Home
Privacy

How we handle your health information

CQ Hand + Upper Limb is bound by the Privacy Act 1988 and the Australian Privacy Principles. This page is the practice's open-and-transparent statement (APP 1) and the collection notice we ask you to read before seeing Dr Hirpara (APP 5).

Last reviewed: May 2026 (cookieless analytics added)

Information we collect

To provide your specialist care we collect personal and health information directly from you, your referring GP, and providers you have authorised to share with us. This typically includes:

  • name, date of birth, address, phone, email, next of kin
  • Medicare, DVA, private health fund and pension card numbers
  • your GP's referral and the clinical history it contains
  • X-rays, ultrasound, CT and MRI imaging from Central Queensland Radiology, I-Med Radiology, Bolsover Radiology and other providers
  • previous operative records and discharge summaries relevant to your presenting complaint
  • clinical notes, examination findings and operative records generated by Dr Hirpara
  • billing and payment information needed to process Medicare, DVA, WorkCover and private fund claims

We collect only what is reasonably necessary for your care. If you choose not to provide essential information, we may be unable to consult, schedule surgery, or claim a Medicare rebate on your behalf.

Why we collect it

The practice uses your information to:

  • provide diagnosis, treatment and post-operative care
  • communicate with your referring GP, anaesthetist, hospital, hand therapist and other treating clinicians
  • arrange imaging, pathology and theatre bookings
  • raise invoices and lodge Medicare, DVA, WorkCover or private health fund claims on your behalf
  • meet legal, accreditation and clinical-audit obligations
  • respond to your enquiries through our website contact form

We do not use your health information for marketing, and we do not sell or rent personal information.

Who we share it with

With your consent — usually given when you sign your new patient registration — we share information only with people involved in your care or required by law:

  • your referring GP and any specialists co-managing your condition
  • the hospital where your surgery is performed (Mater Private Hospital Rockhampton)
  • your anaesthetist, surgical assistant, ward-nursing team, hand therapist and physiotherapist
  • imaging and pathology providers
  • Medicare and the Department of Veterans' Affairs for rebate claiming
  • your private health fund (insured procedures only)
  • WorkCover Queensland or your employer's insurer (compensation cases only)
  • regulators and authorities where disclosure is required by law (e.g. mandatory reporting, court orders, infectious-disease notification)

Storage and security

Clinical records are stored in an Australian-hosted practice management system with role-based access, encryption in transit and at rest, and automated daily backups. Paper documents are stored in locked cabinets and shredded when no longer needed.

Records are retained as required by law — in Queensland that is at least seven years after your last consultation, or until your 25th birthday if you were under 18 at the time. After that period records may be securely destroyed.

My Health Record

If you have an active My Health Record, the practice may upload event summaries, specialist letters and operative records to it for the benefit of your other treating clinicians. You can opt out at any time through the My Health Record portal at myhealthrecord.gov.au; please tell the practice if you would prefer that nothing is uploaded.

Access and corrections

Under APP 12 you have the right to access the personal information we hold about you, and under APP 13 to ask us to correct anything that is inaccurate, out of date, incomplete, irrelevant or misleading.

Requests should be made in writing to the practice manager at office@cqupperlimb.com.au or by post to the practice address. We will respond within 30 days. There may be a reasonable cost to retrieve and copy large records; we will let you know before any charge is incurred.

The website and contact form

Our website does not use advertising cookies and does not run third-party tracking scripts. We use Cloudflare Web Analytics — a privacy-respecting analytics service that records aggregate page views and traffic sources without setting cookies, without fingerprinting visitors, and without identifying individuals. Cloudflare also keeps short-term operational logs (IP address, browser, requested page) for security and abuse prevention.

Submissions to the contact form are sent to the practice's office inbox via Resend, an email-delivery service. We use Cloudflare Turnstile for bot protection on the form — this does not identify you and does not set advertising cookies. Information you send via the contact form is treated the same as any other communication with the practice.

Concerns or complaints

If you are concerned about how the practice has handled your information, please raise it with the practice manager first — we will do our best to resolve it directly. The contact details are above.

If you remain dissatisfied, you can contact the Office of the Australian Information Commissioner on 1300 363 992 or via oaic.gov.au/privacy/privacy-complaints.

Updates to this policy

This page is reviewed periodically and whenever practice operations change in a way that affects how information is handled. The "last reviewed" date at the top reflects the most recent change.

AffiliationsWhat do these mean? →