Skip to content
Healthcare led by women, Australia-wide telehealth, open to everyone Start your assessment →
Start Assessment

We've adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). The APPs govern how we collect, use, disclose, store, secure and dispose of your personal information. A copy of the principles is available at www.oaic.gov.au.

Plain-English summary We collect only what we need to provide health care to you. Your data is stored on Australian-hosted, encrypted servers, accessed only by your care team, and never sold to anyone. You can ask to see, correct or delete it at any time.

What we collect

Personal information is anything that identifies you. The information we collect from you typically includes:

  • Name, date of birth, contact details and address
  • Health information, including: clinical diagnoses and presenting concerns, consultation notes and care plan records, medication history and current prescriptions, referral letters and correspondence, mental health care plans, video consultation metadata (date, duration, clinician), and Medicare or health fund claim information
  • Payment details when you book a paid service
  • Communications you send us (secure messages, emails, call notes)
  • Technical information when you use our website (IP address, browser type, pages viewed). See Cookies below

We collect this information directly from you in most cases, through your assessment, consultations, secure messaging or pathology partners. Where we collect from a third party (e.g. your referring GP), we'll let you know.

Anonymity & pseudonymity

Under Australian Privacy Principle 2, individuals have the right to deal with organisations anonymously or by pseudonym where lawful and practicable. Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing. General enquiries that do not involve clinical care may be made without providing personal identification.

Sensitive information

Health information is classed as sensitive information under the Privacy Act, and is treated with the highest level of care. We only collect, use or disclose sensitive information when:

  • It's required to provide care you've asked for
  • You've given explicit consent
  • It's directly related to a primary purpose you would reasonably expect
  • The law authorises or requires it

Unsolicited personal information

From time to time, we may receive personal or health information that we did not solicit, such as misdirected correspondence, unsolicited referrals, or voluntary over-disclosure during enquiries. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices. If so, it will be handled in accordance with this policy. If not, it will be destroyed or de-identified as soon as practicable. We will not use or disclose unsolicited information before completing this assessment.

How we use it

We use your personal and health information to:

  • Provide consultations, prescriptions and ongoing care
  • Coordinate pathology, imaging and specialist referrals
  • Communicate with your regular GP (with your consent) so your care stays joined up
  • Operate, maintain and improve our service
  • Comply with legal and professional obligations
  • Send you service-related emails (appointment reminders, care plan updates). These are not marketing and you cannot opt out while you remain a patient
  • Send you marketing or educational content if you have opted in. You can unsubscribe at any time using the link in any such email

We will never use your health or sensitive information for direct marketing or to target advertising to you. Any marketing is sent only with your express opt-in consent, and you can opt out at any time. We do not provide your information to third parties for their own marketing.

Telehealth privacy

When you access our telehealth services, additional privacy considerations apply:

  • Identity verification: We verify your identity at the start of each consultation to ensure the safety and accuracy of your care.
  • Consultation environment: Your clinician will confirm who is present during the consultation. You are encouraged to be in a private space where you can speak freely.
  • Recording: Telehealth consultations are not recorded unless you are informed and provide explicit consent.
  • Clinical suitability: If your clinician determines that telehealth is not suitable for your needs, they may recommend an in-person consultation, referral, or alternative care pathway.

AI and automated tools

We may use AI-assisted tools for administrative tasks such as form processing, appointment scheduling, and preliminary data organisation. No clinical decisions, diagnoses, or prescribing are made by automated systems. All clinical assessments and treatment decisions are made by a AHPRA-registered clinician who reviews your information personally.

Where AI tools are used, they operate under clinician oversight and do not replace professional medical judgement.

Third parties

We use carefully selected third parties to deliver our service. These include:

  • Pathology providers: accredited Australian labs where you complete blood tests and other investigations
  • Australian licensed pharmacies: to dispense prescriptions
  • Specialist clinicians: when we refer you for imaging or in-person care
  • Cloud and software vendors: for video consults, electronic health records, payment processing and email delivery, all selected for their compliance with Australian privacy law

Each provider only receives the minimum information required to do their part. We do not sell your information to anyone.

Disclosure

Your information may be disclosed:

  • To third parties listed above, only as needed to provide care
  • To your nominated GP or specialist, with your consent, so your care stays coordinated
  • To emergency services or healthcare providers if there is a serious and imminent threat to your life, health or safety
  • Where required or authorised by Australian law (including subpoenas or coronial enquiries)

We will never disclose your information to insurers, employers, marketers or data brokers without your explicit consent.

Cross-border data disclosure

Our primary data storage is on Australian-hosted servers. Some third-party services we use may process data on servers located outside Australia. These include video conferencing platforms, email delivery systems, and website analytics and advertising-measurement tools (such as Google Analytics and the Meta Pixel and Conversions API). For these tools, the main recipient country is the United States. We require these recipients to handle your information under contractual data-protection terms consistent with the Australian Privacy Principles. We obtain your consent to any overseas disclosure of your health information at the point you provide it, through the consent statement on our intake and booking forms. We do not disclose your health information overseas for any purpose other than delivering your care and operating our service.

Security & retention

Your personal and health information is encrypted in transit and at rest, and stored on Australian-hosted servers with strict access controls. Only members of your care team can access your records, and all access is logged.

We retain health records for the period required by applicable state and territory health-records legislation, including the Health Records Act 2001 (Vic) and equivalent legislation in other jurisdictions. Under that legislation, the period runs from the date of the last entry in your record. This is generally 7 years from the date of the last entry. Where you were under 18 at the time of treatment, records are retained until you turn 25. After this period, records are either deleted or de-identified.

Healthcare and government identifiers

We may collect government and healthcare identifiers such as Medicare numbers, Individual Healthcare Identifiers (IHI), and Department of Veterans' Affairs (DVA) numbers where required to provide our services or process claims.

In accordance with the Healthcare Identifiers Act 2010 (Cth) and the Australian Privacy Principles, we will only use or disclose these identifiers for the purposes for which they were collected, or as otherwise required or authorised by law. We do not use healthcare identifiers as our own internal patient identifiers.

These identifiers are stored securely and access is restricted to authorised clinical and administrative staff.

My Health Record

Emintell Hub does not currently upload information to the My Health Record system. If this changes, we will update this policy and notify you before any information is shared. You can manage your My Health Record preferences at myhealthrecord.gov.au.

Notifiable data breaches

Under Part IIIC of the Privacy Act 1988, we are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if we become aware of an eligible data breach that is likely to result in serious harm. An eligible data breach occurs when personal information we hold is subject to unauthorised access, disclosure, or loss.

If we identify a suspected eligible data breach, we will conduct an assessment within 30 days and, if the breach is confirmed as notifiable, we will notify affected individuals and the OAIC as required by law. Notifications will include the nature of the breach, the types of information involved, and recommended steps you can take. If you believe your information held by us may have been compromised, please contact us immediately at [email protected].

Access & corrections

You have the right to access the personal information we hold about you, and to ask us to correct anything that's inaccurate, out of date or incomplete. To make a request, email us at [email protected].

Access is free. We may charge a reasonable administrative fee for producing copies of large records. We may need to verify your identity before releasing information.

Cookies & tracking

Our website uses cookies and similar technologies to remember your preferences, measure how the site is used and (where you have consented) deliver relevant marketing content. You can disable cookies in your browser at any time, though some site features may not work as expected.

We use analytics tools (e.g. Google Analytics 4, Meta Pixel) on a privacy-respecting basis. These tools may collect IP addresses and browsing behaviour but do not access your medical records.

Policy updates

This policy may change from time to time. The most recent version is always available on this page, and the "last updated" date at the top of the page reflects the most recent revision. Material changes will be notified to you by email where appropriate.

Complaints & contact

If you have any questions or concerns about this policy or how we've handled your information, please contact us first. We take privacy complaints seriously and will respond within 30 days.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.