1 Introduction

iNaturally Naturopathic Practice (“the Practice”, “we”, “us”, “our”) is committed to protectingyour privacy and handling your personal information with respect, transparency, and integrity.

As a health service provider, we are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) regardless of our business size. Health information is classified as sensitive information under the Privacy Act and attracts a higher standard of protection.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights in relation to it. By using our services or website, you consent to the practices described in this policy.

If you have any questions about this policy, please contact us using the details above.

 

2 About iNaturally Naturopathic Practice

iNaturally Naturopathic Practice is a sole-practitioner naturopathic clinic operating from Griffith, ACT. We provide evidence-informed naturopathic consultations, including assessment, health education, nutritional medicine, herbal prescribing, functional pathology interpretation, and lifestyle guidance. We work collaboratively with GPs and medical specialists as part of integrative shared-care arrangements.

We are registered with our professional association and operate within the scope of practice for naturopaths in Australia. We do not hold registration under the Australian Health Practitioner Regulation Agency (AHPRA).

3 What Personal Information We Collect

We collect and hold the following categories of personal information:

3.1 Personal Identification Information

• Full name, date of birth, gender
• Residential address, email address, phone number
• Emergency contact details
• Medicare number and private health insurance details (where applicable)

3.2 Health Information (Sensitive Information)

• Medical history, current diagnoses, medications and supplements
• Family health history
• Lifestyle information including diet, sleep, exercise, stress and substance use
• Functional and conventional pathology results (blood, urine, stool, saliva, breath tests)
• Specialist reports, GP letters and referral correspondence
• Naturopathic consultation notes, clinical reasoning records, and treatment protocols
• Information about mental and emotional health
• Reproductive and hormonal health information
• Genetic information (including MTHFR and similar testing, where provided)

3.3 Payment and Billing Information

• Payment transaction records
• Invoice records (we do not store credit card details)

3.4 Communication Records

• Emails, messages, and correspondence with the Practice
• Consultation booking and appointment records

3.5 Website Information

• Non-identifiable usage data collected via website analytics (see Section 9)
• Information you submit through website contact or booking forms

3.6 AI-Assisted Notetaking

We use Heidi Health, an AI-assisted clinical notetaking tool, during consultations to support accurate clinical documentation. Audio recordings captured by Heidi Health are processed in accordance with their privacy policy, with data hosted on Australian servers. You will be informed at booking and at the start of any consultation where Heidi Health is used, and you have the right to opt out. Opting out will not affect the care you receive. For full details, see Section 7 below and your booking confirmation.

4 How We Collect Your Information

We collect personal information: iNaturally Naturopathic Practice | Privacy Policy Catherine McCoy, Naturopath | [email protected] | inaturally.com.au
• Directly from you during the booking process, via intake forms, or during consultations
• From correspondence you send us by email, phone, or message
• From third parties with your consent, including your GP, specialists, or other treating practitioners
• From pathology laboratories and diagnostic services, where you have authorised this
• Via our website, where you submit information through contact or booking forms
• Via AI-assisted notetaking software during consultations (with your prior consent)

We collect only the information reasonably necessary to provide you with safe, appropriate naturopathic care. Where possible, we provide the option for you to engage with us anonymously or by pseudonym, however this may limit the care we are able to provide.

5 How We Use Your Personal Information

We use your personal information to:

• Provide naturopathic consultations, assessments, and health recommendations
• Prepare and manage clinical records and treatment documentation
• Communicate with your GP, specialists, or other health practitioners involved in your care (with your knowledge and consent)
• Process payments and manage appointments
• Send reminders, health information, or follow-up communications related to your care
• Comply with our professional obligations and legal requirements
• Improve the quality and safety of the services we provide

We will not use your personal information for direct marketing without your explicit consent. If you have consented to receiving health education newsletters or similar communications, you may withdraw this consent at any time by contacting us.

6 Disclosure of Your Information to Third Parties

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

6.1 With Your Consent

With your knowledge and agreement, we may communicate with your GP, specialists, or other treating practitioners as part of your shared-care arrangement. This may include letters, case summaries, or pathology referrals.

6.2 Pathology and Diagnostic Services

We may share relevant clinical information with pathology laboratories or diagnostic services in order to arrange or interpret testing on your behalf.

6.3 Service Providers

We engage trusted third-party service providers to support our operations, including:

• Practice management and booking software (e.g., appointment scheduling platforms)
• Cloud-based document storage and communication services
• AI-assisted clinical notetaking (Heidi Health — see Section 7)
• Payment processing services

These providers are required to handle your information securely and only for the purposes we specify.

6.4 Legal or Regulatory Obligations

We may disclose your information when required or authorised by law, including in response to a court order, subpoena, or lawful request from a regulatory body. In a public health emergency, disclosure may also be permitted under the Privacy Act.

6.5 Serious Threat to Life or Safety

If we reasonably believe that disclosure is necessary to prevent or lessen a serious and imminent threat to your life, health, or safety, or that of another person, we may disclose relevant information without your consent, as permitted under the Privacy Act 1988 (Cth).

7 AI-Assisted Clinical Notetaking (Heidi Health)

We use Heidi Health, an AI-assisted clinical documentation tool, to support accurate and efficient consultation record-keeping. Where this tool is active during your consultation:

• You will be notified at the time of booking and at the beginning of the relevant consultation
• Audio is processed to generate a clinical summary or consultation notes
• Data is stored on Australian servers in accordance with Australian privacy law
• Heidi Health operates under its own privacy policy, available at: www.heidihealth.com
• Recordings are not retained by the Practice beyond what is necessary for record generation You have the right to opt out of AI-assisted notetaking at any time. Please inform us at or before your consultation. Opting out will not affect the quality of care you receive; notes will be recorded by other means.

8 Overseas Disclosure

Some of our service providers may be located overseas or store data on international cloud servers. Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure it is handled in a manner consistent with the Australian Privacy Principles. By engaging our services, you acknowledge that some data may be processed or held overseas, and that Australian Privacy Principle 8 applies to such disclosures.

We do not disclose your information to overseas parties unless we have a reasonable belief that the receiving party upholds standards equivalent to Australian privacy law, or unless you have consented, or we are otherwise required by law.

 

9 Website Privacy

Our website (inaturally.com.au) may collect non-personally identifiable information using cookies and analytics tools. This may include browser type, pages visited, and time spent on the site. This information is used to improve our website and is not linked to any individual.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

If you submit a contact form or book an appointment via our website, the information you provide will be handled in accordance with this Privacy Policy.

 

10 How We Protect Your Information

We take the security of your personal information seriously and take reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification, and disclosure.

Our security measures include:
• Password-protected and encrypted systems for clinical record storage
• Secure email practices for clinical communications
• Physical security measures for any paper-based records
• Limiting access to personal information to those who need it to perform their functions
• Use of reputable, privacy-compliant third-party software providers

If your personal information is no longer required for the purpose for which it was collected and no legal obligation requires us to retain it, we will take reasonable steps to destroy or deidentify it securely.

11 Retention of Health Records

Under relevant Australian legislation and professional guidelines, health records must be retained for a minimum of 7 years from the date of the last entry (or until a patient turns 25 if they were a minor at the time of treatment). We adhere to these requirements.

After the applicable retention period has passed, records will be securely destroyed.

12 Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach — that is, unauthorised access to or disclosure of your personal information that is likely to result in serious harm — we will:
• Assess the breach within 30 days of becoming aware of it iNaturally Naturopathic Practice | Privacy Policy Catherine McCoy, Naturopath | [email protected] | inaturally.com.au
• Notify the Office of the Australian Information Commissioner (OAIC) if the breach meets the threshold for serious harm
• Notify affected individuals as soon as practicable with a description of the breach and recommended steps to protect themselves If you believe your information may have been compromised, please contact us immediately at [email protected].

13 Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

13.1 Access Your Information
You may request access to the personal information we hold about you. We will respond within a reasonable timeframe and at no charge in ordinary circumstances. In some limited circumstances, we may be unable to provide access (for example, where doing so would pose a serious threat to another person’s safety, or is otherwise restricted by law); in such cases, we will explain why.

13.2 Correct Your Information
If you believe that personal information we hold about you is inaccurate, out of date, incomplete, or misleading, you may request that we correct it. We will take reasonable steps to do so promptly.

13.3 Make a Complaint
If you believe we have not handled your personal information in accordance with the Privacy Act, you may make a complaint to us in the first instance. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
• Website: www.oaic.gov.au
• Phone: 1300 363 992
• GPO Box 5218, Sydney NSW 2001

13.4 Withdraw Consent

Where we rely on your consent to use or disclose your information (such as for marketing communications or AI-assisted notetaking), you may withdraw consent at any time. Please note that withdrawal of consent for essential clinical purposes may limit our ability to provide care.

14 Children’s Privacy

Where we provide services to children under the age of 18, personal and health information is collected with parental or guardian consent. Parents and guardians may request access to or correction of a child’s records. Health records for minors are retained until the individual turns 25, in accordance with applicable guidelines.

15 Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or technology. The current version will always be available on our website at inaturally.com.au. We encourage you to review this policy periodically. Where changes are material, we will notify active clients by email.

16 Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your information, or wish to make a privacy complaint, please contact:
Catherine McCoy, Naturopath
iNaturally Naturopathic Practice
Unit 15, 2–4 Leichhardt Street, Griffith ACT 2603
Email: [email protected]
Phone: 0404 079 673
Website: inaturally.com.au

This Privacy Policy is governed by Australian law. In the event of any dispute arising in relation to this policy or the handling of your personal information, the parties agree to resolve the matter in accordance with the laws of the Australian Capital Territory