Core Healthcare Group Privacy Policy


Core is committed to ensuring the privacy and confidentiality of all personal/health information of our patients, staff, contractors and website visitors. We adhere to the National Privacy Principles (NPPs) and this policy is consistent with the Australian Privacy Principles within the Privacy Act 1988.

The purpose of this Privacy Policy is to outline Core’s ongoing obligations in respect of how we manage personal and health related information and data.


This policy statement covers the following:

  • What type of information we collect
  • Why and how we collect information.
  • How we use information.
  • How we protect information.
  • Patients accessing their personal information.
  • How to manage complaints and breaches.

What type of information we collect

The type of information we collect to assist the healthcare team in diagnosing and treating patient conditions may include:

  • Personal information, e.g. name, address, date of birth, gender.
  • Health history, ethnic background or current lifestyle.
  • Occupation, employer’s details, interests, payment details, financial information.
  • Information about how and where patients were referred to us.
  • Health information including medical results, clinical and medical records.
  • Family medical history and their details.
  • Other medical service providers’ commentary, diagnosis and test results.

Why we collect personal information

We collect personal information when it is reasonably necessary to conduct the services we offer.

How we collect information

There are a few different ways Core collects patient information. Most information is collected directly from the patient via:

  • Information from a patient registration form
  • Face to face in the clinic
  • Over the phone
  • From a direct referral from another provider

Core may also collect personal information throughout our relationship with patients. For example, we may collect personal information:

  • When a patient pays their bill or makes an appointment
  • During a consultation
  • Completing a form

Core may collect patient data from our website viewers via the use of cookies and other digital identifiers. It’s important to know you can clear cookies or digital identifiers from your device and also disable future use of them by changing the security settings on your web browser, however, doing this might mean that parts of our website(s) or apps may not work as they should.

What we collect from others

Other people might provide Core with personal information about our patients. This may include information obtained from:

  • An employer, parent or guardian if the patient is under 18.
  • Other companies that are able to disclose information to us, if it’s not practical to collect it from the patient, including personal information from trusted sources and professional service providers.

How we use information

Core may use patient information within a wider group of professional service providers that may include:

  • Core employees and contractors.
  • Case Managers.
  • Medical Practitioners.
  • Allied Health Professionals.
  • Other third parties such as Medicare, DVA, private health insurers, and if necessary, Collection Agencies.
  • Other parties reasonably expected to be included in the treatment of any patient case.

When our service involves other parties, such as doctors or other allied health professionals, we will only provide them with the information they need to provide and manage their relationship with the patient.

Some of the parties Core deals with may be located overseas. In this case, we only provide them with secure access to the personal information they need to perform their job.

Our practice maintains effective control of patient information at all times, by ensuring that parties located overseas are subject to strict controls that limit access and subsequent handling of patient information. This is done to the extent strictly necessary to perform the relevant function and protect patient information from unauthorised use and disclosure.

How we share patient information

Core works with third parties to provide different types of support. There are times when Core needs to share patient information to other health providers such as GPs and Specialists. These companies are subject to strict controls that protect patient information from unauthorised use or disclosure and limits their access to personal information to the extent necessary to do their job.

Core is committed to safeguarding the information provided to us. We have in place suitable and reasonable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Legal obligations and other privacy exceptions

Core gives access to personal information where we are permitted or obliged to do so by Australian law. For example, in some circumstances we will use or disclose personal information to react to unlawful activity, serious misconduct, or to reduce or prevent a serious threat to life, health or safety. Core is obliged to cooperate with law enforcement bodies in some circumstances. We may disclose personal information, including information about phone calls and service use, when we receive an access request or warrant that is authorised under Australian law.


Core will only disclose personal information to others if the patient has given us permission, or if the disclosure relates to the main reason we collected the information and the patient would reasonably expect us to do so.


We may use personal information from patients to send marketing and special offers which are targeted towards relevant interests, characteristics or location. This marketing could be distributed to patients via mail, phone, email, text, or online.

All marketing emails, texts and letters distributed by Core Healthcare will clearly identify how patients can opt out from receiving marketing promotions and advertising.

How we store and protect patient information
Patient information is stored within Core’s database which is securely protected to ensure patient information remains confidential. Firewalls and access logging tools are put in place to protect against unauthorised access to patient data and our network. We protect patient information by ensuring:

  • Secure work environments and workflow systems that prevent unauthorised access and copying of your personal information.
  • Secure server and closed network environments.
  • Virus scanning tools.
  • Management of access privileges, to ensure that only authorised personnel can access personal information.
  • Ongoing training and security reviews.
  • Staff are trained to access patient information only when it is necessary and will not share the information with people not directly involved in the patients care.

Core will remain vigilant with efforts to protect patient personal information.

Patients accessing their personal information

A patient may request access to their personal information. The identity of the patient will always be confirmed prior to the provision of personal information. Under Australian privacy laws there are situations where we may not give access to the requested personal information. For example, information cannot be revealed if it would unreasonably affect someone else’s privacy or if it poses a serious threat to someone’s life, health or safety.

A request from a patient to access their personal information should be directed to their Core Provider, a Core Receptionist or via email to:

Generally, accessing personal information will incur no charge, unless the request is complex or resource intensive. If there is a charge, it will be reasonable and the patient we will be informed of the fee beforehand.

Quality of personal information

Core aims to keep personal patient information accurate, up-to-date and complete. If there is information which needs to be updated or changed, patients are encouraged to call 1300 012 273 or email

Complaints and breaches

If a patient or a staff member have a complain about Core’s dealings with patients personal information, including any breaches of any Australian Privacy Principles or have any questions regarding this privacy statement, they are able to submit a complaint or query to