Take the next step & book today

YOUR DETAILS

We work closely with our General Practitioner colleagues to provide you with comprehensive and co-ordinated care
Please Contact Me By

YOUR ENQUIRY

Which service are you interested in?

Privacy Policy

Last updated: 5 July 2026

Upper Edge Surgery (“we”, “us”, “our”) is the surgical practice of
Dr Goutham Sivasuthan, Specialist Minimally Invasive and Endoscopic Surgeon
(FRACS; AHPRA MED0002000354). We are committed to protecting your privacy and handling your
personal and health information in accordance with the Privacy Act 1988 (Cth),
the Australian Privacy Principles (APPs), and applicable state health-records
legislation. This policy explains what information we collect, how we use and protect it, and how
you can access it or make a complaint.

The information we collect

The information we collect depends on your interaction with us. It may include:

  • Identity and contact details — your name, date of birth, address, phone
    number, email address and, where relevant, your emergency contact or next of kin.
  • Health information — your medical history, symptoms, examination and
    investigation findings, diagnoses, medications, allergies, family history, and the details of
    the care we and other practitioners provide. Health information is sensitive information
    and receives a higher level of protection under the Privacy Act.
  • Government and funding identifiers — your Medicare number, Individual
    Reference Number (IRN), Department of Veterans’ Affairs (DVA) number, pension or
    concession details, and private health-fund membership, where these are relevant to your care
    or to claiming a benefit.
  • Billing and payment information — invoices, payments, and (where you pay by
    card) transaction records processed by our payment provider. We do not store full card numbers.
  • Interactions with us — appointment bookings, correspondence, consent forms
    (including any Medicare assignment-of-benefit you sign electronically), and records of the SMS
    and email messages we send you.
  • Website information — when you use our website we may collect technical data
    such as your IP address, browser type and pages visited, and any details you submit through an
    enquiry or registration form.

How we collect your information

Wherever practicable we collect your information directly from you — for example when you
register, complete a form, attend an appointment, or contact us. We may also collect information
from:

  • your referring general practitioner or specialist, and the referral they provide;
  • other treating practitioners, hospitals, day-surgery facilities, pathology and radiology
    providers involved in your care;
  • Medicare, the DVA and your private health fund, where relevant to a claim or your cover;
  • a parent, guardian, carer or authorised representative acting on your behalf.

If we collect information about you from a third party, we take reasonable steps to ensure you
are aware of this policy.

Why we collect and use your information

We collect, hold, use and disclose your personal and health information for purposes connected
with providing you with safe, coordinated surgical and medical care, including:

  • assessing, planning, providing and reviewing your treatment;
  • communicating with you and with other practitioners involved in your care;
  • booking appointments and procedures and sending you appointment reminders and information;
  • billing, and claiming Medicare, DVA or health-fund benefits on your behalf where you have
    assigned them;
  • the administrative and quality-improvement functions of running the practice;
  • meeting our legal and professional obligations.

We will only use your information for a purpose you would reasonably expect, or for a directly
related purpose, unless you consent otherwise or the law requires or permits it.

When we disclose your information

We disclose your information only as necessary for your care and for the purposes described
above. This may include disclosure to:

  • your referring doctor, general practitioner and other treating practitioners;
  • hospitals, day-surgery and anaesthetic providers, and pathology and radiology services;
  • Medicare, the DVA and your private health fund for claiming and eligibility;
  • the My Health Record system, where applicable and consistent with your choices;
  • our contracted service providers (such as our practice-management, secure-messaging,
    communications, payment and IT providers) who are bound to protect your information;
  • a person responsible for you, where you are unable to consent and disclosure is necessary;
  • others where you consent, or where we are required or authorised by law to do so.

We do not sell your personal information, and we do not disclose it for marketing by third
parties.

Storage, security and overseas handling

We take reasonable steps to protect your information from misuse, loss, and unauthorised access,
modification or disclosure. Our patient records are held in secured, access-controlled systems;
identifying information in our patient database is encrypted, and access is limited to authorised
staff on a need-to-know basis.

Our patient database is hosted in Australia. Some of the third-party services we
use to run the practice and website (for example website-security, communications, payment and
email providers) are operated by organisations that may store or process data on servers located
overseas. Where this occurs we take reasonable steps to ensure your information is
handled consistently with the Australian Privacy Principles.

We retain health records for the periods required by law. In general, adult health records are
kept for at least seven years from the date of last contact, and records for a person under 18 are
kept until they turn 25 — whichever is longer. Signed Medicare assignment-of-benefit records are
retained for at least two years as required by law.

Appointment reminders and communications

With your consent, we send appointment confirmations, reminders and related information by SMS
and email. You can opt out of these at any time by contacting us or by replying STOP
to an SMS; essential communications about your care may still be sent by other means.

Accessing and correcting your information

You have the right to request access to the personal information we hold about you, and to ask us
to correct it if it is inaccurate, out of date or incomplete. To make a request, contact our
Privacy Officer using the details below. We will respond within a reasonable period. In limited
circumstances we may decline access as permitted by law, in which case we will explain why and how
you may seek review.

Cookies and website analytics

Our website may use cookies and similar technologies to help the site function and to understand
how it is used. You can set your browser to refuse cookies, though some parts of the site may not
work as intended. Any information you submit through our website forms is transmitted securely.

Complaints

If you have a concern about how we have handled your personal information, please contact our
Privacy Officer first so we can try to resolve it. If you are not satisfied with our response, you
may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at
www.oaic.gov.au or on 1300 363 992.

Changes to this policy

We may update this policy from time to time. The current version is always available on our
website, and the “last updated” date above shows when it last changed.

Contact us — Privacy Officer

To ask about this policy, request access to your information, or make a complaint, please
contact:

The Privacy Officer — Upper Edge Surgery
Watkins Medical Centre, Level 7, Suite 351, 225 Wickham Terrace, Spring Hill QLD 4000
Phone: (07) 3333 5518
Email: [email protected]