1. Introduction

Posity is deeply committed to protecting the privacy and confidentiality of all personal information we collect. We strictly comply with the Privacy Act 1988, including the Australian Privacy Principles (APPs), and the NDIS Code of Conduct. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your information, with a particular focus on our use of Artificial Intelligence (AI) to support our documentation processes.

2. Collection of Personal and Health Information

We collect only the personal information that is absolutely necessary to provide safe, effective, and tailored healthcare services. This may include:

  • Identifiers: Such as your name, contact details (phone, email, address), and date of birth.
  • Clinical and Medical Details: Including your medical history, current health status, assessment results, treatment plans, and details directly relevant to your therapy or healthcare services.
  • Support Information: Details related to your NDIS plan (if applicable) or other funding arrangements.
  • Communication Records: Notes from conversations with you, your carers, or other health professionals involved in your care.
  • Transcriptions: Records of clinical sessions and non-clinical meetings (e.g., staff meetings, professional development).

How we collect information:

  • Through intake and consent forms.
  • During clinical notes and assessments.
  • From direct communication with you, your carers, or other health professionals involved in your care.
  • Via transcriptions of clinical and non-clinical sessions.

We are committed to data minimisation, meaning we do not collect information beyond what is necessary to effectively provide your healthcare services.

3. Use of Artificial Intelligence (AI) in Documentation

To enhance the accuracy, clarity, and efficiency of our clinical documentation processes, Posity utilises AI within our secure environment. 

How we use AI:

  • Transcription: To accurately transcribe clinical notes from sessions and non-clinical meetings (e.g., staff meetings, professional development sessions).
  • Language Editing: To improve the clarity, flow, and grammatical correctness of documentation.

Important points about our AI use:

  • AI is used only as a tool for transcription and language editing.
  • AI is NOT used to generate clinical content or make decisions about your care. All clinical insights and decisions are made solely by our qualified clinicians.
  • Every piece of AI-assisted documentation is meticulously reviewed and finalised by a qualified clinician before being securely stored in our practice management system.

4. Privacy and Security Measures for AI-Assisted Documentation

We employ robust safeguards to protect your information when using AI.

  • Data Minimisation: Clinicians are trained to dictate and record only information that is clinically relevant and necessary.
  • De-identification where possible: Staff may use placeholders (e.g., “[Client]”, “[Condition]”) during the AI-assisted editing process to reduce the exposure of direct identifiers where appropriate, especially in internal non-clinical transcriptions.
  • Mandatory Two-Factor Authentication (2FA): Required for all accounts, adding an extra layer of security.
  • Auditing: We conduct bi-annual audits of access logs and documentation quality to ensure compliance and identify any potential issues.
  • Immediate Removal of Access: Staff access to all systems are revoked immediately upon cessation of employment.

5. Compliance with the Australian Privacy Principles (APPs)

Posity fully complies with all 13 Australian Privacy Principles (APPs) in our handling of your personal and health information:

  • APP 1 – Open and Transparent Management of Personal Information: This Privacy Policy clearly explains how we manage your information.
  • APP 2 – Anonymity and Pseudonymity: As noted, this is generally not practicable for providing healthcare services. Information is de-identified prior to AI support.
  • APP 3 – Collection of Solicited Personal Information: We collect only necessary information directly from you or with your consent.
  • APP 4 – Dealing with Unsolicited Personal Information: We have processes for handling unsolicited information appropriately.
  • APP 5 – Notification of the Collection of Personal Information: We inform you at the point of collection about why we collect your information and how it will be used.
  • APP 6 – Use or Disclosure of Personal Information: We use and disclose information only for the primary purpose for which it was collected or for directly related purposes that you would reasonably expect.
  • APP 7 – Direct Marketing: We do not use your personal information for direct marketing.
  • APP 8 – Cross-border Disclosure of Personal Information: While our systems may have international components, we configure them to store data in Australia where possible, and ensure robust safeguards are in place. 
  • APP 9 – Adoption, Use or Disclosure of Government Related Identifiers: We only use government identifiers where required or authorised by law.
  • APP 10 – Quality of Personal Information: Clinicians review and correct all AI-assisted notes before they are finalised to ensure accuracy, completeness, and being up-to-date.
  • APP 11 – Security of Personal Information: We implement comprehensive security measures to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure.
  • APP 12 – Access to Personal Information: You have the right to request access to your personal information.
  • APP 13 – Correction of Personal Information: You can ask for corrections to your personal information if it is inaccurate, incomplete, or outdated.

6. Consent

Your informed consent is paramount.

  • Informing Clients: Clients are informed about our use of AI-supported documentation processes during the intake process and through this comprehensive Privacy Policy.
  • Obtaining Consent: Consent for our data handling practices, including AI use, is obtained at your first appointment and reviewed at least annually, or sooner if there are any significant changes to our data handling practices.
  • Opt-Out Option: Clients have the right to raise concerns or request not to have their documentation supported by AI for transcription and editing. If you choose to opt-out, your clinician will revert to manual documentation methods, ensuring no AI is used for your records. Documentation of your consent (or refusal) is securely kept in your client record.

7. Disclosure of Personal Information

We are committed to keeping your personal information confidential. We do not disclose your personal information to third parties unless:

  • You have provided your express consent.
  • Disclosure is required or authorised by Australian law (e.g., subpoenas, mandatory reporting).
  • It is reasonably necessary to prevent a serious threat to your life, health, or safety, or to public health or safety.

We do not use your personal information for direct marketing purposes, and we ensure information is not shared with external AI providers beyond the specific tools described in this policy.

8. Data Storage and Retention

  • Clinical Documentation: All finalised clinical documentation is securely stored within our practice management system, which employs high-level security protocols.
  • Retention: We retain your personal and health information for as long as necessary to provide your care, meet our legal obligations (e.g., minimum retention periods under health records legislation), and resolve disputes. Once no longer required, data is securely destroyed or de-identified.

9. Access and Correction of Personal Information

You have the right to request access to the personal information we hold about you or to ask us to correct it if you believe it is inaccurate, incomplete, or outdated.

We will respond to all such requests promptly and in accordance with the Privacy Act 1988. We may require you to verify your identity before providing access or making corrections.

10. Questions or Complaints

Your privacy is important to us. If you have any questions, concerns, or complaints about how we manage your personal information or our privacy practices, please do not hesitate to contact us:

Email: info@posity.com.au

We take all complaints seriously and will investigate them promptly and thoroughly. If you are not satisfied with our response or how we have handled your privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) for further assistance:

Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992

11. Review of Policy

This Privacy Policy will be reviewed on a regular basis to ensure APP adherence, or when:

  • Changes to relevant Australian legislation (e.g., Privacy Act, NDIS Act).
  • New regulatory guidance from bodies such as the OAIC or AHPRA.
  • Significant changes to our AI data handling practices or the technologies we use.