Privacy Policy

Our obligations

Waratah Private Hospital is committed to treating your health information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and applicable State and Territory legislation when they collect, use, disclose and store health information.

Collection of your health information

Waratah Private Hospital will collect your health information to provide you with health care and for directly related purposes.

We will, if reasonable and practicable to do so, collect health information directly from you. If this is not possible, or in case of an emergency we may also need to collect information from another person who can help us to provide you with appropriate health care.

Use or disclosure of information

Your health information held either in paper or electronic format may be used by Waratah Private Hospital or disclosed outside the hospital, to enable appropriate health care and services to be provided to you. For example, your information may be used or disclosed as follows:

  • To assist your treating health professionals in providing ongoing medical treatment and advice to you
  • To discuss your care with your authorised representative or person responsible
  • For communication with your nominated General Practitioner and other treating health services or specialist for a referral, for pathology tests and x-rays
  • In an emergency where your life is at risk and you cannot consent
  • To provide information to suppliers of equipment or supplies necessary for your care
  • To provide information necessary for follow up treatment and services
  • To pastoral care workers providing spiritual and pastoral care
  • For the hospitals internal administrative, quality improvement and training requirements, including information required by our insurers and legal representatives
  • To process accounts to private health funds, insurers, or other persons/organisations nominated by you as responsible for your accounts and for billing or debt-recovery
  • To provide data in both an identified and de-identified form to State and Commonwealth Government agencies to comply with laws regarding the reporting of notifiable diseases and statistics
  • To law enforcement agencies, such as the Police, if an individual provides Waratah Private Hospital with information relating to a serious crime e.g. assault, domestic violence, child abuse
  • To comply with a subpoena or search warrant if an individual’s health information is required as evidence in court
  • For marketing activities including surveys, events and hospital news (your information is de-identified)

No patient records or information will be provided to any party unless specifically authorised by you. This policy will apply to all persons and bodies within Australia and overseas. No personal information collected by Waratah Private Hospital will be disclosed in a jurisdiction outside Australia in contravention of any applicable law.

If you do not wish us to collect, use or disclose certain information about you, you will need to tell us and we will discuss with you any consequences this may have for your health care.

Keeping personal information accurate and up to date

We take all reasonable steps to ensure that the personal and health information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of this information depends largely on the quality of the information provided to us. We therefore, suggest that individuals:

  • Let us know if there are any errors in their personal or health information; and
  • Keep us up to date with changes to your personal information (e.g. your name and address)

You may do this by mail, email or in person.

Storing personal information

We store personal and health information in both paper and electronic formats. The security of personal and health information is important to us and we take reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure.

Some of the ways this is done include:

  • Requiring staff to maintain confidentiality
  • Implementing document storage security
  • Imposing security measures for access to computer systems
  • Providing a discrete environment for confidential discussions and treatment
  • Only allowing access to personal and health information where the individual seeking access has satisfied Waratah Private Hospital’s identification requirements.

Personal and health information is retained for the period of time determined by law and is disposed in a secure manner.

Access to your information

You have the right to have access to the health information that we hold in your health record. You can also request an amendment (but not deletion) to your health record should you believe that it contains inaccurate information.

Waratah Private Hospital will allow access, or will make the requested changes, unless there is a reason under the Privacy Act 1988 (Cth) or other relevant law that denies access or does not permit the requested changes. If access is denied a written response for refusal will be provided.

If Waratah Private Hospital does not agree to make the changes to the health record/personal information in accordance with the request, we will accept a written statement of the requested changes and enclose this in your health record.

Should you wish to obtain access to or request changes to your health record you can contact the Patient Services Manager via email who will give you more detailed information about Waratah Private Hospital’s “Access to Medical Records and Medico-legal Requests” procedure. Applications for access or copies of records should be in writing. Individuals may be required to cover reasonable costs associated with supplying this information.

We value your feedback 

  • If you have a complaint about our information handling practices or feel that your privacy rights have been breached in any way then you should contact the Waratah Private Hospital Privacy Officer
  • If the Waratah Private Hospital Privacy Officer is not able to satisfactorily answer your concerns, you may contact the General Manager or Director of Clinical Services.
  • If Waratah Private Hospital does not respond to a complaint about breach of privacy within 30 days or you consider the response is unsatisfactory then you are entitled to raise your concerns to the Office of the Australian Information Commissioner:

Telephone: 1300 363 992
Write: GPO Box 5218 Sydney NSW 2001 or visit the website at

Further information

For further information or to receive a copy of our full Privacy Policy, please ask a staff member or contact the Waratah Private Hospital Privacy Officer via email