Privacy Policy

1. Purpose

This Privacy Policy explains how Claims Doctor collects, uses, stores, discloses, and protects personal information and health information. It applies to all individuals who use the Claims Doctor website (claimsdoctor.com.au), book or attend a telehealth consultation, or otherwise interact with our services.

This policy is published in accordance with Australian Privacy Principle (APP) 1 under the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act).

2. About us

Claims Doctor is a telehealth medical service that provides same-day WorkCover and CTP medical certificates via video consultation with registered medical practitioners.

Entity: Claims Doctor (a trading name of Health Data Research Pty Ltd)
ABN: 39 674 905 376
Registered Address: Level 1/457-459 Elizabeth Street, Surry Hills NSW 2010
Website: claimsdoctor.com.au
Privacy Officer Contact: privacy@claimsdoctor.com.au

3. Definitions

Personal Information — information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined in the Privacy Act 1988 (Cth).
Health Information — a subset of personal information that includes information about a person's health, disability, health service received, or health wishes. Defined in the Privacy Act 1988 (Cth) and the HRIP Act 2002 (NSW).
Certificate of Capacity — the SIRA-mandated document issued following a WorkCover injury assessment.
Certificate of Fitness — the SIRA-mandated document issued following a CTP injury assessment.
SIRA — State Insurance Regulatory Authority (NSW).

4. Information we collect

4.1 Personal information

We collect the following categories of personal information:

Identity and contact details — full name, date of birth, address, email address, phone number.
Claim-specific information — for WorkCover: employer name, insurer name, claim number, date of injury, workplace details. For CTP: insurer name, claim number, date of accident, accident details.
Payment and billing information — payment card details (processed by our third-party payment provider; we do not store full card numbers), billing address, Medicare number where applicable.

4.2 Health information

We collect health information that is necessary for the provision of medical services, including:

Medical and injury details — nature and circumstances of injury, symptoms, affected body parts, functional capacity, pre-existing conditions relevant to the claim.
Clinical notes — consultation notes, clinical observations, and medical opinions recorded by the treating doctor during your telehealth consultation.
Medical history — relevant past medical history, current medications, allergies, and treating practitioners as disclosed by you or obtained from other providers with your consent.
Certificates and reports — Certificates of Capacity, Certificates of Fitness, and any other medical documentation generated through our service.

4.3 Technical and website data

When you visit our website or use our telehealth platform, we may automatically collect device and browser information (IP address, browser type, operating system, device type), usage data (pages visited, time spent, referring website), and cookies and tracking technologies as described in Section 11.

5. How we collect information

We collect personal and health information through the following means:

Directly from you — when you complete our online intake forms, attend a telehealth consultation, contact us by phone or email, or submit a booking request.
From third parties — with your consent or as authorised by law, we may receive information from your employer, insurer, lawyer, other treating medical practitioners, or referring partners. Under workers' compensation and CTP legislation, certain disclosures to and from insurers and employers are mandated by law and do not require separate consent.
Automatically via our website and platform — technical data is collected through cookies, analytics tools, and our telehealth platform's standard functionality.

We will not collect personal or health information by unlawful or unfair means.

6. Purposes of collection and use

We collect, hold, and use your information for the following purposes:

Medical assessment and treatment — to conduct telehealth consultations and provide medical opinions on your injury or condition.
Certificate issuance — to issue Certificates of Capacity (WorkCover) and Certificates of Fitness (CTP) as required under SIRA legislation.
Billing and payment processing — to process payments for consultations and issue invoices or receipts.
Disclosure to insurers and employers — as required or authorised under the Workers Compensation Act 1987 (NSW), Workplace Injury Management and Workers Compensation Act 1998 (NSW), and Motor Accidents Injuries Act 2017 (NSW).
Regulatory compliance and mandatory reporting — to comply with our obligations under applicable legislation, including mandatory reporting to AHPRA, SIRA, health authorities, or law enforcement where required by law.
Clinical governance and quality improvement — to audit clinical outcomes, review service quality, manage complaints, and improve our clinical processes.
Communication — to send you appointment confirmations, reminders, follow-up communications, and respond to your enquiries. We will not send you marketing communications without your explicit opt-in consent.
De-identified research and analysis — we may use de-identified and aggregated data for research purposes and service improvement. No individual will be identifiable from this data.
Legal proceedings and professional obligations — to obtain legal advice, respond to legal claims, or comply with court orders or subpoenas.

We will not use your personal or health information for a purpose other than those set out above, or a purpose you would reasonably expect, without first obtaining your consent, unless use or disclosure is required or authorised by law.

7. Disclosure of information

We may disclose your personal and health information to the following recipients:

Contracted medical practitioners — registered doctors who provide consultations through the Claims Doctor platform. These practitioners are engaged as independent contractors and are bound by their professional obligations and our contractual requirements regarding data handling.
Insurers and employers — as required under NSW workers' compensation and CTP legislation, including disclosure of Certificates of Capacity and Certificates of Fitness.
Other healthcare providers — where a referral or coordination of care is clinically necessary, and with your consent unless disclosure is authorised by law.
Technology and platform service providers — third-party providers who support our operations, including Halaxy (patient management system), Google Meet (telehealth consultations), Heidi Health (AI-assisted clinical note-taking), payment processors, analytics providers (Google Analytics, Meta), Attio (customer relationship management), and Intercom (customer support). These providers act as data processors and are contractually required to protect your information and use it only for the purposes we specify.
Government and regulatory bodies — AHPRA, SIRA, the NSW Ministry of Health, the Office of the Australian Information Commissioner, law enforcement, and other authorities where disclosure is required or authorised by law.
Professional advisers — our legal, accounting, and insurance advisers where necessary for the operation of our business.

We do not sell, rent, or trade personal information to any third party.

8. Cross-border data transfers

All personal and health information collected by Claims Doctor is stored and processed within Australia. Our core technology providers operate Australian-hosted infrastructure for the data we collect. We do not knowingly transfer your personal or health information to any overseas recipient. If this changes in the future, we will update this policy accordingly.

9. Data security

We take reasonable steps to protect your personal and health information from misuse, interference, loss, and from unauthorised access, modification, or disclosure, in accordance with APP 11 and HPP 5. Our security measures include encryption of data in transit and at rest, access controls limiting information access to authorised personnel, secure authentication for our telehealth platform, regular review of our security practices, and contractual obligations on third-party service providers to maintain appropriate security standards.

10. Data retention

We retain health records in accordance with the Health Records and Information Privacy Act 2002 (NSW) and applicable professional standards:

Adult patients — health records are retained for a minimum of 7 years from the date of last contact.
Patients who were minors at the time of consultation — health records are retained until the patient reaches 25 years of age, or for 7 years from the date of last contact, whichever is later.
Financial records — retained for 7 years in accordance with Australian taxation law.
Website and analytics data — retained in accordance with our analytics platform settings and deleted or anonymised when no longer required.

After the applicable retention period, records are securely destroyed or permanently de-identified.

11. Cookies and website tracking

Our website uses cookies and similar tracking technologies to improve your experience and analyse website performance.

Essential cookies — required for basic functionality of our website, including session management and security. These cannot be disabled.
Analytics cookies — we use Google Analytics to understand how visitors use our website. Google Analytics uses cookies to collect aggregated, anonymised usage data.
Customer support — we use Intercom to provide live chat and customer support. Intercom places cookies to track your support interactions and improve our response to your enquiries.
Advertising and conversion tracking — we use Google Ads conversion tracking and the Meta Pixel to measure the effectiveness of our advertising campaigns. These tools may place cookies on your device to attribute your visit and serve relevant advertisements.

You can control or delete cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

12. Telehealth-specific matters

12.1 Consultation recording

Telehealth consultations may be recorded (audio and/or video) where deemed clinically necessary by the treating doctor. We may also use AI-assisted clinical note-taking tools during consultations to generate clinical notes and documentation. You will be informed at the commencement of any consultation where recording or AI note-taking is in use, and your consent will be obtained before proceeding.

12.2 Telehealth platform and clinical systems

Our telehealth consultations are conducted via Google Meet. Patient records, clinical notes, and booking information are managed through Halaxy, our patient management system, which stores health information on Australian-hosted servers. Payments are processed by our third-party payment provider; we do not store your full card details on our systems.

12.3 SMS and email communications

We may send you SMS or email communications for the purposes of appointment confirmations, reminders, and post-consultation follow-up. By providing your contact details and booking a consultation, you consent to receiving these operational communications. You may opt out of non-essential communications at any time by contacting us.

13. Mandatory reporting obligations

In certain circumstances, we are required by law to disclose your health information without your consent. These circumstances include mandatory reporting to AHPRA, child protection reporting under the Children and Young Persons (Care and Protection) Act 1998 (NSW), notifiable conditions under the Public Health Act 2010 (NSW), serious threats to life or health, and court orders or law enforcement requests.

14. Your rights

14.1 Access to your information

You have the right to request access to the personal and health information we hold about you, in accordance with APP 12 and HPP 6. We will respond to access requests within 30 days.

14.2 Correction of your information

If you believe the personal or health information we hold about you is inaccurate, incomplete, or out of date, you may request that we correct it. We will respond to correction requests within 30 days.

14.3 Anonymity and pseudonymity

Under APP 2, you have the right to deal with us anonymously or using a pseudonym where practicable. However, due to the nature of our medical services — including the legal requirements for patient identification on certificates — it is generally not practicable for us to provide our core services without verifying your identity.

14.4 Withdrawal of consent

Where we rely on your consent as the basis for collecting or using your information, you may withdraw that consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal.

14.5 Requesting deletion

You may request that we delete your personal information. We will comply where we are not required by law to retain it. Note that we are legally required to retain health records for the periods specified in Section 10.

15. Complaints

If you believe we have breached your privacy, contact our Privacy Officer at privacy@claimsdoctor.com.au. We will acknowledge your complaint within 5 business days and provide a written response within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or the Information and Privacy Commission NSW (IPC NSW) at ipc.nsw.gov.au.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, notify you by email or by a notice on our website.

Claims Doctor · claimsdoctor.com.au · ABN 39 674 905 376 · Level 1/457-459 Elizabeth Street, Surry Hills NSW 2010