Privacy Policy

Version 1.1
Effective Date: 1/3/2026
Last Updated: 1/3/2026

1. Introduction

We are committed to protecting your privacy and managing your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Dr Aparna Morgan provides specialist gastroenterology and hepatology services in consulting rooms and at accredited endoscopy facilities. Your clinical records are securely maintained at the medical practice and/or healthcare facility where your care is provided.

In this Privacy Policy, “we”, “us” and “our” refers to Dr Aparna Morgan and the relevant medical practice or healthcare facility involved in your care in connection with the collection, use and storage of your personal information.

This policy explains:

  • The kinds of personal information we collect and hold

  • How we collect and store personal information

  • The purposes for which we collect, use and disclose personal information

  • How you may access and correct your information

  • How you may make a privacy complaint

  • Whether we are likely to disclose personal information overseas

2. What Personal Information We Collect

We may collect and hold personal information including:

  • Your name, address, date of birth, email address and contact details

  • Medicare number, DVA number and healthcare identifiers (where relevant)

  • Health information, including:

    • Medical history

    • Symptoms, diagnoses and treatment details

    • Specialist reports and test results

    • Appointment and billing information

    • Prescriptions

    • Genetic information (where relevant)

    • Any other information collected in the course of providing healthcare services

Health information is considered “sensitive information” under the Privacy Act and is afforded a higher level of protection.

3. How We Collect Personal Information

We generally collect personal information:

  • Directly from you during consultations (face-to-face, telephone or written communication)

  • From referral letters provided by your general practitioner or another healthcare provider

  • Through secure electronic messaging systems

  • Via email sent to our nominated referral address

  • Through contact forms on our website

Referral emails received via our website domain are securely forwarded to the medical practice where consultations occur for administrative and clinical processing. Copies of such communications may be retained within secure electronic systems for administrative, legal and compliance purposes in accordance with applicable retention requirements.

Where permitted by law, we may also collect information from:

  • Other members of your treating team

  • Diagnostic and pathology providers

  • Hospitals or allied health professionals

  • Medicare, health funds or government agencies where required

4. Why We Collect, Use and Disclose Personal Information

We collect, use and disclose personal information primarily to provide specialist medical care and manage your health.

This includes:

  • Assessing, diagnosing and treating medical conditions

  • Communicating with referring practitioners and other healthcare providers

  • Ordering and reviewing diagnostic tests

  • Managing appointments and administrative processes

  • Billing and Medicare or health fund claims

  • Complying with legal obligations, including mandatory reporting

  • Liaising with regulatory bodies where required

We will only disclose personal information where necessary for your care, where required by law, or with your consent.

5. AI-Assisted Clinical Documentation

We may use secure AI-assisted clinical documentation tools during consultations to assist with drafting clinical notes or correspondence.

Where such tools are used:

  • You will be informed at the start of the consultation

  • Verbal consent will be obtained

  • The tool is used solely to assist with documentation

  • Appropriate safeguards are applied

  • Information is not used to train public AI models

You may decline the use of AI-assisted documentation at any time without affecting your care.

6. How We Store and Protect Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Security measures include:

  • Secure electronic medical record systems

  • Password-protected systems

  • Two-factor authentication where applicable

  • Access restricted on a “need-to-know” basis

  • Secure handling of electronic communications

  • Confidentiality obligations for staff

Clinical records are retained in accordance with legal and professional requirements.

7. Access and Correction

You have the right to request access to, and correction of, personal information we hold about you.

Requests for access to clinical records should be directed to the medical practice where your records are maintained.

We will generally respond to requests within 30 days. An administrative fee may apply where permitted by law.

8. Privacy Complaints

If you have concerns about how your personal information has been handled, you may contact:

Dr Aparna Morgan
Email: referrals@draparnamorgan.com.au

We aim to respond within 30 days.

If you are dissatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9. Anonymity and Pseudonyms

Under the Privacy Act, individuals may have the option of not identifying themselves or using a pseudonym when dealing with an organisation, unless it is impracticable.

In a medical context, it is generally impracticable to provide specialist healthcare services anonymously due to clinical safety, identification and billing requirements.

10. Overseas Disclosure

Some service providers used for secure email, cloud storage or documentation support may process or store data outside Australia.

Where this occurs, we take reasonable steps to ensure appropriate privacy protections are in place in accordance with the Privacy Act.

We will not otherwise disclose personal information overseas without consent unless permitted or required by law.

11. Website and Online Interactions

If you interact with us via our website (including via contact forms or referral email), personal information may be collected for the purpose of responding to your enquiry or facilitating referral.

Website analytics tools may collect non-identifiable information such as IP address, browser type and usage patterns.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or practice operations.

The current version will always be available on our website.