Who we are

We are Healius Limited (ACN 064 530 516). The companies in the Healius Limited Group provide pathology services to patients and commercial clients, and operate diagnostic imaging and nuclear medicine facilities and provide bioanalytical services for clinical trials in Australia.

This Privacy Policy sets out how we comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and other relevant State and Territory legislation in managing your personal information.

Each of the companies in the Group holds patient information securely and has its own privacy policy, which is available on the relevant company’s website or upon request.

What personal information do we collect and hold?

Personal information is information or an opinion about an identified person, or someone who is reasonably identifiable, whether or not the information or opinion is true and whether the information or opinion is recorded in a material form or not.

The types of personal information we may collect and hold about you include:

Identity Billing and administration Medical


Medicare Number

Medical history


Health insurance membership number

Clinical notes

Date of Birth

Credit card number

Test results


Treatment plan

Email address

Prescribed medications

Telephone number

Referral details

Healthcare identifiers

Disease status

Next of kin

We only collect as much personal information from you as we, and the independent health professionals who use our services, need to provide you with services and to allow us to obtain payment for those services (as described more fully below).

How do we collect and hold personal information?

We collect personal information about you in several ways, including from:

  • you directly;
  • someone who has responsibility for you (your parent, carer or guardian);
  • information collected by an employee of the Healius group, such as a nurse or support staff;
  • information collected by independent healthcare professionals in a Healius group facility and recorded on patient records;
  • information from external health providers which is provided to a Healius group facility and placed on the record of the patient; and
  • information collected through websites in the form of online enquiries or requests for appointments.

When you attend one of our medical facilities to obtain services, we create a unique digital medical record for you. Every time a health service is provided for you at one of our facilities, new information is added to your record.

When you visit our websites, a small data file called a “cookie” is stored on your computer or mobile device by our server. We use cookies to maintain user sessions and to generate statistics about the number of people that visit our websites. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.

We take reasonable steps to protect patient medical records from misuse, interference and loss and also from unauthorised access, modification and disclosure.

Why do we need your personal information and what do we do with it?

  • Patient care

    We collect, maintain, use and disclose personal information about you in order to provide, and support and assist independent healthcare professionals in providing, you with appropriate medical care.

    • to provide you with medical care and services;
    • to provide you and/or your referring doctor with information that may assist you in managing and improving your health; and
    • as a medical history for you that allows healthcare professionals to provide you with better care as it assists with identifying changes to your health over time.
  • Operating our business

    We use your personal information as necessary to manage our administration, including storage of data, and management of accounts and payment for the services provided to you. Specifically we will use, and where necessary disclose, your personal information:

    • to obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund, or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs;
    • if the circumstances require, we may disclose your personal information to our insurers or insurers of independent healthcare professionals;
    • to manage and store your personal information securely, including management and storage by third parties such as cloud service providers with contractual relationships with companies in the Healius Limited Group, or associated entities; and
    • to entities within the Healius corporate group – these entities disclose medical records and other personal information with each other for administrative and information management purposes. This includes the disclosure of personal information for storage and archiving purposes. Any such disclosures are subject to strict conditions relating to confidentiality and data security.

      We may use your personal information to communicate with you, including to:
    • respond to your online enquiries or process requests for appointments;
    • advertise to you particular products and services that may be of interest to you (you may opt out of these communications if you wish);
    • give you important information (including by SMS or email) about the products and services offered by our practices (you may opt out of these communications if you wish); and
    • send you appointment reminders (including by SMS or email) in relation to obtaining services from our practices. This enables us to contact you, for example, to make follow-up appointments to discuss test results, or to remind you that you, or a dependant, are due for an immunisation, pap smear, annual health assessment or other type of consultation or test.
  • Teaching and research

    We may use your de-identified personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our practices. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.

    Where third parties undertaking research request identified data from our medical records, we will only provide identified data in response to these requests when authorised to do so by the Privacy Act.

  • Other disclosures

    We disclose your personal information where required or authorised by law.

    What happens if we do not collect your personal information?

    If you do not provide us with all the personal information we request, we and the independent healthcare professionals who use our services may not be able to provide services to you.

    Storage of your personal information

    We take reasonable steps, and implement reasonable safeguards, to ensure the protection of the personal information that we hold. All patient information is handled securely and in accordance with professional duties of confidentiality.

    The Healius group is subject to a range of rules relating to the periods for which health information and records must be retained. We must generally retain health information about an individual:

    • for at least 7 years from the last occasion on which we provided a health service to the individual – if we collected the information when the individual was 18 years old or older; or
    • at least until the individual turns 25 – if we collected the information when the individual was less than 18 years old.

    Do we transfer personal information overseas?

    We may disclose your personal information to wholly owned subsidiaries of our parent company, Healius Ltd, or to third parties which are based in India, Malaysia and the Philippines. These companies provide billing, payment and other administrative services, data-entry and data analytics services to us. We take reasonable steps to ensure that these companies do not breach the requirements of the Privacy Act 1988 (Cth) and other State and Territory privacy legislation that may be applicable.

    Can you access your personal information we hold?

    You may request access to the personal information we hold about you. You can also request that corrections be made to it. We will respond to your request within a reasonable time.

    There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.

    There is no fee for requesting access to your personal information or for us to make corrections. However, we will charge a fee for our costs involved in collating and providing you with access to any personal information. That fee is payable before access is given.

    What to do if you would like to make a complaint about a breach of the Australian Privacy Principles

    If you have any concerns about how we handle your personal information or you wish to make a complaint on the basis that we have breached the Australian Privacy Principles prescribed by the Privacy Act, please contact us. If you would like to make a complaint, you will need to send us a written complaint (see details below).

    We will endeavour to respond to your complaint within a reasonable time after it is made.

    How to contact us

    You can contact our Privacy Officer in the following ways:




    Level 22, Liberty Place
    161 Castlereagh Street
    SYDNEY NSW 2000

    Attention: Privacy Officer

    Privacy Policy Last Updated: 1 May 2023

    We may change this privacy policy from time to time. A current version of our privacy policy will be available on our website and will commence from the date it is made available