Privacy Policy

This policy outlines how Dr Ameer Shehab collects, uses, and protects patient information in accordance with the Privacy Act 1988, Australian Privacy Principles, and specific requirements for AI-assisted healthcare services.

1. Collection of Information

Types of Information Collected

  • Personal identification information

  • Medical history and health information

  • Medicare and healthcare identifiers

  • Session notes and transcriptions

  • Audio recordings (where applicable)

  • Correspondence with other healthcare providers

  • Payment and billing information

Collection Methods

  • Direct collection from patients

  • Electronic Health Records (EHR)

  • Audio recordings of consultations (with consent)

  • AI transcription services via Lyrebird Health

  • Correspondence from other healthcare providers

  • Telehealth platforms

2. AI Transcription and Data Processing

Lyrebird Health AI Service

All consultations processed through Lyrebird Health are:

  • Encrypted during transmission and storage

  • Processed within Australian jurisdiction

  • Subject to strict access controls

  • Automatically deleted after processing according to retention schedule

Patient Notification

Patients must be informed that:

  • AI transcription services are used

  • Their consultations may be recorded and transcribed

  • They can opt-out of AI transcription

  • How their data is processed and stored

  • The security measures in place

Consent Requirements

Explicit written consent required for:

  • Recording consultations

  • Using AI transcription services

  • Storing recordings and transcriptions

  • Sharing transcriptions with other healthcare providers

3. Data Security and Storage

Electronic Records

All electronic health records are:

  • Password protected with multi-factor authentication

  • Encrypted at rest and in transit

  • Backed up securely

  • Accessible only to authorised personnel

  • Monitored for unauthorised access attempts

Physical Records

  • Stored in locked cabinets

  • Access restricted to authorised personnel

  • Secure disposal when no longer needed

AI-Generated Content

  • Transcriptions reviewed for accuracy

  • Stored separately from main health record

  • Subject to same security protocols as other health information

  • Regular auditing of access and usage

4. Data Sharing and Third-Party Access

Authorised Sharing

Information may be shared with:

  • Other healthcare providers involved in care

  • Medicare/DVA for billing purposes

  • Legal requirements or court orders

  • With explicit patient consent

Third-Party Services

We engage with:

  • Lyrebird Health (AI transcription)

  • Practice management software

  • Secure messaging services

  • Telehealth platforms

All third-party services must:

  • Meet Australian privacy standards

  • Have appropriate security certifications

  • Process data within Australia

  • Have current data processing agreements

5. Patient Rights and Access

Patients have the right to:

  • Access their health records

  • Request corrections to information

  • Opt-out of AI transcription services

  • Receive copies of their transcripts

  • Know how their information is used

  • Lodge complaints about privacy concerns

6. Breach Management

Response Protocol

  • Immediate notification to Dr. Thomas Dickson

  • Assessment of breach severity

  • Patient notification if required

  • Report to OAIC if serious breach occurs

  • Review and update of security measures

7. Mental Health Information Privacy

Sensitive Information Classification

  • Mental health records are classified as highly sensitive information

  • Additional safeguards and restricted access protocols apply

  • Separate consent required for sharing mental health information

  • Special considerations for psychotherapy notes and sessions

Psychotherapy Notes

  • Stored separately from the general medical record

  • Access is restricted to the treating practitioner (Dr Ameer Shehab)

  • Notes are maintained with enhanced security measures

  • AI transcription of psychotherapy sessions requires specific consent

  • Patients can restrict access to psychotherapy notes while allowing access to other health information

Information Sharing Protocols

Mental health information will only be shared in the following circumstances:

  • Explicit patient consent for specific information sharing

  • Legal requirement or court order

  • Immediate risk to patient or public safety

  • Medicare/DVA requirements (limited to required information only)

Special Considerations

  • Detailed documentation of capacity to consent

  • Additional privacy protections for vulnerable patients

  • Specific protocols for LGBTQIA+ sensitive information

  • Cultural safety considerations in information handling

  • Enhanced protections for substance use and addiction information

8. Staff Responsibilities

All staff must:

  • Sign confidentiality agreements

  • Complete privacy training annually

  • Follow access protocols

  • Report potential breaches

  • Maintain clean desk policy

  • Use secure communication methods

9. Compliance and Auditing

Regular auditing of:

  • Access logs

  • Consent records

  • AI transcription usage

  • Security measures

  • Staff compliance

  • Third-party services

10. Data Retention and Disposal

Retention Schedule

  • Clinical records: 7 years (adults)

  • Children's records: Until age 25

  • Transcriptions: 7 years

  • Audio recordings: 30 days unless specifically required longer

Secure Disposal Methods

  • Electronic data wiping

  • Physical document shredding

  • Certified destruction services

  • Documented disposal records

11. Website and Digital Services Privacy

At Queerious Health, any personal information shared through our:

  • Website

  • Email communications

  • Social media interactions

  • Online appointment bookings

Is handled securely and confidentially. Our digital platforms use:

  • Secure encryption

  • Analytics and cookies for website functionality

  • Secure payment processing

  • Protected online forms

Cookies and Web Beacons

Dr Ameer Shehab utilises cookies on his website. Cookies are:

  • Text files stored in your computer's browser to save preferences

  • Not personally identifiable on their own

  • Used by third parties (such as Google and Facebook) to display our advertisements on social media and online platforms

  • Potentially linked to personal information only when you choose to provide it through our website

Web beacons may be used on our website and are:

  • Small pieces of code on web pages

  • Used to monitor visitor behaviour

  • Applied to collect data about webpage viewing

  • Utilised for functions such as counting website visitors

  • Employed to deliver cookies to visitors' browsers

External Website Links

When using Dr Ameer Shehab’s website:

  • Links to external websites may be provided

  • We have no control over external websites

  • External websites are not governed by this Privacy Policy

  • We are not responsible for the privacy protection or personal information handling on external websites

You can opt-out of non-essential cookies and analytics tracking at any time.

12. Document Automation Technologies

Our practice uses secure medical software for:

  • Creating referral letters

  • Generating prescriptions

  • Managing medical records

  • Processing Medicare claims

All document automation is:

  • Password protected

  • Access-controlled by role

  • Regularly audited

  • Compliant with privacy legislation

13. Quality Improvement and Research

We may use de-identified patient data for:

  • Practice quality improvement

  • Healthcare research

  • Staff training

  • Population health analysis

You can:

  • Opt-out of having your de-identified data included

  • Request information about how your de-identified data is used

  • Be assured that no identifying information is shared

14. Policy Review and Updates

Review Schedule

This policy is:

  • Reviewed annually

  • Updated to reflect changes in:

  • Victorian Health Records Act 2001

  • Privacy and Data Protection Act 2014 (Vic)

  • Mental Health and Wellbeing Act 2022 (Vic)

  • Federal Privacy Act 1988

  • Australian Privacy Principles

  • Communicated to staff and patients

  • Available upon request

Policy Amendments

This Privacy Policy may be:

  • Updated at our discretion

  • Published in amended form on our website

  • Modified to reflect changes in:

  • Healthcare practices

  • Technology services

  • Legislative requirements

  • Privacy standards

Significant changes are communicated via:

  • Direct patient notification (email/SMS)

  • Practice website updates

  • Notices in waiting room

  • Direct communication during consultations

  • Updated privacy consent forms

Record Retention Requirements (Victorian Legislation)

In accordance with the Health Records Act 2001 (Vic):

  • Adult records: minimum of 7 years from date of last entry

  • Children's records: until the patient is 25 years of age

  • Mental health records: 7 years from date of last entry

  • Deceased patient records: 7 years from date of death

Complaint Procedures

Patients can lodge complaints through:

Internal Process:

  • Direct to Dr Ameer Shehab

  • Email: admin@drameershehab.com

  • Response within 30 days

External Bodies:

Health Complaints Commissioner (Victoria)

  • Level 26, 570 Bourke Street, Melbourne VIC 3000

  • Phone: 1300 582 113

  • Website: hcc.vic.gov.au

Office of the Australian Information Commissioner (OAIC)

  • Phone: 1300 363 992

  • Website: www.oaic.gov.au

Contact

Privacy concerns should be directed to:

Dr Ameer Shehab

admin@drameershehab.com

Last reviewed: 15 December 2024

Next review: 15 December 2025