Practice Privacy Policy

Introduction & Purpose

We are committed to protecting the privacy of the personal and health information we collect and to handling that information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, cyber security legislation and the Information Privacy Act 2009 (Qld) (referred to as privacy legislation).

This Privacy Policy explains how we collect, use and disclose your personal information, how you can access and request correction of that information, and how you may make a complaint if you are concerned there has been a breach of privacy legislation.

From time to time, we may make changes to our policy, processes, or systems for managing personal information.  This Privacy Policy will be updated to reflect any such changes.

When and why is consent required

When you first attend Your Dermatologist, we will ask you to provide certain information (for example, contact details) and to confirm you consent to the collection of that information. By providing this consent, you authorise our practitioners and staff to collect, access and use your personal health information for the purpose of delivering healthcare to you.  

Access to your personal information is restricted to practitioners and staff who require it to provide you with healthcare.

We will seek your express consent before using your personal information for any purpose that is not directly related to your healthcare.

Collection of personal health information

We collect personal and sensitive health information that is necessary for the provision of healthcare. This may include, but is not limited to:

  • Personal identifiers: such as name, date of birth, address, and contact details

  • Health and medical information: including medical history, clinical notes, diagnostic test results, imaging, referrals, and treatment plans

  • Funding and identification details: such as Medicare, Department of Veterans’ Affairs (DVA) numbers, or other relevant healthcare identifiers

  • Clinical images: We may take photographs or other clinical images with your consent, which will be obtained at the time the images are taken.

This information is collected directly from you wherever possible. In some cases, we may receive information from your other healthcare providers, specialists, or authorised representatives where this is necessary to support your care.

Use and disclosure of personal health information

We may use or disclose your personal and health information for the following purposes:

  • to provide medical treatment and care, including communicating with other healthcare providers involved in your care

  • for administrative purposes, including billing and meeting our legal and regulatory obligations

We may communicate with you, or about you, using the following methods – SMS/text messaging, email, secure messaging platforms, or encrypted messaging services. These communications may include your personal and health information.

We do not disclose personal information to overseas recipients unless it is necessary for the provision of healthcare and appropriate safeguards are in place, in accordance with Australian Privacy Principle 8.

Use for research/education, quality improvement and marketing

We are committed to continuously improving the quality of our services and supporting clinical education. Your personal and health information may be used in the following ways:

Quality improvement and staff education: We may use patient information for internal audits, staff training, and clinical review.  Where practicable, this information will be de-identified. These activities help us maintain high standards of care and safety.

Medical Research:  From time to time, we may participate in medical research projects. Where identifiable information is required, we will seek your express consent before using or disclosing your information. You may be contacted by a member of our team to discuss a research opportunity; however, you will never be contacted directly by researchers unless you have provided consent. Identifiable information will only be used or disclosed for research if the project has appropriate ethics approval and complies with legal and privacy requirements.

De-identified Data Sharing: We may contribute de-identified health information to health improvement initiatives, registries or benchmarking activities. This information does not identify you and is stored securely. If you do not wish for your de-identified information to be included, please inform our reception staff.

Marketing: We will not use your personal information to market goods or services without your express consent. If you do provide consent, you may opt out of receiving marketing communications at any time by notifying us in writing or using the unsubscribe function provided in those communications. 

Data security and retention

We will take reasonable steps to ensure that the personal information we hold is accurate, complete, up to date, and relevant. We implement robust technical and administrative measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

  • secure electronic medical record systems with role-based access controls

  • regular staff training on privacy and data protection

  • a robust cybersecurity framework

  • regular audits and updates to our software and cybersecurity measures

Personal information is retained in accordance with applicable legal, regulatory, and professional obligations. Once information is no longer required for the purpose for which it was collected, and the minimum retention period has passed, it will be securely destroyed or de-identified in accordance with privacy legislation.

Access to and correction of information

You have the right to access your personal information. To request access or corrections, please contact our Practice Manager in writing.

We will respond within 30 days. A small fee may apply to cover administrative costs (but you will not be charged for making the request).

We will respond to such requests in accordance with applicable privacy principles and legislation.

Privacy enquiries and complaint

If you have any questions or concerns about how your personal information is handled or want to request access to or correction of your information, please contact:

The Practice Manager
Your Dermatologist
Shop 2, Ground Level

89 Lytton Road
East Brisbane QLD 4169
Ph: (07) 3872 3535
practicemanager@yourderm.com.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au
Phone: 1300 363 992

Policy review statement

This Privacy Policy was created on 21 January 2026. We review this policy at least annually, and more frequently if there are changes to our operations, relevant legislation, or technology. Significant changes may be communicated to patients via email, in-practice notices, or on our website.