Privacy Policy

RPM Allied Health

This Privacy Policy outlines how RPM Allied Health (“we”, “us”, “our”) collects, uses, stores and discloses your personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

About RPM Allied Health

RPM Allied Health is a mobile allied health provider delivering exercise physiology and physiotherapy services across Melbourne. We support children and adults with a range of conditions, including disability, injury and chronic health needs, with a focus on improving mobility, strength, function and overall wellbeing. Our approach is evidence-based and personalised, with services delivered in home, community and other relevant environments to support meaningful, everyday outcomes. We work with a range of funding pathways, including NDIS, TAC, DVA, WorkSafe, Medicare, private health insurance and privately paying clients.

We may collect:
  • Personal information (name, DOB, address, contact details)
  • Sensitive health information (medical history, diagnoses, treatment notes, reports)
  • NDIS information (participant number, plan details, support coordinators)
  • Billing and financial information
  • Referral and third-party information
  • Website and usage data
Health information is classified as sensitive information and is afforded a higher level of protection under Australian law.
We collect information:
  • Directly from you (intake forms, consultations, communication)
  • From third parties (GPs, specialists, support coordinators, family)
  • Through referrals and service agreements
  • Via our website and digital platforms
  • During telehealth consultations
We collect your information where it is reasonably necessary to provide healthcare services, including to:
  • Deliver assessment and treatment
  • Develop and monitor clinical outcomes
  • Communicate with relevant providers
  • Process billing and funding claims (NDIS, Medicare, insurers)
  • Meet legal and regulatory obligations
We may disclose your information to:
  • Healthcare professionals involved in your care
  • NDIS, NDIA, Medicare, DVA, insurers
  • Support coordinators and plan managers
  • Regulatory bodies where required by law
  • Third-party service providers
This includes:
  • Halaxy (clinical records and scheduling)
  • Xero (invoicing and financial management)
We take reasonable steps to ensure third parties handle your data securely.
We do not sell or trade your personal information.

Overseas Disclosure

Some of our service providers use cloud-based systems that may store data outside Australia. We take reasonable steps to ensure that any overseas recipients comply with privacy obligations consistent with Australian law.
We provide telehealth services using secure platforms.
You acknowledge that:
  • Telehealth involves electronic communication
  • There are inherent risks in online data transmission
  • You are responsible for ensuring a private environment during sessions
We take reasonable steps to protect your information, including:
  • Secure cloud-based systems (e.g. Halaxy)
  • Password protection and restricted access
  • Staff confidentiality and training
We retain personal and health information for as long as required by law and clinical guidelines. In most cases, health records are retained for a minimum of 7 years, or longer where required.

Access and Correction

You may request access to or correction of your personal information at any time. Requests may be subject to administrative processes where permitted by law.

Anonymity

Where lawful and practical, you may choose to remain anonymous or use a pseudonym when interacting with us. However, in most cases, this will limit our ability to provide healthcare services.

Direct Marketing

We may use your contact details to send you information about our services. You can opt out of receiving these communications at any time.

Data Breaches

In the event of a data breach likely to result in serious harm, we will:
  • Investigate and contain the breach
  • Notify affected individuals where required
  • Report to the Office of the Australian Information Commissioner (OAIC) where applicable

Website & Cookies

We may collect non-identifiable information through cookies and analytics to improve website performance. You can disable cookies via your browser settings.

Consent

By engaging with RPM Allied Health, you consent to the collection and use of your information as outlined in this policy.

Complaints

If you have concerns about your privacy, please contact us. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC).

Updates

We may update this policy periodically. The latest version will always be available on our website.

Contact Us

RPM Allied Health
info@rpmalliedhealth.com.au
1300 686 869