top of page
OT-Contact

Privacy Policy

Purpose

ActivOT respects our clients’ right to privacy. As Allied Health professionals, we are bound by our professional AHPRA Shared Code of Conduct and the Privacy Act 1988 (Cth). As health service providers, we are also bound by the Australian Privacy Principles. This Privacy Policy explains how ActivOT collects, uses, stores and discloses personal and sensitive information.

 

Scope

This policy applies to all clients, carers, guardians, referrers, employees, contractors, students on placement with ActivOT and franchisees of ActivOT. It covers personal information collected during service delivery and through our website.

 

Our Commitment

  • We respect our clients’ right to privacy.

  • We only collect information necessary to provide occupational therapy, physiotherapy and related services.

  • We protect personal and sensitive health information through secure systems and processes.

  • We will not disclose information without consent, unless required by law (for instance, under mandatory reporting requirements, subpoena or other legal obligations).

 

Information We Collect

We collect personal and sensitive health information necessary to provide high-quality services. This includes:

  • Personal details: name, date of birth, and contact details

  • Health information: medical history, assessments and the reason for referral

  • Referral information: GPs, referrers, plan managers, NDIS planners

  • Next of kin/emergency contacts

  • Guardian or carer details (where relevant)

  • Clinical records, reports, order forms and progress notes

  • Information provided via our website or online forms (including IP addresses and browsing data through cookies, where they have been enabled).

 

Collection of Information (APP 3 & APP 5)

  • We collect information directly from clients wherever possible.

  • Information may be collected from guardians, carers, or referrers where clients are unable to provide it themselves.

  • Clients are notified at the time of collection through this policy, service agreements, and consent to exchange information processes.

  • We do not collect client information for secondary purposes such as marketing.

 

How Information is Used

  • To provide and coordinate allied health therapy services

  • To communicate with referrers, GPs, and service providers (with client’s consent)

  • To meet legal and regulatory obligations

 

Consent and Information Exchange

  • We use a Consent to Exchange Information Form to record client approval to share information with GPs, referrers, equipment providers, or other health services.

  • Clients may withdraw consent at any time.

  • Where clients cannot provide consent, we obtain consent from a guardian or legally authorised representative.

 

Use and Disclosure (APP 6)

  • Information is used solely for the purpose of providing services and supports.

  • With consent, we may share information with:

    • Referring health professionals

    • General practitioners/local medical officers

    • Home modification and equipment suppliers

  • Disclosure may occur without consent where required by law, mandatory reporting obligations, or in emergencies involving a serious threat to health or safety.

 

AI Use Statement

We may use secure artificial intelligence (AI) tools, such as Microsoft Copilot (within Microsoft 365) and Splose AI (within our practice management system), to assist with drafting reports, transcribing progress notes and other administrative tasks.

​

  • AI is only used for purposes directly related to client care and service delivery.

  • Splose AI is an internal, controlled system (not a public generative AI chatbot). Client details are not used to train the AI. Client details do not leave the client file.

  • AI-generated drafts are thoroughly reviewed by your practitioner before being saved to the client record. 

  • AI is not used for decision-making about clinical care in any way. It is not used as a substitute for a clinician’s assessment.

  • Client information is never used for unrelated or secondary purposes.

  • Clients may opt out of AI at any time by informing us. We will not utilise AI without your consent.

 

Data Quality, Storage and Security (APP 10 & 11)

  • Information is stored securely in line with APP 11.

  • We take steps to ensure information is accurate, up to date, and complete.

  • Records are retained for legally required periods under Australian Health Record laws (typically 7 years for adults; and until the age of 25 for those who are under 18 years old) and securely destroyed or deleted once no longer required.

 

Disclosure of Information

  • Information is not disclosed without consent, except where required by law or mandatory reporting.

  • Emergency disclosure may occur if there is a serious threat to life or safety.

 

Website, Cookies, and Online Data Collection

  • Our website may use cookies and analytics tools to improve functionality and user experience.

  • Data collected may include IP addresses, browser type, and site usage patterns.

  • Clients can disable cookies via browser settings.

  • Any personal information submitted via online forms is encrypted and managed in accordance with this Privacy Policy.

 

Third-Party Providers and Cross-Border Disclosure (APP 8)

  • We use third-party providers (e.g., Microsoft, Splose, Jotform) for secure information management.

  • Where providers store or process data overseas, we take reasonable steps to ensure compliance with APP 8 and that comparable or higher privacy protections apply.

 

Access and Correction (APP 12 & 13)

  • Clients have the right to access their personal information.

  • Requests should be made in writing to connect@activot.com.au, and marked Attn: Compliance Manager

  • Corrections will be made upon request if information is inaccurate, incomplete, or out of date.

 

Data Breach Response

  • We follow the Notifiable Data Breaches Scheme as required by the Office of the Australian Information Commissioner.

  • If a breach occurs that is likely to cause serious harm, we will notify affected clients and the OAIC.

  • ActivOT Franchisees and employees are required to report suspected breaches immediately.

 

Anonymity and Pseudonymity (APP 2)

  • Clients may remain anonymous or use a pseudonym when making general enquiries, or when wanting to give anonymous feedback. However, anonymity may make it impracticable for proper service delivery.

 

Complaints and Enquiries

  • Clients can raise privacy concerns with our Compliance Manager: connect@activot.com.au, Attn: Compliance Manager

  • If unresolved, clients may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

bottom of page