Privacy Policy

Dr Filip Cosic ("we", "us", "our") is committed to protecting the privacy and confidentiality of your personal information, including your health information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, hold, disclose, and protect your personal and health information. It applies to all patients and individuals who interact with our practice, including through our website at www.drfilipcosic.com (the "Website").

By engaging with our practice or using our Website, you consent to the collection and use of your information as described in this policy.

1. Information We Collect

1.1 Personal information

• Full name, date of birth, and gender
• Contact details including address, phone number, and email address
• Medicare number, private health fund details, and DVA or WorkCover/TAC claim details
• Emergency contact details
• Billing and payment information (credit card numbers are processed securely and not retained)

1.2 Health information

• Medical history, current medications, allergies, and previous surgical history
• Referral letters and clinical correspondence from other treating practitioners
• Diagnostic imaging results (X-rays, MRI, CT scans) and pathology reports
• Clinical notes, examination findings, and treatment records
• Surgical records, operative reports, and post-operative progress notes
• Information about lifestyle factors relevant to your orthopaedic care

1.3 Website and online information

When you visit our Website we may automatically collect technical information including your IP address, browser type, pages visited, and date and time of visit. When you submit an enquiry through our contact form we collect your name, email address, phone number, and the content of your message.

Contact form submissions are delivered to our practice email, provided by Google Workspace, and your information may be entered into our clinical practice management system (Gentu/Magentus) if you become a patient. We recommend you do not include sensitive health information in Website contact forms.

1.4 How information is collected

We collect information directly from you, from your referring doctor, from other healthcare providers involved in your care, from hospitals and day procedure centres, from WorkCover Victoria, TAC, or DVA where applicable, and automatically through cookies when you use our Website.

2. How We Use Your Information

Your personal and health information is used to:

• Provide you with orthopaedic medical care, assessment, and treatment
• Respond to enquiries submitted through our Website
• Communicate with your referring doctor and other treating healthcare providers
• Arrange hospital admissions, theatre bookings, and procedure scheduling
• Process Medicare, private health fund, WorkCover, TAC, or DVA claims
• Send appointment reminders and follow-up communications
• Manage practice administration and billing
• Operate and improve our Website
• Comply with legal and regulatory obligations
• Quality improvement and clinical audit activities (de-identified where possible)

3. Disclosure of Your Information

3.1 Treating healthcare providers

With your implied or express consent, we share clinical information with your GP, other specialists, anaesthetists, hospitals, physiotherapists, and radiologists involved in your care.

3.2 Third-party payers

We may disclose information to Medicare Australia, your private health insurer, WorkCover Victoria, the TAC, or the Department of Veterans' Affairs as required to process claims.

3.3 Technology and service providers

We use third-party technology providers including:

• Gentu/Magentus — clinical practice management software on secure Australian cloud servers
• Google LLC (Google Workspace) — our practice email; contact form submissions are transmitted to and stored in our Google Workspace account. Google's servers may be located outside Australia.
• Website hosting provider and analytics providers

3.4 Other disclosures

We may disclose your information where required by law (e.g. mandatory notifications to AHPRA, coroners, or child protection authorities) or where you have provided express consent. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Storage and Security

Your clinical records are stored securely in Gentu on Australian cloud infrastructure with encryption, access controls, and regular security assessments. Website contact form submissions are transmitted using HTTPS/TLS and stored in our Google Workspace account.

We take reasonable steps to protect all information from misuse, interference, loss, and unauthorised access. Our staff are trained in privacy obligations and are bound by confidentiality requirements.

In the event of a data breach likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

5. Retention of Records

We retain medical records for a minimum of seven (7) years from the date of the last entry for adult patients, or until the patient reaches 25 years of age where the patient was a minor. Records are disposed of securely after the required retention period.

6. Accessing and Correcting Your Information

You have the right to request access to the personal and health information we hold about you, and to request corrections if that information is inaccurate, incomplete, or out of date. Please contact us in writing using the details below. We will respond within 30 days. There is no charge for making a request, however a reasonable fee may apply for the cost of retrieving and providing records.

7. My Health Record

We may access or upload information to your My Health Record as authorised by the My Health Records Act 2012 (Cth). If you do not wish for us to access or upload to your My Health Record, please advise us in writing.

8. Sensitive Information

Health information is classified as sensitive information under the Privacy Act 1988 (Cth) and attracts a higher level of protection. We will only collect sensitive information that is reasonably necessary for your medical care. We recommend you avoid submitting sensitive health information through our Website contact form or by unencrypted email.

9. Overseas Disclosure

Some of our technology providers, including Google (Google Workspace), process and store data on servers located outside Australia. By submitting information through our Website contact form or communicating with us by email, you acknowledge that your information may be processed on overseas servers. We take reasonable steps to ensure these providers handle your information consistently with the Australian Privacy Principles.

10. Privacy Complaints

If you have a concern or complaint about the way we have handled your personal information, please contact us in the first instance using the details below. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

11. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on our Website. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to access, correct, or complain about the handling of your personal information, please contact:

13. Cookies and Website Analytics

Our Website may use cookies — small text files placed on your device when you visit. We may use:

• Essential cookies — necessary for the Website to function correctly
• Analytics cookies — to understand how visitors use our Website, collected in anonymised or aggregated form (e.g. Google Analytics)

You can control or disable cookies through your browser settings. Disabling certain cookies may affect Website functionality.

Our Website may use Google Analytics. You can opt out by installing the Google Analytics Opt-out Browser Add-on. For more information see Google's privacy policy at policies.google.com/privacy.

This Privacy Policy was last reviewed and updated on 26 May 2026. It is consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.