top of page

Privacy Policy

Woman in nature

1 About This Policy

This Privacy Policy applies to Lawrence & Co Health Services Pty Ltd, operating as Lawrence & Co Psychology and The Gut-Brain Clinic (together, 'we', 'us', or 'our'), both operating from Coorparoo, Brisbane, Queensland. Both practices are operated as health service providers and are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the professional obligations of the relevant National Boards under the Australian Health Practitioner Regulation Agency (AHPRA).

 

This Policy describes how we collect, use, disclose, store, and manage your personal and health information. It also explains your rights in relation to that information.

 

By booking an appointment or engaging with our services, you acknowledge that you have read and understood this Policy. If you have questions, please contact us before your appointment.

​​​

2 Who We Are

Lawrence & Co Health Services Pty Ltd provides psychological therapy, gut-directed hypnotherapy, and related health services. Psychologists at our clinics are registered with AHPRA and are subject to their respective National Board Codes of Conduct. Our hypnotherapists are registered with ISPA.

 

Contact details for privacy enquiries:

3 What Information We Collect

3.1 Personal Information

We collect personal information that is necessary to provide you with health services. This includes:

  • Full name, date of birth, and gender

  • Contact details (address, phone number, email)

  • Emergency contact details

  • Medicare number, private health fund details, and DVA / WorkCover / NDIS information where applicable

  • Referral information (e.g., GP Mental Health Treatment Plan, gastroenterologist referral)

  • Billing and payment information

 

3.2 Health Information

Health information is a type of sensitive information under the Privacy Act and is subject to stricter protections. We collect health information including:

  • Medical and psychological history

  • Presenting concerns, symptoms, and diagnosis information

  • Treatment notes, session records, and progress summaries

  • Medications and treating practitioners

  • Information about lifestyle, diet, and gut health (where relevant to service)

  • Information disclosed during consultations, including telehealth sessions

 

3.3 How We Collect Information

We collect information:

  • Directly from you - through intake forms, verbal discussion, or written correspondence

  • From referrers - such as your GP, specialist, or other treating practitioners, with your knowledge

  • From third parties - such as Medicare, private health insurers, NDIS, or DVA, in the course of processing claims

  • Through our practice management software (Zanda Health) - which manages bookings, clinical records, and invoicing

 

Note: If you do not provide the information requested, we may be unable to provide some or all of our services to you.

4 How We Use Your Information

4.1 Primary Purpose

Your information is primarily used to provide you with health services. This includes:

  • Assessing your presenting concerns and providing treatment

  • Communicating with you about appointments, treatment plans, and follow-up

  • Maintaining accurate and contemporaneous clinical records

  • Processing Medicare, private health fund, NDIS, or DVA billing and claims

  • Administering the operation of the practice (scheduling, invoicing, record-keeping)

 

4.2 Secondary Uses

We will not use your information for purposes other than those for which it was collected, unless:

  • You have provided consent for a secondary use

  • The use is directly related to the primary purpose and you would reasonably expect it

  • We are required or authorised to do so by law

  • It is necessary to prevent a serious and imminent threat to life, health, or safety

 

Secondary uses for which we may seek your explicit consent include:

  • Providing a summary or report to your GP or another treating practitioner

  • Referring you to another health service

  • Using de-identified information for quality improvement or service evaluation

  • Use of artificial intelligence tools (see Section 10 below)

5 Disclosure of Your Information

5.1 Disclosures With Your Consent

With your consent, we may share your health information with:

  • Your GP or other treating medical practitioners, to support coordinated care

  • Specialist referrers (e.g., gastroenterologists, psychiatrists)

  • Other allied health practitioners involved in your care

  • Family members or support persons, where you have authorised this

 

5.2 Disclosures Required by Law (Without Consent)

There are circumstances in which we are legally required to disclose information without your consent. We will inform you of any such disclosure where it is lawful and appropriate to do so. These circumstances include:

  • Mandatory reporting obligations — if a practitioner reasonably believes a child under 18 is at risk of harm or abuse, they are required under Queensland law (Child Protection Act 1999) to make a report to the relevant authority

  • Duty of care — if a practitioner forms a reasonable belief that you or another identifiable person is at serious and imminent risk of harm, they may be required to take steps to prevent that harm, which may include disclosing information to appropriate parties

  • Court orders or subpoenas — we may be required to produce clinical records or provide evidence in legal proceedings

  • AHPRA regulatory processes — in the context of a notification or audit, records may be required to be disclosed in accordance with the Health Practitioner Regulation National Law Act 2009

  • Medicare and insurer audits — records may be subject to audit by Medicare Australia, private health insurers, NDIS, or DVA

 

Practitioners will discuss the limits of confidentiality with you at the commencement of your treatment.

6. Data Storage and Security

We take reasonable steps to protect your personal and health information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

 

Specifically:

  • Clinical records are stored in Zanda Health, a secure Australian-based practice management platform

  • All personal and health data is stored on servers located within Australia

  • Access to records is restricted to authorised practitioners and administrative staff who have a need to access them in the course of providing services

  • Staff are trained in their privacy obligations and the requirements of this Policy

  • Paper records, where used, are stored securely and disposed of via confidential destruction

  • Electronic communications containing personal information are sent securely where practicable

 

Despite these measures, no data transmission or storage system can be guaranteed to be completely secure. If you have reason to believe your information has been compromised, please contact us immediately.

7. Retention of Records

We retain your health records for a minimum of 7 years from the date of your last appointment as an adult client. For clients who were minors at the time of treatment, records are retained until the client reaches the age of 25, or for 7 years from the last appointment, whichever is longer. These periods reflect Queensland Health guidance and professional indemnity requirements.

 

When records are no longer required to be retained, they will be securely destroyed or de-identified in accordance with applicable law.

8. Telehealth Services

Both practices offer telehealth consultations. The same privacy and confidentiality standards apply to telehealth as to in-person consultations. In addition:

  • Sessions are conducted via Zoom - please review that platform's own privacy policy

  • Sessions are not recorded without your explicit prior consent

  • You are responsible for ensuring your own environment is private during a telehealth session

  • Telehealth may not be appropriate for all presentations - your practitioner will advise if in-person attendance is preferable

​​

9. Children and Clients with Impaired Capacity

9.1 Minors

Where a client is under 18, we will seek consent from a parent or legal guardian, as well as the client's own assent where they have the maturity and capacity to provide it. A young person is considered capable of providing informed consent when they demonstrate sufficient understanding of the proposed service and its implications. Practitioners will assess this on a case-by-case basis.

 

9.2 Clients with Impaired Capacity

Where a client lacks capacity to provide informed consent, we will seek consent from a person with lawful authority to act on their behalf (e.g., a legal guardian, enduring power of attorney, or substitute decision-maker). We will still seek the client's assent to the extent practicable.

10. Use of Artificial Intelligence (AI) Tools

We recognise that AI tools are increasingly available in healthcare settings. In accordance with AHPRA's guidance on AI, we are committed to the following:

  • We will only use AI tools in the practice where they have been evaluated as appropriate for the specific use case and comply with applicable privacy and data governance requirements

  • If any AI tool is used in connection with your care - including AI-assisted documentation, note-taking, or clinical decision support - we will seek your informed consent before doing so and document your response in your clinical record

  • Your consent to the use of AI is separate from your consent to treatment and can be withdrawn at any time

  • Any AI tool used will store data within Australia and must comply with the Privacy Act 1988 (Cth)

  • The treating practitioner retains full professional responsibility for all clinical decisions and documentation, regardless of any AI tool used

 

At the time of this Policy, we use Zanda Bizzy AI with informed client consent.

11. Your Rights

11.1 Right to Access Your Information

You have the right to request access to the personal and health information we hold about you. To make a request, please contact us in writing at the address below. We will respond within a reasonable timeframe and may charge a reasonable fee for providing access where permitted by law. In some circumstances, we may be unable to provide full access. If so, we will explain the reason.

 

11.2 Right to Correct Your Information

If you believe information we hold about you is inaccurate, out of date, incomplete, or misleading, you may request that we correct it. We will take reasonable steps to correct the information or, if we disagree with the correction, note your request in the record.

 

11.3 Right to Anonymity

Where lawful and practicable, you have the right to interact with us without identifying yourself. However, given the nature of clinical health services, anonymity is generally not practicable for the provision of treatment.

12. Overseas Disclosure

We do not disclose your personal or health information to recipients located outside Australia. All data is stored and processed domestically. In the event this changes, we will update this Policy and seek your consent where required by APP 8.

13. Complaints

If you have a concern about how we have handled your personal information, we encourage you to contact us in the first instance so we can try to resolve the matter directly.

 

Contact for privacy complaints: info@lawrenceandco.com.au

 

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au

  • Phone: 1300 363 992

  • Post: GPO Box 5218, Sydney NSW 2001

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we provide. The current version will always be available on our website and at our practice reception. Material changes will be communicated to current clients directly where practicable.

 

If you continue to use our services after a change has been posted, you will be taken to have accepted the updated Policy.

 

 

Lawrence & Co Health Services Pty Ltd  |  Coorparoo, Brisbane QLD

This policy is effective as of 1 February 2026 and supersedes all previous versions.

bottom of page