top of page

Privacy Policy

Vitality Lab collects client information in order to provide high quality care by all members of the healthcare team. We are guided by the Australian Privacy Principles and are bound by the Commonwealth Privacy Act 1988 and other relevant legislation. 

As a client of our clinic you may at any time request more information about the way we manage information held at Vitality Lab.

Policy Review

This policy is reviewed on an annual basis, or more frequently in response to changes in legal or professional guidelines when applicable.


The purpose of this policy is to advise clients, their family and carer’s on how we hold, manage and handle their personal information. It also outlines and reinforces to staff, contractors and other key stakeholders their obligations and duties regarding privacy and confidentiality of clients’ personal information.


Our clinic is committed to maintaining privacy and confidentiality at all times and requires that any information regarding individual clients will not be disclosed in any form (verbally, in writing, or electronic forms, inside or outside our practice) except for strictly authorised use within the client care context or as required by law.  

For the purposes of this policy, no distinction has been made between the handling of personal information and sensitive information (including health information), therefore all information will be referred to as "personal information" throughout this Policy.

Personal Information

Will generally include:

  • The client 's full name, address, telephone and/or mobile number, email and private health fund details.


  • Next of kin and emergency contact details;

  • Workers compensation / Motor vehicle claim details where applicable;


  • Current drugs or treatments used by the client;


  • Immunisation history;


  • Results including but not limited to pathology and radiology.


  • Previous/current medical history, including, where clinically relevant, a family medical history, and;


  • The name of any health service provider or medical specialist to whom the client is referred, copies of any letters of referrals and copies of any reports back.

Practitioner Responsibility

Our practitioners take reasonable steps to ensure our clients are informed and understand:

  • Why and when their consent is necessary

  • What information has been and is being collected

  • Why the information is being collected

  • How the information will be used or disclosed

  • How the information will be stored

  • Procedures for access to and correction of information 

  • Process for making a complaint about a possible breach of privacy and confidentiality or how we have managed personal or sensitive information 

  • How we protect access to clients personal and sensitive information through designated levels of access and password protection

Client Consent

Vitality Lab is committed to protecting personal information.  This information will not be used in any other way except as defined in this policy.Practitioners must seek additional consent from a client if information collected by us is required for any other purpose. Any request for further use of information is made in writing to the client explaining the request and obtaining the clients written consent prior to the use or release of the information. 

Consent to collect personal and sensitive information may be obtained from a clients’ guardian or responsible person where practicable and necessary, for example when a client is unable to provide the information or is unable to do so.

In the rare case of a medical emergency we may have to COLLECT and/or USE information without a client s consent in order to provide urgent medical treatment.

Collection of Information

On behalf of the Health Practitioners at our practice, we may collect personal information regarding clients for the purpose of providing health services, treatment and for administrative and billing purposes.  

Examples of types of information collected include but are not limited to the following:

  • Name, date of birth, address, telephone numbers, email.

  • Next of kin and emergency contact details

  • Sensitive information about a client such as but not limited to; past medical history, immunisation history, medications, allergies, social history, family history, cultural background, names of health care providers involved in the client s care, copies of any relevant medical referrals and reports.


Use and Disclosure of Information 

The primary purpose in collecting and holding personal information is to provide comprehensive, coordinated and continuing whole person health care for our clients.  This may include disclosing information to other health practitioners to whom we refer the client to. 

Other purposes for which we may collect, use and disclose information may include, but are not limited to, the following;

  • To organise an appointment,

  • For billing purposes, 

  • For quality assurance purposes (de-identified)

  • To external service providers so that they can provide health care, financial, administrative or other services in connection with the operation of our business.

  • Financial information for the purpose of payments of which no cardholder information is stored on site


Where we use or disclosure our clients’ personal information to third parties engaged by, or for the Practice business purposes, such as accreditation or the provision of information technology, the information will be de-identified as much as possible. We require any third parties with whom we share your information to comply with our Privacy policy.

1) Clients personal information is held at the clinic in the following forms:

  1. As an electronic record

  2. The clinic holds all personal information securely in an electronic format, in protected information systems and in paper files in a secure environment. Our IT environment has antivirus software and several fire walls in place and undertakes continuous monitoring to protect the information we have stored.

  3. As visual – x-rays, CT scans, photos

  4. As paper correspondence. Some information such as mailed correspondence, faxed correspondence etc. may be held as a paper record which is stored in a secure area prior to being scanned to an electronic record. This paper record is held in a secure area for a maximum duration of 3 months after which it is destroyed.

2) The Clinic Procedure for collecting personal and sensitive information is as follows:


Vitality Lab collect clients’ personal information via paper or digital registration when clients present to the Practice for the first time.


The Clinic staff may ask our clients to confirm their identity on presenting to the clinic by asking three key identifiers which include:

1. Confirming their name;

2. Confirming their contact details such as street address or phone number and;

3. Date of birth.


During the course of providing health related services practitioners who work with us are required to access client records to collect, use and where required as part of the provision of care, disclose relevant sensitive information within the limits of the consent provided by each client. The treating practitioner will collect health information from the client directly in order to address your health concerns. They may also collect information from other health practitioners also involved in your treatment.


3) Mature Minors

Vitality Lab recognises that children aged UNDER 18 years of age (mature minors) may have the same rights regarding privacy and confidentiality as would an adult client. Our staff maintains those rights accordingly.


4) Anonymity / Pseudonymity

Clients have the right to remain anonymous or to use a pseudonym to protect their privacy. We take reasonable steps to ensure we comply with the client s’ request. Clients are advised that anonymity may have a significant impact on our ability to provide timely and appropriate communication and health care.


5) Exceptions to disclosure without client consent are where the information is:

Required by law

  • Necessary to lessen or prevent a serious threat to a client’s life, health or safety or public health or safety, or it is impractical to obtain the client’s consent.

  • To assist in locating a missing person

  • To establish, exercise or defend an equitable claim 

  • For the purpose of a confidential dispute resolution process


6) Unsolicited information and direct marketing

Vitality Lab will not use any personal information in relation to direct marketing without express consent of our clients. We evaluate all unsolicited information it receives to decide if it should be kept, acted on or destroyed


7) Cross-border disclosure

Vitality Lab does not disclose your information to any overseas recipients, including cloud-based web services.


Confidentiality and Secure Storage

We undertake the following procedures to preserve the privacy and confidentiality of our client's information. 

  • All staff and contractors sign and acknowledge a Privacy and Confidentiality Statement on commencement of their time with us. By signing this document, each person agrees to abide by their professional and legal obligations, the Privacy Policy and procedures we have in place to protect the privacy and confidentiality of our clients. 

  • All staff and contractors receive training on the obligations and expectations regarding privacy and confidentiality when they start work with us.

  • Electronic records are stored on secure servers that are regularly backed up and are password protected at multiple levels.

  • All hardcopy documents which contain any client information are securely shredded.


Destroying of information 

Information that is no longer needed is destroyed to ensure information has been securely disposed of.  We keep individual client records for 7 years from the date of last entry for an adult and until the age of 25 for a child in accordance with current legislation.


Health Promotion

If relevant, Vitality Lab may contact our clients in relation to workshops and services that the Practitioner feels would be of benefit to their health. The option to refuse this service is given to each client on their first visit via the “New Client Privacy Form”.


Access to Information

This clinic acknowledges clients may request access to their medical records. Clients are encouraged to make this request in writing and we will respond within a reasonable time.  The client may incur a cost for the transfer of medical record and the client will be informed of this at the time of the request. The cost is to cover the time and resources required to retrieve and prepare records for transfer or access. Where access is denied or needs to be limited due to concerns about the client’s health and wellbeing or that of another person, this will be discussed with the client. 

Vitality Lab will take reasonable steps to correct personal information where it is satisfied to ensure it is accurate and up to date. Clients are encouraged to request we correct or update their information when attending the clinic.


This clinic takes complaints and concerns about the privacy of clients’ personal information seriously. Clients are encouraged to express any privacy concerns in writing.  The clinic manager will then address the complaint in line with our complaint resolution procedure.


Complaint Resolution Procedure

  1. The client submits a privacy complaint in writing to the clinic.

  2. The Clinic Manager will document the complaint including a brief description

  3. We will then write to the client via email and inform them that we have received the complaint and outline that we will take up to 30 days to investigate and respond in writing.

  4. Investigation
    ​The Clinic Manager will conduct an investigation and confirm:

    • Whether the actions complied with the Privacy Policy

    • The breach or issue

    • Key stakeholders involved

    • Timeline of events

  5. Resolution

  • If the Clinic Manager determines a violation has occurred the appropriate action will be taken.

  • All documentation will be maintained for a period of 5 years

  • If the investigation reveals there is an issue with a process, the process will be reviewed and improvements made. 

  1. Notification

    • The Clinic Manager will notify the client submitting the complaint in writing of the results of the investigation.

  2. If the client receives notification from the Clinic Manager and is not content with the resolution, the client is to be advised that they do have the option to take the matter to the Office of the Australian Information Commissioner to review (please see details below).

For requests for access, to correct personal information, enquires about this policy or to make a complaint please direct your correspondence to:

Vitality Lab Clinic Manager:

Telephone: 0493 039 820
Post: Rm 6, 1/127 George St. Launceston. TAS. 7250.

Office of the Australian Information Commissioner:

Telephone: 1300 363 992
Post: PO Box 5218 Sydney NSW 2001

bottom of page