Forensic Medical Consultants understands the importance of privacy and is committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles, which set out how private sector organisations must handle and treat "personal information" and "sensitive information". 

We are committed to protecting any personal information that we hold. This Privacy Policy details how we generally collect, hold, use and disclose personal information and your rights in relation to the personal information that we hold about you. 

"Personal information" means information or opinions about an individual whose identity can be apparent or can reasonably be ascertained from the information.

"Sensitive information" means personal information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a trade union, sexual preferences or practices, criminal record. It also includes your health information or genetic information. 

What kinds of personal information do we collect and hold? 

• name, job title, and contact details 
• communications between you and us 
• financial information 

 What kinds of sensitive information do we collect and hold? 

• health information, including medical records and other health information relevant to a referral 
• criminal history information where relevant and lawfully provided to us 
• insurance and claims information relevant to the referral 
• other sensitive information contained in documents or records provided to us in connection with our services, where permitted by law 

How we collect personal information 

We generally collect personal information from our instructing clients, including insurers, law firms, employers and other referrers, or from the individual concerned where appropriate. We may also receive personal information contained in medical records, correspondence, expert reports and other documents lawfully provided to us as part of a referral. We do not conduct independent inquiries, searches or investigations about individuals. 

Where personal information about you is provided to us by an instructing client or contained in referral material supplied to us, we rely on that party to have authority to provide the information to us and to have taken any steps required by law in relation to that disclosure. 

If you supply us with personal information about another individual, we ask you to assist us by referring that person to this Privacy Policy. 

 Other individuals 

In the course of providing services to our clients, we may receive personal information about other individuals that is contained in referral materials and related documents, including treating practitioners, legal representatives, claims personnel, employers and other persons involved in the relevant matter. The nature of the information will depend on the circumstances of the referral, but may include names, contact details, professional details, correspondence and, where relevant, sensitive information. 

If you approach us for information (such as government departments, regulatory authorities or media) we may record your name and contact details and collect additional personal information about you to verify your identity and consider whether to provide you with the information that you have requested. 

Service Provider 

If you are a business service provider to Forensic Medical Consultants, personal information about you, including your name, company title, contact and banking details may be collected for us to contact you and to facilitate payment of any applicable service fees. 

How Forensic Medical Consultants may use your personal information 

Unless you provide Forensic Medical Consultants with your consent, Forensic Medical Consultants will only use the personal information collected for the primary and related purposes that Forensic Medical Consultants disclose at the time the information is collected and as set out in this Policy. 

How we hold personal information 

We hold personal information in hardcopy files and in electronic form and take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. 

We store hardcopy files in locked cupboards within access-controlled premises. Under our records management system, access to files is appropriately limited. No unauthorised staff member can have access to your personal information. All staff are aware of this policy. In-service training and compliance audits regarding privacy are conducted regularly. We also store hardcopy files with an offsite storage provider and access is strictly controlled.  

Any hardcopy material that is not required to be stored is securely shredded onsite by authorised staff. 

We store electronic records within our own secure network and through third party data storage providers. Personal information within our network is password protected and access is appropriately limited. 

Our third-party data storage providers are required to protect personal information in accordance with applicable laws and take appropriate technical and organisational measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage. 

We retain personal information only for as long as it is required for our functions and activities, including to provide our services, comply with legal, regulatory, professional, insurance and record-keeping obligations, resolve complaints or disputes, and enforce our rights. When personal information is no longer needed for these purposes and we are not required or authorised by law to retain it, we will take reasonable steps to destroy it or ensure that it is de-identified, in accordance with APP 11.2.

The purposes for which we collect, hold, use and disclose personal information 

We collect, hold, use and disclose personal information for the purposes for which it was collected, related purposes, and other purposes including: 

• reviewing referral materials and related records provided to us 
• preparing expert forensic medical opinions and reports 
• communicating with our clients, the individual concerned where appropriate, and other relevant persons in connection with our services 
• billing, payment processing, administrative management and record keeping 
• complying with our legal, regulatory and professional obligations and otherwise carrying out our functions as providers of expert opinion in clinical forensic medicine. 

Overseas disclosures of personal information 

Aside from the purposes set out above, we do not disclose personal information to overseas recipients. 

 Notifiable Data Breaches

If we experience an eligible data breach, we will comply with our obligations under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act, including by carrying out an assessment where required and notifying affected individuals and the Office of the Australian Information Commissioner where the law requires us to do so.

Disclosures required or authorised by law and legal privilege

We may use or disclose personal information where required or authorised by law, including in response to subpoenas, court or tribunal orders, compulsory notices, or lawful requests from regulators or government agencies. Where appropriate, we may object to or seek to limit a disclosure, including on the basis of confidentiality, relevance, scope, or any applicable privilege. Nothing in this Privacy Policy is intended to waive any duty of confidentiality or any applicable legal professional privilege, and we will handle requests for information consistently with our legal obligations.

Access to your personal information 

You have a right to request access to personal information that we hold about you and request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. You may do so by contacting our Privacy Officer at the details below. We will respond to all requests for access to or correction of personal information within a reasonable period. 

In some cases, in accordance with the Privacy Act, we may charge you a fee for access to personal information we hold about you or refuse to give you access to personal information we hold about you. 

 Complaints 

If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Privacy Officer at the details below. 

We will respond to complaints within a reasonable period (usually 30 days). 

If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing [email protected]. 

 Privacy Officer 

If you would like more information about the way we manage personal information, would like to request access to or correction of personal information that we hold about you, or wish to make a complaint, please contact our Privacy Officer by email at [email protected]. 

Changes to our privacy policy

Our Privacy Policy was last updated on January 2026