We offer evening and weekend appointments

Privacy Policy

We are committed to protecting the privacy and confidentiality of your information.

Last updated: March 2026

Hyphen Health Pty Ltd trading as 'Hey Fella' ABN 77 646 122 910 respects your right to privacy and is committed to safe guarding the personal information and health information of our patients, customers, and website visitors. We comply with the Australian Privacy Principles contained in the Privacy Act 1988, the Notifiable Data Breaches scheme, and applicable Stateand Territory healtzh privacy laws.This Privacy Policy explains how we collect, hold, use, disclose, and protect personal information and healthinformation.

Brands covered by this policy
This Privacy Policy applies to Hyphen Health Pty Ltd and all services and brands operated as registered business names of Hyphen Health Pty Ltd, including:
• Stigma Health
• PrEP Health
• Roidsafe
•Hey Fella

References to "we", "us", or "our" mean Hyphen Health Pty Ltd and its related brands.

Anonymity and pseudonymity
Where practicable, you may interact with us anonymously or using a pseudonym. However, for healthcare, telehealth, prescribing, pathology referrals, and related services, we are required to collect your real identity to provide safe and effective care and to meet our legal, professional, Medicare, and regulatory obligations.

What is personal information andhealth information
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Health information is a type ofsensitive information and includes information about your physical or mental health, medical history, test results, prescriptions, and healthcare services. Health information is subject to a higher level of protection.

Collection of personalinformation
We may collect personal and health information when you:
• Use our websites, platforms, or applications
• Access our healthcare, telehealth, pharmacy, pathology referral, or support services
• Participate in consultations withclinicians or partner providers
• Communicate with us electronically, by phone, or in person
• Complete forms, questionnaires, or surveys
•Make payments or manage your account

The types of information we maycollect include your name, date of birth, contact details, identification information, medical history, test results, prescriptions, payment details,Medicare details where applicable, feedback, and any other information you provide. If you choose not to providecertain information, we may be unable to provide some or all of our services.

How we collect personalinformation
We collect information directly from you, through our websites and platforms, during service delivery, and from authorised third parties such as partner doctors, pathology providers, payment processors, and technology providers.

Health information specificprotections
We collect and use health information only where:
• You have provided consent (which may be express or implied depending on the circumstances), and
• It is necessary to provide healthcareor related services, or
•We are required or authorised by law

Health information is used and disclosed only for purposes directly related to your care or as otherwise permitted by law. We do not use health information for direct marketing without your express consent. We apply additional safe guards to health information, including restricted access, encryption, audit logging,and secure clinical systems.

Telehealth services
Where we provide telehealthservices:
• Consultations are conducted usingsecure platforms
• Consultations are not routinely recorded.

Where a clinician wishes to use an AI transcription tool to assistwith consultation notes, you will be asked for your specific consent at thebeginning of that consultation. You may decline without it affecting your care.
•Telehealth systems use encryption and access controls to protect information

You are responsible for maintaining the confidentiality of your login details and for accessingtelehealth services using secure devices and networks. Using shared devices orunsecured networks may increase privacy risks.

How we use personal information
We use personal and health information to:
• Provide healthcare, telehealth, andrelated services
• Manage appointments, referrals,prescriptions, and test results
• Process payments and administeraccounts
• Communicate with you about your care,services, or account
• Improve our services, systems, and userexperience
• Conduct internal research and analysisusing de-identified data
• Support clinical and administrativeworkflows, including through automated summarisation tools
•Meet legal, regulatory, Medicare, PBS, and professional obligations

Use of automated tools andartificial intelligence
We use automated tools,including artificial intelligence features within our clinical systems, to assist clinicians and administrative staff with tasks such as summarising medical histories, consultation notes, and supporting administrative workflows. These tools may be provided bythird party technology providers integrated into our clinical systems. Where used:
• Relevant portions of your personal orhealth information may be processed by third party service providers for thepurpose of generating summaries or administrative assistance
• Processing may occur in Australia oroverseas depending on the technology provider
• Information is transmitted using secure, encrypted connections
•AI outputs are returned to and stored within our Australian clinical systems

We take reasonable steps toensure technology providers handling information through automated tools comply with Australian privacy standards. This includes imposing strict contractual restrictions that prohibit them from using your information for any purpose other than providing the service directly to us (for example, they are notpermitted to use your information to train their own AI models) and requiringthem to meet stringent security standards.

All AI-generated content intended for inclusion in your clinical record or to inform clinical decisions is reviewed by a qualified clinician or appropriate staff member before being finalised. Automated tools assist with efficiency and do not replace clinicaljudgement or decision making. These tools are used to support consultationdocumentation and administrative workflows only, and do not make autonomoustreatment or clinical decisions. Where AI transcription is used during aconsultation, this occurs only with your prior consent.

We remain accountable under Australian privacy law for the use of automated tools and any overseasprocessing that occurs as part of these services.

De identified information
De identified information isinformation that has been processed to remove or obscure personal identifiersso individuals cannot be reasonably identified.We may use de-identifiedinformation for service improvement, research, analytics, and reporting. Whilewe take reasonable steps to prevent re-identification, a residual risk may exist.

Marketing communications
We may send marketingcommunications only where you have provided consent. Consent is typicallyobtained through opt in mechanisms such as registration forms, accountsettings, or explicit agreement.You may manage marketingpreferences or opt out at any time. Separate preferences may apply for email,SMS, and phone communications.

Disclosure of personal information
We may disclose personal andhealth information to:
• Employees, contractors, and officersinvolved in service delivery
• Partner doctors, clinicians, pathologyproviders, and healthcare partners
• IT, hosting, cloud, analytics, andcustomer support providers
• Payment processors and financialservice providers, including Stripe
• Professional advisers, insurers,auditors, and regulators
•Government agencies, including Services Australia, where required or authorisedby law

My Health Record
Hyphen Health does not upload clinical records, pathology results, or other health information to My Health Record. We have no technical connection to the My Health Record system.Where we refer you to a third party pathology provider for testing, that provider may upload your results to My Health Record in accordance with their own policies and processes. This occurs independently of Hyphen Health and is outside our control. While our pathology referrals may include instructions regarding My Health Record preferences, we cannot guarantee that third party providers will action those instructions.If you wish to control what information appears on your My Health Record, you can manage your record settings, remove documents, or cancel your record through your myGov account or by contacting the My Health Record Help Line on 1800 723 471. You can also contact the relevant pathology provider directly to request changes to how your results are handled.If you have concerns about information that has been uploaded to your My Health Record by a third party provider, we encourage you to raise the matter directly with that provider in the first instance.

Overseas disclosure
Our clinical systems and primarydata storage are located in Australia. However, we use some global technologyservice providers to support our operations. As a result, personal and healthinformation is disclosed to, or accessed by, overseas recipients in certaincircumstances. This may include overseas accessor processing by:
• Payment processing services, includingStripe
• Email and communication servicesprovided through Microsoft 365
• Messaging and notification servicesintegrated within our clinical systems
•Security monitoring, analytics, and technical support services provided byglobal technology vendors

Overseas recipients may belocated in countries including the United States and other jurisdictions wherethese service providers operate.

We take reasonable steps toensure overseas recipients handle personal and health information in accordance with Australian privacy laws, including through contractual privacy andsecurity obligations, access controls, encryption, and vendor due diligence. Weremain accountable under Australian privacy law for overseas disclosures.

Medicare and PharmaceuticalBenefits Scheme (PBS)
Where you choose to claim Medicare benefits for our services:
• We collect your Medicare card detailswith your consent
• We submit claims to Services Australiaon your behalf
• Your health information is disclosed toServices Australia for claims processing, compliance, audit, and public healthpurposes
•Medicare related records are retained for at least 7 years in accordance withprovider obligations

You may choose to pay privately for services instead of using Medicare. Private payment does not involvedisclosure of your information to Services Australia for claims purposes.

Where we prescribe medicinesunder the Pharmaceutical Benefits Scheme:
• Prescription information is disclosedto Services Australia for PBS subsidy and compliance purposes
• PBS records are retained for at least 7years
•You may request private (non-PBS) prescriptions where clinically appropriate

These disclosures are authorisedby law and are necessary for the operation of Medicare and the PBS.

Business transfers
If there is a change of control,restructure, or sale of business assets, personal information may betransferred as part of that transaction, subject to confidentiality obligations and applicable law.

Data security
We take reasonable steps toprotect personal information from misuse, interference, loss, unauthorisedaccess, modification, or disclosure. Measures include administrative controls,access restrictions, encryption, secure hosting environments, authenticationrequirements, and regular security reviews. Pathology results and Medicarerelated records are stored securely within our clinical systems and areaccessible only to authorised internal staff where required for care deliveryor compliance.

Data retention
We retain information inaccordance with legal and regulatory requirements, including:
• Adult medical records: at least 7 years from the last clinical entry
• Child and young person medical records:until the individual reaches the age of 25, or for a period of 7 years from thelast health service provided, whichever is the longer period
• Pathology results: retained as part ofthe medical record in our clinical systems
• Medicare and PBS records: at least 7years in accordance with Services Australia requirements
• Financial records: at least 7 years
•Other records: as required by law or operational needsWhen information is no longerrequired, it is securely destroyed or de-identified.

Access and correction
You may request access to personal information we hold about you and request corrections whereinformation is inaccurate, out of date, incomplete, irrelevant, or misleading.We will respond to accessrequests within 30 days. There is no charge for making an access request.However, a reasonable administrative fee may be charged for providing access tothe information. Access may be refused in limited circumstances permitted bylaw, such as where providing access would pose a serious threat to life orhealth or breach legal privilege. If access is refused, we will provide reasonsand information on how to complain.  

Data breaches
In the event of a data breachlikely to result in serious harm, we will assess the breach in accordance withthe Notifiable Data Breaches scheme and notify affected individuals and theOffice of the Australian Information Commissioner where required.

Cookies and trackingtechnologies
We use essential cookies forwebsite functionality and may use non-essential cookies for analytics andadvertising. Third party services such as Google Analytics and advertisingplatforms may place cookies in accordance with their own policies.You can manage cookies throughyour browser settings. Some features may not function correctly if cookies aredisabled.

Children and young people
Certain services, includingRoidSafe, are strictly limited to individuals aged 18 years and over.Other services may be availableto individuals aged 16 years and over, subject to parental or guardian consentor where a qualified clinician assesses the individual as having sufficientmaturity and understanding to consent to their own healthcare (Gillickcompetence).Children’s and young people’shealth information is subject to additional safeguards, and access isrestricted to authorised staff involved in care delivery.

Brand specific privacyprotections
Some of our services involveparticularly sensitive or potentially stigmatised health information. Inaddition to the protections set out in this Privacy Policy, the followingapplies.

RoidSafe
RoidSafe provides harm reductionand health monitoring services for individuals using anabolic steroids.
• Information about steroid use istreated as highly sensitive health information
• Access is restricted to clinicians andstaff directly involved in your care
• We do not disclose information toemployers, insurers, sporting organisations, or other third parties withoutyour consent except where required by law
• We do not voluntarily report personalsteroid use to law enforcement agencies
•Disclosure may occur where there is a serious threat to life or health, orwhere required by court order

PrEP Health
PrEP Health provides HIV prevention, sexual health, and related healthcare services.
• HIV status, sexual health information,and STI results are treated as highly sensitive
• Access is limited to clinicians andstaff directly involved in your care
• We do not disclose this information topartners, family members, employers, or insurers without your consent exceptwhere required by law
• Under Australian public health laws, weare required to notify state or territory health departments of certaindiagnoses (such as HIV and other notifiable sexually transmitted infections).
•We will inform you where notification is required

Hey Fella
Hey Fella provides HIVprevention, sexual health, and related healthcare services for gay, bisexual,trans, and other people who identify as male.
• HIV status, sexual health information,and STI results are treated as highly sensitive
• Access is limited to clinicians andstaff directly involved in your care
• We do not disclose this information topartners, family members, employers, or insurers without your consent exceptwhere required by law
• Under Australian public health laws, weare required to notify state or territory health departments of certaindiagnoses (such as HIV and other notifiable sexually transmitted infections).
•We will inform you where notification is required

Complaints
If you have a complaint abouthow we handle personal information, please contact us by email at practicemanager@hyphen.health. We will acknowledge complaints within 7 days and aim to provide a substantiveresponse within 30 days.If you are not satisfied withour response, you may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.

Changes to this policy
We may update this Privacy Policy from time to time. Changes take effect when published on our websites.

Contact details
Hyphen Health Pty Ltd
ABN: 77 646 122 910
Postal address:
Hyphen Health Pty Ltd
PO Box 3229
Thornton NSW 2322

Phone: 1300 479 023
Fax: 02 9094 2230

Healthcare designed by the community, for the community — available across Australia.

Find us on Social Media

What we offer

Education

© 2026 Hyphen Health Pty Ltd TA Hey Fella (ABN: 77646122910), All Rights reserved.
Privacy Policy
We are a inclusive provider of healthcare and provide services for all patients in the LGBTAQ+ community. In the spirit of reconciliation, we acknowledge the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.