Privacy Policy

Your trust matters to us. This policy explains how we collect, use, store, and protect your personal and health information.

Last reviewed: April 2026

Who we are

The Biomechanics is an allied health practice operating across three Melbourne clinics, providing exercise physiology, physiotherapy, and pain management services. We deliver care under NDIS, TAC, WorkCover, Medicare, DVA, the ADF Health Services Contract (via Bupa), and private arrangements.

What information we collect

We collect personal and health information that is reasonably necessary to provide you with clinical care, process billing, and meet our legal obligations. This may include:

  • Your name, date of birth, contact details, and Medicare/DVA number
  • Health and medical history, including referral letters, diagnoses, and treatment notes
  • Information from your referring practitioner or funding body (e.g., NDIS plan details, TAC claim information)
  • Billing and payment information

How we collect your information

We collect information directly from you wherever possible, through intake forms, consultations, and ongoing clinical interactions. We may also receive information from your referring doctor, specialist, or funding body with your consent.

How we use your information

Your information is used to:

  • Provide and coordinate your clinical care
  • Communicate with your referring practitioners and care team
  • Process claims and billing with your funding body (NDIS, TAC, WorkCover, Medicare, DVA, ADF/Bupa)
  • Meet our legal and regulatory obligations
  • Improve our services through de-identified, aggregated data analysis

We do not use your personal information for marketing purposes without your explicit consent.

How we store and protect your information

All active client records are stored in Nookal, our approved practice management system. Nookal hosts Australian client data on servers in Sydney, Australia, with AES-256 encryption for data in transit and at rest.

We do not store identifiable client information on personal devices, USB drives, email drafts, or unapproved platforms. Access to client data is restricted to authorised staff via unique, secure login credentials.

Data sovereignty

We are committed to ensuring that client data remains within Australian territories. This is particularly important for ADF personnel, whose health information is protected by the Privacy Act 1988 and must not be transferred or stored outside Australia without the written consent of the Department of Defence.

All current client health records are stored on Australian servers via Nookal. We do not use platforms for identifiable client data where the data storage location is outside Australia or unclear.

Use of AI tools

The Biomechanics uses AI tools (such as ChatGPT and Claude) for administrative efficiency, including drafting templates, improving communication quality, and professional development. No identifiable or sensitive client information is entered into any AI tool. All AI-generated content is reviewed by a qualified professional before clinical or client-facing use. AI does not replace clinical judgement.

Telehealth

Telehealth consultations are delivered via Zoom or Google Meet, both of which meet the encryption and security requirements of the Privacy Act 1988. Sessions are conducted in a private environment. Recordings are not made without your explicit written consent. Clinical notes from telehealth sessions are recorded in Nookal in the same way as in-person consultations.

Your rights

You have the right to:

  • Know what personal information we hold about you
  • Request access to your records
  • Request correction of inaccurate or out-of-date information
  • Withdraw consent for the use of your information at any time
  • Make a complaint about how your information has been handled

Access and correction requests are processed within 30 days in accordance with the Privacy Act 1988.

Sharing your information

We only share your information with:

  • Your referring practitioner or GP (with your consent)
  • Funding bodies as required for billing and compliance (NDIS, TAC, WorkCover, Medicare, DVA, ADF/Bupa)
  • Other health professionals involved in your care (with your consent)

We do not sell, rent, or disclose your information for any purpose unrelated to your care without your written consent, unless required by law.

Records retention

We retain all client records indefinitely as standard practice. This exceeds the minimum requirements of the Health Records Act 2001 (Vic), which mandates 7 years after last contact for adults and until the age of 25 for minors. Indefinite retention supports continuity of care and protects both you and our clinicians.

Data breaches

In the unlikely event of a data breach, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme. We take all suspected breaches seriously and act promptly to contain and remediate any incident.

Legislation

This policy aligns with:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles
  • Health Records Act 2001 (Victoria)
  • Health Practitioner Regulation National Law
  • NDIS Practice Standards
  • TAC and WorkSafe Victoria requirements
  • ADF Health Services Contract requirements

Contact us

If you have questions about this policy, want to access or correct your information, or wish to make a privacy complaint, please contact us:

Phone: 1300 920 520

Email: admin@thebiomechanics.com.au

Post: Private and Confidential, Attn: Luke Postlethwaite, The Biomechanics, Level 2, 109-111 Nicholson St, Footscray VIC 3011

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.