Privacy Policy & Patient Disclaimer for Consent to Treat

The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act defines personal information as:

…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.

Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.

The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as  most Australian and Norfolk Island Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

There are two forms of 'Privacy Policy' the CMA recommends for members to utilize within their clinics.

1 - Abbreviated Privacy Policy Statement
To be displayed in the waiting room for easy patient access.


To ensure your privacy this practice adheres to the National Privacy Principles of the Council of Australian Privacy Legislation.

Your health information is collected by us only with your consent and as necessary for the proper and effective treatment of your condition.

Health information about you will not be released to any other party without your consent.

You may review your health information with your treating provider and are entitled to access your health records for this purpose.

If you have any queries about the confidentiality of your health information please feel welcome to discuss this with your health provider.

2 - Detailed Privacy Policy Statement
To be held within the clinic to provide more detailed information to patients upon request.

This practice has adopted the following Privacy Policy to protect patients, which is in line with the National Privacy Policy Guidelines and approved by The Complementary Medicine Association Ltd

This practice will only collect personal information:

(a) Necessary for its function or activities;
(b) Fairly, lawfully and not in an unreasonably intrusive way;
(c) Wherever reasonable and practicable, directly from the relevant patient;
(d) If reasonable steps are taken to notify the patient of;

· the identity of the organisation, and how to contact it;
· the fact that the patient may gain access to the information collected;
· the purposes for which the information is collected;
· the organisation, or the types of organisations, to which this practice usually discloses the information;
· any law that requires the information to be collected; and
· the main consequences for the patient if the information is not provided.

Use and disclosure
This practice will only use or disclose personal information;

(a) in ways that the patient would expect;
(b) in ways that the patient has consented to;
(c) in ways that are required by the public interest (for example, law enforcement and public health and safety).

Data quality
This practice will take reasonable steps to ensure the personal information it collects, uses or discloses is accurate, complete and up to date.

Data security
This practice will take reasonable steps to:

(a) ensure the personal information it holds is kept secure and protected from misuse, and unauthorised access, modification or disclosure; and
(b) destroy, or permanently de-identify, personal information which is no longer required.

This practice will make this Policy available upon request.

Access and correction
This practice will, subject to certain restrictions, provide patients with access to personal information about themselves upon request, and take reasonable steps to correct that information if it is shown that it is inaccurate, incomplete, or out of date.

This practice will not use, or disclose, identifiers that government agencies have assigned to individuals, except in limited circumstances.

Trans Border Dataflow
This practice will only transfer personal information to a recipient, if;

(a) the recipient is subject to a privacy policy equal to or substantially similar to the Australian National Privacy Principles;
(b) the patient has consented to the transfer;
(c) the transfer is necessary for the performance of a service between the patient and the organisation
(d) the transfer is necessary for the conclusion, or performance, of a service in the interest of the patient;
(e) the transfer is for the benefit of the patient, whose consent is impracticable to obtain, but likely to be given; or
(f) we have taken reasonable steps to ensure that the information transferred will not be used inconsistently with the Australian National Privacy Principles .

Sensitive information
This practice will not collect information, or an opinion, about an individual's:

(a) racial or ethnic origin; [other than for patient history]
(b) political opinions;
(c) religious, or philosophical beliefs;
(d) membership of a trade union, or professional association;
(e) sexual preferences, or practices;
(f) criminal record;
(h) the patient has consented;
(i) the collection is required by law, or for other public interest purposes (such as law enforcement and public health and safety); or
(j) other specified circumstances apply.

Both these policies are approved and recommended by the CMA.

Visit the Office of the Australian Information Commissioner to view the National Privacy Principles

Patient Disclaimer and Privacy Consent

All CMA members are required to include a 'consent to treat' section in patient case history forms, which must be signed by the patient and kept on file.  A standard disclaimer may read;

"I the undersigned, hereby state that all information provided here by me, is a true and accurate record of my health status and I give consent for treatment from this clinic.  I understand that my personal detials will be stored and used in accordance with the current applicable Privacy Act”

All patient records should be kept for a period of not less than seven (7) years from the date of the last visit.

The following minimum standards of practise are also recommended under the CMA's Code of Ethics.


11.1       All Members should conform to a minimum standard in recording new cases and recording progress of the patient, while the patient is under a Member’s care.  It is suggested that case history and progress records should be kept separate from financial records.


12.1       A case history should in all cases include the following:

(a)          Name, address, occupation, date and telephone numbers (business and after hours).

(b)          Present symptoms and duration of same.

(c)          Previous treatment.

(d)          Past illnesses, operations and/or accidents.

(e)          Abnormalities noted.

(f)           Medical diagnosis (if any).


13.1       It is recommended that in addition to complete case history records, progress notations be made in the following  instances:

(a)          Date of each visit to the clinic to be recorded.

(b)          When a patient reports changes to symptoms.

(c)          Treatment and any advice given to patient or relatives.

(d)          Results and any remarks to patient, or by patient, to be recorded on each visit, and on conclusion of treatment.

For a full copy of the CMA Code of Ethics & By-Laws see our Articles of Association