Skip to content
High Steps Podiatry
Book online

Privacy Policy.

How we collect, use, store and protect your personal and health information.

High Steps Pty Ltd (ABN [ABN to be confirmed]), trading as High Steps Podiatry (“we”, “us”, “our”), is committed to protecting your privacy. This policy explains how we handle your personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records and Information Privacy Act 2002 (NSW).

It applies to information collected through our website, by phone or email, at the Harrington Park clinic, and during home visits across Sydney.

The information we collect

We collect personal information such as your name, date of birth, address, phone number, email, emergency contact, and funding details (for example your DVA card, NDIS plan, Medicare details, or private health fund).

As a health service, we also collect health information, which is sensitive information under the Privacy Act. This may include your medical history, current conditions and medications, your GP and other treating practitioners, referrals and care plans, assessment findings, treatment notes, and records of the care we provide and any claims made to Medicare, DVA, NDIS or your health fund.

Anonymity and pseudonymity

Due to the nature of the health services we provide, it is generally impracticable for us to deal with individuals who have not identified themselves. Accurate identification is required to ensure the safety and continuity of clinical care, to comply with our legal and professional obligations under applicable health legislation, and to meet the requirements of Medicare and private health insurance billing.

How we collect your information

We collect information directly from you wherever possible, including through our enquiry form, by phone or email, and during your appointment. With your consent, we may also collect information from third parties such as your GP, other treating practitioners, care team, or family member or carer.

From time to time, we may receive personal or health information that we did not solicit. Where we receive unsolicited personal information, we will promptly assess whether that information is of a kind we could have collected under our standard collection practices.

Why we collect and how we use your information

We use your information to:

  • provide podiatry care and arrange your appointments;
  • maintain accurate clinical records and continuity of care;
  • liaise with your GP, care team or family, with your consent;
  • process billing and claims through DVA, NDIS, Medicare, workers compensation insurers or your private health fund;
  • respond to your enquiries; and
  • meet our legal, professional and regulatory obligations.

Disclosure of your information

We do not sell your information. We may disclose it, only as needed, to your GP, other treating practitioners or care team (with your consent), to funding bodies and insurers for billing and claims, to our service providers (such as secure software, hosting and email providers) under confidentiality obligations, and where required or authorised by law.

Overseas disclosure

Some of the service providers we use to operate our website, email and enquiry form may store or process data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure your information is handled consistently with the Australian Privacy Principles.

Direct marketing

We will only send you marketing communications where you have agreed to receive them. You can opt out at any time by contacting us or using the unsubscribe option in any email. We do not use your health information for marketing.

Government identifiers

We collect identifiers such as your Medicare number only where necessary to provide care or process claims, and we do not use or disclose them except as permitted by law.

Keeping your information secure

We take reasonable steps to protect your information from misuse, loss, and unauthorised access, including secure storage and access controls. In the event of a data breach likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

How long we keep your information

We retain clinical records as required by the Health Records and Information Privacy Act 2002 (NSW): generally for at least seven years from the date of last entry for adults, and for patients seen under the age of 18, until they turn 25. When records are no longer required, they are securely destroyed or de-identified.

Cookies and website analytics

Our website may use cookies and analytics tools to understand how the site is used and to improve it. You can manage cookies through your browser settings. Because health-related browsing can reveal sensitive interests, we limit our use of tracking to what is necessary to operate and improve the site.

My Health Record

We do not upload information to your My Health Record unless you ask us to and provide your consent.

Accessing and correcting your information

You can ask to access or correct the personal information we hold about you by contacting us. We will respond within a reasonable time and may need to verify your identity first.

Complaints

If you have a concern about how we have handled your information, please contact us first using the details below and we will work to resolve it. If you are not satisfied, you can contact the Office of the Australian Information Commissioner at oaic.gov.au.

Changes to this policy

We may update this policy from time to time. The current version will always be available on this page.

Contact us

High Steps Podiatry
Harrington Park, NSW 2567 (and home visits across Sydney)
Phone: 0452 327 628
Email: [email protected]

Last updated: May 2026.