Privacy Policy

To view our Easy Read Privacy Policy

Current as of March 2024

The Arliam Allied Health privacy policy is to provide information to you, our customer, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.


Arliam Allied Health is the allied health practice of MOIRA Limited (ACN 606 710 883 / ABN 22 729 829 472). We respect the privacy of all our customers and their guardians / responsible people and abide by applicable Commonwealth and Victorian privacy legislation regarding how we collect, use, manage and store all personal information.

Arliam Allied Health is obliged to follow the Australian Privacy Principles (APPs) within the Privacy Act 1988 (Cth) (the Privacy Act). As a collector of health information in Victoria, Arliam Allied Health is also required to follow the Health Privacy Principles (HPPs) in the Health Records Act 2001 (Vic) and as a Victorian Government contracted service provider, Arliam Allied Health must ensure all team members follow the Information Privacy Principles (IPPs) contained in the Privacy and Data Protection Act 2014 (Vic).

When you consent to a third party referring you to our practice, and when you register as a customer of our practice and sign our Service Agreement, you provide consent for your referrer to provide us with your personal information, and for our health practitioners and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Except in certain limited circumstances explained below, only staff who need to see your personal information will have access to it. If we need to use your information for anything else other than as described in this policy, we will seek additional consent from you to do this.


You have the right to know:

  • why we collect your personal information;
  • what information we collect;
  • how we use it; and
  • with whom we share it.

You also have the right to check the information we hold about you and correct it if necessary.


When used in this privacy policy, the term ‘personal information’ has the meaning given to it in the Privacy Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information collected personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information. ‘Sensitive information’ is a subset of personal information that is afforded additional protection under the Privacy Act, and includes information regarding your health, sexual orientation, ethnic origin and religion.


We only collect such personal information as is necessary for us to provide you with our services.

The information we may collect about you includes:

  • name, date of birth, addresses, contact details;
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;
  • Medicare number (where available) for identification and claiming purposes;
  • Healthcare identifiers;
  • NDIS details, including participant number, plan details, plan manager, support coordinator;
  • your employer and photos / videos of you and your workspace;
  • health fund details; and
  • cultural identity, gender identity and preferred language.


Our practice may collect your personal information in several different ways:

  • From your referral form when a third party refers you to our practice;
  • When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
  • During the course of providing health services, we may collect further personal information.
  • We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
  • In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
    • your guardian or responsible person;
    • other involved healthcare providers or referrers, such as specialists, GPs, hospitals, community health services and pathology and diagnostic imaging services;
    • your employer;
    • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary); and
    • eHealth services that our practice may utilise from time to time, and only with your consent, such as electronic transfer or prescriptions (eTP) or My Health Record.

If you do not want your personal information to be collected, we will use reasonable endeavours to accommodate your request. Where possible, we may be able to respond to general inquiries from people who would like to remain anonymous or use a pseudonym. However, if you want us to provide services to you, we will need to collect identifying information in order to comply with our professional and regulatory obligations.


Our practice will need to collect your personal information to provide allied health services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health.

We also collect, use and disclose personal information for related business activities, including for the following purposes:

  • undertaking MOIRA intake processes to evaluate your needs, assess your suitability for MOIRA services and to refer you to another service provider if appropriate;
  • providing, monitoring and tailoring our services to suit your needs;
  • planning, researching and analysing our services to make improvements or to respond to an inquiry or request;
  • working with service providers engaging or working alongside us to deliver services to you;
  • compiling and maintaining mailing lists and communicating with persons on those lists;
  • fulfilling obligations to government authorities;
  • other situations where a reasonable person would expect us to collect, use and disclose the information; and
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator.


Arliam Allied Health will only disclose your personal information for the primary purpose for which it was collected, unless:

  • you have consented to another specific disclosure;
  • it may be reasonably expected that your information would be disclosed for a related purpose; or
  • we are otherwise required or authorised by law.

In particular, your information may be shared in the following circumstances:

  • Your information may be shared with members of MOIRA’s board and staff, to the extent necessary to manage, monitor, audit, quality assure, and evaluate Arliam Allied Health’s delivery of services.
  • Your information may be shared with third parties such as service providers. Third parties are not permitted to use your personal information for any purpose other than to assist them in providing their services unless you (or your responsible person) agree.
  • Your information may be shared with the Department of Family Fairness and Housing (DFFH), the National Disability Insurance Agency (NDIA), National Disability Insurance Scheme Quality and Safeguards Commission (NDIS Commission), and other funders as required, for audit, evaluation or funding acquittal purposes.
  • Your information may be shared with government authorities regulating Arliam Allied Health and its allied health practitioners.
  • Your information may be shared with organisations paying for the services, such as Medicare, NDIA or your employer.
  • Your information may be shared when required or authorised under an Australian law, or a court/tribunal order (for example, some diseases require mandatory notification).
  • Your information may be shared in order to:
    • lessen or prevent a serious threat to your life, health or safety or public health or safety, where it is impractical to obtain your consent;
    • in order for us to take appropriate action in relation to suspected unlawful activity or serious misconduct;
    • to locate a person reported as missing;
    • to assert a legal or equitable claim; or
    • to conduct an alternative dispute resolution process.

Other than in the course of providing health services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

If you have any questions about this, please contact us.


From time to time, we will engage IT service providers to assist us to collect, store and manage your personal information. For example, Arliam Allied Health will upload personal information of customers, including sensitive information, to a cloud-based practice management system called PracSuite provided by Smartsoft Pty Ltd.

Personal Information uploaded to PracSuite may be disclosed to, stored to and used by other IT service providers in certain circumstances, including because of use, functionality and system integrations provided by PracSuite. Some of those third parties may be located outside Australia, as set out below:

Third Parties Arliam Allied Health

These details may be updated from time to time. Information about how PracSuite handles your personal information can be found in PracSuite’s Privacy Policy at Information about how the other third parties listed above handle your personal information can be found in their respective privacy policies on their websites.

By engaging Arliam Allied Health to provide services to you, you consent to us disclosing your personal information to PracSuite and to the other recipients above, including those located overseas. If you provide this consent then we will not be required to take reasonable steps to ensure that the overseas recipients comply with the Australian Privacy Principles (APPs) under the Privacy Act. This means that if the overseas recipients handle your personal information in breach of the APPs then we will not be accountable under the Privacy Act and you will not be able to seek redress under the Privacy Act.


We use modern techniques and processes which meet current industry standards to ensure that your information is kept secure and confidential.

The only people who have access to and can handle your personal information are:

  • Arliam Allied Health team members;
  • authorised contractors and service providers; and
  • members of MOIRA’s board and staff, to the extent necessary to manage, monitor, audit, quality assure, and evaluate MOIRA’s service delivery.

Each person’s access is restricted according to their role. Hard copy documents are stored in secure facilities.

Please be aware that there are risks in transmitting information online. Whilst we strive to protect such information, we cannot ensure or guarantee the security of any information transmitted to us online and you do so at your own risk.

We will not share your personal information with anyone outside Australia without your consent, except as set out in this Policy or as otherwise required or permitted by law.


From time to time, we may contact you with information about products and services that are provided by Arliam Allied Health, or MOIRA that we think may be of interest to you, via mail, telephone, email or SMS. We will not use or disclose your sensitive information for marketing purposes unless you consent.

You can ask to be removed from our marketing lists and stop receiving marketing communications at any time by contacting us. We will comply and confirm your request within a reasonable time frame.

For more information, please contact the Arliam Allied Health / MOIRA Privacy Officer using the details set out at the bottom of this policy.


We will only hold your information for as long as we need to. In order to comply with health records legislation, we need to retain the health records of adults for at least seven years from the last entry, and the health records of children until they are at least 25 years of age. If you wish to have your information deleted, you may make a request in writing and we will do so if appropriate and if possible.


Yes. We will use best endeavours to ensure the information we hold about you is complete, up to date and accurate. You may request access to it by contacting the MOIRA / MOIRA Privacy Officer, preferably in writing, and if it is incorrect, we will either correct it or if this is not possible, explain our reasons, in writing.


In the unlikely event of a data breach, we will immediately take steps to contain the breach to prevent any further compromise of any personal information. The breach will be investigated and managed to reduce or mitigate any further risk.

If the breach is deemed to be serious (an eligible data breach), Arliam Allied Health will notify the individuals affected by the breach as well as the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme. We will also review the incident and take any additional action necessary to prevent future breaches.


If you have any questions about how we handle personal information or wish to lodge a complaint, please contact our Privacy Officer who will investigate and respond as soon as practicable.

MOIRA / MOIRA Privacy Officer, Level 3/42 Lakeview Drive, Scoresby Vic 3179, Victoria.

Telephone: (03) 8552 2222


If you are not satisfied with the response, you may contact the OAIC by phone (1300 363 992), post (GPO Box 5218, Sydney NSW 1042) or email ( We recommend that you raise any concerns with us first to allow us to resolve them directly.


We may update this Privacy Policy at any time. Any changes will be published on our website at