 in Sydney, Australia, with server-side encryption
• Uploaded files are automatically deleted after 90 days; the clinical information is retained in our records system
• We record the date, time, and your consent confirmation with each submission

Consent

Each online form includes a consent checkbox that you must confirm before submitting. By checking this box and submitting the form, you consent to the collection, storage, and use of the information you provide for the purpose of delivering healthcare services to you.

Google reCAPTCHA

Our online forms use Google reCAPTCHA to protect against spam and automated submissions. When you submit a form, Google reCAPTCHA may collect certain information including your IP address, browser type, and interaction data. This information is processed by Google in accordance with the Google Privacy Policy and Terms of Service.

11. Third-Party Services

We use the following third-party service providers to operate our practice and website. These providers are contractually obligated to protect your information:

With the exception of Google reCAPTCHA (which processes limited interaction data for bot detection only), all personal and health information is stored and processed within Australia.

12. Complaints

If you believe we have breached your privacy or mishandled your personal information, you are encouraged to raise your concern with us first so we can attempt to resolve it.

Step 1: Contact Us

Submit your complaint in writing to our Privacy Officer at mail@reliancecareandsupport.com.au or by post to 341C Forsyth Road, Truganina VIC 3029. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

Step 2: External Complaints

If you are not satisfied with our response, you may lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC)
  Website: www.oaic.gov.au
  Phone: 1300 363 992
• Health Complaints Commissioner (Victoria)
  Website: www.hcc.vic.gov.au
  Phone: 1300 582 113
• NDIS Quality and Safeguards Commission
  Website: www.ndiscommission.gov.au
  Phone: 1800 035 544

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services or website after changes are published constitutes acceptance of the updated policy.