Privacy Policy

At Rhythm of Life, we are committed to protecting your privacy and maintaining the confidentiality of your personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and our professional obligations as healthcare providers.

The information we collect helps us meet our legal and professional requirements and enables us to provide you with the highest quality healthcare and therapeutic support services.

Collection & use of information

We collect personal and health information that is relevant to your assessment, treatment, ongoing care, administration, billing, and communication. This information may include contact details, health history, treatment records, reports, referrals, NDIS-related information, and correspondence from other healthcare providers involved in your care.

Your information is used solely for the purpose of providing healthcare services, managing your treatment, communicating with you, and meeting legal, professional, and funding requirements.

Storage & Security

We take reasonable steps to ensure your information is stored securely and protected from unauthorised access, misuse, loss, disclosure, or alteration.

Electronic forms completed through Cognito Forms are protected using TLS 1.2/SSL encryption and are accessed via secure HTTPS connections.

Cognito Forms is hosted on the Microsoft Azure cloud platform, which maintains high standards of security and compliance, including PCI DSS Level 1 and HIPAA-compliant infrastructure.

Clinical records & practice management software

Rhythm of Life uses Nookal, a secure cloud-based practice management system, to store and manage patient records, appointments, clinical notes, reports, and related healthcare information.

Nookal uses industry-standard AES-256 encryption for data transmission and storage and stores Australian client data within secure Sydney-based data centres. Access to patient information is protected through individual user logins, password security, optional two-factor authentication, user-specific permissions, restricted database access, and activity logging.

Nookal maintains comprehensive data security protocols, including data breach response procedures, regular security testing, penetration testing, and independent compliance verification, including SOC 2 Type 2 and HIPAA standards.

We take reasonable steps to ensure that all electronic patient information remains secure and is only accessible to authorised personnel involved in your care and the operation of our clinic.

Disclosure of & access to information

Your personal information will not be disclosed to third parties without your consent, except where permitted or required by law.

Examples of circumstances where information may be disclosed include:

To your General Practitioner or other healthcare providers involved in your care, where required for treatment coordination or Medicare Allied Health reporting requirements.
To prepare reports for NDIS participants, support coordinators, plan managers, nominees, or the NDIA where consent has been provided.
Where disclosure is required by law, subpoena, court order, or regulatory authority.
To prevent or lessen a serious threat to the life, health, safety, or wellbeing of an individual or the public.

You may request access to your personal information or health records held by the clinic. Requests should be made in writing and will be managed in accordance with applicable privacy legislation. We may charge a reasonable administrative fee for providing copies of records where permitted.

If you believe any information, we hold about you is inaccurate, incomplete, or out of date, please notify us so we can update our records.

Privacy concerns & complaints

If you believe that your privacy or confidentiality has not been handled appropriately, you may lodge a complaint with the clinic by contacting us in writing or by email. Please provide details of your concerns so that we can investigate the matter thoroughly.

We will acknowledge receipt of your complaint and endeavour to investigate and respond within a reasonable timeframe.

By engaging with our services, you acknowledge that you have been provided with access to this Privacy Policy and understand how your information may be collected, used, stored, and disclosed for the purposes of providing healthcare and therapeutic support services.