Start Guided Assessment 
Book Consult

Privacy Policy

Our commitment to your privacy
Benjamin Health is committed to protecting the privacy of our patients and all individuals who interact with our services. We handle your personal and health information with the highest standards of care, security, and transparency, in full compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights in relation to it. We encourage you to read this policy carefully.

By accessing our website at benjaminhealth.com.au, creating a patient account, or using our services, you consent to the collection and use of your information as described in this policy.

1.   About us

Benjamin Health is an Australian telehealth practice providing personalised mental health, alternative medicine, and longevity services to patients across Australia. Our services are delivered entirely via secure telehealth consultations through our website and patient portal.

Business name:  Benjamin Health

Website:  benjaminhealth.com.au

Contact:  support@benjaminhealth.com.au

Benjamin Health is the data controller for the personal information we collect. If you have any questions about how we handle your information, please contact us at the address above.

2.   What information we collect

We collect personal information that is necessary to provide our healthcare services, manage your care, and operate our practice. This includes the following categories:

2.1   Identity and contact information

  • Full name, date of birth, and gender
  • Home address, email address, and phone number
  • Emergency contact details
  • Medicare number and healthcare card details
  • Health insurance information

2.2   Health and medical information

  • Medical history, current health conditions, and diagnoses
  • Medications, allergies, and adverse reactions
  • Pathology results, referral letters, and specialist reports
  • Consultation notes, treatment plans, and clinical assessments
  • Mental health history and psychological assessments
  • Safe Scripts prescription monitoring history
  • Any other health information you provide during consultations or via the portal

2.3   Account and portal information

  • Username, password (encrypted), and authentication credentials
  • Two-factor authentication (2FA) method and settings
  • Documents you upload to the patient portal
  • Consent forms, intake forms, and digital signatures
  • Messages sent to and received from our clinic
  • Appointment history and telehealth session records

2.4   Technical and usage information

  • IP address, browser type, and device information
  • Login timestamps, session activity, and audit logs
  • Usage patterns within the patient portal

2.5   Information we receive from third parties

We may receive information about you from:

  • Best Practice Premier (Bp Premier) — our clinical management software, which stores your patient record
  • HotDoc — our online appointment booking platform
  • Referring healthcare providers, specialists, or allied health practitioners
  • Pathology and diagnostic laboratories

Sensitive information

Health information is considered ‘sensitive information’ under the Privacy Act 1988 and is afforded the highest level of protection. We only collect sensitive information with your consent or where permitted or required by law, and we take additional precautions to protect it.
3.   How we collect your information

We collect your information in the following ways:

  • Directly from you — when you register for an account, complete intake or consent forms, attend a consultation, send a message through the portal, or upload documents
  • Through the patient portal — when you interact with any feature of the Benjamin Health portal, including booking appointments, requesting prescription renewals, or accessing your health records
  • Automatically — when you visit our website or use the portal, we may collect technical information such as your IP address, device type, and session data via cookies and server logs
  • From third-party systems — from our clinical software (Bp Premier), our booking platform (HotDoc), and from other healthcare providers involved in your care
  • Via telehealth consultations — information shared during video appointments, including clinical notes recorded by your treating clinician
4.   Why we collect your information and how we use it

We only collect and use personal information for purposes that are directly related to providing you with healthcare services or that you would reasonably expect. Our primary purposes include:

4.1   Providing and managing your healthcare
  • To assess, diagnose, treat, and manage your health conditions
  • To prescribe and manage your medications, including compliance with Safe Scripts obligations
  • To conduct telehealth consultations and maintain your clinical records
  • To refer you to other healthcare providers where appropriate
  • To communicate with you about your care, appointments, and prescriptions
4.2   Operating the patient portal
  • To create and manage your patient account
  • To display your health records, prescriptions, and appointments within the portal
  • To facilitate secure messaging between you and our clinic
  • To process document uploads and consent forms
  • To send you notifications about your care
4.3   Legal and regulatory compliance
  • To comply with the Privacy Act 1988 and Australian Privacy Principles
  • To comply with AHPRA obligations on registered healthcare practitioners
  • To meet Safe Scripts and prescription monitoring requirements under applicable state and territory legislation
  • To maintain records as required under health records legislation
  • To respond to lawful requests from regulatory bodies, courts, or law enforcement
4.4   Practice administration
  • To process payments and manage billing
  • To schedule and manage appointments
  • To send appointment reminders and administrative notifications
  • To improve the quality and safety of our services

We will not use your personal information for purposes other than those described in this policy without your consent, unless required by law.

5.   Disclosure of your information to third parties

We treat your personal information with strict confidentiality. We will only disclose your information to third parties in the following circumstances:

5.1   With your consent

We will disclose your information to other healthcare providers, specialists, or allied health practitioners involved in your care when you have provided consent for us to do so.

5.2   Service providers

We engage trusted technology and service providers who assist us in operating our practice and patient portal. These providers are required to handle your information only as directed by us and in accordance with strict confidentiality obligations. Our key service providers include:

Provider

Purpose

Data location

AWS (Amazon Web Services)

Secure database and file storage hosting

Australia (ap-southeast-2, Sydney)

Supabase

Database and authentication services

Australia (AWS ap-southeast-2)

Vercel

Website and portal hosting

Australian edge nodes

Best Practice Software / Halo Connect

Clinical management software and data integration

Australia (Microsoft Azure)

HotDoc

Online appointment booking

Australia

Daily.co

Encrypted telehealth video sessions

Australia (confirmed pre-launch)

Twilio

Two-factor authentication (SMS)

Australia

Resend / AWS SES

Transactional email notifications

Australia

5.3   Legal and regulatory requirements

We may be required to disclose your information to:

  • Regulatory bodies such as AHPRA, OAIC, the TGA, or Safe Scripts authorities
  • Courts, tribunals, or law enforcement agencies where required by a court order, subpoena, or applicable law
  • Medicare Australia or the Department of Health for billing and compliance purposes

5.4   Safety and emergency situations

Where we reasonably believe it is necessary to prevent a serious and imminent threat to your life, health, or safety, or to the life, health, or safety of another person, we may disclose relevant information to appropriate persons or authorities without your consent.

We do not sell your information

Benjamin Health will never sell, rent, or trade your personal or health information to any third party for commercial, marketing, or advertising purposes. Your health data is used solely to provide and improve your care.
6.   Data storage, security, and Australian residency

6.1   Where your data is stored

All personal and health information collected by Benjamin Health is stored exclusively in Australia, on servers located in the AWS Sydney region (ap-southeast-2). We do not transfer, store, or process your data outside of Australia.

6.2   How we protect your information

We employ industry-leading technical and organisational security measures to protect your information from unauthorised access, disclosure, alteration, or loss. These include:

  • AES-256 encryption of all health data at rest
  • TLS 1.3 encryption of all data in transit
  • Mandatory two-factor authentication (2FA) for all portal accounts
  • Row-level security ensuring each patient can only access their own records
  • Time-limited signed URLs for accessing documents (expiring within 15 minutes)
  • Comprehensive audit logging of all access to patient records, retained for seven years
  • Virus scanning of all uploaded files prior to storage
  • Regular security testing including OWASP Top 10 assessments and penetration testing
  • Strict access controls limiting staff access to patient data on a need-to-know basis

6.3   Data retention

We retain your personal and health information for as long as necessary to provide your care and to comply with our legal obligations. In general:

  • Patient health records are retained for a minimum of seven years from the date of last service (or, for children, until the patient turns 25), in accordance with applicable health records legislation
  • Audit logs are retained for seven years
  • Financial records are retained for seven years in accordance with tax law
  • Where you request deletion of your account, we will delete or de-identify your personal information to the extent permitted by law

6.4   Data breaches

Benjamin Health maintains a documented Data Breach Response Plan in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. In the event of a data breach that is likely to result in serious harm to any affected individual, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
  • Notify all affected individuals directly
  • Take immediate steps to contain the breach and prevent further harm
7.   Cookies and website analytics

Our website and patient portal use cookies and similar technologies to operate correctly and to improve your experience. Cookies are small text files stored on your device when you visit a website.

We use the following types of cookies:

  • Essential cookies — required for the portal to function, including session authentication and security tokens. These cannot be disabled.
  • Functional cookies — remember your preferences and settings within the portal.
  • Analytics cookies — help us understand how visitors use our website so we can improve it. We use privacy-focused analytics and do not share this data with third parties.

You can manage or disable non-essential cookies through your browser settings. Disabling essential cookies will prevent you from accessing the patient portal.

8.   Your privacy rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the following rights in relation to your personal information:

8.1   Right of access

You have the right to request access to the personal information we hold about you. We will respond to access requests within 30 days. In most cases, access to your health records is provided free of charge. We may charge a reasonable fee for complex requests.

8.2   Right to correction

If you believe the information we hold about you is inaccurate, out of date, incomplete, or misleading, you have the right to request that we correct it. We will respond to correction requests within 30 days.

8.3   Right to withdraw consent

Where we rely on your consent to collect or use your information, you may withdraw that consent at any time by contacting us. Please note that withdrawal of consent may affect our ability to continue providing healthcare services to you.

8.4   Right to complain

If you believe we have not handled your personal information in accordance with this policy or the Privacy Act 1988, you have the right to make a complaint. We ask that you contact us first so we can address your concern directly.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website:  oaic.gov.au

Phone:  1300 363 992

Email:  enquiries@oaic.gov.au

9.   Telehealth consultations

Our telehealth consultations are conducted via our integrated video platform (Daily.co), which operates using end-to-end encrypted video technology on Australian servers. The content of your consultation is confidential.

Consultations are not routinely recorded. If a recording is required for any reason (for example, for training or quality assurance purposes), we will:

  • Obtain your explicit consent before recording begins
  • Inform you of the purpose and how the recording will be stored and used
  • Store any recording in encrypted form on Australian servers
  • Delete the recording when it is no longer required

Consultation notes are recorded by your treating clinician in our clinical software and form part of your permanent health record. You have the right to access these notes as described in section 8.1 above.

10.   Prescriptions and Safe Scripts

Benjamin Health’s prescribers are required to check the Safe Scripts prescription monitoring register before prescribing Schedule 4 and Schedule 8 medicines. Safe Scripts is operated by relevant state and territory health authorities and allows prescribers to view a patient’s prescription history for controlled medicines.

By receiving a prescription for a controlled medicine from Benjamin Health, you acknowledge that your prescription history may be accessed by our prescribers through Safe Scripts. A record of each Safe Scripts check performed by our clinicians is logged and is visible to you in your patient portal.

Your Safe Scripts information is accessed solely for the purpose of ensuring safe and appropriate prescribing. We do not access or use Safe Scripts data for any other purpose.

11.   Children’s privacy

Our services are primarily intended for adults aged 18 years and over. Where we provide services to patients under 18, a parent or legal guardian must provide consent on their behalf and is responsible for the accuracy of information provided.

Health records for patients under 18 are retained until the patient turns 25, or for seven years from the date of last service (whichever is longer), in accordance with applicable health records legislation.

12.   Links to other websites

Our website may contain links to external websites, including HotDoc for appointment bookings and information resources. We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any third-party sites you visit.

13.   Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will:

  • Post the updated policy on our website with a revised effective date
  • Notify existing patients via email or an in-portal notification

Your continued use of our services after any changes take effect constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

14.   How to contact us

For all privacy-related enquiries, requests, and complaints, please contact us:

Privacy contact — Benjamin Health

Email: support@benjaminhealth.com.au Website: benjaminhealth.com.au  We will acknowledge your enquiry within 2 business days and aim to resolve all requests within 30 days.

This Privacy Policy has been prepared in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Benjamin Health recommends that patients seek independent legal or privacy advice if they have specific concerns about how their health information is handled.

Benjamin Health ABN: 14 795 817 636  |     Effective: 20 April, 2026    |     Version 1.0