# Privacy Policy — Extra Mile Health

Last updated: April 2026

---

Extra Mile Health (ABN 95 643 456 535, ACN 643 456 535) ("we", "us", "our") is committed to protecting the privacy of all individuals whose personal information we collect and hold. This Privacy Policy explains how we collect, use, store, disclose, and manage your personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the NDIS Act 2013 (Cth), and the NDIS Quality and Safeguards Commission's privacy requirements.

This Policy applies to all clients, participants, prospective participants, carers, support coordinators, referrers, and visitors to our website at extramilehealth.com.au.

---

## 1. What Personal Information We Collect

We may collect and hold the following types of information:

Personal information:

- Full name, date of birth, gender

- Contact details (address, phone number, email)

- Emergency contact details

- Medicare number, DVA file number, NDIS participant number, ICWA claim number, or Home Care Package details

- Insurance and funding information

Health information (sensitive information):

- Medical history, diagnosis, medications, and clinical notes

- Functional capacity and assessment reports

- Treatment plans and progress notes

- Physiotherapy referrals and correspondence with treating practitioners

- Incident reports and adverse event records

Other information:

- Website usage data (see Section 7 — Website and Cookies)

- Information provided via referral forms, enquiry forms, or email

We collect only the minimum information necessary to deliver safe, high-quality care and comply with our legal and funding obligations.

---

## 2. How We Collect Your Information

We collect personal and health information:

- Directly from you (in person, by phone, by email, or via our website forms)

- From your authorised representative, carer, or family member

- From referring practitioners (GPs, specialists, allied health providers)

- From your NDIS support coordinator, Local Area Coordinator (LAC), or plan manager

- From funding bodies including the NDIA, DVA, ICWA, and Home Care Package providers

- From the NDIS Provider Finder and NDIS Commission

Where practicable, we will collect personal information directly from you or with your knowledge and consent.

---

## 3. Why We Collect and Use Your Information

We use your personal and health information to:

- Provide physiotherapy, therapy assistance, support work, and related services

- Assess your needs, develop treatment or support plans, and monitor your progress

- Communicate with you and your authorised representatives about your care

- Submit claims and invoices to the NDIA, DVA, ICWA, your Home Care Package provider, or your private health insurer

- Meet our obligations as a registered NDIS provider, DVA-accredited provider, and ICWA-registered provider

- Conduct quality assurance, incident reporting, and complaints management

- Comply with mandatory reporting obligations under the NDIS (Incident Management and Reportable Incidents) Rules 2018

- Meet obligations under the Health Practitioner Regulation National Law Act (AHPRA) for registered physiotherapists

- Respond to your enquiries and referrals

- Improve our services and train our staff (de-identified information only)

We will not use your information for purposes unrelated to your care without your consent.

---

## 4. Disclosure of Your Information

We may disclose your personal and health information to:

- Treating practitioners: Your GP, specialists, and other allied health providers involved in your care, where clinically appropriate

- Funding bodies: The NDIA, DVA, ICWA, MyAgedCare / Home Care Package providers, and private health insurers, for the purpose of billing and claim verification

- NDIS Quality and Safeguards Commission: For regulatory compliance, mandatory incident reporting, and complaints management

- AHPRA: For registration compliance matters relating to our physiotherapists

- Our staff and contractors: Including physiotherapists, therapy assistants, and support workers involved in your care, on a need-to-know basis

- IT and software service providers: Who assist us in storing and managing records securely (subject to confidentiality agreements)

- Emergency services: In circumstances where disclosure is necessary to prevent a serious and imminent threat to your health or safety or that of another person

We will not sell, rent, or share your personal information with third parties for marketing or commercial purposes.

We will not disclose your information to overseas recipients unless required by law or with your explicit consent.

---

## 5. Health Information — Additional Protections

Health information is a category of sensitive information under the Privacy Act 1988 and is subject to additional protections. We:

- Collect health information only where necessary for providing care and fulfilling legal obligations

- Obtain your consent (or your authorised representative's consent) before collecting health information, except where required by law

- Store all health records in secure, access-controlled systems

- Retain health records for a minimum of 7 years from the date of last service (or until a child turns 25, whichever is later), in accordance with Australian Health Practitioners' obligations and relevant state legislation

---

## 6. How We Store and Protect Your Information

We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

- Encrypted, password-protected digital record systems

- Role-based access controls — staff access only information relevant to their role

- Confidentiality obligations for all staff and contractors

- Physical security for any paper-based records

- Regular review of our information security practices

If we no longer require your information and are not obliged by law to retain it, we will take reasonable steps to destroy or de-identify it.

---

## 7. Website and Cookies

Our website at extramilehealth.com.au is hosted on Squarespace. When you visit our website, Squarespace and our analytics provider may collect technical information including:

- Your IP address

- Browser type and operating system

- Pages visited and time spent on each page

- Referring website

This information is collected using cookies and similar technologies to help us understand how our website is used and to improve it. This data is generally aggregated and does not identify you personally.

You may disable cookies via your browser settings. Some features of the website may not function correctly if cookies are disabled.

We do not use your website browsing data for clinical or care purposes.

---

## 8. Direct Marketing

We do not use your personal or health information for direct marketing without your consent. If we wish to send you newsletters, service updates, or other communications, we will obtain your explicit opt-in consent and provide a straightforward way for you to opt out at any time.

---

## 9. Your Rights

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

- Access the personal and health information we hold about you

- Correct information that is inaccurate, incomplete, out of date, or misleading

- Complain about how we handle your information

- Withdraw consent to certain uses of your information (where consent is the basis for use)

To exercise any of these rights, contact us using the details in Section 11.

We will respond to access and correction requests within 30 days. In some circumstances, we may need to decline a request (for example, where disclosure would pose a serious threat to someone's health or safety). We will explain our reasons if we do so.

---

## 10. Complaints

If you believe we have handled your personal or health information in a way that does not comply with this Policy or the Privacy Act 1988, please contact us in the first instance. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

Phone: 1300 363 992

Website: oaic.gov.au

Mail: GPO Box 5218, Sydney NSW 2001

If your complaint relates to the handling of your NDIS information, you may also contact:

NDIS Quality and Safeguards Commission

Phone: 1800 035 544

Website: ndiscommission.gov.au

---

## 11. Contact Us

For any privacy enquiries, requests to access or correct your information, or complaints:

Extra Mile Health

Level 28, AMP Tower, 140 St Georges Terrace, Perth WA 6000

Phone: 08 6189 4944

Mobile: +61 422 806 225

Email: admin@extramilehealth.com.au

Website: extramilehealth.com.au

---

## 12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be available at extramilehealth.com.au/privacy-policy. We encourage you to review this Policy periodically. The "Last updated" date at the top of this page indicates when the Policy was most recently revised.

---

Extra Mile Health is a registered NDIS provider, a DVA-accredited provider, and an ICWA-registered provider operating under the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (where applicable).