Skip to content Skip to content
Legal

Privacy Policy.

How we collect, use and protect your personal and health information in accordance with Australian privacy law.

Last updated: 3 June 2026

CareDirect Telehealth Pty Ltd is committed to protecting the privacy and confidentiality of the personal and health information we collect. This policy outlines our ongoing obligations to you in respect of how we manage your information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. As a telehealth mental health service, CareDirect collects and holds the following types of personal information:

  • Identity and contact details: names, addresses, email addresses, phone numbers and date of birth
  • Health information: clinical diagnoses and presenting concerns, session notes and treatment records, medication history and current prescriptions, referral letters and specialist correspondence
  • Care plan information: Mental Health Treatment Plans (MHTPs), care coordination notes and clinician assignments
  • Consultation metadata: video or phone consultation records (date, duration, practitioner), booking and scheduling data
  • Financial and claims information: Medicare and health fund claim information, payment details

This Personal Information is obtained in many ways including by telephone, by email, via our website, through telehealth consultations, from referring GPs and other health practitioners, and from third parties with your consent. We don't guarantee website links or policy of authorised third parties.

We collect your Personal Information for the primary purpose of providing clinical telehealth services to you, coordinating your care, communicating with your referring practitioners, and processing Medicare and health fund claims. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Anonymity and Pseudonymity

Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Health information collected through our telehealth services is classified as sensitive information under the Privacy Act.

Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent; or where required or authorised by law

Clinical Records

Health records created through your use of CareDirect Telehealth are clinical records and are subject to retention requirements under applicable state health records legislation. In New South Wales, clinical records are retained for a minimum of 7 years from the date of the last entry, in accordance with the Health Records and Information Privacy Act 2002 (NSW).

Health records are generally retained for at least 7 years from the date of last contact, or, in the case of children, until they reach at least 25 years of age, unless a longer period is required by law.

Records that are no longer required for clinical or legal purposes will be securely destroyed in accordance with the Privacy Act 1988 (Cth). Different record types (consultation notes, prescriptions, referral letters) may be subject to different retention periods under applicable legislation.

If CareDirect connects to the My Health Record system, we will comply with our obligations under the My Health Record Act 2012 (Cth) regarding the upload, access and deletion of records within the national system. This will be disclosed to you prior to any connection.

Unsolicited Information

From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices. If so, we will handle it in accordance with this policy. If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties (such as referring GPs, specialists or other health practitioners involved in your care). In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information

Your Personal Information may be disclosed in the following circumstances:

  • To members of your CareDirect care team for the purpose of coordinating your treatment
  • To your referring GP or other treating practitioners, with your consent
  • To Medicare Australia or private health insurers for the purpose of processing rebate claims
  • Third parties where you consent to the use or disclosure
  • Where required or authorised by law

Where you access services under Medicare, your clinician may be required to provide clinical correspondence or progress reports to the referring practitioner.

Cross-Border Disclosure

CareDirect's primary data storage is on secure, Australian-hosted systems. However, some third-party tools used in our service delivery (such as video conferencing software, booking systems, email platforms or analytics tools) may process data on servers located outside Australia. Each of these constitutes a disclosure of personal information to an overseas recipient under APP 8 of the Privacy Act.

Where personal or health information is processed by overseas recipients, we take reasonable steps to ensure those recipients comply with the Australian Privacy Principles. If you would like details of the specific countries where your data may be processed, please contact us.

Website Analytics and Marketing

Our website is built to use a small number of third-party tools. These include web analytics tools (such as Google Analytics and Google Tag Manager) and a website feedback widget. We also use service-delivery tools that support our care, including booking and scheduling software, email and SMS communication tools, and a video and phone consultation platform. Payment and Medicare or health fund claims are processed through secure billing channels.

Analytics tools only load where they are switched on. They collect general website usage data, such as pages viewed and the source of a visit. They do not have access to your clinical records or consultation content. We do not currently run advertising or retargeting pixels, and we do not track you across other websites. We do not use your clinical or health information for advertising or retargeting.

Data Breaches

CareDirect is bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach (a breach that is likely to result in serious harm to any individual whose information is involved), we will:

  • Assess suspected eligible data breaches expeditiously and, where required by the Notifiable Data Breaches scheme, notify affected individuals and the OAIC
  • Where we notify affected individuals, include the nature of the breach, the type of data involved, and recommended steps to reduce potential harm
  • Take all reasonable steps to contain the breach and mitigate any resulting harm

If you suspect your personal or health information held by CareDirect has been compromised, please contact us immediately using the details below.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. All telehealth consultations are conducted via encrypted video and phone technology, and clinical records are stored on secure, Australian-hosted infrastructure.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

CareDirect Telehealth Pty Ltd will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

If you are not satisfied with our response, you may contact AHPRA for practitioner concerns, OAIC for privacy concerns, or the relevant state or territory health complaints body.