Neuroharmony Clinic: Privacy Policy

(Last Reviewed September 2025)

This Document

Neuroharmony Clinic (also referred to in this document as ‘The Clinic’) and

its practitioners are committed to providing quality health services to our clients. This

clients’ Personal Information and Health Information, in line with both the Privacy Act

(1988) and the NSW Health Record and Information Privacy Act (2002). These documents

govern the way in which we collect, use, disclose, store, secure and dispose of Personal

Information and Health Information.

The Clinic and its practitioners understand and agree to fair and responsible handling of

our clients’ personal information and health information. The purpose of collecting this

information is to provide our clients’ with the highest possible standard of clinical care.

What defines Personal Information and Health Information?

Personal Information is information or an opinion that can be used to identify an individual,

such as names, addresses, phone numbers, or email addresses. Health Information is

information or an opinion about an individual's physical or mental health, current or past

disabilities, health services received or requested, and wishes regarding future care. It also

includes personal data collected while providing health services, information related to

body or organ donations, and information that could indicate current or future health

conditions for the individual or their relatives.

Use of Personal Information and / or Health Information

The Clinic is committed to handling your information ethically, lawfully, and in accordance

with professional guidelines. We collect, use, disclose, store, secure and dispose personal

and health information in accordance with Australian Privacy Principles (APPs) 3

(Collection), 5 (Notification), 6 (Use and Disclosure) under the Privacy Act 1988 (Cth), as

as well as the Health Privacy Principles (HPPs) under the NSW Health Records and Information

Privacy Act NSW (2002). We use this information:

●To assess the clients' needs and provide safe and effective naturopathic care;

●For administrative purposes, including booking and billing processes;

●For patient ordering with third-party suppliers (such as Vital.ly and NaturalScript);

●In communication with the client (to provide health-related updates, appointment

reminders, or promotional materials);
○You may opt out of promotional materials at any time

●In communication with parents or guardians (if the client is under sixteen (16) years

of age, or has a legally appointed guardian);

●In communication with other care providers (if the client agrees to engage in

collaborative care or referral involving a GP, specialist, or other health practitioner);

●In the event of a medical emergency (to communicate with emergency services,

and any emergency contacts provided by the client);

●When required or authorised by law.

To ensure that we continue to provide the highest quality of care to our clients, our

practitioners occasionally discuss client cases with mentors, supervisors, or peers for the

purposes of gaining insight or feedback, and professional development. All parties

involved are qualified professionals in their respective fields, and bound by privacy and

confidentiality agreements. At no point will Personal Information be disclosed in these

instances, as all efforts are made to remove personally identifiable information (including

names, date of birth, and contact details).

Security of Personal Information and / or Health Information

Personal Information and Health Information is stored in a manner that reasonably

protects it from misuse and loss and from unauthorised access, modification, or disclosure.

All practitioners at Neuroharmony Clinic are bound by the NHAA Code of Conduct, including

confidentiality and ethical record-keeping obligations outlined in Sections 2.3 and 2.4,

which guide the management of client information with professionalism and respect. We

use a secure third-party platform (Simple Clinic) for data storage, appointment booking, and / or

communication, and take reasonable steps to ensure these providers meet privacy and

security obligations under Australian law.

Most of this information will be stored safely and securely in our database for a minimum

of seven (7) years, as required by law, after which The Clinic will take reasonable steps to

destroy or permanently de-identify it. In the event of a data breach that is likely to result in

serious harm, we comply with the requirements of the Notifiable Data Breaches Scheme

under the Privacy Act (1988), including notification to the Office of the Australian

Information Commissioner (OAIC) and affected individuals.

Privacy of Children and Young People

We take extra care when handling Personal Information and Health Information of children

and young people under the age of 18. In accordance with the NHAA Code of Conduct

and NSW law, consent for the collection and use of such information may be required from

a parent, guardian, or legally authorised representative.

Access to Personal Information and / or Health Information

Clients maintain the right to access Personal Information and / or Health Information held

by The Clinic under the NSW Health Record and Information Privacy Act (2002). Access

can be granted to other parties under specific circumstances, such as a parent or legal

guardian of a client under sixteen (16) years of age, or by those who have obtained power

of an attorney or enduring guardianship for a client that's incapable of making such requests.

Access will not be granted if:

●Providing access would pose a serious threat to the individual’s health, or the health of others;

●Providing access would have an unreasonable impact on the privacy of others;

●The information requested relates to existing or anticipated legal proceedings between the individual and the provider;

●Providing access would reveal the intentions in relation to negotiations, other than about the provision of a health service, with the individual in such a way as to expose the provider unreasonably to disadvantage;

●Providing access is unlawful;

●Denying access is required or authorised by or under law;

●Providing access would likely prejudice an investigation;

●Providing access would likely prejudice a law enforcement function;

●A law enforcement agency performing a lawful security function asks a private sector person not to provide access on the basis that the access would cause damage to the security of Australia;

●The request has been made unsuccessfully on at least one previous occasion and

there are no reasonable grounds for making the request again;

●There have been repeated, unreasonable requests for information to which access

has already been given.

Valid requests should be granted access in all other situations, unless prevented by law

enforcement agencies or court orders. If access to information is prevented, refused, or

denied for any reason, or a request can only be partially fulfilled, The Clinic will contact you

as soon as is reasonably possible to discuss the reason.

Provision of these documents will require a written request that should include:

●Full name, date of birth, and address of the client

●Full name, date of birth, and address of the individual making the request

●Identification of the Health Information that is being requested

As outlined by the NSW Health Record and Information Privacy Act (2002), requested

documentation may incur a reasonable administration fee, and will be supplied within forty

five (45) days of receiving the request; please contact The Clinic if it’s a matter of urgency

and this may be expedited.

Changes to Personal Information and / or Health Information

It’s important that all client information is accurate, complete, and up-to-date. While The

Clinic will take reasonable steps to ensure this, we ask that our clients provide us with any

changes to their Personal Information and / or Health Information as soon as is reasonably

possible so we can continue to provide you with the highest possible standard of clinical

care. Failure to notify The Clinic of relevant changes (to Health Information specifically)

may result in harm, such as adverse events caused by interactions or contraindications.

Privacy Concerns & Complaints

If you believe your privacy has been breached, please contact us directly in writing to

discuss your concerns and we will respond within a reasonable timeframe. If you are not

satisfied with our response, you can lodge a complaint with:

●Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au

●NSW Information and Privacy Commission: www.ipc.nsw.gov.au

Updates & Changes to the Privacy Policy

This Privacy Policy is subject to updates and changes from time to time; the most current

documents will be available on our website ( https://www.neuroharmonyclinic.com.au ).

Location

Contact