Skip to main content

Stonewall Medical Centre – Privacy Policy

Purpose

This Privacy Policy explains how Stonewall Medical Centre (“the practice”, “we”, “us”) collects, uses, stores and discloses your personal information. It is written so you can clearly understand what happens to your information and why.

We are committed to complying with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant state-based health privacy obligations.

What is a patient health record?

A patient health record is a collection of your medical and related information, including but not limited to:

  • Medical history and diagnoses
  • Medications and allergies
  • Immunisation status
  • Surgical and procedural history
  • Social and family history
  • Correspondence with other healthcare providers
  • Diagnostic imaging and test results
  • Audio or visual records where clinically relevant

Who can I contact about this policy?

For any privacy-related enquiries, please contact the Practice Manager:

Stonewall Medical Centre

52 Newmarket Road

Windsor  QLD  4030

Phone: 07 3857 1222

Email: mail@stonewall.com.au

Website: www.stonewall.com.au

When and why is your consent necessary?

When you register as a patient of Stonewall Medical Centre, you provide consent for our doctors and staff to collect, access and use your personal information to deliver healthcare services.

Access to your information is limited to staff who need it to perform their role. If your information is ever required for purposes outside direct healthcare delivery, we will seek additional consent unless permitted or required by law.

Why do we collect, use, store and share your personal information?

We collect, use and store personal information to:

  • Provide safe and effective healthcare
  • Maintain accurate medical records
  • Coordinate care with other healthcare providers
  • Meet Medicare, MyMedicare and billing requirements
  • Comply with legal and regulatory obligations
  • Support accreditation, quality improvement, training and risk management activities

What personal information is collected?

We may collect the following information:

  • Name, date of birth, address and contact details
  • Medical information including history, medications, allergies and risk factors
  • Medicare number and healthcare identifiers
  • Health fund and concession details

Can you deal with us anonymously?

You may interact with the practice anonymously or using a pseudonym where lawful and practicable. In most clinical situations this is not possible, as accurate identification is required to provide safe care.

How is personal information collected?

We collect information:

  • When you register as a patient
  • When you attend appointments (in person or via telehealth)
  • When you contact us by phone, SMS, email or online booking systems

We may also collect information from third parties such as:

  • Our online booking system AutoMed
  • Other healthcare providers involved in your care
  • Hospitals, pathology and diagnostic imaging services
  • Medicare,
  • My Health Record,
  • Queensland Health systems including The Viewer
  • Department of Veterans’ Affairs (where applicable)

Images may be collected for clinical or security purposes, including:

  • Medical photographs or imaging (in line with RACGP guidance)
  • CCTV footage in public areas of the practice for safety and security
  • Photos and medical images: These can be taken using personal devices for medical purposes. Our policy is to adhere to the guidelines outlined in the Royal Australian College of General Practitioners Using personal mobile devices for clinical photos in general practice.

When, why and with whom do we share your information?

Your personal information may be shared:

  • With other healthcare providers involved in your care
  • My Health Record
    • Event Summaries
    • Shared Health Summaries
  • Electronic Prescribing
  • Australian Immunisation Register
  • With service providers such as IT, accreditation or secure messaging providers
  • Where required or authorised by law
    • Subpoena
    • Statutory requirements to share
  • To prevent or lessen a serious threat to health or safety

We do not disclose personal information overseas without your consent unless permitted by law.

Marketing

We do not use your personal information for marketing without your express consent. You may withdraw consent at any time.

Quality improvement and training

We may use de-identified information for:

  • Quality improvement activities
  • Accreditation
  • Staff education and training
  • No identifying information is used without consent.

Document automation technologies

Stonewall Medical Centre uses secure document automation technologies to generate clinical documents such as referrals, care plans and medical summaries.

These systems:

  • Use existing clinical information to populate documents
  • Include only information relevant to the purpose of the document
  • Are access-controlled using individual user accounts and role-based permissions
  • Operate within Australian privacy and security requirements

The practice uses document automation and clinical documentation tools within its approved clinical software environment, including Best Practice and Facere AI.

  • Facere AI is hosted on a secure server located onsite at the practice.
  • Facere AI is used solely for document allocation and workflow management purposes (for example, sorting and directing incoming clinical documents to the appropriate clinician or work queue). It is not used to provide healthcare, generate clinical advice, or make clinical decisions.
  • Operates on a locally hosted, access-controlled server within the practice
  • Uses patient information only for document allocation and administrative workflow purposes
  • Does not transmit data outside the practice environment
  • Complies with Australian privacy legislation and the Australian Privacy Principles
  • All output is reviewed and approved by our administrative team before being added to the medical record

Use of Artificial Intelligence (AI) Scribe Tools

Stonewall Medical Centre may use AI scribe tools to assist clinicians with clinical documentation, only with patient consent.

The AI scribe tools currently approved for use are:

Heidi

    • Uses audio recordings of consultations to generate draft clinical notes
    • Audio is processed securely and not retained beyond transcription
    • Data is stored and processed within Australia
    • Notes are reviewed and finalised by the treating clinician

Lyrebird

    • Uses audio recordings to create clinical documentation
    • Does not store audio once transcription is complete
    • Does not use recordings to train external AI models
    • Data is stored and processed within Australia

MBS Pro

    • Uses audio recordings of consultations to generate draft clinical notes
    • Audio recordings are processed securely and deleted after transcription
    • No audio or transcript data is used for AI model training
    • Data is stored and processed within Australia

All output is reviewed and approved by the treating clinician before being added to the medical record

AI scribes are used solely to support clinical documentation. They do not replace clinician judgement and are not used without patient awareness and consent.

How is your information stored and protected?

Your information may be stored as:

  • Electronic records
  • Paper records
  • Diagnostic images

Security measures include:

  • Password-protected systems and access controls
  • Secure Australian-based data centres
  • Locked storage for physical records
  • Telehealth consultations are not recorded.

Accessing and correcting your information

You may request access to or correction of your medical record by submitting a written request. Requests are reviewed by the treating clinician. Third parties may also request access to your information from time to time. eg: if you start to see a new GP. As part of this request for access to your medical records, you may be asked to supply identity documents.

Requests are responded to within 30 days

Fees may apply for full record copies. This fee will be determined by the treating clinician and is line with the Australian Medical Association schedule of fees 2015.

Privacy complaints

Privacy complaints should be directed to the Practice Manager:

Stonewall Medical Centre

52 Newmarket Road

Windsor  QLD  4030

Phone: 07 3857 1222

Email: mail@stonewall.com.au

Website: www.stonewall.com.au

Complaints are acknowledged within three business days and handled in accordance with our complaint resolution process.

If you are not satisfied with the outcome, you may contact the Office of the Australian Information Commissioner.

Website privacy

Information submitted through our website, online forms or booking systems is handled securely. Our website uses cookies and analytics.

Policy review

This policy is reviewed annually and updated as required. Changes will be published on our website and, where appropriate, communicated directly to patients. The last review was 19/01/2026. The next review is due 19/01/2027.