Login
Enquire Now

Notice of Health Information Privacy Practices

PK27 Performance Medicine
Last Revised: 19 August 2025

This notice explains how we handle your health information and the rights you have. Please read carefully.

1) Who we are & what this notice covers

This Notice applies to PK27 Performance Medicine (“PK27”, “we”, “our”, “us”) in relation to health information as defined by the Privacy Act 1988 (Cth), the APPs, and applicable state/territory health privacy laws (including the Health Records Act 2001 (Vic)).

“Health information” includes information about your health, medical history, services provided, test results (including genomic and epigenomic information), and any information that identifies you.

PK27 principles

  • You hold your results. DNA results are yours; you choose if/when to share them with us.
  • No ownership by PK27. We do not sell or repurpose your genomic data.
  • Epigenomic tests are de-identified. These are used for insights, benchmarking, and research without identifiers.

2) How we use and disclose your health information

  1. Treatment

To provide, coordinate and manage your care, including sharing information with PK27 clinicians and third-party specialists or laboratories authorised by you.

  1. Payment

To arrange billing for clinical services (including Medicare where applicable) and to verify eligibility/entitlements. Medicare rebates are retained by you; see the Terms of Service for program-fee details.

  1. Health care operations

For quality assurance, safety, training, accreditation, audit, IT/security, analytics (using de-identified data where possible), and regulatory compliance.

  1. Research & product improvement
  • Epigenomic data are de-identified before analysis or research use.
  • Identifiable information will only be used for research with your consent or as otherwise permitted by law.

3) Disclosures without your consent (as permitted/required by law)

We may disclose information to:

  • Government regulators and oversight bodies (e.g., for quality/safety, Medicare purposes)
  • Public health authorities (e.g., to prevent or manage serious threats to life, health or safety)
  • Report suspected abuse/neglect when required
  • Courts, tribunals or law-enforcement under lawful direction
  • Compensation bodies and other agencies where legally required
  • Other disclosures authorised or required under Commonwealth or Victorian law

We always apply the minimum necessary principle consistent with legal requirements.

4) Disclosures requiring your consent

Your consent is required for:

  • Sharing with providers not involved in your care
  • Direct marketing using your health information (we do not do this without consent)
  • Any sale of health information (we do not sell)
  • Use/disclosure of psychotherapy notes except as permitted by law

You may withdraw consent at any time; this will not affect uses/disclosures already made in reliance on your consent.

5) Your rights

Under the APPs and Victorian health privacy laws, you have the right to:

  • Access: Request access to health information we hold about you.
  • Correction: Request corrections if information is inaccurate, incomplete or not up-to-date.
  • Restriction: Ask us to limit certain uses/disclosures where lawful and practicable.
  • Confidential communications: Request contact via alternative means/addresses (we will accommodate reasonable requests).
  • Anonymity/pseudonymity: Where lawful and practicable, you may interact with us anonymously or using a pseudonym.
  • Copy of this Notice: Obtain a paper or electronic copy at any time.
  • Withdrawals of sharing: Revoke our access to your DNA or other data you previously shared.

We will respond to access/correction requests within a reasonable timeframe. If we refuse a request (e.g., due to legal constraints), we’ll tell you why and how to complain.

6) Security, storage & overseas disclosures

  • We use administrative, physical and technical safeguards (including encryption and access controls).
  • Data are stored in Australia where possible. If we use overseas cloud or service providers, we take reasonable steps to ensure they protect your information to Australian standards.
  • We retain health information only for as long as required by law and for legitimate business/clinical purposes, then securely destroy or de-identify it.

7) Data breaches

If an eligible data breach occurs that is likely to cause serious harm, we will notify you and the OAIC as required under the Notifiable Data Breaches Schemeas soon as practicable with details and support pathways.

8) Changes to this Notice

We may update this Notice from time to time. The latest version will be posted on our website; significant changes will be communicated directly where appropriate.

9) Complaints & escalation

If you have concerns about how we handle your health information, please contact us first. We will investigate and respond promptly.

If you are not satisfied, you may contact:

  • Office of the Australian Information Commissioner (OAIC) – oaic.gov.au | 1300 363 992
  • Health Complaints Commissioner (Victoria) – hcc.vic.gov.au | 1300 582 113

10) Contact us (Privacy Officer)

PK27 Performance Medicine
Suite 70, Level 7, 166 Gipps St, East Melbourne VIC 3002
Phone: (03) 9999 9805
Email: reception@pk27.com (Attn: Privacy Officer)

PK27 data-model clarifications (specific & patient-centric)

  • DNA results: Generated by third-party labs you choose. PK27 does not hold your raw DNA data unless you share it for interpretation. You can revoke our access at any time.
  • Epigenomic tests: Collected via validated partners; results are de-identified before any analysis, benchmarking or research; no re-identification.
  • My Health Record: We will only upload or access information in My Health Record where applicable with your consent and in accordance with law.
  • Marketing: We do not use your health information for direct marketing without your consent, and we never sellyour data.