Privacy policy.

Overview

The objective of this privacy notice is to provide you, our client, with clear information on how your personal information is collected and used within our organization. We also need to share your personal information to involve others in your healthcare and this policy outlines when, how, and why we share your information. 

Nova Orthotics Pty Ltd is committed to complying with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth). Below, we outline which APPs apply specifically to the collection, use, and disclosure of your personal information.

1.  Who can I contact about this policy? 

For enquiries concerning this policy, you can contact Nova Orthotics by phone 02 4063 0030 or email admin@novaorthotics.com. 

2. What personal information is collected? 

We will only collect information that is necessary for supplying you or your child with the safest and most effective services (APP3- Collection of solicited personal information). We will take all reasonable steps to ensure that the data we collect, use or disclose is accurate, complete and up to date (APP10- Quality of personal information). The information we will collect about you or your child includes: 

  • Identification and contact details: Full name, date of birth, gender, address, email and phone number.

  • Representative details: Name and contact details of your carer or legal guardian, and any specific care arrangements (ward of the state, shared custody, etc.).

  • Health team: Names and contact details of your coordinator of supports, physiotherapist and other important members of your health team.

  • Funding Information: Funding body details (NDIS, iCare, Enable, etc.). For NDIS, this includes your NDIS number, plan dates, plan manager details and breakdown of funding.

  • Medical information: Medical history, medicines, allergies, social history, family history and risk factors.

  • Orthotic-specific data: Measurements and morphology scans.

  • Media files: Videos, photographs and audio recordings taken with your consent.

  • Communications: Emails, SMS, and phone records relating to your care.

3.  How is personal information collected? 

Nova Orthotics only obtains personal and sensitive information directly from individuals or other reputable sources (APP3 Collection of solicited personal information). We collect personal and sensitive information through: 

  • Direct contact with you or your representative (in person, phone, email, SMS or online intake forms).

  • Referrals and quote requests from your physiotherapist, doctor, coordinator of supports or other health specialist.

  • Email or phone correspondence regarding ongoing care in collaboration with your health team or supporting care team (case manager, coordinator of supports, plan manager, etc.).

  • Our service agreement, which is updated annually or when a new NDIS plan commences.

  • Direct service delivery. This includes measurements, scans, video, photography and conversations between all parties present at Nova Orthotics appointments.

4. Why do we collect, use, store, and share your personal information? 

Nova Orthotics collects, uses, stores, and shares your personal information primarily to manage the design and supply of your orthoses in a safe and effective manner. This includes:

  • Providing direct orthotic services.

  • Maintaining client records.

  • Ordering and collaborating on the fabrication of your orthoses with our various suppliers.

  • Coordinating prescription and therapy goals with your healthcare team.

  • Coordinating claims or payments from your relevant funding bodies.

Additionally, we may utilise your information for internal quality and safety improvement processes such as statistical analysis of data, accreditation purposes, and staff training to maintain high-quality service standards. 

Occasionally you will be contacted by Nova Orthotics by generic email. These emails will cover updates or changes in service policy which we deem as informative or important to your service delivery from Nova Orthotics. We will not contact you for marketing or promotional purposes without your consent.

4.1 Why do we take photographs and videos of our clients?

Photographs and videos are used to capture, analyse, and monitor client presentation, gait patterns and orthotic outcomes. A photograph is also taken of our clients’ face for their profile to help our team easily identify each client.  We occasionally share photographs and videos with your allied health team members and our manufacturers to aid in prescribing and designing your orthoses. All media:

  • Is taken on work devices only.

  • Stored securely in the client’s file.

  • Will avoid identifying features where possible.

4.2 Why are Artificial Intelligence (AI) Scribes used? 

Nova Orthotics uses the AI scribe “PatientNotes” to assist Orthotists with appointment progress notes. The AI scribe uses an audio recording of your consultation to generate an appointment summary.

Key safeguards:

  • PatientNotes is an Australian owned company.

  • Audio is transcribed in real-time and not stored.

  • Encryption of data at rest and in transit.

  • Transcripts are stored locally and de-identified.

  • Data collected is not used for AI training.

5. Who has access and when do we disclose your personal information?

When you register as a client of Nova Orthotics, you are providing consent for orthotists and administrative staff at our clinic to access and use your personal information for the purposes provided above.  We will only disclose personal information to other parties in accordance with the Australian Privacy Act, (APP6- Use or disclosure). This means that personal information may be disclosed:

  • For the purposes for which we have advised that we are collecting it, and for related purposes that the individual would reasonably expect,

  • Where we have the consent of the individual to do so,

  • As required by law, or

  • Under other circumstances where permitted under the Act.

We may seek your consent when using or disclosing your information for purposes that go beyond what a client would reasonably expect. This may include, but is not limited to:

  • Collaborating with external health providers or funding bodies.

  • Capturing or sharing photographs, video, or audio recordings.

  • Using technology services that involve recording or transcription.

 Consent may be obtained verbally or in writing, depending on the context. We aim to ensure that consent is informed and voluntary, and you may withdraw or update your consent preferences at any time. If you do not provide consent, or if you choose to withdraw it, we will explain any potential impact this may have on your care or service delivery.

6. How is your personal information stored and protected? 

Nova Orthotics is committed to protecting the personal information we collect. We will treat sensitive information (as defined under the Australian Privacy Act) with the utmost security and confidentiality (APP11-security of personal information). To safeguard your digital information, we implement the following measures:

  • We use local servers and web-based client systems hosted in Australian-based data centres.

  • Our local server is backed up weekly to a secondary offsite server and a secure cloud-based system.

  • We use firewalls and other protective measures to prevent unauthorized access.

  • Our web-based platforms comply with APP standards and incorporate security features, including encryption, two-factor authentication, and regular security audits.

  • We conduct annual data security reviews and staff training.

  • All work devices are protected with secure passwords and access controls.

Occasionally identifying information and measurements/prescriptions are kept in a physical format, such as client job cards, order/delivery forms and packaging of orthoses and shoes. Nova Orthotics takes all precaution to remove the identifying information on packaging prior to disposal/recycling, or through shredding if in paper form.

In the event of a notifiable data breach, we will notify affected clients within 72 hours. We will report all incidents to the Office of Information Commissioner (OAIC) and work with them to resolve the breach.

7. How long do we retain your personal and sensitive information?

In accordance with the Health Records and Information Privacy Act 2002, Nova Orthotics is required to retain health information for 7 years from the last occasion when a health service was provided. For clients under the age of 18, we are also required to retain health information until the client is 25 years of age.  Financial information will be kept for 7 years to comply with Australian Tax laws.

Personal information not relevant to the client’s health record will be deleted/destroyed when no longer needed (APP11- security of personal information). This includes when we are informed that:

  • Services are transferred to another provider,

  • Clients have moved out of state,

  • Client is deceased, or

  • After 3 years of no contact.

Routine annual audits are conducted to ensure unnecessary data is securely deleted.

8. Request for access to your personal information

You may request access to, and correction of, your personal information (APP12- Access to personal information). Nova Orthotics will respond to any requests to access of information within 30 days of the request. Access may occasionally be denied in accordance with the exemptions contained in the Australian Privacy Act. An administrative fee may apply for complex requests.

9. How can you lodge a privacy-related complaint, and how will the complaint be handled at Nova Orthotics? 

Nova Orthotics is committed to protecting the privacy of individuals and we view unauthorised disclosure of, or access to personal information by our employees or contractors as a serious breach of this policy. Appropriate action (which may include disciplinary or legal action) will be taken in such cases.

If you have a complaint, please contact our practice manager at:

If you do not feel we have resolved your issue, you may also contact the Office of the Australian Information Commissioner:

10. Publication

Our Privacy Policy will be available to the public through our website or by email when requested. This policy will also be required reading for staff induction and will be reviewed annually.

11. Relevant legislation

  • Australian Privacy Act 1988 (Cth)

  • Australian Privacy Principles (APPs)

  • Health Records and Information Privacy Act 2002 (NSW)

  • NDIS Act 2013

  • Taxation Administration Act 1953 (Cth)