Privacy policy
Who we are?
Herston Private Imaging Pty Ltd (HPI, We, Our, Us), ABN 33 676 999 296, provides radiology services to patients and commercial clients and is committed to protect the privacy and confidentiality of your personal, health and sensitive information which we collect while conducting our business.
We have set out this Privacy Policy (Policy) explaining the practices of how we collect, use, disclose, retain and otherwise handle your information with our obligations under the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles contained in the Privacy Act and other State and Territory legislation managing your personal information.
What personal information do we collect and hold?
The nature of your interaction with Herston Private Imaging informs what type of personal information we collect and hold. We only collect personal information about you lawfully and by fair means and not in an unreasonably intrusive manner. Collected and held information may include but is not limited to:
Identifying information collected and held may include:
Name
Address
Date of Birth
Biological Sex
Gender
Email address
Telephone number
Healthcare, research or clinical trial identifiers
Last used IP address
Passport number
Emergency contact details
You may request to not identify yourself or use a pseudonym when dealing with us. However, if you choose to not disclose your personal, health or sensitive informal information, we may be unable to provide you with your requested service.
Billing and administrative information collected may include:
Government and insurance details such as Medicare, pension and health concession details, Veteran Affairs, Health Fund, Work Cover and Motor Accident Compensation Claim numbers
Credit card number
Medical information collected may include:
Referring practitioner
Requested examinations and tests
Medical history, clinical notes, family history, medication, test results such as radiology, pathology, genetics & other health providers that assist us to provide a service to you
Records of prior engagement with you
Employment information collected may include:
Resumes, a curriculum vitae and employment applications
Pre employment checks
Professional qualifications, licences, registrations and insurances
Training records
Other information required by laws regulations and standards
Other information collected may include:
Legal firm or legal claim details
Other information relevant for our usual functions and activities
Irrelevant or receipt of unsolicited information about you that we would not normally collect will be destroyed and or remove all identifying information.
How do we collect and hold personal information?
Herston Private Imaging will retain personal information securely in accordance with the Privacy Act, for future retrieval in accordance with applicable regulatory and legislative requirements and good business practice. The varying storage formats made include:
Hard copy information stored on site or in secure storage facilities
Electronically in a secure format and environment
Digital audio recordings
Digital cine loops (sequences of individual imaged frames)
Digital or hard copy images
We are required to retain health information collected from:
Adults for 7 years from the last occasion that health services were provided to the individual by us
Individuals under the age of 18 years, until the individual turns 25
There are several ways we collect personal information, including from:
You personally via face-to-face communication, telephone, email, hard or electronic forms submitted by you via our website or other electronic systems and other forms of written correspondence
Information recorded of the request form from your health practitioner
Other persons or entities such as a hospital where you are a patient, health care providers such as an alternate radiology or pathology provider
A Responsible Party, defined by the Privacy Act such as your care giver, legal representative, guardian or parent
My Health Record, operated by the Australian Commonwealth Department of Health, if you are a participant
Government departments and agencies
Health insurers, law enforcement or other government instrumentalities
Students, trainees, universities, research and clinical trial providers
Your current employer, recruitment agency, employment referee
Contractors, suppliers of good and services engaged by us
Other sources we engage with as necessary to provide our services and during our usual business operations
We may collect information from other parties where your health may be at risk, and we need your personal information to provide you with emergency medical treatment.
When we receive a request to provide you with radiology services, we create a unique digital medical record for you. Every time we perform a radiology service for you, new information is added to your medical record.
Consent
If you are a patient, in most cases, before or at the time of providing you with a health service (or if this is not practicable, as soon as practicable thereafter), Herston Private Imaging will obtain consent for the purposes for which we intend to collect, hold, use and disclose your personal information. If you are unable to provide or communicate your consent, we may disclose personal information to a ‘responsible person’ (as defined in the Privacy Act) if it is necessary to provide you with appropriate treatment, care or for compassionate reasons, unless you have explicitly requested otherwise. You may choose not to provide us with consent for the collection, use and disclosure of your personal information, however, this may mean that are unable to provide the health services required.
Website
When visiting our website(s), we do not collect personal information about you, except when you knowingly provide it when corresponding with us or complete an online form.
Our website may use cookies, a small data file, that allows us to generate statistics on website traffic and performance. This data is anonymised and may include but is not limited to internet service provider, domain name, browser type and the pages visited. You can configure your web browser to reject cookies however this may limit the functionality of some components of our website.
Our websites may use Google services such as Google Analytics. Please refer to Google’s privacy policy to find out more about how Google collects and processes their data.
https://policies.google.com/privacy
https://policies.google.com/privacy/google-partners
Our website contains links to other websites. We are not responsible for the privacy practices or policies of those sites.
Why do we need your personal information & what do we do with it?
Herston Private Imaging may collect, use, retain and disclose personal, health and sensitive information from patients, customers, employees, contractors, health professionals, medical practitioners, hospital staff, goods and service suppliers, other health service-related providers and their associated nominees.
Collected information is directly related and reasonably necessary to allow us to conduct our business and health service functions, meet regulatory requirements applicable to us, to market our services and conduct employee related activities.
We do not sell your personal information.
Patient care
The purpose of using your information in your medical record may include:
Make a health status assessment, allowing us to provide a correct and personalised radiology service, along with treatment for ongoing health care, unless you have advised otherwise
Interpreting your radiology results and to make an appropriate diagnosis
Correspond, coordinate and assist managing and improving your health with health care providers involved in your care or to third party nominees such as family members, carers, translators or authorised representatives
Contributing to health-related reports, imaging and associated data, test results to platforms and initiatives consented by you such as My Health Record, clinical trials, research, statutory bodies and other registries such as national cancer registries
As a medical history for you as results of radiology services, we provide to you are added to your medical record over time. This medical history allows our health professionals to provide you with better care as it assists with identifying changes to your health over time
Correspond and coordinate additional health care services on your behalf, such as obtaining second opinions or referrals / requests to other services
Communicating reminders for future appointment and follow up care
We disclose your radiology results to:
The person who requested the radiology service on your behalf (commonly your health practitioner)
To anyone else specified in the request for the radiology service. Your requesting health practitioner may request we disclose your results, images or other health information to other health practitioners directly related to your treatment, or yourself directly.
To other persons not specifically listed in the request for the radiology service but who claim to be providing health care services to you and we are satisfied that their claim is genuine (we will only do this if we are reasonably satisfied that they are a registered health practitioner, or you have consented to this occurring, or there appear to be other reasons why this is appropriate for your health care)
Where the radiology service was requested on your behalf by your employer or a government department, to that employer or government department
To you personally or to anyone else you may request or consent to in writing, provided you supply us with any information we may request from you to be reasonably satisfied that the request is genuinely from you (e.g. certified identification documents)
Where the radiology service provides a positive result to a notifiable disease (e.g. lung cancer), to the relevant government authority
We may also disclose your complete radiology medical history, including all radiology results for all radiology services we have ever performed for you (regardless of who requested the relevant radiology services), to a registered health practitioner who requests this. We will only do this if we are satisfied as to the identity of the registered health practitioner, and they confirm to us that this is required solely for them to deliver health care personally to you.
For some specific radiology exams, it is accepted clinical practice that we must give your health practitioner not only the test result for the test your health practitioner has requested but also the results of all tests of the same nature that we have performed for you previously (regardless of who requested those tests). Past results assist your health practitioner to determine whether your current test result is abnormal, require further testing or further monitoring. This is commonly actioned by Herston Private Imaging providing medical images and reports via secure web-based password protected online portals.
Users of this service are subject to an obligation to collect health information with your consent and, in many cases are bound by the codes of practice that deal with obligations of professional confidentiality relevant to their profession.
To access our portals, users are required to:
Agree with the terms and conditions, confirming they will only access information that is required to provide a medical service to those under their direct care and not access information of other Herston Private Patients stored on our portals and that the information will not otherwise be used, knowingly shared or disclosed for any other purpose.
Obtain a unique username and password
Our systems trace, record, and store all access activity on every patient file indefinitely. Furthermore, we frequently monitor the use of this service and take all reasonable steps to ensure the system is being used appropriately and for its intended purpose.
In some circumstances, it may be necessary for us to engage a third-party radiology service or a specialised radiology software service provider to provide an opinion or analyse your data associated with the imaging we have performed on you. These third parties may be located outside of Australia. Any data or information shared with these parties will be limited for the purpose of obtaining the necessary radiology service.
Operating our business
We use, and where necessary disclose, your personal information to manage our accounts and obtain payment for the services we provide. This may include:
Obtaining payment from Medicare Australia, you, your private health insurance fund, Department of Veteran Affairs, Department of Health, Work Cover Australia or from any organisation or payee responsible for payment of any part of your account. This may also extend to disclosure of your personal information to a debt collector, a credit-checking agency and our accounts department
Using and where necessary disclosing, your personal information for data entry and data analytics purposes
When required, disclosing your personal information to our insurers
Fulfilling obligatory requirements of state and federal regulatory bodies and agencies
Responding to messages and or enquiries you submit through our website, email, mail or telephone
Using electronic processes when using your personal information as specified above. We may link, combine or share personal information about you in various databases created by any of our businesses
We will not seek your consent to use your personal information for the above purposes.
Providing you important information about our services
Provide reminders relating to obtaining services from us such as when your health care needs require regular, periodic radiology services
Quality improvement & teaching
Conduct quality assurance and quality control activities, audits, accreditation, risk and claim management, customer satisfaction surveys and statistical analysis of customer service, health outcomes and other business activities.
Providing information for complaint handling or to respond to anticipated or existing legal actions. This may include notifying relevant organisations such as medical defence organisations, insurance companies and/or legal advisors of an incident/accident when a claim of medical malpractice has been alleged
Obtain feedback about our services or provide advise or information to you about products, services, treatment options and clinical trials that are relevant to you
Research
Researching, assessing and aggregating collected information for the continuing education of professional personnel (all information is de-identified prior to use); relating to customer service, health outcomes and other business activities.
Other disclosures
Source, assess and or engage your services as an employee or contractor
Equipment servicing and repair
Can I access my personal information or have it amended?
Please contact us, should you wish to request access to or have us correct your personal information. Depending on the type of information requested, you may be required to collect it in person and provide valid photo identification such as a Drivers Licence or Passport. We will advise you if costs are associated with supplying this personal information.
We take reasonable steps to ensure personal information we collect, use, and disclose is accurate, up-to-date and complete. The accuracy and completeness of that information depend on the information you provide to us. We recommend that you tell us if there are any errors in the information we hold and inform us of any changes to your information such as your name, address, or Medicare number.
If you are specifically seeking access to the results from a service provided by Herston Private Imaging, we recommend consulting with your referring health practitioner in the first instance. This allows results to be explained in the broader context of your health status and other further testing or results.
Your images and or report performed by Herston Private Imaging are available on a portal that you can personally access. In instances where hardcopy images or reports are requested, you will be required to collect them in person, upon verification of valid photo identification. This information cannot be emailed, faxed or posted.
Do we use your personal information for marketing?
In compliance with applicable laws, Herston Private Imaging or its engaged contractors may use your personal information for direct marking relating to our services. As an example, we may update our referring practitioners with new services, equipment or techniques that we provide.
You may opt out of receiving direct marking correspondence by contacting us in writing. Our contact details are below and on our website.
You will still receive correspondence from us relating to your personal health care provided by us if you choose to opt out of direct marketing correspondence.
Do we transfer personal information overseas?
We engage third parties to assist us in provisioning our radiology service which may require storage, access or use data we have collected, including personal information.
We take reasonable steps to ensure that these third-party service providers are bound by appropriate privacy requirements like those of Herston Private Imaging.
Herston Private imaging has arrangements with third party providers to:
Provide radiology reporting services which may require transfer and storage of personal information. These providers are Australian and are bound by the same privacy requirements as Herston Private Imaging.
Provide medical transcription services by typists based in Australia or the Philippines. These providers are Australian owned businesses and companies and are bound by the same privacy requirements as Herston Private Imaging.
Maintain and upgrade our Radiology Information System (RIS) and Picture Archiving and Communication System (PACS). These providers have Australian and overseas based maintenance teams however all works are coordinated through their Australian offices which are bound by the same privacy requirements as Herston Private Imaging. We do not store patient data overseas however these partners may connect to Herston Private Imaging to perform maintenance, or upgrade works on our systems.
If you are participating in a clinical trial or research, your personal information may be disclosed overseas to the country in which the clinical trial or research is being conducted.
Australian Privacy Principles Breaches - Make a Complaint
Please contact the Herston Private Imaging Privacy Officer if you would like to request access to your personal information or ask questions regarding how we manage your personal information. There are some instances where we are not required give you access or amend your data. We will normally provide you with reasoning.
If you are concerned that our handling of your personal data breaches the Australian Privacy Principles, described in the Privacy Act 1988 (Cth), you can lodge a complaint, to us.
Your complaint will be investigated and where reasonable, we will respond within 30 days of receiving the complaint.
If our response does not answer your concerns, you may lodge a complaint with the Office of the Australian Information Commissioner whose contact details are listed below.
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
p. 1300 363 992
e. enquiries@oaic.gov.au
w. www.oaic.gov.au
OAIC Online Privacy Complaint Form
w. www.oaic.gov.au/privacy/privacy-complaints/
Herston Private Imaging Privacy Officer
Lower Ground, 7 Wren Street
Bowen Hills, Queensland, 4006
p. 07 3547 7777
e. hello@hpi.clinic
w. www.hpi.clinic
Policy updates
As new or updated legislation, regulation or technology is introduced, we may amend our Privacy Policy.
The Policy governs how we hold Personal Information and is effective at the time of publishing on our website(s). We will deem that you have acknowledged and agree to all changes when you access our services.
If you do not accept the terms of this Policy or any or all its amended form, you must not access out services, resources including our website(s).
Date of Publication: October 2025
HPI LINKS