Privacy Policy

Introduction to Privacy

ACHA hospitals are bound by the National Privacy Principles in the Commonwealth Privacy Act and by state and territory privacy laws.  ACHA hospitals are committed to the right to privacy and the protection of personal and health information in accordance with privacy laws.

About ACHA's Privacy Policy

This privacy policy explains how ACHA hospitals manage the personal and health information of patients. It also describes the sorts of information ACHA holds and why, as well as how that information is collected, held, used and disclosed.

Dealing with ACHA Anonymously

Where it is lawful and practicable to do so, individuals may deal with ACHA anonymously (eg when inquiring about its services generally).

Why does ACHA Collect Personal Information?

If an individual is to receive or has received a service from ACHA, ACHA will collect and hold their personal information to:

  • Gain an understanding of the individual’s needs so ACHA may provide them with the required service and advice 
  • Contact the individual to provide advice or information in relation to the way in which the service will be or has been provided 
  • Improve the quality of ACHA service 
  • Administer and manage those services including charging, billing and collecting debts 
  • Where required by law

What Personal Information does ACHA Collect and Hold?

The information collected may include an individual’s:

  • Name 
  • Date of birth 
  • Occupation 
  • Address (postal and email) 
  • Telephone numbers 
  • Medicare, health fund and health insurance cover details 
  • Medical history, test results and other health information 
  • Other information necessary for  ACHA’s  functions and activities 
  • Persons to contact in case of emergency

How is Personal Information Collected?

ACHA  will, if reasonable and practicable to do so, collect personal and health information directly from the individual concerned. This may take place when the individual fills out documents such as an admission form or an administrative form or when the individual gives us personal and health information in person or over the telephone.

ACHA may collect personal and health information from third parties such as:

  • An individual’s representatives (eg authorised representative or legal adviser)
  • An individual’s health service provider 
  • A health professional who has treated the individual 
  • The individual’s family 
  • Other sources where necessary to provide a health service

Disclosing Personal Information

ACHA may disclose personal information for the purposes of:

  • Continuity of care with other health service providers involved in the individual’s treatment or diagnostic services 
  • Providing an individual with further information about treatment options 
  • Conveying information to a responsible person (eg parent, guardian, spouse) when the individual is 
  • Incapable or cannot communicate, unless the individual has requested otherwise 
  • Conveying information to close family members in accordance with the recognised customs of medical practice 
  • Management, funding, service-monitoring, planning, evaluation and complaint handling 
  • Legislative and regulatory compliance 
  • Quality assurance or clinical audit activities 
  • Accreditation activities 
  • Health insurance funding 
  • Billing and debt recovery 
  • Addressing liability indemnity arrangements including reporting to the hospital’s insurers and legal representatives 
  • Preparing the defence for anticipated or existing legal proceeding for the hospital or treating specialist. 
  • Research or the compilation or analysis of statistics relevant to public health and safety
  • Activities directly related to the provision of health services to an individual where the individual would reasonably expect disclosure

ACHA will only provide personal and health information for the purposes of marketing and promotional activities with the individual’s consent.

Transborder Data Flows

ACHA operates and communicates with organisations throughout Australia and overseas. Some disclosures may occur outside the state or territory in which an individual is resident, and in some circumstances, outside Australia.  ACHA  will only disclose information to an organisation in a country which has a substantially similar privacy regime.

Using Government Identifiers

In certain circumstances, ACHA is required to collect government identifiers such as Medicare, pension or Veteran’s Affairs numbers. ACHA will only use or disclose this information in accordance with the law.

Storing Personal Information

ACHA stores personal and health information in different ways, including in paper and electronic form. The security of personal and health information is important to ACHA and reasonable steps are taken to protect it from misuse or loss and from unauthorised access, modification or disclosure. Some of the ways this is done include:

  • Requiring ACHA staff to maintain confidentiality
  • Implementing document storage security 
  • Imposing security measures for access to ACHA computer systems 
  • Providing a discrete environment for confidential discussions and treatment 
  • Only allowing access to personal and health information where the individual seeking access has satisfied ACHA's identification requirements 

Personal and health information is retained for the period of time determined by law and is disposed in a secure manner.

Keeping Personal Information Accurate and Up-To-Date

ACHA takes all reasonable steps to ensure that the personal and health information it collects, uses and discloses is accurate, complete and up-to-date. However, the accuracy of that information depends largely on the quality of the information provided to ACHA. It is therefore suggested that individuals:

  • Let us know if there are any errors in their personal or health information; and 
  • Keep us up to date with changes to their personal information (eg their name and address) 

Individuals may do this by mail or email.

Accessing Personal Information

Medical records are the property of ACHA however individuals have a right to access them subject to some exceptions allowed by law. Individuals can contact ACHA to request access. ACHA may charge a fee for collating and providing access to personal and health information. In the case of Pathology services, it is recommended that patients obtain the information from the referring doctor.

ACHA will disclose to an authorised personal representative or legal adviser where the individual has provided written authority.


Individuals who believe that ACHA has breached their privacy rights in any way or wish to discuss any issues about the ACHA privacy policy, should contact the Director of Nursing of the hospital who will try to satisfy any questions and correct any errors on the part of ACHA. If the Director of Nursing is not able to satisfactorily answer an individual’s concerns, the individual has the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:

Office of The Privacy Commissioner
GPO Box 5218
Sydney NSW 2001

Contacting ACHA

Individuals may ask any questions about privacy and the way ACHA manages personal and health information, complain about the handling of their information or obtain a form requesting access to personal and health information by contacting the Director of Nursing on 08 8275 3333 or in writing to:

Director of Nursing
Flinders Private Hospital
1 Flinders Drive
Bedford Park SA 5042