Privacy Policy
Who we are
We are Lumus Imaging (being Lumus Imaging Holdings Pty Ltd and its related bodies corporate). We operate diagnostic imaging and nuclear medicine facilities in Australia under the brands Lumus Imaging, In Focus Radiology and Western Radiology. These include facilities inside hospitals, facilities co-located within medical centres, or standalone imaging facilities located in cities and towns across the country.
We operate as a service provider to employed and independent specialist medical practitioners (radiologists and nuclear medicine physicians) who conduct their practices at our facilities. We provide those specialists with services and support people (such as radiographers, sonographers and administrative staff) to provide you and your referring medical or health practitioner with diagnostic imaging and nuclear medicine services.
In operating our facilities, we collect, use and disclose personal information to help us to provide you with medical care. We know that your privacy is important, so we take the privacy of your personal information very seriously.
This Privacy Policy sets out how we comply with our obligations under the Australian Privacy Principles (APPs) prescribed by the Privacy Act 1988 (Cth) (Privacy Act) and other relevant State and Territory legislation in managing your personal information.
What personal information do we collect and hold?
Personal information is information or an opinion about an identified person, or someone who is reasonably identifiable, whether or not the information or opinion is true and whether the information or opinion is recorded in a material form or not.
The types of personal information we may collect and hold about you include:
Identity
- Name
- Address
- Date of Birth
- Sex
- Email address
- Telephone number
- Healthcare identifiers
- Last used IP address
Billing and administration
- Medicare Number
- Insurance membership number
- Credit card number
Medical
- Referring practitioner
- Copies of scans and details of procedures requested
- Radiologist reports
- Radiologist clinical notes
- Referring practitioner clinical notes
- Disease status
How do we collect and hold personal information?
We collect personal information about you in several ways, including from:
- information that is recorded on the request form your referring medical or health practitioner (for example, your GP or a specialist who is providing you with medical care) gives you when recommending that you obtain diagnostic imaging or nuclear medicine services;
- other persons or entities who ask us, or medical practitioners at our facilities, to perform diagnostic imaging or nuclear medicine services on your behalf (for example, the hospital/nursing home where you are a patient, a government department or your employer);
- someone who has responsibility for you (your parent, carer or guardian); and
- you directly.
When we receive a request for diagnostic imaging or nuclear medicine services in relation to you, we create a unique digital medical record for you. Every time a diagnostic imaging or nuclear medicine service is provided for you at one of our practices, new information is added to your medical record.
When you visit our websites, a small data file called a “cookie” is stored on your computer or mobile device by our server. We use cookies to maintain user sessions, save certain settings and data, and to generate statistics about the number of people that visit our websites. For example, cookies enable the website to remember your settings so you do not have to re-enter certain settings or data each time you visit the website. We may also collect your last used IP address when you use our websites. Generally, this information will not identify you and we do not link it back to your identity or other information that you have provided to us.
Why do we need your personal information and what do we do with it?
1. Patient care
We collect, maintain, use and disclose personal information about you in order to assist the medical practitioners at our facilities to provide you with appropriate care, treatment and services.
The information in your medical record is used by us and the medical practioners:
- to facilitate your appointments with us, including to send you appointment reminders and follow-ups;
- to ensure that you are provided the correct diagnostic imaging or nuclear medicine services;
- to interpret your diagnostic imaging or nuclear medicine images and to make an appropriate diagnosis;
- to provide you, your referring medical or health practitioner, or another medical practitioner treating you, with information to assist your medical care; and
- as a medical history for you, as images and associated reports relating to diagnostic imaging or nuclear medicine services provided at our facilities are added to your medical record over time. This medical history may allow medical practitioners to provide you with better care as it assists with identifying changes to your health over time.
We and the medical practitioners at our facilities disclose your scanned images and associated reports:
- to you, if you request a copy of your medical records;
- to the person who requested the diagnostic imaging or nuclear medicine service on your behalf (normally your GP or a specialist);
- to anyone else specified in the request for the diagnostic imaging or nuclear medicine service (your doctor may request that we disclose your scanned images and associated reports to other health professionals who are involved in your treatment);
- to health practitioners and hospital staff who have applied for and been granted access to our secure, password-protected, web-based portal (see below for more detail on the Secure Portal);
- to the Commonwealth Government by upload to your record within the My Health Record platform (adoption of this is managed on an opt-out basis and can be requested directly at the site);
- to other persons not specifically listed in the request for the diagnostic imaging or nuclear medicine service, but who appear to be providing health care services to you such as another medical imaging provider (we will only do this if we are reasonably satisfied that you have consented to this occurring, or there appear to be other reasons why this is appropriate – for example in an emergency);
- where the diagnostic imaging or nuclear medicine service was requested on your behalf by your employer or a government department, to that employer or government department; and
- to anyone else you request or consent to in writing.
Where a patient is under 18 years of age, or lacks capacity to consent, personal information may be collected from and disclosed to a parent, guardian, carer or authorised representative in accordance with applicable privacy and health records legislation.
Our Secure Portal
We operate a web-based portal for health practitioners and hospital staff to access the encrypted reports, images and other personal information we hold as part of your health records with us. The portal is subject to certain security controls such as password-protection. Health professionals and hospitals must apply to us for access and permission to use this portal.
Before we grant access, they must agree to our terms and conditions to do so which include that access is only for medical reasons and solely for your benefit, and that they will keep the information private and confidential. Health practitioners and hospital staff also have their own obligations under privacy laws, professional obligations and duties of confidentiality when dealing with your patient records.
Your records with us will be available to health practitioners and hospital staff that have been granted access to our secure portal. Our systems enable us to track and audit access to the files we hold. If you do not wish your records to be available to a particular health practitioner, you can request this in writing and we will action your request within a reasonable time. However please note that such a request may adversely affect that practitioner’s ability to provide you with medical care.
2. Operating our business
We collect, maintain, use and disclose your personal information in the ordinary course of our operations.
This includes managing our accounts and obtaining payment for the services provided to you on behalf of the medical practitioner who provided the services. Specifically, we will use and, where necessary, disclose your personal information to obtain payment from, as appropriate, Medicare Australia, you, your private health insurance fund or from any organisation responsible for payment of any part of your account, such as the Department of Veterans Affairs. This may also extend to disclosure of your personal information to a debt collector or a credit-checking agency.
We also use and disclose your personal information for the purposes of data entry, data analytics, support and maintenance of our systems (including medical software and equipment), security testing and the like.
If the circumstances require, we may disclose your personal information to our professional advisers, insurers or the insurers of medical practitioners at our facilities.
We may disclose your personal information to our related bodies corporate, for shared corporate, administrative, governance, technology, billing or compliance purposes, and they may use and disclose your personal information in the same manner that we do.
3. Teaching and research
We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services provided at our facilities. This may include sending you surveys to provide feedback to us on our services.
Entities undertaking research (for example universities) periodically request data from the medical records we hold. We provide identified data in response to these requests when authorised to do so by privacy laws that apply to us. This may include medical research that is conducted in accordance with approvals obtained from a Human Research Ethics Committee.
University students in healthcare disciplines who are undertaking clinical placements at our facilities may have access to and use your personal information, subject to strict confidentiality obligations.
De-identified information, including images and reports, may be used by us or provided to our suppliers and other third parties for the purposes of research and product development. This includes the development and training of software to assist diagnosis.
4. Marketing
If you are a healthcare professional, we may use personal information we collect to send you marketing communications about our products, services, offers or updates that may be relevant to you.
If you are a patient, we may use your personal information to send you communications in relation to the healthcare services we provide to you, which you cannot opt out of. This includes information about appointments, results and billing. If we otherwise send you marketing communications as permitted by law, you can opt out of receiving these at any time using the opt out features in any such communications or by contacting us.
We do not sell personal information to third parties.
5. Other uses and disclosures
We may use or disclose your personal information in other circumstances if you have given your consent, or where otherwise required or permitted by law.
What happens if we do not collect your personal information?
If you don’t provide us with all the personal information we request, the medical practitioners at our facilities may not be able to provide diagnostic imaging or nuclear medicine services to you.
How do we hold and secure personal information?
We take various steps to protect patient medical records from misuse, interference and loss and also from unauthorised access, modification and disclosure. This includes the use of technologies and processes such as access control procedures, network firewalls, virtual private networks, encryption and physical security to protect the privacy of your personal information.
We are subject to a range of rules relating to the periods for which health information and records must be retained. We are required to retain health information about you:
• for at least 7 years from the last occasion on which we provided a health service to you – if we collected the information when you were 18 years old or older; or
• at least until you turn 25 – if we collected the information when you were less than 18 years old.
Anonymity and pseudonymity
In limited circumstances, you may be able to interact with us anonymously or using a pseudonym. However, due to the nature of diagnostic imaging and nuclear medicine services, it is generally impracticable for us to provide medical services, manage clinical records, or comply with legal and professional obligations unless you identify yourself.
Do we transfer personal information overseas?
We may disclose your personal information to our related bodies corporate, or to third parties, which are based overseas including, but not limited to, New Zealand, the United Kingdom, the European Union, Switzerland, the United States, Canada, Mexico, Colombia, Israel, Qatar, Saudi Arabia, UAE, South Africa, Hong Kong, Singapore, Georgia, India, Malaysia and the Philippines. These companies provide billing, payment and other administrative services, data-entry, data analytics, radiology reporting and IT support services to us.
Can you access your personal information we hold?
You may request access to the personal information we hold about you. You can also request that corrections be made to it. We will respond to your request within a reasonable time.
There are some circumstances where we are not required to give you access to or correct your personal information. We will normally give you a written notice setting out our reasons for not complying with your request and informing you of how you can complain about our refusal.
There is no fee for requesting access to your personal information or for us to make corrections. However, we will charge a fee for our costs involved in collating and providing you with access to any personal information. That fee is payable before access is given.
Use of Artificial Intelligence in clinical and administrative services
We may utilise Artificial Intelligence (AI) technologies to support our clinical staff in diagnostic assistance, workflow optimisation, and administrative functions. These technologies are designed to enhance the quality, safety, and efficiency of our healthcare services .
We implement governance, risk management, and approval processes prior to deploying AI technology, which includes assessments of clinical safety, data protection, cybersecurity risks, and compliance with applicable laws. Where we use AI technologies for diagnostic assistance, patient data is de-identified or anonymised prior to use, and AI outputs are used strictly as decision-support tools and do not replace clinical judgement. All clinical decisions and patient care outcomes remain the responsibility of qualified healthcare professionals.
We may use personal information with AI technologies for the purposes of workflow optimisation and administrative functions. However we do not currently do this in a way that is substantially and directly related to making a decision that could reasonably be expected to significantly affect the rights or interests of an individual.
We will update this policy as AI technology evolves, and our use of AI changes over time with a view to further enhancing the quality, safety and efficiency of our healthcare services.
What to do if you would like to make a complaint about a breach of the Australian Privacy Principles
If you have any concerns about how we handle your personal information, or you wish to make a complaint on the basis that we have breached the APPs or other privacy regulations, please contact us using the details below.
We will respond to your complaint within a reasonable time after it is made. This time may vary depending on the circumstances, including the level of investigation required.
How to contact us
Email: privacyofficer@lumusimaging.com.au
Telephone: 02 8551 9000
Post: Level 4, 12 Help St, Chatswood NSW 2067
Attention: Privacy Officer
If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner by phoning 1300 363 992, by email at enquiries@oaic.gov.au or using the Privacy Complaint Form available on their website.
Privacy Policy Last Updated: June 2026