Notice of Privacy Practices

Primary tabs

  1. This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
  2. Please review it carefully.
  3. How is Patient Privacy Protected?
    As the providers of online medical services through Medical Certificate Online (the “Healthcare Providers”, “us”, “we”, “our”, "Online Services", "Services"), understand that information about you and your health is personal. Because of this, we strive to maintain the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical and technical means, and otherwise abide by applicable federal and state guidelines.

    We endorse fair information handling practices and uses of information in compliance with our obligations under the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic). Personal information will be used only for the purpose/s intended and where the intention includes confidentiality, information will be treated as such unless otherwise required by law.

  4. How do we use and disclose health information?
    We use and disclose your health information for the normal business activities that the law sees as falling in the categories of health care operations. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:

    Treatment – We keep a record of the health information you provide us. This record may include your test results, diagnoses, medications, your response to medications or other therapies, and information we learn or provided to us about your medical condition through the online services. We may disclose this information so that other doctors, nurses, and entities such as laboratories can meet your healthcare needs. This also relates to contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

    Payment – We document the services and supplies you receive when we are providing care to you so that you or another third party can pay us. All patient credit card details are passed through to our payments processor, Stripe ( for storage and processing. No personal payment records are retained and stored by us.

    Health Care Operations – Health information is used to improve the services we provide, to train staff and students, for business management, quality improvement, and for customer service. For example, we may use your health information to review our treatment and services and to evaluate the performance of our staff in caring for you with the objective of improving services as well as potentially offering new services.

    We may also use your health information to:

    • Comply with federal, state or local laws that require disclosure
    • Assist in public health activities such as tracking diseases or medical devices
    • Inform authorities to protect victims of abuse or neglect
    • Comply with Federal and state health oversight activities such as fraud investigations
    • Respond to law enforcement officials or to judicial orders, subpoenas or other process
    • Inform coroners and medical examiners of information necessary for them to fulfill their duties
    • Facilitate organ and tissue donation or procurement
    • Conduct research following internal review protocols to ensure the balancing of privacy and research needs
    • Avert a serious threat to health or safety
    • Assist in specialised government functions such as national security, intelligence and protective services
    • Inform workers’ compensation carriers or your employer if you are injured at work
    • Recommend treatment alternatives
    • Tell you about health-related products and services

    All other uses and disclosures, not previously described, may only be done with your written authorisation.

  5. What are the Healthcare Provider’s Responsibilities?
    We are required by law to:
    • Maintain the privacy of your health information.
    • Provide this notice of our duties and privacy practices
    • Abide by the terms of the notice currently in effect
    • Tell you if there has been a breach that compromises your health information
    • Make your personal health information available to you upon written request
    • Hold your personal health information for a minimum of 7 years
    • Encrypt the data when held electronically to maxmise its security and protect it from misuse, loss or unauthorised access
    • Hold and store copies of your health information data on servers within Australia

    We reserve the right to change privacy practices, and make the new practices effective for all the information we maintain. Revised notices will be posted on the Medical Certificate Online website. Any changes will be in line with Federal and State legislative requirements.

  6. What Rights do you have?
    The law entitles you to:
    • Inspect and copy certain portions of your health information upon written request
    • You may request that we provide you with copies of any records held electronically and provide these to you in an electronic format
    • Request amendment of your health information if you feel the health information is incorrect or incomplete
    • Hold records of your health information for a minimum period of seven (7) years from the date of your last contact with our service
    • Request that we restrict how we use or disclose your health information
    • Request that we communicate with you at a specific telephone number or address
  7. Need more information?
    Write to