Our Policies


Elden Street Medical’s privacy policy purpose is to communicate to you how we manage, collect, deal with and allow access to personal information in accordance with the Privacy Act 1988 (CTH) (the Privacy Act) and the Australian Privacy Principles (the APP’s).  We will endeavour to make you aware of the contents of this Privacy Policy before or as soon as reasonably practicable after collecting any personal information about you.   We understand the importance placed on the privay of your personal information. This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice and the circumstances in which we may share it with third parties. We also have a written privacy policy describing how we manage personal information.  You can receive a copy free of charge upon request or access it via our practice website www.eldenstreetmedical.com.au


When you register as a patient at Elden Street Medical, you provide consent for our GP’s and practice staff to access and use your personal information so they can provide you with the best possible healthcare.  If we need to use your information for anything else, we will seek additional consent from you to do this.

Our practice follows the guidelines of the RACGP’s Handbook for the management of health information in general practice.  3rd edition (the Handbook).  The Handbook incorporates federal and state privacy legislation and the Australian Privacy Principles which requires that your personal information is kept private and secure.

Our practice will need to collect your personal information to provide healthcare services to you.  Our main purpose for collecting, using, holding and sharing your information is to manage your health. We also use it in research projects to improve healthcare in the community: however this information will not include data that can identify you.

The information used for research, including the publication of research results, will not be in a form that would allow you to be identified, unless the research serves an important public interest.  In such cases, identifiable medical records can be used for medical research without your consent under guidelines issued by the Australian Government.  Before providing such identified information, your GP will discuss with you the information that she or he is obliged to disclose.

We sometimes share your personal information:

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APP’s and this policy
  • With other healthcare providers
  • When it is required or authorised by law (eg. Court subpoenas)
  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • To assist in locating a missing person
  • To establish, exercise or defend an equitable claim
  • For the purpose of confidential dispute resolution process
  • When there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
  • During the course of providing medical services through Electronic Transfer of Prescription (eTP), my My Health Record/PCEHR system (eg via Shared Health Summary,. Event Summary).

Only people that need to access your information will be able to do so.  Other that in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent.  If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.


The personal information we collect about you includes:

  • Your name, date of birth, addresses, contact details
  • Medical information including medical history, medications, allergies, immunisations, family history and risk factors
  • Medicare number, healthcare identifiers, health fund details

You have the right to remain anonymous while accessing healthcare services, unless it is impracticable for us to do so or unless we required or authorised by law to only deal with identified individuals.


Elden street Medical  takes steps to ensure that your medical records :

  • Are accurate, complete, well organised and legible
  • Are up to date
  • Contain enough information to allow another GP to care for you
  • Contain a summary of your care
  • Can be used to remind you, with your permission, to return for follow up, check ups and reviews.


We store your personal information in a number of forms, including digital and electronic images and hard copy paper based documents.  We employ a range of physical and electronic security measures to ensure your personal information is protected.  These measures include:

  • Storing your personal information in a secure facility
  • Using anti virus software to protect electronic information
  • And limiting access to your personal information to those persons who are required to access it for the purpose of providing services to you or us. Our internet service provider may record details of visits to our website.  This information will only be used by us internally for statistical and research purposes.

We will take reasonable steps to ensure that the personal information held by us is accurate, up to date, complete, relevant and not misleading.  You have a right to access your personal information, such access may be granted or refused in accordance with the APP’s.  To complete the Request to Access Medical Records form which is available from Elden street Medical.  You may also request that your personal information be corrected if you believe it to be inaccurate, incorrect or incomplete.

We will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. We will also take reasonable steps to destroy or identify  personal information that we hold if we no longer need the information for the primary purpose for which the information was collected and we are not otherwise required by law to retain the information.


If you have any concerns regarding the privacy of your personal health information or the accuracy of the information held by the practice, you should discuss these with our practice staff.  Inaccurate information can be corrected or your concerns noted in your record.  For legal reasons, the original notes will be retained.

We take complaints and concerns regarding privacy seriously.  You should express any privacy concerns in writing to 1A Elden Street, Toukley, NSW, 2263.  We will attempt to resolve it in accordance with our resolution procedure which dictates a response within 30 days.

You may also contact the


1300 363 992


or the


NSW – 1800 472 679





Health information is considered one of the most sensitive types of personal information. The Privacy Act 1988 (Privacy Act) provides extra protections around the collection, use or disclosure of health information. Whilst the Privacy Act does not prescribe how healthcare organisations should communicate health information, reasonable steps must be taken to protect the information transmitted and the privacy of the patient. What is considered reasonable steps will depend on the nature of the information and the potential for harm caused by unauthorised access. Failure to take reasonable steps to protect health information may constitute a breach of the Australian Privacy Principles (APPs).

Elden Street Medical considers the level of risk associated with how we use social media or email to assist in determining the level of security needed for communicating health information. Therre are multiple ways our Doctors may communicate with patients and third parties via electronic means, these include:

  • Email and SMS- please ensure you have completed the consent for Email and SMS with our reception staff
  • Phone calls- Our Doctors may communicate with patients via phone calls, all staff and Doctors will confirm the patient’s identity with 3 forms of identification prior to discussing confidential information.

Patients are advised through the New Patient Information Sheet of the practice policy on electronic communication including:

  • seeking permission or consent from patients ( possibility for electronic communications and information to be compromised
  • patients must be aware that any communication they direct to the surgery via email is NOT secure and confidentiality CANNOT be guaranteed.
  • Patients communicating through email do so at their own risk, contacting the surgery via email, will not be considered as patient consent.

We will not email you unless your email address has been verified and recorded consent has been acquired.

Emails are NOT a form of practice communication due to the email not being constantly monitored. Emails are NOT to be used by patients to make appointments, please phone the surgery for appointments.

For ALL urgent matters, we request that you contact the practice via TELEPHONE.

SMS communication includes:

  • Appointment reminders – a reminder message sent to you the day before your appointment.

Appointment bookings is available online via our HOTDOC app, Hotdoc will also send electronic communication for health reminders and health recalls.
We also use Better Consult, this is a pre-consultation tool that capture your presenting symptoms , medication and other relevant clinical information that translates the data into our medical software, into your medical notes for the Doctor. This is done via their secure network.


The date the policy is due for review will be 15 April 2025, no greater than two years from the date of endorsement.

The Practice Manager is responsible for reviewing this policy.




The policy applies to ALL employees (see definition) of Elden Street Medical. The policy does not include patients or people not employed by Elden Street Medical.


This policy outlines the recommended best practice guidelines for our practice when using social media platforms to help us recognize and mitigate the potential risk involved with the use of social media. The policy defines the rules for each employee when engaging in social collaboration.



Social media describes the online and mobile tools that people use to share opinions, information, experiences, images and video or audio clips and includes websites and applications used for social networking. People use social media to talk, participate, share, network and bookmark online. Social media can include text, audio, video, images, podcasts and other multi-media communications and is also known as Social Networking. Common sources of Social media include, but is not limited to:

  • Email
  • Social networking sites (f/book, twitter, Instagram, Linkedln)
  • Video and photo sharing (Flickr, Youtube)
  • Blogs (personal, professional and those published anonymously)
  • Micro-blogging
  • Online forums and discussion boards
  • Wikipedia
  • Podcasting

ELDEN STREET MEDICAL uses email, Facebook and Instagram for up to date health information, also information about our clinic, doctors, opening hours or any other relevant information to our clinic. Ronel van der Walt (Practice Manager) is responsible for the management and monitoring of our social media platforms.


In this policy, employees include permanent staff and executives, contractors, temporary staff, trainees and students on placements.


In this policy the “practice” used refers to Elden Street Medical, 1 Elden Street, Toukley,2263.


Where an employee’s profile or comments can identify them as an employee of Elden Street Medical, that employee-

  • must ensure any online communication is consistent with Elden Steet Medical’s Code of Conduct, values, policies and applicable laws.
  • Are not allowed to imply you are authorized to speak as a representative of Elden Street Medical
  • must not make any comment or post any material that might otherwise cause damage to Elden Street Medical’s reputation or bring it into dispute.
  • Must not use any of Elden Street Medical’s logos or insignia without written permission from Management team.
  • Only discuss and disclose publicly available information.
  • Must not post material that includes confidential/proprietary information or trade secrets or information that is offensive, defamatory, threatening, obscene, bullying, hateful, racist, sexist, harassing or discriminatory.
  • Must adhere to the Terms of Use of the relevant social media platform, as well as copyright, privacy, defamation, contempt of court, discrimination and other applicable laws and Elden Street Medical’s Privacy of Health records and Personal Information policies.


Elden Street Medical reserves the right to initiate action against any staff member, in accordance with the organisation’s Disciplinary Procedure, who uses social media in a manner that could be considered inappropriate or not consistent with this policy. Practice Manager and Management will consider the nature and severity of the post, the source of the post, if Elden Street medical was named, if the post is public, if co-workers have seen the post, whether the Health Industry has been damaged or if the comment was deliberate or impulsive when considering any disciplinary action.
Disciplinary action in the event of serious misconduct may include termination of employment or disengagement of external contractors.


If an employee becomes aware of inappropriate or unlawful online content that relates to Elden Street Medical or content that has been published and is in breach of this policy, the information should be reported to the Practice Manager.


This policy does not discourage or limit employees using social media for personal expression or other on-line activities in their personal life. Employees should be aware of and understand the potential risks and damage to Elden Street Medical that can occur, either directly or indirectly from their personal use of social media and should comply with this policy to ensure that the risk is minimized. Employees are personally responsible for content published in their personal capacity on any form of social media platform.

To avoid breaching this policy employees must:

  • ensure that all content published is accurate and not misleading and complies with all relevant practice policies and other legal and professional requirements
  • expressly state that views are personal and are not representative of the practice
  • only disclose and discuss publicly available information
  • do not refer to the practice, other staff or contractors without their approval
  • do not criticize or belittle the practice, its staff, contractors or organizations it is professionally associated with
  • no photos should be taken inside the workplace which could capture personal documents, paperwork, patient charts or other information protected by our privacy law
  • do not disclose any confidential information relating to our practice systems
  • adhere to the terms of use for using the scial mediaplatform or website and adhere to legislation, including copyright, privacy, contempt of court, discrimination, harassment, defamation and any other applicable laws and the practice’s Privacy Policy

Employees must not:

  • post offensive, threatening, harassing, bullying, obscene, hateful, discriminatory, racist, sexist, defamatory, infringes copyright, constitutes a contempt of court, breaches a Court suppression order or is otherwise unlawful
  • Use the identity or likeness of another employee, contractor or other member of the practice
  • use or disclose any confidential information or personal information obtained in their capacity as an employee or contractor of the practice
  • use the practice email address or any practice logos or insignia that may give the impression of official support or endorsement of their personal comment
  • post material that is, or might be construed as threatening, bullying, harassing or discriminatory towards another employee or contractor of the Practice


  • Privacy Act 1988 (Commonwealth)
  • Fair Work Act 2009 (Commonwealth)


RACGP- guide for use of social media
AHPRA- policy for registered health practitioners Social Media policy
AMA – Social Media and the Medical Profession


15 April 2025 by Practice Manager – no greater than 2 years from date of endorsement