Login Book Now
Login Book Now

Privacy Policy

Version 2.0 – Last updated: 20 November 2025

1. Purpose

This Privacy Policy describes how NIMS Health (“NIMS”, “we”, “us”, “our”) collects, uses, discloses and protects personal information, including health information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What we collect

We collect only the information necessary to provide healthcare and manage our services. Information we collect may include:

  • Identity and contact details: name, date of birth, address, phone, email.
  • Health information: medical history, symptoms, diagnoses, treatments, referrals, work capacity, test results.
  • Funding and billing information: employer or insurer details, claim numbers, payment information.
  • System use and technical data: login activity, device/browser type, IP address, session cookies and logs for security.
  • Communications: correspondence and notes relating to the delivery of our services to you.

We generally collect this directly from you or an authorised representative, and may also receive information from other treating providers, employers, or insurers as permitted or required by law.

3. How and why we use your information

We may use the information we collect for purposes including, but not limited to:

  • Providing healthcare and telehealth services.
  • Coordinating with employers, insurers and rehabilitation providers (with consent or as authorised by law).
  • Operate, support and secure our clinical and administrative systems.
  • Meet professional, legal, and regulatory obligations.
  • Communicate about appointments and service updates.
  • Personalising and improving user experience.
  • Enhancing our services and detecting or preventing security threats.

We will only use your personal information for the purpose(s) for which it was collected, or for related purposes that are reasonably expected, unless you have consented otherwise or the use is required or authorised by law.

4. Telehealth privacy

NIMS Health delivers telehealth services in line with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and accepted clinical governance standards for remote care. We apply the same confidentiality, security and clinical documentation requirements to telehealth as we do for all in-person services. To protect your privacy:

  • We use secure, encrypted telehealth platforms that meet healthcare privacy and security standards.
  • We confirm your identity at the start of each consultation and ensure you understand the telehealth process before continuing.
  • We do not routinely audio or video record consultations.
  • Please ensure you are in a private, confidential space during your appointment.
  • Any information shared during telehealth is handled under the same privacy, security and clinical documentation controls that apply to all health information we hold.
  • If a support person, interpreter, employer or insurer representative needs to join (e.g., for a case conference), this will only occur with your consent.
5. Data storage and security

All personal information is stored in Australia unless otherwise disclosed. We take reasonable steps to protect your personal information from misuse, loss, and unauthorised access, modification, or disclosure. These steps may include secure servers, encryption, firewalls, and restricted access to data. While we endeavour to protect your personal information, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Use of Artificial Intelligence (AI)

We use compliant, human-supervised artificial intelligence (AI) tools to help our clinicians and staff with notetaking, documentation, workflow and administrative tasks. These tools may assist with:

  • drafting or structuring consultation notes during or after an appointment.
  • summarising information already entered by a clinician.
  • securely managing forms and correspondence.

Clinical judgement remains human and managed by our staff. AI tools do not make independent diagnoses, treatment recommendations or decisions about your care. A qualified practitioner reviews, edits and finalises all clinical records.

  • Data handling: Any personal or health information processed by AI tools is handled under the same privacy, confidentiality and security controls that apply to all health information. AI tools we use are configured so that your identifiable health information is not used to train public models or for unrelated purposes
  • Transparency and choice: If you have questions about how AI is used in your care or prefer, we don’t use AI to assist with your consultation notes, please tell your clinician. We will accommodate reasonable preferences where practicable.
7. Disclosure of information

We may disclose personal information, following your consent, to:

  • Other treating clinicians, allied health or diagnostic providers.
  • Employers, insurers or their agents under relevant schemes (with consent or as required by law).
  • Trusted third-party service providers that support our technology, communication and business operations under strict confidentiality obligations.
  • Regulatory bodies or complaint entities where required or authorised by law.

If information is processed outside Australia, we take reasonable steps to ensure equivalent privacy protection in line with APP 8.

8. Data retention and destruction

We keep your personal information only for as long as it is necessary to fulfil the purposes for which it was collected or for as long as required by law. Once your information is no longer required, it is either securely destroyed or de-identified in accordance with applicable laws and regulations.

9. Data breach response

If a data breach occurs that is likely to cause serious harm, we will:

  1. Identify and contain the incident.
  2. Assess the nature and scope of the breach.
  3. Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, consistent with the Notifiable Data Breaches (NDB) scheme.
  4. Review systems and take corrective action.
10. Your rights

Under the Australian Privacy Principles, you may have rights such as:

  • Access: You can request access to the personal information we hold about you.
  • Correction: You can ask us to update or correct your personal information if it is inaccurate.
  • Withdrawal of Consent: Where you have provided consent to certain data processing, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
  • Complaints: If you believe we have breached your privacy rights, you may lodge a complaint using the contact information below.

We will respond to requests or complaints in accordance with the Australian Privacy Principles and will endeavour to resolve any issues promptly.

11. Cookies and analytics

We use essential cookies for system security and basic analytics to improve our services. You can adjust your browser settings to manage cookies; some features may not work without them.

12. Third Party Websites

Our Site may contain links to external websites or services that are operated by third parties. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party site or service. We recommend reviewing the privacy policies of any third-party site you visit.

13. Direct marketing

We may send service updates or communications to organisational clients. You may opt out at any time. We do not use patient health information for direct marketing.

14. Children and young people

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have inadvertently collected personal information from your child, please contact us immediately so we can take the necessary steps to delete such information. For patients aged 16–17, additional consent may be required to access our services.

15. Changes and version control

We review this policy at least annually or sooner if regulations or practices change and reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we update the policy, we will revise the “Last Updated” date. Your continued use of our services following any changes indicates your acceptance of the revised policy.

16. Contact and complaints

Email: info@nimshealth.com.au
Phone: 1300 853 517
Postal: PO Box 951, Surfers Paradise QLD 4217

If you are not satisfied with our response to an enquiry or request, you can contact the Office of the Australian Information Commissioner (OAIC) on 1300 363 992 or www.oaic.gov.au.