Authentic Connections Speech Pathology
Effective Date: 13 January 2025
Review Date: January 2026

1. Introduction

At Authentic Connections Speech Pathology (“we”, “our”, “us”), your privacy and the confidentiality of your health information are our top priorities.
We are bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and by the Health Records Act 2001 (Vic), including the Health Privacy Principles (HPPs).
We also uphold the Victorian Charter of Human Rights and Responsibilities, which protects your right to privacy.

This policy explains how we collect, use, store, and disclose your personal and health information, and how you can access and correct your information.

If you have any questions about this policy, please contact:
Brendan Tunbridge – Sole Trader
Email: brendan@acspeech.com

2. What Information We Collect

We may collect and hold the following information when it is necessary to provide you with speech pathology services:

• Identifying details: name, date of birth, gender, cultural or linguistic background.
• Contact information: address, phone number, email.
• Health and developmental information: medical history, therapy goals, educational information, reports from other providers.
• Financial details: for invoicing and payment processing.
• Other relevant information: as needed to provide safe, effective services.

We only collect information that is directly relevant to your care, our business, or legal obligations.

3. How We Collect Information

We collect personal information directly from you or your authorised representative, including through:

• Intake forms, consent forms, assessments, and therapy sessions.
• Phone calls, emails, or secure online platforms.
• Referrals or reports from other health or education professionals (with your consent).

In some cases, we may collect information from third parties where you have provided consent or where we are permitted or required by law.

4. Why We Collect Your Information

We collect, use, and store your information to:

• Provide speech pathology assessment and therapy services.
• Develop and review treatment plans.
• Communicate with you about your care.
• Liaise with other professionals involved in your support (with your consent).
• Manage billing and administration.
• Meet legal, professional, and regulatory requirements.

5. Anonymity and Pseudonymity

Under the HPPs and APPs, you may choose not to identify yourself or to use a pseudonym when dealing with us, where lawful and practicable.
However, due to the nature of health services, we generally require sufficient identifying information to provide safe and effective care.

6. Use and Disclosure of Information

We will only use or disclose your information:

• For the purpose it was collected (primary purpose).
• For a directly related secondary purpose that you would reasonably expect.
• With your consent.
• When required or authorised by law (e.g., court order, public health and safety concerns).

Examples of disclosure include:

• Sharing progress updates with your GP, specialist, or teacher (with your consent).
• Providing required information to funding bodies (e.g., NDIS) with your authorisation.

We do not sell, rent, or trade your personal information.

7. Cross-Border Disclosure

In the very unlikely case we need to store or process your data outside Victoria or Australia (e.g., secure cloud storage, AI tools), we will:

• Take reasonable steps to ensure the overseas recipient complies with equivalent privacy protections.
• Disclose the country or provider upon request.

Our current AI and cloud services are assessed for compliance with Australian privacy law. HIPAA compliance is noted where relevant for international tools, but Australian law takes precedence.

8. Data Quality and Minimisation

We take reasonable steps to ensure the personal information we collect is accurate, complete, and up to date. We do not collect more information than is reasonably necessary for the purposes of providing care or meeting legal requirements.

9. Data Security and Retention

We take active measures to protect your personal information from misuse, interference, loss, and unauthorised access. These include:

• Password-protected systems for electronic records.
• Locked storage for paper records.
• Restricted access to authorised personnel only.
• Secure transfer protocols for electronic communications.

We retain health records for:

• Adults – 7 years after the last contact (plus 1 year for compliance margin).
• Children – until the client turns 25 years old (6 years after turning 18, plus 1 year).

When no longer required, records are securely destroyed or permanently de-identified.

10. Notifiable Data Breaches

If a data breach occurs that is likely to result in serious harm, we will:

• Take immediate action to contain the breach.
• Notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

11. Access and Correction

You have the right to:

• Request access to the personal information we hold about you.
• Request corrections to ensure it is accurate, complete, and up to date.

Requests can be made in writing to brendan@acspeech.com.
In limited cases, we may refuse access or correction in line with the HPPs or APPs, but we will explain why.
We may charge a reasonable cost-recovery fee for access.

12. Complaints

If you have concerns about how your information has been handled, you can:

1. Contact us directly at brendan@acspeech.com.
2. If unresolved, lodge a complaint with:
   • Office of the Australian Information Commissioner (OAIC)
     Phone: 1300 363 992
     Email: enquiries@oaic.gov.au
     Website: www.oaic.gov.au
   • Health Complaints Commissioner (Victoria)
     Website: https://hcc.vic.gov.au

13. Policy Updates

This policy may be updated from time to time to reflect changes in laws, technology, or service delivery. The latest version will always be available on our website.