Privacy Policy

March Ahead

Last Updated: November 2025

This Privacy Policy is effective from 20 November 2025.

Your privacy matters to us. This Privacy Policy explains how March Ahead Pty Ltd handles your personal and health information in line with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and all other applicable health privacy laws. It also outlines how we protect your data, your rights, and how to make a complaint.

This policy includes how we manage privacy in a predominantly telehealth service model, and how we use AI-assisted tools for non-clinical triage (with patient opt-out options). Our internal data security practices follow best practice, including encryption, role-based access, and multi-factor authentication.

📄 You can also download a PDF version of this policy for printing or offline use.

Download PDF Version

1. About March Ahead

March Ahead provides specialist psychiatric and psychological services to:

Australian Defence Force (ADF) members and veterans
Emergency services personnel
General mental health clients
Independent Medical Examinations (IME) for insurance and legal matters

We comply with:

Privacy Act 1988 (Australian Privacy Principles)
Health Records legislation
My Health Records Act 2012
Professional registration requirements (AHPRA, Psychology Board)

2. Information We Collect

Personal Information

Name, date of birth, contact details (phone, email, address)
DVA card details, Medicare number, health insurance details
Employment/service history (where relevant to treatment or assessment)
Emergency contact details

Health Information

Medical and mental health history
Clinical assessments and diagnoses
Treatment plans and progress notes
Medications and prescriptions
Reports for DVA, insurance companies, or legal proceedings

How We Collect Information

From you: Intake forms, consultations, phone calls, emails
From others (with consent): Referring GPs, DVA, other healthcare providers, insurance companies
Web Form: Information submitted through our contact form is stored securely in our CRM (HubSpot) and used for non-clinical purposes like intake, scheduling, or general support.
Live Chat: Any conversations via our website's live chat are stored securely within our Australian-hosted CRM (HubSpot) and used only for non-clinical support purposes.

3. How We Use Your Information

We use your information to:

Provide psychiatric and psychological care
Prepare reports for DVA, insurance companies, or legal proceedings
Schedule appointments and send reminders
Coordinate care with your GP and other healthcare providers
Process billing claims (Medicare, DVA, insurance)
Comply with legal obligations (mandatory reporting, court orders)
Improve service quality and clinical governance

4. Information Sharing

With Your Consent

We may share information with your GP, other healthcare providers, family members, or legal representatives when you give consent.

Required by Law

We may share information without consent when:

Submitting DVA reports or insurance claims
Court orders or subpoenas require it
Mandatory reporting obligations apply (child abuse, notifiable diseases)
Serious threats to safety require disclosure
Professional registration bodies investigate complaints

Independent Medical Examinations (IME)

When you attend for an IME, you understand that the report will be provided to the party who requested the assessment (insurer, employer, legal representative). This is explained before the assessment proceeds.

Service Providers

We use the following Australian-based systems:

CorePlus: Clinical records and practice management (all health information stored in Australia)
HubSpot: Initial triage and contact management (Australian-hosted)
Communication Systems: All administrative calls and SMS messages (triage, appointment management, reminders, and report follow-ups) are handled via a secure, Australian-hosted platform integrated with our CRM. This system is used solely by administrative staff and does not process clinical consultations or diagnoses. All video and phone consultations with clinicians occur securely through our clinical platform, CorePlus.
Medicare and DVA billing systems: Secure Australian billing platforms

5. Overseas Processing

What Stays in Australia (Everything Important)

ALL of the following are stored exclusively in Australia:

All clinical and health records
Completed intake forms
Clinical appointments and reminders
Call recordings and voicemail
CRM data (HubSpot - Australian-hosted)

Limited Overseas Processing

The only information processed outside Australia is: AI-generated administrative transcripts from initial triage, intake calls or admin calls.

These AI tools help our admin team route calls internally. They never include diagnoses, treatment plans, or any sensitive clinical information. All medical consultations occur through CorePlus, which stores data entirely within Australia and does not use AI transcription.

Patients may opt out of AI transcription at any time by informing our staff.

No personal data is used to train AI models, and all AI-generated outputs are reviewed by a human before use. No automated decisions are made using these tools.

What this means:

AI technology creates written transcripts of triage/ admin calls for routing purposes
Only general information is captured (e.g., "veteran seeking DVA assessment")
No clinical details, diagnoses, or health information
Call recordings and voicemail remain in Australia (only text transcripts processed overseas)
Once triage is complete, all processing occurs in Australia
Only non-clinical administrative calls are transcribed using AI technology for internal triage or booking purposes. These transcripts do not include any health or diagnostic content. All clinical consultations occur via CorePlus, which does not use AI transcription or overseas processing. We allow patients to opt out of AI transcription, and our staff are trained not to use CRM-based systems for any clinical discussions.

Location: United States (AI service providers with contractual privacy obligations)

We take reasonable steps to ensure overseas service providers comply with the Australian Privacy Principles, including contractual obligations and security safeguards.

5A. Website Analytics and Cookies

We may use cookies or similar technologies on our website to understand how visitors use the site and to improve user experience. These tools may include Google Analytics or other third-party services that collect anonymised usage data such as device type, browser, and general location.

We do not collect any health or personal information via cookies. You can manage cookies via your browser settings or our cookie preferences tool (if available).

For more information, see our full Cookie Notice (if applicable) or contact our office.

By using our website, you consent to our use of cookies in accordance with this policy. You can control or disable cookies through your browser settings at any time.

6. Data Security and Retention

Security Measures

Encrypted storage for all clinical records
Secure password access with multi-factor authentication
Role-based access controls
Regular security updates and backups
Staff confidentiality agreements and training

Retention Periods

Clinical records: Minimum 7 years (longer for minors - until age 25)
DVA and IME reports: Permanent retention
Financial records: 7 years

Records are securely deleted after the required retention period.

7. Your Rights

Access and Correction

You have the right to:

Access your health records (written request, response within 30 days)
Request corrections to inaccurate information
Receive a copy of reports prepared about you

We may deny access in limited circumstances (serious threat to health/safety, unreasonable impact on others' privacy, legal proceedings).

Consent and Objections

You may withdraw consent at any time (may limit our ability to provide services)
You may request that AI transcription not be used for your calls
You may request deletion of information (subject to legal retention requirements)

7A. Anonymity and Pseudonymity

The Australian Privacy Principles give individuals the right to interact anonymously or using a pseudonym, unless it is impracticable or illegal for us to do so.

Given the nature of healthcare delivery and regulatory obligations (e.g., Medicare, DVA, clinical documentation), it is generally not practical for us to provide services without confirming your identity. However, if you would like to explore options for pseudonymity in a specific context (e.g., preliminary inquiries), please contact our office to discuss.

8. Complaints

If you have privacy concerns, contact us:

Privacy Enquiries

March Ahead

42 Manilla Street
East Brisbane QLD 4169
Australia

Phone: +61 7 3435 1513
Fax: +61 7 3521 5936
Email: intake@marchahead.com.au

We will:

Acknowledge your complaint within 5 business days
Investigate and respond within 30 days

If you're not satisfied with our response, you may contact:

Office of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992
Website: www.oaic.gov.au
Health Complaints Commissioner (your state/territory)

9. Updates to This Policy

We may update this policy to reflect changes in privacy laws, our practices, or technology. Updates will be posted on our website with a new "Last Updated" date. For material changes, we may notify you directly.

This policy is reviewed annually, or sooner if changes to operations, technology, or privacy law occur. The current version was last updated in November 2025.

10. Contact Us

If you have questions or concerns about how your personal or health information is handled, or would like to request access or correction, please contact our office using the details below. One of our senior staff will review and respond to your enquiry in line with our privacy obligations.

General Inquiries

March Ahead

42 Manilla Street
East Brisbane QLD 4169
Australia

Phone: +61 7 3435 1513
Fax: +61 7 3521 5936
Email: intake@marchahead.com.au
Website: marchahead.com.au

Intake and Appointments

Online Form: MH Initial Intake Form