PRC understands the importance of patient privacy. We strive to ensure that your information is dealt with in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If PRC is a contracted provider of diagnostic imaging services to a WA government department or agency, we will comply with the relevant privacy provisions in the Privacy and Responsible Information Sharing Act 2024 (WA).


This privacy policy applies to all entities in the PRC business. The PRC business comprises the Perth Radiological Clinic partnership, as well as other entities that provide facilities and services for the partnership. The main service company is PerthRadClinic Limited ACN 099 943 594.

Key definitions 

This document adopts the following definitions from the Privacy Act 1988 (Cth): 

  • Personal information means information or an opinion, whether true or not, and whether recorded in material form or not, about an identified individual, or an individual who is reasonably identifiable, and includes artificially generated personal information   
  • Health information means personal information that is also information or an opinion about, an individual’s health (including illness or injury) or disability, or the health services provided or to be provided to an individual, and includes an individual’s expressed wishes about the future provision of health services. Health information also includes an individual’s genetic information that is, or could be, predictive of the health of the individual or their genetic relative. 
  • Sensitive information is a subset of personal information. Sensitive information means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record, in circumstances where that information is also personal information. Sensitive information also includes health information about an individual, genetic information, and biometric information or templates. Sensitive information is generally awarded a higher level of privacy protection than other types of personal information.
  • AI system means a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Different AI systems vary in their levels of autonomy and adaptiveness after deployment.

Collection of Patient Information

In order to provide a quality diagnostic imaging service, it is necessary for us to collect personal information about our patients.

Such necessary information may include the following information about you: 

  • Referral/procedural details;
  • Contact details;
  • Medicare/health fund details;
  • Government concession entitlements;
  • Workers’ compensation/employment/accident information;
  • Medical history;
  • Radiological history;
  • Family medical history;
  • Genetic information;
  • Billing/account details. 

The information will usually be collected directly from you (e.g. when you make a booking, engage with our systems (including AI systems), make an enquiry, or attend for a scan). However, if on occasions it would be impracticable or unreasonable to collect this information directly from you, we may need to obtain information from other sources, including:: 

  • Other medical practitioners or health care practices, such as former GPs and specialists, pathology labs, and other clinics where you have undergone relevant prior diagnostic imaging;
  • Other health care providers, such as physiotherapists, chiropractors, osteopaths, podiatrists, dentists, nurses;
  • Hospitals, screening/day surgery units;
  • Family members or a legal guardian where you do not have capacity to provide the necessary information; and
  • Information stored in My Health Record in accordance with the access controls set by you.

We will usually obtain your consent before collecting information from these other sources, but in emergency situations we may need to collect personal information from your relatives or from other sources without your consent.

Both our practice staff and our medical practitioners may participate in the collection of this information.

We may use AI systems to assist in providing our services. Personal information generated or inferred about you by AI systems will be managed by us in accordance with the APPs and this Privacy Policy.

What happens if you do not provide this information 

We may not be able to verify or respond to your enquiry, provide you with the requested information or service, if you choose not to provide us with your personal information.

Dealing with us anonymously or using a pseudonym 

In very limited circumstances, where possible and lawful, you may interact with us anonymously or using a pseudonym. For example, if you call us to ask about our opening hours, you can remain anonymous.

However, to provide you with health services, we will need to know your name, contact information and other details.

Use & Disclosure of Patient Information

The practice staff will use and disclose your personal information for purposes such as:

  • Treating you by providing services to you, including producing and managing medical imaging reports and appropriate testing; 
  • Interpreting your results, developing diagnoses and providing advice on treatment options; 
  • Providing results to the practitioner who referred you for diagnostic imaging services; 
  • Complying with regulatory and public health legal requirements (e.g. for diagnosis of certain communicable diseases); 
  • Contribution of diagnostic imaging reports to your Australian Government “My Health Record” if you are participating and as controlled by you; 
  • Referral to another medical practitioner or health care practitioner; 
  • Referral to a hospital for treatment and/or advice, with your consent;  
  • Sending off specimens for analysis; 
  • Where it is unreasonable or impracticable to obtain your consent and we reasonably believe the use or disclosure is necessary to prevent or lessen a serious threat to an individual’s life, health or safety or to public health or safety; 
  • Account keeping, billing purposes and recovery of monies; 
  • Government agencies such as Medicare, Defence, the Department of Veteran Affairs, the Insurance Commission of Western Australia, or your private health fund (where applicable) to claim a rebate for our services on your behalf; 
  • The management of our practice; 
  • Quality assurance, training, practice accreditation and complaint handling;  
  • To meet our obligations of notification to our medical defence organisations or insurers; 
  • Where legally required to do so, such as producing records to court, producing records to Medicare for audit purposes or the notification of diagnosis of certain communicable diseases.

PRC participates in research from time to time. We will only use or disclose your personal information for research if you have given consent to participate (or, in limited cases, where the requirement to obtain consent requirement has been waived by a Human Research Ethics Committee) and the research has been approved by a Human Research Ethics Committee. 

We may use your personal information in, or disclose your personal information to, secure AI systems for the following purposes: 

  • Booking appointments for you;
  • Reviewing diagnostic images;
  • Assisting with report writing;
  • Prioritising cases and managing radiologist worklists; and
  • As notified by us from time to time.  

We do not input personal information into publicly available AI systems.

Other Medical Providers’ Access to Your Medical Records

Access to your medical records, which includes reports and images, is provided to your referring practitioner in the course of your care.

On occasions, your referring practitioner may request that your records are made available to another practitioner for the purposes of second opinion or further management. In addition, other radiology providers may request access to your images and reports to provide a further opinion, or for comparison/correlation with subsequent imaging.

All access to PRC patient data provided to other practitioners, facilities or imaging providers is logged and can be audited. This access is provided on the basis that your treating practitioners and other radiology providers have obtained your consent to access your information.

Access Limitation Options

If you have particular privacy needs not addressed by this policy, you may contact us about limiting access to your medical records.

Please note that restricting access to your information may lead to significant delays or compromise your medical management. The implications of limiting access should be considered carefully and discussed with your treating practitioner.

Ancillary Patient Activities

Delivery of imaging data electronically: PRC uses secured internet-based technology to deliver images and reports. All of these transfers are logged and can be audited.

Delivery of films: Our practice has a film delivery service and the utmost confidentiality and care is maintained in delivering your films. This service may be provided by our own staff, commercial couriers, taxis or registered post. If this is unacceptable to you, please arrange with our staff to collect your own films.

Maintenance personnel: For operational purposes, it is necessary to allow maintenance personnel access to our premises. However, only authorised personnel are allowed access to records.

Contact details: If we need to contact you for any reason and need to leave a message for you, it may be necessary for us to say where we are calling from. Please advise our reception staff immediately if you do not want us to do this. We may need to arrange alternate contact details.

For security purposes, PRC may use video surveillance or “CCTV” devices. Images and video captured through these devices must be handled with respect to the APPs, the Act and the Surveillance Devices Act 1998 (WA). For example, this means that PRC will:

  • ensure that CCTV is only used in public areas of its premises, i.e. not in areas where persons would have an expectation of privacy (e.g. changing rooms or bathrooms);
  • ensure that signage displays information about the operation of CCTV or other surveillance device in the area; and
  • ensure that any recorded personal information is kept secure and destroyed when no longer needed. 

CCTV footage may be accessed by a small group of PRC staff, and footage may be used and disclosed as permitted by the APPs, including PRC’s investigation of an incident occurring at our premises. 

Personal information of prospective staff, medical practitioners and service providers

PRC collects personal information of persons who interact with it in the course of its business operations, including individuals who apply for employment with PRC and contractors who provide services to PRC. We do this to operate our business.

The personal information PRC collects about people seeking employment with PRC, and contractors who provide services to PRC may include:

  • Contact and identification information such as your name, address, telephone number, email address, date of birth and identity verification information (where applicable);
  • Information about your education and work history, experience, qualifications and skills, and the opinions of others about your work performance;
  • Details of professional registration or qualifications;
  • Health information which will only be collected where it is relevant to our assessment of whether you are able to perform the inherent requirements of a particular position and with your consent;
  • Criminal record information, which will only be collected where relevant to the recruitment process and with your consent;
  • Other personal information obtained during the application process from documentation you submit to us, for example from your resume and cover letter;
  • Other information required for our recruitment functions, including where required by law; and
  • Any other information you voluntarily provide in your application or during interviews.

Generally, PRC collects your personal information directly from you. There may be occasions when PRC collects your personal information from other sources, including:

  • A third-party website including when you register your interest in one of our advertised roles via such website;
  • Background screening service providers;
  • Referees or third parties with whom you have previously worked;
  • Educational institutions with whom you have completed a qualification;
  • Professional registration details from the Ahpra website;
  • A complaint from a patient about a contracted medical practitioner;
  • A regulator conducting an audit or investigation; and/or
  • A publicly maintained record or other publicly available source of information including social media, such as LinkedIn.

Consequences if you do not provide this information

If you chose not to provide PRC with certain personal information, PRC may not be able to progress your application for employment and/or may not be able to engage with you as a contractor providing services to PRC.

Use & Disclosure of Non-Patient Information

If you apply for a role at PRC (as an employee or contractor), PRC will collect, hold, use and disclose your personal information for purposes such as:

  • Assessing your suitability for employment or engagement with PRC;
  • Conducting reference and background checks including police checks, working with children checks and registration/certification checks;
  • Meeting our legal and regulatory obligations;
  • Communicating with you during the recruitment process;
  • Considering you for future opportunities if you consent to remain in our talent pool.

In the application process, PRC may disclose your personal information to:

  • Third parties engaged by PRC to perform business and administrative functions including but not limited to background screening and reference checking;
  • With your consent, your current employer and/or any individuals who you nominate as referees to verify certain information;
  • With your consent, third parties who assist PRC with compliance obligations in relation to the job for which you are being considered;
  • Other companies within PRC’s corporate group;
  • Regulatory bodies and agencies if and as necessary, including the Australian Taxation Office; and/or
  • To comply with a legal obligation (e.g. responding to a court order).

If you become a contractor to PRC, we will use your personal information to manage our relationship and pay your service fee. We will disclose contractor information as required or authorised by law, including reporting to Ahpra and Medicare.

We will use and disclose the personal information provided to us for the purpose for which it is given, unless we are authorised or required by law to use or disclose it for a different purpose.

We may use AI systems to assist us to undertake an initial review of applications for employment or contractor roles, manage workflow and undertake other business-related activities. Personal information generated or inferred about you by AI systems will be managed by us in accordance with the APPs and this privacy policy. We do not input personal information into publicly available AI systems.

Direct marketing 

We do not use your personal information for direct-marketing purposes. 

Our Website

PRC does not attempt to identify individuals who visit our website and does not store personal information of people viewing the website.

PRC will only collect and store personal information if an individual chooses to provide this to PRC via an online service, form or by email, for example through an “Online Booking”, “Contact” or “Request an Appointment” page, or when a referrer submits a referral using the PRC online referral service.

We may collect information using server logs and through cookies used by us or by our third-party service providers (such as Google and Facebook) who provide analytical services in relation to our websites. In particular when you visit our sites to read, browse or download information, our system will generally record/log:

  • Your IP address;
  • The top level domain name (e.g. .com, .gov, .au, .org);
  • The Internet Service Provider (ISP);
  • The type of internet browsers you use;
  • The date and time of your visit;
  • The site from which you linked to our websites;
  • Your screen resolution;
  • Your general geographical information (e.g. country, state, city);
  • The landing webpage and exit webpage;
  • The pages viewed; and
  • Any information downloaded.

This information will be used for the purposes of:

  • Site analysis;
  • Helping us offer an improved online service;
  • Maintaining the continuity of a browsing session (e.g. to maintain an online transaction);
  • Remembering your details and preferences when you return; and
  • Enabling advertisements for our goods and services to be placed when our website and certain third party websites are visited by users who have previously visited our website.

You cannot be identified from this information and it is only used to assist us in providing an effective service on our websites. We will not merge your personal information with non-personally identifiable information.

You can refuse all cookies by turning them off in your browser, however, this can limit the functionality of our websites. You are also able to use the settings in your browser to control how you deal with cookies.

If you have a Google account and you enable it to associate your web and app browsing history with your Google account, Google may use data from the Google account in accordance with the terms of use of that account (including enabling marketing to you across multiple devices that you use). Google users can control their advertising settings (or opt out of personalised ads altogether) at Google Account.

Further information about online behavioural advertising (and opting-out of some online practices and behavioural advertising) is available at www.youronlinechoices.com.au.

Our website may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies. 

Our collection of personal or non-personal information through social media platforms is determined by your social media account privacy settings and the privacy policy of the social media platform operator. Your use of those social media platforms is governed by the terms of use applicable to the relevant platform.

For more information, refer to our website Terms of Use available at
https://perthradclinic.com.au/perth-radiological-clinic-website-terms-of-use/

Access to Your Own Records

You are entitled to access your own records, or the records of another person where you are authorised to make a request on their behalf (e.g. you are the person’s legal guardian). 

If you are a patient, you can seek access to your own personal information either through the Government’s My Health Record database or PRC’s “myPRC” patient portal. Applications for access to the portal can be made via [email protected]. Otherwise, requests can be made in writing to the Privacy Officer via email [email protected], or addressed to Perth Radiological Clinic, PO BOX 99, Mirrabooka WA 6941.

PRC requests that you be reasonably specific about the information you require.

PRC will request confirmation of your identity before releasing information. \

If you are seeking access to another person’s information, PRC will request evidence that you are authorised to obtain that information (e.g. Enduring Power of Guardianship).

The Privacy Officer will endeavour to respond as soon as practicable, but no later than 30 days of receipt of your request.

We might deny access to records if:

  • We are not able to confirm your identity;
  • We reasonably believe that to provide access would pose a serious threat to life, health or safety;
  • The access would unreasonably impact on the privacy of another person;
  • We reasonably consider that the request is frivolous or vexatious;
  • The information relates to anticipated or actual legal proceedings and you would not be entitled to access the information in those proceedings;
  • The access would reveal intentions and prejudice negotiations;
  • The access would be unlawful;
  • Denying access is required or authorised by an Australian law or court/tribunal order;
  • The access would likely prejudice the taking of appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature;
  • The access would likely prejudice enforcement related activities; or
  • The access would reveal evaluative information in connection with a commercially sensitive decision-making process.

If PRC refuses your request to access your personal information, PRC will provide you with written reasons for the refusal and details of complaint mechanisms.

PRC will not charge an application fee but may impose reasonable charges for elements such as administration, photocopying and delivery.

Children, Young People and Adult Patients who lack Capacity to Consent

PRC requires the consent of a parent or legal guardian to provide services/procedures for young people under the age of 16 or any other persons incapable of providing consent.

Where a patient does not have capacity to give consent for themselves, information about the service/procedure (including personal information of the patient where necessary) must be provided to the patient’s legal guardian so that they are in a position to provide informed consent.

Correction of Personal Information

You are entitled to make a request for correction of your personal information.

Where possible your request should be in writing stating the year of service, type of service, at which of our branches the service was provided, and the correction which you consider should be made. All requests should be accompanied by a certified copy of current photographic identification, evidence that you are entitled to request a correction on behalf of another person (if relevant), and be addressed as follows, regardless of where the procedure was performed:

The Privacy Officer Perth Radiological Clinic, PO Box 99, Mirrabooka WA 6941, or via email [email protected].

We will endeavour to respond as soon as practicable, but no later than 30 days of receipt of your request.

We are not required to make changes to our records if we are satisfied that the information we hold is accurate, up to date, complete, relevant and not misleading. If you ask us to, we will put a note with the record stating that you believe the information to be inaccurate, out of date, incomplete, irrelevant or misleading.

If PRC refuses your request to correct your personal information, PRC will provide you with written reasons for the refusal and details of complaint mechanisms.

Storage and Security of Personal Information

We store personal information in both electronic and hardcopy form within Australia. We do not ordinarily transfer identifiable information outside of Australia.

If your personal information is entered into our AI systems, the information will be temporarily stored in the Australian-based data centre of the system before being deleted. We note that some information obtained by us via third party software may be stored by that third party software provider.

We aim to store your information securely and take reasonable steps to protect it against misuse, interference, loss, unauthorised access, modification and disclosure. We have a range of security controls in place including access control mechanisms, physical site access restrictions and a range of cyber security processes, policies and procedures to keep your data secure.

In relation to prospective staff, if your application is unsuccessful, we may retain your information for a reasonable period of time unless you request otherwise.

Complaints

If you have any concerns about the way that we deal with your information, please contact our Privacy Officer by emailing [email protected] or writing to Perth Radiological Clinic, PO Box 99, Mirrabooka WA 6941.

We will respond to you promptly to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

If you are not satisfied with our response, you may complain to the OAIC via its website, www.oaic.gov.au

Further Information

If you would like any further information regarding our Privacy Policy or if you have any questions or comments about privacy issues, please contact us at [email protected].

Last updated: November 2025