Privacy policy.

Privacy Policy — Belle Women’s Health

Last updated: 25 February 2026

Clinic: Belle Women’s Health (ABN 62 691 099 868)
Practice address: Ground level, 60 Leichhardt Street, Spring Hill, QLD 4000
General contact: reception@bellewh.com.au | 07 3543 6111
Privacy Officer: Chief Executive Officer | reception@bellewh.com.au

1. About this Policy (APP 1)

Belle Women’s Health (“we”, “our”, “us”) provides private health services in Australia. We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy explains the kinds of personal information we collect, how we collect, use, disclose and protect it, how you can access and correct it, how to complain, and whether we disclose overseas. This Policy applies to both our clinical services and our website interactions.

2. What we collect (personal and health information)

We collect information reasonably necessary to provide our services, including:

  • Identity & contact: name, date of birth, address, email, phone.

  • Government identifiers used in healthcare: Medicare/DVA numbers and healthcare identifiers (we do not use these to identify you within the practice except as permitted by law).

  • Health information (sensitive information): presenting complaints, symptoms, history, diagnoses, treatments, medications, allergies, referrals, clinical images, specialist letters, care plans, recalls, and any relevant social or family history.

  • Diagnostics and results: pathology and imaging requests and reports.

  • Administrative/billing: appointments, Medicare/insurer claims, account and payment records.

  • Website/technical: IP address, device/browser details, pages viewed, timestamps, and cookies/analytics used to operate and secure our website.

3. How we collect your information

We collect information:

  • Directly from you (forms, phone/email, telehealth, in‑person consultations).

  • From a person responsible for you (where appropriate).

  • From third parties where permitted or required by law: other providers involved in your care (GPs, specialists, allied health), hospitals, diagnostic services, pharmacies/e‑prescription services, Medicare/DVA, health funds, and the My Health Record system.

We take reasonable steps to ensure the information we collect is accurate, up‑to‑date and complete.

4. Why we collect, use and disclose your information (APP 6)

Primary purposes:

  • To provide and coordinate healthcare, including requesting, receiving and discussing tests, preparing referrals, and communicating with you about your care.

  • To arrange billing, Medicare/DVA and health fund claims, and account administration.

  • To comply with legal obligations (e.g., notifiable disease reporting, child protection).

Directly related secondary purposes you would reasonably expect:

  • Quality assurance, clinical audit, accreditation, practice management, and staff training/supervision (with appropriate confidentiality safeguards).

  • Appointment recalls/reminders (subject to your preferences).

We do not sell your personal information.

5. Disclosures we commonly make

We may disclose personal information to:

  • Other treating providers involved in your care (e.g., GPs, specialists, allied health).

  • Diagnostic services, pharmacies/e‑prescription or secure messaging services, hospitals and other healthcare facilities.

  • Medicare/DVA, health funds and claims intermediaries for claiming/eligibility.

  • Government regulators and oversight bodies where required or authorised by law (e.g., OAIC for privacy complaints).

  • Our contracted service providers (e.g., secure cloud hosting, practice software, IT support) under agreements requiring APP‑compliant safeguards and confidentiality.

6. My Health Record

As a participating healthcare provider organisation, we may upload information to, and view information from, your My Health Record to support your care, in accordance with your access controls and the My Health Records Act 2012. Information downloaded to our local system is then handled under the Privacy Act and the APPs like other health information we hold. We maintain a My Health Record security and access policy and comply with ongoing participation obligations.

7. Direct marketing

We only send health service updates or marketing communications with your consent. You may opt out at any time using the method in the message or by contacting us.

8. Anonymity and pseudonyms (APP 2)

You may interact with us anonymously or using a pseudonym where lawful and reasonably practicable (e.g., general enquiries). For clinical care and where Medicare/insurer billing applies, anonymity is generally impracticable.

9. Cross‑border disclosures (APP 8)

We seek to store and process personal information in Australia and do not routinely disclose overseas. If an overseas disclosure becomes reasonably necessary (e.g., continuation of care while you are overseas, or a service provider that stores or accesses data outside Australia), we will inform you and take reasonable steps to ensure the recipient will not breach the APPs, or we will obtain your consent where required.

10. Data security (APP 11)

We implement reasonable and proportionate technical, administrative and physical safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Measures include role‑based access controls, encryption in transit and at rest (where supported), secure cloud hosting, audit logging, patching, backups, staff training and confidentiality obligations, and vendor due diligence.

11. Retention and destruction

We retain health records for at least 7 years from the date of last entry for adults, and for children until they reach 25 years of age (or longer where required, e.g., for actual or reasonably anticipated medicolegal matters). When no longer required by law or for authorised purposes, information is securely destroyed or de‑identified. We keep a record of destruction where applicable. (Industry‑standard guidance)

12. Access and correction (APP 12–13)

You may request access to, or correction of, your personal information by contacting our Privacy Officer. We will respond within a reasonable time (usually within 30 days). We may need to verify your identity and, where permitted by law, charge a reasonable cost‑recovery fee for providing copies (not for making a request). If we refuse access or correction, we will provide written reasons and information about complaint options.

13. Data breaches — Notifiable Data Breaches (NDB) scheme

We maintain a data breach response process. If an eligible data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the NDB scheme. If a breach relates to the My Health Record system, we will also notify the Australian Digital Health Agency (System Operator) as soon as practicable.

14. Queries or complaints about privacy

Please contact our Privacy Officer first (reception@bellewh.com.au). We will acknowledge and respond within a reasonable timeframe. If you are not satisfied with our response, you can contact the OAIC: 1300 363 992 | enquiries@oaic.gov.au | GPO Box 5218, Sydney NSW 2001 | oaic.gov.au.

15. Private vs state privacy regimes (Queensland)

As a private sector health service provider in Queensland, we are covered by the Commonwealth Privacy Act and the APPs. State privacy laws primarily apply to public sector agencies.

16. Changes to this Policy

We may update this Policy to reflect legal, operational or technological changes. The latest version will be published on our website with an updated effective date. Where changes are material, we will take reasonable steps to notify you.