Practice Privacy Policy

1. Introduction and purpose

We are committed to protecting the privacy of patient information we collect and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, cyber security legislation and relevant state and territory privacy legislation (referred to as privacy legislation). This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint if you are concerned there has been a breach of privacy legislation. From time to time, we may make changes to our policy, processes and systems relating to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice. This Privacy Policy also addresses the responsible use of Artificial Intelligence (AI) technologies within our practice.

2. When and why is consent required

When you first attend Dr Michael Schenberg’s practice, we will ask you to provide information (for example, contact details) and also ask you to confirm you consent to the collection of your information. This means that you are providing consent for the practitioners and staff to gather, access and use your personal health information to facilitate the delivery of healthcare to you. Your personal information will only be accessed by practitioners and staff who need to do so for the purpose providing healthcare to you. We will seek your express consent before using your information for any purpose not directly related to your healthcare.

3. Collection of personal and health information

  1. We collect personal and sensitive health information that is necessary for the provision of healthcare. This may include, but is not limited to:

    • Personal identifiers such as name, date of birth, address, and contact details
    • Medical history, clinical notes, diagnostic test results, and treatment plans
    • Medicare and private health insurance details
    • Information generated or processed through AI-enabled tools used in clinical or administrative contexts.


We primarily collect information directly from patients. In certain circumstances, and with appropriate authority, we may also obtain information from third parties such as other treating practitioners, hospitals, or diagnostic service providers and the My Health Record. In limited situations, we may also collect information from other people, such as your relatives or friends.


CCTV footage: Collected from our premises for security and safety purposes.

Clinical images: From time to time, we may also take photographs or images with your consent obtained at the time, including on a personal device.

4. Use and disclosure of personal information

We may use or disclose your personal and health information for the following purposes:

  • to provide medical treatment and care, including to communicate with other healthcare providers involved in your care

  • for administrative functions including billing and compliance with legal obligations

  • compliance with our legal obligations.

We will communicate with or about you using the following methods – SMS/text messaging, email, secure messaging, encrypted messages. This may include your personal and health information.

We do not disclose personal information to overseas recipients unless it is necessary for the provision of care and appropriate safeguards are in place, in accordance with Australian Privacy Principle 8.

5. Use for research/education, quality improvement and marketing

We are committed to continuously improving the quality of our services and supporting clinical education.

We may use your information in the following ways:

Quality Improvement and Staff Education
We may use patient information for internal audits, staff training, clinical review, and accreditation activities, de-identified where practicable. These processes help ensure we maintain high standards of care and safety.

Research
From time to time, we may participate in health research projects. If identifiable information is required, we will seek your express consent before sharing your data. You may be contacted by a member of our team to discuss a research opportunity, but you will never be contacted directly by researchers unless you have provided consent. We will only provide identifiable information for research if the project has appropriate ethics approval and meets legal and privacy requirements.

De-identified Data Sharing
We may contribute de-identified health data to health improvement initiatives or registries. This data cannot identify you and is stored securely. If you do not want your data included in these de-identified datasets, please inform our reception staff.

6. Use of Artificial Intelligence (AI)

We may use AI technologies to enhance clinical decision-making, streamline administrative processes, and improve patient engagement. Examples of AI applications include:
  • Automated transcription of clinical consultations
  • AI-assisted triage and appointment scheduling tools
  • AI use of chatbots. Governance of AI Use:
  • We use AI tools in a manner consistent with the APPs and relevant ethical standards.
  • Personal information is not used to train AI models unless express consent has been obtained.
  • All outputs generated by AI systems are subject to human review and clinical oversight.
  • No automated decision-making tool is used in this practice.

7. Anonymity and pseudonymity

Due to the nature and requirements of providing healthcare it is not possible for this practice to provide healthcare to individuals anonymously or under a pseudonym.

8. Data security and retention

We will take reasonable steps to ensure your personal information is accurate, complete, up to date and relevant. We implement robust technical and administrative measures to protect personal information from misuse, interference, loss and unauthorised access, modification, or disclosure. These measures include:

  • Secure electronic medical record systems with role-based access controls
  • Regular staff training on privacy and data protection
  • Having a robust cybersecurity framework
  • Regular audits and updates to our software and cybersecurity framework.


Information is retained in accordance with applicable legal and professional obligations. Information no longer required for the purposes it was collected and the minimum period for retention has passed, will be destroyed in a safe and responsible manner as required under privacy legislation.

9. Access to and correction of information

You have the right to access your personal information. To request access or corrections, please contact our Privacy Officer in writing. We will respond within 30 days. A small fee may apply to cover administrative costs (but you will not be charged for making the request). We will respond to such requests in accordance with applicable privacy principles and legislation.

10. Privacy enquiries and complaint

If you have any questions or concerns about how your personal information is handled or want to request access to or correction of your information, please contact: Name: Dr Michael Schenberg. Role: Practice principal. Postal address: Suite 3/ 118-120 David St, Dandenong 3175. Phone: 03 9706 7990 Email: admin@schenberg.com.au. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): Website: www.oaic.gov.au Phone: 1300 363 992

11. Policy review statement

This document was updated on 10 December 2025. We review this privacy policy when there are changes to operations, legislation, or relevant technology. Significant changes may be communicated to patients via email, in the practice, or on our website.

Contact Us

Clinic Location

Hospital Locations

© 2025

Dr Michael Schenberg  |  Privacy Policy  |  Sitemap