Privacy Policy

Current as of: June 2018


This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information and photographs) is collected and used by Dr Mark Lee and his employee’s, and the circumstances in which we may share it with third parties.   This policy establishes the reasons for collecting personal information, how the information will be used and to whom, if necessary, the information is disclosed.

Dr Mark Lee is open and transparent in the management of patients/clients’ personal information.  We are committed to protecting the privacy of our patients and clients and of other individuals and organisations that communicate with our practices.  We comply with the Australian Privacy Principles (APPs) and will update our policy and procedures when required to continue to adhere to the APPs.

A copy of our Privacy Policy is available on our websites and can be obtained in writing, free of charge, on request.

If you have specific concerns please contact our office on (08) 9382 3340 or email

The Privacy Act 1988 gives individuals the right to complain if you think we have not complied with the Australian Privacy Principles in handling your personal information. We ask that in the event that you wish to complain about a breach of our policy, please initially address your complaint in writing to, or by mail at 22/3 Wexford Street, Subiaco 6008 with ‘Privacy Officer’ as the subject.  We will address your complaint as directly as possible, usually within 48 hours, and liaise with you during the period of the investigation.  We regard the matter very seriously and will attempt to correct any breach as soon as practical.  In the event a breach does occur, we will comply with the Notifiable Data Breaches (NDB) scheme and we will address our procedures immediately so as not to allow another breach of that nature.  An individual has the right to contact the Office of the Privacy Commissioner on 1300 363 992 or go to .  You can also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit or call the OAIC on 1300 363 992.

What is personal information, sensitive information and credit related information?

The term “personal information” is defined by the Privacy Act 1988. “Personal information” is information or an opinion that can be used to identify you. This might include personal details like your name, address, date of birth, other contact information like your email address and phone number and financial information like your credit card number or bank details.

“Sensitive information” is a type of personal information. Sensitive information can include information like your racial or ethnic origin, health information, political opinions, membership of a political association, professional or trade association or trade union and criminal record.

Sometimes, the personal information we collect from you will constitute credit related personal information. “Credit related personal information” is defined by the Privacy Code. Credit related personal information can include information about your identity, repayment history information, whether you have overdue payments, whether you have ever been the subject of credit related court proceedings or insolvency proceedings and whether, in the opinion of a credit provider, you have committed a serious credit infringement.

This Privacy Policy applies to personal information, sensitive information and credit related information collected by us, whether we have asked for the information or not.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for Dr Mark Lee and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to communicate with you and to manage your health and we limit the information held. We also use your personal information for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training). Other reasons we might use your personal information include:

  • to refer you to another medical practitioner or health care provider;
  • in sending specimens, such as wound swabs, for analysis;
  • to refer you to a hospital for treatment and/or advice;
  • in connection with the management of our practice; and
  • in connection with quality assurance, practice accreditation and complaint handling.

What personal information do we collect?

The information we will collect about you includes your:

  • names, date of birth, addresses, contact details
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details
  • Pre-operative and post-operative photographs
  • ethnicity
  • billing and account details
  • any information sent to us through correspondence

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. In most situations, we will be unable to provide you with services if you do not provide us with your personal information.

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

  • When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
  • During the course of providing medical services, we will collect further personal information.
  • We will also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
  • In some circumstances personal information will also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly, including if it is an emergency and we are unable to obtain your consent. This may include information from:
    • your guardian or responsible person
    • other involved healthcare providers, such as GP’s, allied health professionals (like physiotherapists, occupational therapists, psychologists, pharmacists, dentists and nurses), hospitals, day surgery units, community health services and pathology and diagnostic imaging services
    • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

When, why and with whom do we share your personal information?

We sometimes share your personal information:

  • with third parties who are related to us, which is outlined in more detail below;
  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • Government institutions when required by law (eg Medicare Australia, the Department of Veterans’ Affairs and the Department of Human Services)
  • Solicitors and insurance companies involved in your care and when we have a signed authority from you to do so or when you have directed us to contact the solicitors and/or insurance company on your behalf by supplying us with the relevant contact details
  • Dr Mark Lee’s Insurance Company, and other business organisations, if required to ensure the business activities of Dr Mark Lee and his related companies are insured or otherwise covered. Disclosure of personal information if necessary in this case is of a general nature and is de-identified.
  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • for the purpose of confidential dispute resolution process, which would involve disclosing information to our solicitors, our insurers and their solicitors
  • when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
  • during the course of providing medical services, through eTP

It is unlikely that we would be required to disclose your personal information to overseas recipients but in the event that this is necessary, your information will be de-identified to the extent necessary to make sure your privacy is respected.

At times, it may be necessary for other organisations or contractors to view or access information to facilitate the operation of our practices. Where this occurs, such access shall be limited to necessary information only and in accordance with the terms of this policy. Temporary secretaries.

If you do not wish for your personal information to be disclosed to another organisation please indicate at the time your information is collected. This will be noted on your patients and/or client records and every effort will be made to respect this wish.

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Except when it is reasonably expected that we do so, requests made to access your personal details, will not be granted unless we receive express permission by you.  Under no circumstances will staff provide details of your personal information when it is not necessary. Dr Mark Lee will only disclose your details when medically necessary and in order to perform our undertaking to you.  All staff at our Clinics are aware of our policy in terms of protecting the privacy of personal information and of the legislation regarding this.

If you would like to check what information is held about you, you can contact Dr Mark Lee, by emailing or telephoning (08) 982 3340

Related Bodies

Dr Mark Lee will disclose information which may identify you, to Enhance Plastic Surgery Pty Ltd (ESPS) to allow ESPS to provide business services to Dr Mark Lee, including the provision of reception services and nursing staff, but always for the primary purpose for which the information was collected.  Sometimes, other doctors, including Dr Timothy Hewitt, will provide leave cover for Dr Mark Lee. In these circumstances, Dr Mark Lee will disclose information which may identify you to those doctors so that they can deliver services to you. All doctors are bound by the same confidentiality obligations as Dr Mark Lee.

How do we store and protect your personal information?

Dr Mark Lee is committed to ensuring that the personal information held about you is maintained in a form that is accurate, complete and up-to-date. The storage, use and, where necessary, the transfer of your personal information will be undertaken in a secure manner that protects your privacy.

Your personal information may be stored at our practice in various forms e.g. as paper records, electronic records, visual records (X-rays, CT scans, videos and photos) and audio recordings.

Mark Lee retains the information you provide to us including possibly your contact and credit card details to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. This information is held on secure servers in controlled facilities.  Personal information is de-identified or destroyed securely when no longer required by us.

We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.  Our practice stores all personal information securely via physical security measures utilized to protect our medical offices, electronic security such as 2-factor authentication, and secure off site back up of electronic records.  In addition all employees and contractors to Dr Mark Lee are required to sign confidentiality agreements and all staff are trained on our privacy policy.

Over and above the provisions of this privacy policy, you can be assured that information you provide to the Dr Mark Lee, particularly with regard to sensitive matters, will be kept strictly confidential as far as legally possible.

Where external organisations require access or to view information held by us, they will be required to provide details of their privacy policy and confidentiality agreements, as appropriate.

We will take reasonable steps for the circumstance to protect the information we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.

In circumstances where the information we hold is no longer required by us and we are not required by law to retain the information we will take reasonable steps to destroy the information in a manner that protects the privacy of the information or ensure that it is de-identified.

How can you access and correct your personal information at our practice?

Dr Mark Lee’s patients and clients are entitled to request access and seek corrections in relation to personal information. The request for access to personal information should be made directly to our offices via email or in writing to   We can confirm personal details held on file regarding you however you must be able to confirm your identity on request.   If Dr Mark Lee or his staff have concerns regarding any requests for access, we reserve the right to respond in writing.

In the event that we charge for giving access to personal information, the charge will not be excessive and will not apply to the making of the request.

We are not required to give access to the personal information we hold to the extent that:

  1. we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
  2. giving access would have an unreasonable impact on the privacy of other individuals; or
  3. the request for access is frivolous or vexatious; or
  4. the information relates to existing or anticipated legal proceedings between us, and the information would not be otherwise accessible by the process of discovery in those proceedings; or
  5. giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
  6. giving access would be unlawful; or
  7. denying access is required or authorised by or under an Australian law or a court/tribunal order; or
  8. both of the following apply:
    1. we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the our functions or activities has been, is being or may be engaged in;
    2. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
  9. giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
  10. giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.

If we refuse to access, we will provide a written notice of the reason(s) for refusal except when unreasonable to do so.

If we are satisfied that the information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading and/or you request us to correct the information, in reasonable circumstances, we will correct that information to ensure that having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.   If relevant, we will notify third parties to whom we have previously disclosed the information unless it is impracticable or unlawful to do so.

In the event that we refuse to correct the information we hold on you, we will provide a written explanation to you of the reason(s) for refusal and the opportunities available to you to complain about the refusal, when it is reasonable to do so.  In circumstances where we have refused to correct personal information we hold on you, that you have requested us to do so, if you also request us to associate a statement from you that the information is inaccurate, out of date, incomplete, irrelevant or misleading we will take reasonable steps to do so.

When requests regarding access and/or correction of your personal information are made, we will deal with these requests within a reasonable period after the request is made and will not charge you for making the request, correcting the personal information or associating the statement with the personal information (whichever the case may be).

Privacy and our website

Dr Mark Lee collects information from his website using “IP files”.

When you visit the Dr Mark Lee website to read, browse or download information, our system will record/log your IP address (the address which identifies your computer on the internet and which is automatically recognised by our web server), date and time of your visit to our site, the pages viewed and any information downloaded. This information will only be used for the purpose of site analysis and to help us offer you improved online service. We may automatically collect non-personal information about you such as the type of Internet browsers you use or the site from which you linked to our Web Sites. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Web Sites.

Our web site may contain links to other web sites and those third party web sites may collect personal information about you. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. Dr Mark Lee encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information

No data transmission over the Internet can be guaranteed to be 100 per cent secure. As a result, while we strive to protect a user’s personal information, Dr Mark Lee cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once Dr Mark Lee receives your transmission, it makes every effort to ensure its security on its systems.  Ultimately, you are solely responsible for keeping your passwords and/or account information secret. You should be careful and responsible whenever you are online.


We do not currently use 3rd party vendor re-marketing tracking cookies but we may use these in the future. This paragraph will apply if we use 3rd party vendor re-marketing tracking cookies.

We use 3rd party vendor re-marketing tracking cookies, including the Google Adwords tracking cookie. This means we will continue to show ads to you across the internet, specifically on the Google Display Network (GDN). As always, we respect your privacy and are not collect any identifiable information through the use of Google’s or any other 3rd party remarketing system.

The third-party vendors, including Google, whose services we use, will place cookies on web browsers in order to serve ads based on past visits to our website. Third party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website. This allows us to make special offers and continue to market our services to those who have shown interest in our service.

You can opt out of this feature by visiting the following link: [Google Analytics opt-out browser add-ons]

Google Analytics Demographics & Interest Reporting

We do not currently use Google Analytics but we may use this in the future. This paragraph will apply if we use Google Analytics.

Our website uses cookies to facilitate the sampled reporting of demographics and interests of its visitors within Google Analytics. Our website will not merge or facilitate the merging of personally-identifiable information with non-personally identifiable information previously collected from Display Advertising or divulge this information to any third parties.

This data is used to provide better services and more relevant content to our users based on demographic and interest data.

You can opt out of Google’s use of cookies by visiting the Ads Preferences Manager. Also, you can opt out of other third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page, set out above.

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. Changes made to our Privacy Policy will be posted on our website so that users are always aware of what information is collected, how it is used and the way in which information may be disclosed. As a result, please remember to refer back to this Privacy Policy regularly to review any amendments.

Acceptance (website only)

You accept that your use of this site includes your acceptance of this Privacy Policy and the Terms of Use.