1. What Information We Collect

We collect only the personal and health information necessary to provide safe, high-quality medical care and to meet our legal and professional obligations.

Personal information may include:

·       Name, date of birth, address, phone number, and email

·       Medicare number and private health-fund details

·       Emergency contact information

·       Photographic identification

·       Payment and billing details

·       Communication preferences

Health information may include:

·       Medical history and current conditions

·       Medications, allergies, and supplements

·       Previous surgeries or treatments

·       Relevant family medical history

·       Consultation notes, clinical records, and treatment plans

·       Photographs and medical images (for documentation)

·       Pathology and diagnostic test results

·       Post-operative care and recovery notes

·       Correspondence between you, Dr Konrat, and other healthcare providers

2. How We Collect Information

Directly from you:

·       During consultations and appointments

·       Through enquiry, booking, or consent forms

·       By phone, email, or online communication

From other health professionals (with consent):

·       GP referral letters or medical records

·       Communication from specialists or allied health practitioners

From third parties involved in your care:

·       Anaesthetists, nursing staff, and hospital personnel

·       Pathology and imaging providers

·       Pharmacies (for prescriptions)

3. How We Use Your Information

We use your information for legitimate medical, administrative, and legal purposes, including:

Medical care – assessing suitability for procedures, planning and performing surgery, providing follow-up care, and managing complications.
Administration – booking appointments, maintaining records, processing payments, and responding to enquiries.
Legal and regulatory compliance – meeting AHPRA and health-legislation obligations, managing complaints, and reporting when required.
Quality and safety – clinical audits, outcome reviews, and accreditation requirements.
Communication – appointment reminders, follow-ups, and post-operative guidance.

Your information will not be used for marketing without your explicit written consent.

4. Clinical Photography and Medical Images

Photographs and medical images form part of your confidential medical record. They are used to:

·       Plan and document surgical care

·       Monitor healing and results

Educational or publication use requires separate written consent. We may request permission to use de-identified images for:

·       Medical education or training

·       Journal publication

·       Practice or conference presentations

·       Educational website or social-media content

Consent is always:

·       Voluntary – declining does not affect your care

·       Specific – you will be told exactly how images will be used

·       Revocable – you can withdraw consent at any time

·       Documented in writing

If you withdraw consent, we will remove images from public use as soon as practicable.

5. Who We Share Your Information With

We only share information when necessary for your care or when required by law.

Typical disclosures include:

·       Anaesthetists, theatre and recovery staff, and your GP (with consent)

·       Pathology or imaging providers

·       Hospital and day-surgery administration

·       Accredited IT or records-management providers

·       AHPRA or other authorities (if legally required)

With your consent, we may also share information with:

·       Private insurers, solicitors, or nominated family members

All third-party recipients must handle your data in accordance with the Privacy Act. We will never sell or trade your information.

6. How We Store and Protect Your Information

We take reasonable steps to safeguard your data from unauthorised access, misuse, or loss.

Security measures include:

·       Password-protected electronic medical records

·       Encrypted email and form submissions

·       Restricted staff access

·       Locked storage for physical files

·       Ongoing privacy training and system reviews

Record retention:

·       Adult patient records are kept for at least seven (7) years after last contact.

·       Records of patients under 18 are retained until the patient turns 25.

·       Records may be held longer if required for ongoing care or by law.
When no longer required, records are securely destroyed or permanently deleted.

7. Your Rights and Choices

You have the right to:

·       Access your personal and health information (unless legally restricted)

·       Request corrections to inaccurate or outdated details

·       Request limits on how information is used or disclosed

·       Withdraw consent for optional uses such as image publication

·       Make a complaint about privacy handling

How to exercise your rights:
Submit your request or complaint in writing to our Privacy Officer. We aim to respond within 30 days. Reasonable copying fees may apply.

8. Overseas Disclosure

We generally do not disclose patient information overseas. However, some cloud-storage or IT systems may use secure servers located outside Australia. When this occurs, we ensure the provider complies with the Australian Privacy Principles and equivalent data-protection safeguards.

9. Website and Online Privacy

Cookies and analytics:
Our website uses cookies to improve user experience and analyse traffic. You can disable cookies in your browser, though some functions may not work correctly.

Server logs and IP data:
Our web-hosting provider may automatically collect non-identifiable information such as IP address, browser type, and access time for security and performance monitoring. This information does not personally identify you.

Online forms:
Data submitted through enquiry or booking forms is encrypted and stored securely.

External links and social media:
Our website may contain links to external platforms (e.g. Facebook, Instagram). We are not responsible for their privacy practices; please review their policies separately.

10. Use of Artificial Intelligence (AI) and Automated Systems

Our practice may use artificial intelligence (AI) and automation tools to support administrative and communication functions, such as:

·       Managing online enquiries and appointment requests

·       Generating educational website content

·       Analysing de-identified data for quality improvement

AI tools used in these processes operate under strict privacy controls:

·       Personal and health information is never shared with public AI systems (such as ChatGPT or similar)

·       Any AI or automation tools we use are configured within secure, private systems that comply with the Privacy Act 1988 (Cth)

·       Automated systems do not make medical or clinical decisions - all clinical advice and treatment decisions are made by Dr Konrat

If you contact us via a chatbot, online form, or automated system, we may collect your name, contact details, and enquiry for administrative purposes only. These details are handled securely in accordance with this Privacy Policy.

11. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in our operations or legal obligations. The latest version will always be available on our website, with the date of last update clearly displayed. Significant updates will be announced by email or website notice.

12. Contact Us About Privacy

Privacy Officer: Emma – Practice Manager

If you wish to:

·       Access or correct your information

·       Withdraw consent for image use

·       Make a privacy enquiry or complaint

Please contact us:
📞 (02) 9188 1949 ✉️ [email protected]
📬 Suite 402, Level 4, 59-75 Grafton Street, Bondi Junction NSW 2022

We aim to respond to all privacy enquiries within 30 days.

13. Complaints to the Regulator

If you are unsatisfied with our response, you may contact the:

Office of the Australian Information Commissioner (OAIC)
🌐 www.oaic.gov.au 📞 1300 363 992 ✉️ [email protected]
📮 GPO Box 5218, Sydney NSW 2001

The OAIC investigates privacy complaints under the Privacy Act 1988 (Cth).

This Privacy Policy applies to Dr Georgina Konrat’s medical practice and staff. It does not apply to third-party service providers that maintain their own privacy policies.