Skip to content
Australian-registered doctors available 7 days a week Doctors available 7 days
Legal

Privacy Policy

How we collect, use, and protect your personal and health information in accordance with Australian privacy law. Last updated 22 May 2026.

1. About This Policy

Telemate Health Pty Ltd (ABN XX XXX XXX XXX) ("we", "us", "our") is committed to protecting the privacy of your personal and health information. We provide telehealth services including GP consultations, mental health support, weight management, vitality consultations, chronic care management, and DVA (Department of Veterans' Affairs) services through our platform at telematehealth.com.au.

This Privacy Policy explains how we collect, hold, use, disclose, and otherwise manage your personal information and health information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act"), including the Australian Privacy Principles ("APPs"), the My Health Records Act 2012 (Cth), and applicable state and territory health records legislation.

A copy of the Australian Privacy Principles may be obtained from the website of the Office of the Australian Information Commissioner ("OAIC") at www.oaic.gov.au.

Our registered address is: [To be confirmed]. You may contact our Privacy Officer at [email protected].

2. What Information We Collect

Given the nature of our healthcare services, we collect and hold a broad range of personal information and health information ("sensitive information" under the Privacy Act). This includes, but is not limited to:

  • Identity information: full name, date of birth, gender, residential address, email address, telephone number, and photographic identification where required for identity verification
  • Health information: medical history, diagnoses, clinical notes and consultation records, presenting symptoms, medications (current and past), allergies, pathology and imaging results, referral letters, specialist reports, mental health assessments, care plans, treatment plans, and clinical correspondence
  • Consultation metadata: date, time, and duration of telehealth consultations, the name of the consulting practitioner, and whether the consultation was conducted via video or telephone
  • Billing and financial information: Medicare number, Individual Healthcare Identifier (IHI), private health insurance details, DVA file number, concession card details, and payment card information (processed by our secure third-party payment gateway)
  • Referral and claims data: Medicare and private health fund claims records, referral documents to and from other healthcare providers, and discharge summaries
  • Emergency contact details: name, relationship, and contact information for your nominated emergency contact
  • Technical information: IP address, browser type, device information, and website usage data collected via cookies and analytics tools

3. How We Collect Your Information

We collect personal and health information:

  • Directly from you, when you register for an account, complete intake forms, attend a telehealth consultation, submit enquiries via our website, or communicate with us by email, telephone, or through our platform
  • From referring healthcare providers, including GPs, specialists, allied health professionals, hospitals, and pathology or imaging providers, where this is necessary for the provision of clinical care
  • From Medicare, the Department of Veterans' Affairs, or private health insurers in connection with billing and claims
  • From your My Health Record, where you have provided consent for us to access it
  • From third-party platforms integrated with our services, such as electronic prescribing systems and secure messaging services

4. Anonymity and Pseudonymity (APP 2)

Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.

Where you contact us with a general enquiry that does not relate to the provision of clinical services, you may choose not to identify yourself or to use a pseudonym.

5. Unsolicited Information (APP 4)

From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices.

If the unsolicited information is of a kind we could have collected and is reasonably necessary for, or directly related to, the provision of our healthcare services, we will treat it in accordance with this Privacy Policy. If the information is not of a kind we could have collected, and is not contained in a Commonwealth record, we will destroy or de-identify that information as soon as practicable, provided it is lawful and reasonable to do so.

6. Purpose of Collection and Use

We collect, hold, and use your personal and health information for the following purposes:

  • Providing clinical healthcare services, including GP telehealth consultations, mental health assessments and treatment, weight management consultations, vitality consultations, chronic care management, and DVA-funded health services
  • Coordinating your care with other healthcare providers, including referrals, shared care arrangements, and multidisciplinary team communication
  • Processing Medicare claims, DVA claims, private health insurance claims, and collecting payments for services rendered
  • Fulfilling our legal and regulatory obligations, including mandatory reporting requirements, compliance with AHPRA registration standards, and responding to court orders or subpoenas
  • Communicating with you regarding appointment reminders, follow-up care, prescription notifications, and administrative matters
  • Internal quality improvement, clinical audit, and service evaluation, using de-identified data where practicable
  • Managing complaints and resolving disputes

7. Direct Marketing (APP 7)

We will only use your personal information for direct marketing purposes where you have provided your express consent to receive marketing communications from us. Health information is never used for direct marketing purposes.

Where you have consented to receive marketing communications, each communication will include a clear and simple mechanism to opt out (for example, an "unsubscribe" link in emails). You may also opt out at any time by contacting us at [email protected]. We will process your opt-out request within five (5) business days.

We do not use health information, consultation history, or browsing behaviour on health-related pages to target, segment, or personalise marketing messages.

8. Disclosure of Personal and Health Information

We may disclose your personal and health information to the following categories of recipients, and only to the extent necessary for the purposes described in this policy:

  • Healthcare providers: referring GPs, specialists, allied health professionals, hospitals, pathology laboratories, and imaging providers involved in your care
  • Government bodies: Medicare (Services Australia), the Department of Veterans' Affairs, state and territory health departments (where required by law, such as mandatory disease notification), and the Australian Digital Health Agency (in relation to My Health Record)
  • Regulatory authorities: AHPRA, the Therapeutic Goods Administration (TGA), and relevant professional registration boards where required by law or professional obligation
  • Technology service providers: our electronic medical records system provider, secure video conferencing platform provider, electronic prescribing system provider, payment gateway provider, and website hosting provider, each of whom is bound by contractual obligations to protect your information
  • Insurers and funders: private health insurers and workers' compensation insurers, only with your consent or where required by law
  • Legal and professional advisers: our lawyers, accountants, and professional indemnity insurers, where reasonably necessary
  • Law enforcement and courts: where required or authorised by law, including in response to a court order, subpoena, or mandatory reporting obligation

We will not disclose your health information for any purpose other than those set out in this policy without your express consent, unless required or authorised by law.

9. Cross-Border Disclosure (APP 8)

As at the date of this policy, we do not routinely disclose personal or health information to overseas recipients. Our primary data storage, clinical systems, and service operations are located within Australia.

Some of our technology service providers (such as cloud hosting, analytics, or communication platforms) may store or process limited data on servers located outside Australia, including in the United States, the European Union, or other jurisdictions. Where this occurs, we take reasonable steps to ensure that the overseas recipient handles your information in a manner consistent with the APPs, including through contractual obligations and data processing agreements.

Before disclosing any personal or health information to an overseas recipient in circumstances not covered by an existing contractual arrangement, we will obtain your informed consent and advise you of the countries in which the recipient is located, to the extent this is practicable. You may withdraw your consent at any time.

10. Government and Healthcare Identifiers

We collect government-related identifiers, including your Medicare number, Individual Healthcare Identifier (IHI), DVA file number, and concession card number, solely for the purposes of processing claims, verifying your identity for the provision of healthcare services, and meeting our obligations under the Healthcare Identifiers Act 2010 (Cth).

In accordance with the Privacy Act, we will not:

  • Use a government-related identifier as our own identifier for you
  • Disclose a government-related identifier unless the disclosure is reasonably necessary to verify your identity, process a claim, or is required or authorised by law
  • Adopt, use, or disclose your IHI except as permitted under the Healthcare Identifiers Act 2010 (Cth)

11. Telehealth-Specific Privacy Practices

Our telehealth consultations are conducted via secure, encrypted video or telephone platforms. The following practices apply to all telehealth consultations:

  • Identity verification: We verify your identity at the commencement of each consultation using photographic identification and/or confirmation of personal details held on your clinical record. This is a clinical and legal requirement for telehealth services.
  • Privacy of the consultation environment: At the beginning of each consultation, your practitioner will confirm that you are in a private location and ask whether any other person is present. You are encouraged to attend telehealth consultations from a quiet, private space.
  • Persons present during consultations: Your practitioner will disclose if any other person (such as a medical student, registrar, or chaperone) is present or observing the consultation. You have the right to request that observers leave the consultation.
  • Recording: Telehealth consultations are not recorded by us unless you are informed and provide explicit consent beforehand. You must not record consultations without the prior consent of your practitioner.
  • Clinical suitability: Where a practitioner determines that a telehealth consultation is not clinically appropriate for your presenting condition, they will advise you to seek an in-person consultation and, where possible, assist you with a referral or recommendation for face-to-face care.
  • Technical failures: In the event of a disconnection or technical failure during a consultation, your practitioner will attempt to re-establish contact. If the consultation cannot be resumed, your practitioner will follow up with you to reschedule or to communicate any urgent clinical information.

12. My Health Record

Telemate Health Pty Ltd may be a registered participant in the My Health Record system operated by the Australian Digital Health Agency under the My Health Records Act 2012 (Cth).

Where you have a My Health Record and have provided your consent (or where upload is required by law), we may upload clinical documents including discharge summaries, event summaries, prescription records, and referral documents to your My Health Record. We may also access information in your My Health Record where it is reasonably necessary for the provision of your healthcare.

You have the right to control your My Health Record, including the ability to restrict access by specific healthcare providers, set access controls, and remove documents. For more information about your rights, visit www.myhealthrecord.gov.au.

13. AI and Automated Decision-Making Tools

We may use clinical decision support tools, automated triage systems, or other technology that incorporates artificial intelligence (AI) or machine learning to assist in the delivery of our services. These tools may be used to support clinical workflows, administrative processes, or health screening questionnaires.

Where AI or automated tools are used in connection with your clinical care, the following safeguards apply:

  • No clinical decision, including prescribing, diagnosis, referral, or treatment recommendation, is made solely by an automated system. All clinical decisions are reviewed and approved by a qualified, AHPRA-registered healthcare practitioner.
  • AI-generated outputs are used as decision-support tools only and do not replace independent clinical judgement.
  • We will inform you if AI or automated tools have been used in a way that materially affects the outcome of your consultation or care.
  • You have the right to request that a clinical decision affecting you be reviewed by a human practitioner without the use of automated tools.

14. Cookies, Tracking, and Website Analytics

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and understand how visitors interact with our site.

Health-related browsing sensitivity: We acknowledge that browsing behaviour on a healthcare website may reveal sensitive health-related interests. We do not use cookie data or website analytics to infer health conditions, build health profiles, or target you with health-related advertising. Analytics data is collected in aggregate form and is not linked to your clinical record or health information.

The types of cookies and tracking technologies we use include:

  • Essential cookies: required for the website to function (e.g. session management, security). These cannot be disabled.
  • Analytics cookies: used to collect anonymised, aggregate data about website usage (e.g. pages visited, time on site). We use Google Analytics with IP anonymisation enabled.
  • Functional cookies: used to remember your preferences and improve your experience.

You may control cookie settings through your browser preferences. Disabling non-essential cookies will not affect your ability to access our telehealth services.

15. Data Security

We take the security of your personal and health information seriously and implement a range of technical and organisational measures to protect it from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest within our clinical systems
  • Role-based access controls, ensuring that only authorised personnel can access your clinical records on a need-to-know basis
  • Multi-factor authentication for practitioner and staff access to clinical systems
  • Regular security assessments, vulnerability testing, and software updates
  • Staff training on privacy and information security obligations
  • Secure disposal and de-identification of personal information when it is no longer required

While we take all reasonable steps to protect your information, no data transmission over the internet or electronic storage system can be guaranteed to be completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].

16. Notifiable Data Breaches

In the event of a data breach involving your personal or health information that is likely to result in serious harm, we will comply with the Notifiable Data Breaches ("NDB") scheme under Part IIIC of the Privacy Act (sections 26WA to 26WR).

This means we will:

  • Conduct a prompt assessment of the suspected breach to determine whether it is likely to result in serious harm to any affected individual
  • If the breach meets the threshold for notification, notify the OAIC and all affected individuals as soon as practicable, and in any event within 30 days of becoming aware of the breach
  • Include in our notification a description of the breach, the types of information involved, and recommendations for steps you can take to mitigate any potential harm
  • Take all reasonable steps to contain the breach and prevent further unauthorised access or disclosure

17. Retention of Clinical Records

We retain clinical and health records in accordance with applicable state and territory health records legislation and professional guidelines. The minimum retention periods are as follows:

  • Adult patients: clinical records are retained for a minimum of seven (7) years from the date of the last entry in the record
  • Patients who were children at the time of treatment: clinical records are retained until the patient turns 25 years of age, or for seven (7) years from the date of the last entry, whichever is the longer period
  • Mental health records: may be subject to longer retention periods under applicable state or territory mental health legislation
  • DVA-related records: retained in accordance with Department of Veterans' Affairs requirements and Commonwealth records management obligations

Retention periods are calculated from the date of the last entry in the clinical record, not from the date of the patient's last visit. After the applicable retention period has expired, records are securely destroyed or permanently de-identified in accordance with the Privacy Act and applicable records management standards.

Non-clinical personal information (such as marketing preferences and website account information) is retained only for as long as is reasonably necessary for the purpose for which it was collected, after which it is securely destroyed or de-identified.

18. Access to and Correction of Your Information (APPs 12 and 13)

You have the right to request access to the personal and health information we hold about you, and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To request access or correction, please contact us in writing at [email protected]. We will respond to your request within 30 days. We may require you to verify your identity before processing your request.

Telemate Health Pty Ltd will not charge a fee for making an access or correction request. However, we may charge a reasonable administrative fee for providing copies of records (for example, photocopying or postage costs). We will advise you of any applicable fee before proceeding.

In certain circumstances, we may refuse access to your information, including where providing access would pose a serious threat to the life, health, or safety of any individual, where the request is frivolous or vexatious, where the information relates to existing or anticipated legal proceedings, or where providing access would be unlawful. If we refuse your request, we will provide you with a written explanation of the reasons for the refusal and the mechanisms available to you to complain about the refusal.

19. Complaints

If you believe that we have breached your privacy or mishandled your personal or health information, you have the right to make a complaint. We take all privacy complaints seriously and will investigate and respond to your complaint promptly.

Step 1: Contact us directly

In the first instance, please direct your complaint to our Privacy Officer at [email protected]. We will acknowledge receipt of your complaint within five (5) business days and aim to resolve it within 30 days.

Step 2: External complaint pathways

If you are not satisfied with our response, or if you wish to make a complaint directly to an external body, you may contact:

  • Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au/privacy/privacy-complaints or phone 1300 363 992
  • AHPRA (Australian Health Practitioner Regulation Agency): for complaints about the conduct of a registered health practitioner, www.ahpra.gov.au or phone 1300 419 495
  • State or territory Health Complaints Commissioner: for complaints about healthcare services. Contact details vary by state and territory:
    • NSW: Health Care Complaints Commission (HCCC): 1800 043 159
    • VIC: Health Complaints Commissioner: 1300 582 113
    • QLD: Office of the Health Ombudsman: 133 646
    • WA: Health and Disability Services Complaints Office: (08) 6551 7600
    • SA: Health and Community Services Complaints Commissioner: (08) 8226 8666
    • TAS: Health Complaints Commissioner: 1800 001 170
    • ACT: ACT Human Rights Commission: (02) 6205 2222
    • NT: Health and Community Services Complaints Commission: 1800 004 474

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The updated policy will be published on our website with the revised "last updated" date. We encourage you to review this page periodically.

Where a change to this policy materially affects the way we handle your health information, we will take reasonable steps to notify you (for example, by email or by a prominent notice on our website) before the change takes effect.

21. Contact Us

If you have any questions about this Privacy Policy, wish to make an access or correction request, or have a privacy-related complaint, please contact our Privacy Officer: