SEVEN MILE PSYCHOLOGY
Lianne Duffy | Registered Psychologist
ABN: 51 750 737 911 | Mobile: 0409 353 970
AHPRA Registration No: PSY0002601295 | Medicare Provider No: 3144101L
hello@sevenmilepsychology.com.au
PRIVACY POLICY
This Privacy Policy describes how Seven Mile Psychology (‘we’, ‘us’, ‘our’) collects, holds, uses and discloses your personal information, including sensitive health information, in the course of providing psychological services. We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and applicable professional obligations under the Psychology Board of Australia (PBA) Code of Ethics and AHPRA guidelines.
Seven Mile Psychology operates as a telehealth-only practice providing psychology services to adult clients in NSW. This policy applies to all clients receiving services through our practice.
1. About This Practice
Seven Mile Psychology is a sole-trader psychology practice operated by Lianne Duffy, a registered psychologist regulated by the Australian Health Practitioner Regulation Agency (AHPRA) and the Psychology Board of Australia (PBA). Services are delivered exclusively by telehealth to adult clients located in New South Wales.
As a regulated health practitioner, Ms Duffy is bound by the PBA Code of Ethics (2021), AHPRA guidelines on privacy, and the APS Code of Ethics. These obligations are reflected in this policy.
2. Personal Information We Collect
2.1 General Personal Information
We collect personal information necessary to provide psychological services. This includes:
• Full name, date of birth, address and contact details
• Emergency contact and next-of-kin details
• Referral information (including GP referral and Medicare referral details)
• Billing and payment information
• Occupation, employment status and relevant background information
2.2 Sensitive Health Information (APP 3 & APP 6)
Under APP 3, sensitive information — including health information — may only be collected with your consent, or where required or authorised by law. Health information attracts the highest level of protection under the Privacy Act.
Because we provide health services, we collect and hold sensitive health information, including:
• Physical and mental health history, diagnoses and treatment records
• Session notes, progress notes and clinical observations
• Psychological assessment results, test scores and reports
• Medication information
• Information about risk factors, trauma history and presenting concerns
• Information received from third parties such as your GP, specialist, lawyer, employer, SIRA, or insurance company
• Medicare, DVA or other health fund details (where applicable)
This sensitive information is collected only with your consent, or where otherwise permitted by law (for example, where necessary to manage serious risk to health or safety).
2.3 SIRA and Workers Compensation Clients
If you are a SIRA-funded client (State Insurance Regulatory Authority), we may collect additional information specific to your workers compensation or injury matter, including claim reference numbers, injury details, capacity assessments and reports prepared for SIRA or your insurer. This information is governed by the applicable workers compensation legislation in addition to this policy.
3. How We Collect Your Information
We collect your personal information:
• Directly from you during sessions, intake forms, written correspondence, email, SMS or telehealth communications
• From your referring GP or other health practitioners, through referral letters, medical reports or correspondence
• From third parties such as lawyers, employers, insurers or SIRA, through correspondence or reports
• Through our practice management software (Halaxy) when you book or complete online forms
Where we collect personal information from a source other than you, we will take reasonable steps to notify you of that collection, unless doing so would be impracticable or would defeat the purpose of collection.
4. Why We Collect and Hold Your Information (APP 5)
We collect, hold and use your personal information for the primary purpose of providing psychological services to you. Related purposes include:
• Assessing your suitability for, and providing, evidence-based psychological treatment
• Communicating with referring practitioners and other treating health providers involved in your care
• Preparing clinical reports for third parties (such as your GP, SIRA or a court) with your consent or as required by law
• Processing Medicare, SIRA or insurance billing and claiming
• Complying with professional, legal and ethical obligations under AHPRA, PBA and the Privacy Act
• Clinical supervision and professional development (using de-identified information only)
• Responding to complaints and managing practice records
We will not collect more information than is reasonably necessary for these purposes.
Consequence of Not Providing Information
Psychologists are required by law and professional standards to maintain accurate client records. If you choose not to provide personal information that is necessary for treatment, we may not be able to deliver safe or effective psychological services to you. Please raise any concerns about information collection with your psychologist.
5. Storage and Security of Your Information (APP 11)
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Safeguards include:
• Encrypted electronic records stored on password-protected devices
• Secure practice management software (Halaxy) with industry-standard encryption — refer to halaxy.com/article/security for details
• Restricted access to client records (accessed only by your psychologist)
• Secure telehealth platforms for session delivery
• Secure email and messaging practices
Your records are retained for a minimum of 7 years from your last contact with the practice (or, if you were a minor at the time of treatment, until you turn 25), in accordance with applicable professional standards and NSW Health Records legislation. After that period, records are securely destroyed.
6. Use and Disclosure of Your Information (APP 6)
6.1 Disclosure With Your Consent
In most cases, your information will only be disclosed to third parties with your prior written consent. Common examples where we seek your consent include:
• Sending a report or letter to your GP, specialist or treating team
• Sharing information with a family member, carer or support person
• Providing reports to a lawyer, court, employer or insurer
• Disclosing information to any other party not covered by this policy
6.2 Disclosure Without Your Consent — Permitted Exceptions
Consistent with APP 6 and our professional obligations, there are limited circumstances where your psychologist may be required or permitted to disclose your information without your consent:
• Mandatory reporting: Where we are required by law to report a concern about child safety, elder abuse or another matter that triggers mandatory reporting obligations
• Duty of care / serious risk: Where your psychologist reasonably believes that disclosure is necessary to prevent or lessen a serious and imminent threat to your life, health or safety, or that of another person
• Legal requirement: Where a court issues a subpoena or we are otherwise required by law to produce records
• Coronial proceedings: Where required to provide information to a coroner
• AHPRA / PBA: Where disclosure is required to comply with our regulatory obligations as a registered health practitioner
Your psychologist will, wherever practicable, advise you before making a disclosure without your consent, unless doing so would increase risk or is prohibited by law.
6.3 Clinical Supervision
As a registered psychologist, your psychologist is required to participate in professional supervision. If your case is discussed in supervision, all reasonable steps are taken to de-identify information so that you cannot be identified. Supervisors are also bound by confidentiality and professional ethical obligations.
6.4 Third-Party Practice Management Software
We use Halaxy, a secure Australian-based practice management platform, to store client records, manage appointments and process billing. Halaxy’s privacy practices are governed by their own privacy policy. We have satisfied ourselves that Halaxy meets appropriate data security standards for health information.
7. Telehealth Services
All services are delivered via telehealth. By engaging in telehealth sessions, you acknowledge:
• Sessions are conducted using a secure telehealth platform and are not recorded by Seven Mile Psychology without your explicit written consent
• You are responsible for ensuring you are in a private location during sessions to protect your own confidentiality
• There are inherent limitations to privacy in digital communications; we take reasonable steps to minimise risk but cannot guarantee absolute security of all electronic transmissions
• Your psychologist will take reasonable steps to verify your identity and ensure your safety at the commencement of each telehealth session
8. Cross-Border Disclosure of Information (APP 8)
We do not generally disclose personal information to overseas recipients. In the unlikely event that personal information needs to be disclosed to an overseas recipient (for example, through the use of overseas-based software infrastructure), we will take reasonable steps to ensure the recipient handles the information in accordance with the APPs, or we will seek your consent.
9. Notifiable Data Breaches (APP 11 & NDB Scheme)
Seven Mile Psychology is subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act. In the event of an eligible data breach that is likely to result in serious harm to you, we will:
• Contain the breach and take immediate steps to minimise harm
• Assess whether the breach is likely to result in serious harm
• Notify the Office of the Australian Information Commissioner (OAIC) as required
• Notify you directly if your information is involved and serious harm is likely
We maintain a data breach response plan to ensure prompt and appropriate action in the event of any breach.
10. Your Rights: Access and Correction (APP 12 & APP 13)
10.1 Right of Access
You have the right to request access to your personal information held by us. To make a request:
• Speak with your psychologist during a session, or
• Submit a written request to hello@sevenmilepsychology.com.au
We will respond to all written access requests within 30 days (as required by the Privacy Act). In most cases access will be provided free of charge. We may charge a reasonable fee to cover costs associated with locating, retrieving and preparing information for access.
In limited circumstances, access may be refused where permitted by the Privacy Act — for example, where providing access would pose a serious threat to the health or safety of any person, or where the information relates to legal proceedings. If we refuse access, we will provide written reasons and advise you of your options to seek review.
10.2 Correction of Information
If you believe your personal information is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us. We will take reasonable steps to correct the information. If we decline to correct information, we will explain why in writing and advise you of your options.
11. Privacy Complaints and How to Make Them (APP 1)
If you have a concern or complaint about how we have handled your personal information, please contact us in the first instance:
• By email: hello@sevenmilepsychology.com.au
• By phone: 0409 353 970
We will acknowledge your complaint promptly and endeavour to resolve it within 30 days. We take all privacy complaints seriously.
If you are not satisfied with our response, you may lodge a formal complaint with:
Office of the Australian Information Commissioner (OAIC)
• Phone: 1300 363 992
• Online: oaic.gov.au/privacy/privacy-complaints
• Post: GPO Box 5288, Sydney NSW 2001
AHPRA / Psychology Board of Australia
If your concern relates to the professional conduct of your psychologist in relation to privacy or confidentiality, you may also raise this with AHPRA:
• Phone: 1300 419 495
• Online: ahpra.gov.au/Notifications
Health Care Complaints Commission (NSW)
For complaints about health services provided in NSW:
• Phone: 1800 043 159
• Online: hccc.nsw.gov.au
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, professional standards or practice. The current version of this policy will be available on request. Material changes will be communicated to current clients.
Applicable Legislative and Regulatory Framework
This Privacy Policy has been prepared with reference to the following:
• Privacy Act 1988 (Cth), including the Australian Privacy Principles (Schedule 1) and the Notifiable Data Breaches scheme (Part IIIC)
• Health Records and Information Privacy Act 2002 (NSW) and Health Privacy Principles
• Psychology Board of Australia — Code of Ethics (2021)
• AHPRA — Guidelines on Privacy in a Regulatory Context
• Australian Psychological Society (APS) Code of Ethics
• State Insurance Regulatory Authority (SIRA) Workers Compensation legislation (where applicable)
• Telehealth Guidelines for Registered Health Practitioners (AHPRA, 2023)
Seven Mile Psychology | Lianne Duffy, Registered Psychologist
AHPRA: PSY0002601295 | ABN: 51 750 737 911
Version 1.0 | Effective Date: 1 May 2026