Connected Well

Connected Well is a health service provider operating in the shire of Cabonne, NSW.

Our current activities include

Connected Well ultimately handles patient information for both CW Diagnostic Endoscopy and Little Health Teams


Connected Well Pty Ltd, trading as Little Health Teams, is bound by the Australian Privacy Principles and other federal and state law, when collecting, using and disclosing your personal information, including your sensitive health information.

The privacy law creates a set of expectations about how your personal information, including your sensitive health information, is handled by health care providers. This is especially important in the case of health, because good health care relies on good communication between professionals about your health.

In a nutshell, these laws impose obligations on all health providers to: only collect the information required to carry out a stated purpose; to collect it from you directly (or else let you know ASAP that it has been collected); to use and disclose it only for that purpose; to get your specific consent before making alternative uses or disclosures; to ensure you can review and correct the information held about you; and to provide a way for you to complain if you need to.

The law does also prescribe some limited situations where some of those obligations don’t apply. We are developing a resource ‘Understanding the Health Privacy Environment in NSW’. If you are interested in reading it, feel free to ask.

However, this document explains how Connected Well Pty Ltd approaches these matters. It is reviewed at least every 3 months. If you’re registered with us as a patient, you will certainly hear about changes as they happen! It is also available on our website:

What Information do we collect, and how, and why?

We collect the following personal information directly from you. We collect this information for the primary purpose of supporting the business processes around providing health services to you. We collect the following sensitive health information directly from you. Some information, we don’t collect directly from you. This information comes from. If for some reason we receive information about you which was not requested by us to provided a health service to you, we have a process for evaluating whether it is relevant to , and how we will inform you that it we received this.

  • names, date of birth, addresses, contact details
  • Medicare number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details
  • dependents
  • next of kin
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • current and previous prescriptions
  • observations/measurements/images made for the purpose of assessing your health
  • your own opinions about your own health situation and goals
  • doctor's consulting notes
  • family relationships
  • requests to and reports from: specialists, pathologists & other health providers obligated to the Australian Privacy Principles

Collecting from other sources

In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary)

We also generate information about you!

We record information about:

  • When you visit or are attended by a health care professional
  • services-performed
  • contacts-made

My Health Record

We do not currently participate in My Health Record:

  • We do not collect your personal information from My Health Record
  • We do not publish your personal information to My Health Record

How we use and disclose your personal information

Our main purpose in collecting your personal information is to provide a health service to you. This necessarily involves sharing your personal information with other Health Care Providers, who are also bound by the same privacy law.

Secondary Uses of your Personal Information

We do not disclose your personal information to any person or organisation outside Australia, for the simple reason that it is not necessary in order for us to do so, to provide a health service to you. If we ever did so, it would be at your request, or after first gaining your consent. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg. staff training).

How we hold your personal information.

All personal information we collect is finally stored digitally in our client database.

Paper documents containing personal information are scanned, and then once we know that the digital version has been committed to a regular offsite backup, the original paperwork is destroyed. We use encryption to ensure that even if portable devices containing your information are lost, there is no risk that the information on them can be used.

We use the security practice of ‘least privilege’, which ensures that people are only given access to information they need to perform their task, as much as the technology will permit us to make these distinctions.

Practical Matters

Your data stays located in Australia, where the Australian Privacy Principles apply:

  • When we use data-processing services to handle your data, we rely on representations from reputable vendors that the data is only ever processed by a facility in Australia. We have no actual way of verifying this, however.

Use of email:

  • We apply the ‘postcard test’ to information in outgoing emails: if we wouldn’t write it on a postcard, where postal staff and people with physical access to your letterbox could easily see what is written on it, we won’t put it in an email either. This means that we are limited about what we can say in email. We will never offer to send your personal information over email. However, if you ask us to send your personal information to you via email, we will.

Privacy Officer

You may discuss any privacy-related matter with our Privacy Officer. The Privacy Officer has the authority to make detailed investigations of log files, unlock your personal information (with your temporary consent), require changes to procedures, spend money to fix problems, and discipline staff and contractors.

To arrange to speak with the Privacy Officer about any privacy matter (questions, compliments, complaints, advice), you may:

  • Email: Only the Privacy Officer is permitted to clear this email box. However, please be brief and general, unless asked to supply details by email. The Privacy Officer will suggest the best way to discuss the details, as the first step in handling your query.
  • Call: 0411 634496, and request to speak with the Privacy Officer. You will probably have to leave a number so that the Privacy Officer can call you back, or you may be asked to ring at a certain time.
  • Write to: The Privacy Officer, Connected Well Pty Ltd, PO Box 37, Canowindra 2804. Write ‘Private & Confidential’ on the outside of the envelope, in large capital letters, and ensure the envelope is well sealed. Staff collecting mail are instructed not to open email addressed to the Privacy Officer.

The Privacy Officer won’t require that you identify yourself, unless it becomes necessary that you do, in order to respond to your privacy concern. The Privacy Officer is not a full-time staff member. We endeavour to respond to all privacy-related enquiries within 2 hours at best, or 2 business days at worst. If the Privacy Officer is not available, a company Director or senior GP may respond.

At present, the Privacy Officer is David Bullock.

Dealing with us anonymously or under a false name

The Privacy Act 2008 requires that we give you the option, where practical, of not identifying yourself when we “deal” with you “in relation to a particular matter”. That’s fine if you want to ring or email, and enquire about what we offer, and whether it might be a good fit for you, and how to apply to enrol with us. We don’t require you to identify yourself for those sorts of discussions. Be careful, from your end, that you don’t accidentally disclose an email address or phone number to us, or sound like someone we know!

However, we do regard it as impractical for us to provide health care to you unless frankly identify yourself to us.

If you have a situation where you feel that not identifying yourself to us is important to prevent someone else from discovering that you are receiving health care from us, please do contact our Privacy Officer (anonymously, if you feel it is needed) and we’ll try to work something out for your situation, if we can.

How to review & request correction of your personal information

We want you to review and correct any personal information we’ve collected from you, so that our records are correct and useful. In the future, we intend to be able to supply a paper or digital ‘application’ form already filled out with what you’ve told us so far, so that you can easily update and add to this information. However, we don’t have this ability yet. It’s a top priority of ours – watch this space.

In the meantime, to review your information, we ask that you tell us what you would like to review, and we will let you know the best way we can do that for you. It helps if you tell us why you feel the need to review it, but you don’t have to. If we can’t respond by quickly printing something out for you, we might ask you to sit down with one of us in front of the computer, and we can show you the records we have. In any 3 month period, we’re happy to spend 20 minutes reviewing your information at your request, for free. Beyond 20 minutes, and we may need to charge you to make further enquiries, to cover various costs, but we will discuss this with you first.

To correct your personal information, we will normally just collect it from you again, using the normal forms. You can fill out the forms again whenever you like to update the information which those forms collect.

How to Complain about our handling of your personal information

If you have any hesitations about the way your personal information is being collected, used or disclosed by us, or feel that one of our staff has been careless in our duty of confidentiality towards you, we ask that you first attempt to contact the Privacy Officer by phone to discuss it.

We may be able to save you a lot of frustration by showing you our records of your personal information, giving you the opportunity to understand what we have shared or not shared, and why, and if it has not worked out for you, we may be able to find a solution, or improve our procedures. We want to do our best for you.

If you feel that the matter is still not resolved, we ask you to make a complaint in writing, to the Privacy Officer. The Privacy Officer will advise on the most appropriate way to lodge this letter, depending on the issue at hand. You will receive a written acknowledgement when we have received your letter. You will also receive our written response within 21 days of the date we acknowledged that we received your letter.

If you feel that the Privacy Officer is not responding according to this policy, or you are not satisfied with the response you have received, you may matter to the Office of the Information Commissions (OAIC), who administers the Privacy Act. See or call them on 1300 363 992.