Privacy Policy

Privacy Policy – MindSync Psychology

MindSync Psychology is committed to protecting the privacy and confidentiality of our clients’ personal and health information. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the Health Records and Information Privacy Act 2002 (NSW), the APS Code of Ethics, and the requirements of the Psychology Board of Australia (AHPRA).

1. Collection of Personal and Health Information

We collect personal and health information that is necessary to provide psychological services, including in-person and telehealth services.

The information we collect may include, but is not limited to:

  • Name, date of birth, and contact details

  • Medicare details, private health insurance information, and referral information

  • Medical, psychological, and mental health history

  • Assessment information, clinical notes, and information disclosed during sessions

  • Appointment, billing, and payment information

Information is generally collected directly from you. In some circumstances, we may collect information from third parties (such as referrers or other health professionals) with your consent or where permitted by law.

2. Use of Personal and Health Information

Your personal and health information is used for purposes including:

  • Providing psychological assessment, treatment, and support

  • Delivering services via in-person or telehealth formats

  • Managing appointments, communication, and administrative processes

  • Billing, Medicare claims, and private health insurance claims

  • Meeting legal, ethical, and professional obligations

We only use your information for the purpose for which it was collected, or for related purposes that you would reasonably expect.

3. Telehealth Services and Privacy

Telehealth services may be provided via secure video conferencing platforms, telephone, or other approved digital systems.

When providing telehealth services:

  • Reasonable steps are taken to use secure and reputable platforms

  • Sessions are conducted in private settings to maintain confidentiality

  • Sessions are not recorded without your explicit consent

While reasonable safeguards are in place, telehealth involves some inherent privacy risks (such as limitations of internet security). By consenting to telehealth services, you acknowledge and accept these risks.

Clients are encouraged to:

  • Attend telehealth sessions from a private location

  • Use secure, password-protected devices and internet connections

4. Disclosure of Personal Information

Your personal and health information may be disclosed:

  • To other healthcare providers involved in your care, with your consent

  • To referrers, Medicare, private health insurers, or practice management service providers where required

  • Where required or authorised by law, including situations involving serious risk to life, health, or safety, or mandatory reporting obligations

We do not disclose personal information to overseas recipients unless:

  • You have provided informed consent, or

  • An exception under applicable privacy laws applies

5. Storage and Security of Information

We take reasonable steps to protect personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Information is stored securely in electronic and/or physical form, using safeguards such as secure practice management systems, access controls, and confidentiality procedures.

6. Retention of Health Records

Health records are retained in accordance with legislative and professional requirements.

  • Adult health records are kept for a minimum of 7 years from the date of last service

  • Records for clients under 18 years of age are kept until the client reaches 25 years of age

When health records are destroyed, a written record is retained noting:

  • The client’s name

  • The date of destruction

  • The period the record covered

This complies with the Health Records and Information Privacy Act 2002 (NSW).

7. Access and Correction

You may request access to personal information we hold about you and request correction of information that is inaccurate, incomplete, or out of date.

Access may be restricted in limited circumstances permitted by law, including where access may pose a serious threat to health or safety. Where access is refused, reasons will be provided where required.

8. Use of AI Scribe Technology (Heidi)

MindSync Psychology may use AI-assisted clinical documentation (scribe) technology, specifically Heidi, to support the preparation of clinical notes during or after therapy sessions.

Heidi is used solely to assist with:

  • Transcription of session content

  • Drafting of clinical documentation

The treating psychologist remains fully responsible for:

  • Reviewing, editing, and approving all clinical notes

  • Ensuring the accuracy, relevance, and appropriateness of records

  • All clinical judgement and decision-making

Artificial intelligence is not used to provide psychological treatment or make clinical decisions.

Privacy, Security, and Data Handling

When AI scribe technology is used:

  • Only information necessary for documentation is processed

  • Reasonable steps are taken to ensure information is transmitted and stored securely

  • Session recordings or transcripts are not retained longer than necessary for documentation purposes

  • Use of AI technology is consistent with privacy legislation and professional standards

Consent and Choice

Clients will be informed if AI scribe technology is used as part of their care.

You may choose to:

  • Consent to the use of AI-assisted documentation, or

  • Decline the use of AI scribe technology without any impact on your access to psychological services

If consent is not provided, clinical notes will be completed using traditional manual methods.

9. Data Breaches

In the event of a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

10. Complaints

If you have concerns about how your personal information has been handled, please contact MindSync Psychology directly. We take privacy complaints seriously and aim to respond promptly.

If you are not satisfied with our response, you may lodge a complaint with:

  • Office of the Australian Information Commissioner (OAIC)
    Website: www.oaic.gov.au

11. Updates to This Privacy Policy

This Privacy Policy may be reviewed and updated from time to time to reflect changes in legal requirements, professional standards, or practice operations. The most current version will be available on our website or upon request.

Consent

By engaging with MindSync Psychology’s services, including telehealth services and the use of AI-assisted documentation where applicable, you consent to the collection, use, and disclosure of your personal and health information as described in this Privacy Policy.