Rowie is launching in mid-2026. We are currently recruiting clinicians. Join our team

Book now

Rowie Health – Privacy Policy

About us and this Privacy Policy

Rowie Health (trading under Florienne Women’s Health Pty Ltd (ABN 55 685 120 709)) (we, us or our) is committed to protecting the privacy and confidentiality of your personal information.

We provide an online telehealth clinic focusing on women’s health issues. We contract with various health practitioners as independent contractors, including medical practitioners, dietitians and psychologists, to enable the delivery of telehealth services. 

This privacy policy (this Policy) explains how we will collect, use, disclose, store, and protect your personal information. This Policy also describes the way in which you may access or correct the personal information we hold about you, and how to contact us if you have any complaints in relation to your privacy.

We will handle your personal information in accordance with applicable privacy and health records laws, including the Privacy Act 1988 (Cth) (the Privacy Act) and its Australian Privacy Principles (APPs), and the Health Records Act 2001 (Vic) and its Health Privacy Principles (HPPs).

 

What is ‘personal information’?

This Policy applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.

Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history, and health services you seek or receive).  Sensitive information also includes information about racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, and sexual orientation or practices.

 

Why do we collect your personal information?

We collect personal information from you so that we can provide our services to you, or where this is otherwise necessary for our functions or activities. 

If you are a patient we may collect your personal information:

  • to provide you with health services and any other services we provide;
  • to provide you with information regarding our services; 
  • to arrange billing with you for our services;
  • to obtain any necessary consents from you to engage in the above services and activities; and
  • to enable us to respond to any queries or complaints you may have.  

If you are a person other than a patient, such as a service provider, contractor or other third party we engage with, we will collect your personal information to the extent necessary for our functions or activities, and to work, transact or engage with you.  

You are not required to disclose your personal information to us.  However, if you do not provide the information requested, you may not be able to receive our services or engage with us effectively.

 

What types of personal information do we collect?

We may collect the following personal information from patients, to the extent this is necessary for the services we provide:

  • your name, address, date of birth, phone number, email and other contact details;
  • your health and medical history, diagnostic service reports and images, medications, lifestyle history, family history and genetic information and ethnic background, referrals from other health practitioners, the health services you seek, and any desired health outcomes/goals;
  • your Medicare number, other relevant government identifiers, and health insurance details (as applicable);
  • your payment and billing details.

We collect personal information from persons other than patients, such as service providers, contractors and third parties we engage with, to enable us to work, transact or engage with them.  This will include contact details and other relevant personal information of such individuals which they provide or which we request and collect from them. 

 

How do we collect your personal information?

We will collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.

We will only collect your personal information where you have consented, or otherwise in accordance with the law.

If you are a patient, we will generally collect your personal information directly from you. This will usually be through a video telehealth consultation, but may also be via an in person face-to-face discussion, telephone conversation, registration form or questionnaire, electronic messages or emails, or any other online form. 

We may occasionally need to collect personal information about you from a third party. This may include, but is not limited to, collection from the following third parties: other health professionals involved in the provision of health services to you, family members or other persons you have authorised to provide your information to us, diagnostic centres and service providers, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, or the Pharmaceutical Benefits Scheme. We will only do this with your consent, or where it is not practical to obtain this information from you and this is otherwise permitted by the privacy laws.  

If you are person other than a patient, such as service providers, contractors and third parties we engage with, we will generally collect your personal information directly from you, and we may collect your personal information from third parties. For example, if you are a service provider we may collect information from your referees.

When we collect your personal information, we will as soon as is practicable take reasonable steps to notify you of the details of the collection (including notifying you through this Policy), such as the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and also notify you that this Policy contains details on how you may access or correct your information, or raise any complaints.  

 

Halaxy and Heidi

We use Halaxy, a secure, cloud based third-party practice management system, to enable the delivery of our services.

Through Halaxy, we may collect and handle your personal and health information for purposes including:

  • booking and managing appointments;
  • conducting video and other telehealth consultations;
  • maintaining clinical records;
  • billing, payments and Medicare or health insurance claims; and
  • communicating with you about your care.

Halaxy stores information securely in Australia and is hosted on Amazon Web Services (AWS). AWS physical access is controlled using human and video surveillance, intrusion detection systems, and security protocols. AWS has accreditations and certifications including the following:

  • PCI DSS Level 1 (Payment Card Industry Data Security Standard); and
  • ISO 27001 (Information Security Management System).

Information stored in Halaxy is accessed only by our authorised staff to the extent necessary to provide you with care or to operate our practice systems. Halaxy itself does not have access to sensitive patient information or our practice information. When Halaxy assists us with service queries, all confidential details are anonymised or removed.

When a patient’s payment card details are entered into Halaxy, they are stored and tokenised by Halaxy’s payments partner gateway Braintree Paypal in Australia, meaning that once initially entered and captured, the payment card details are not visible to us or Halaxy. 

Further information about how Halaxy maintains the privacy and security of information it holds is found on its website: https://www.halaxy.com/privacy/au 

With your consent, our health practitioner staff may use Heidi, a third-party AI-assisted note-taking tool, to help prepare clinical notes during your consultations.

Heidi processes the spoken content of a consultation to generate draft clinical notes.

All draft clinical notes generated using Heidi are reviewed, edited and approved by your health practitioner before being added to your health record stored by us. 

No audio recordings are permanently stored by Heidi. The audio is used only to create the draft clinical notes text and is then deleted.

You may decline or withdraw consent to the use of Heidi at any time, without affecting your access to care.

Heidi stores information securely in data centres located in Australia.

Further information about Heidi, and how it complies with the APPs is found here: https://www.heidihealth.com/en-au/blog/app-compliance 

 

How do we use your personal information?

How we use your personal information will depend on why you are dealing or engaging with us and in what capacity.

We will generally only use your personal information for the main purposes for which you have provided it to us. 

If you are a patient, we generally use your personal information for the following main purposes: 

  • to provide our services to you;
  • to communicate with you in relation to the service being provided to you, and your appointments for services. This includes providing you with SMS and/or email reminders for your appointments;
  • to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts and administration of our practice management system;
  • to obtain, analyse and discuss test results from diagnostic and pathology laboratories;
  • for identification, Medicare and health insurance claiming (as applicable);
  • in the provision of prescriptions; or 
  • to request patient participation in a quality improvement activity, clinical trial or research.

If you are a person other than a patient, such as service providers, contractors and third parties we engage with, we may use your personal information to manage our relationship with you.

We may also use your personal information where we are otherwise required or authorised by law to do so, which may include the following:

  • where we use your information for purposes which are directly related to the main purpose for which we collected it, in circumstances where you would reasonably expect us to use your information for these purposes; or
  • for funding, management, planning, monitoring improvement or evaluation of our services, or the training of staff, where we take all reasonable steps to de-identify that information; or
  • where it is unreasonable or impracticable to obtain your consent and the use is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

 

Do we disclose your personal information to others?

We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.

We will generally only disclose your personal information to other persons for the main purposes for which you have provided it to us, which if you are a patient will usually be for the purposes of you receiving services from us. 

In particular, if you are a patient, we may disclose your personal information to: 

  • our contracted health practitioners who deliver telehealth services to you;
  • other health professionals involved in the provision of your care; 
  • hospitals, treatment centres, diagnostic centres, pharmacies, and other organisations involved in the provision of your care; or 
  • the My Health Record system, electronic prescription services, Medicare, your health insurer, or the Pharmaceutical Benefits Scheme, 

where this is necessary for your ongoing care and support. Please tell us if you do not wish for your personal information to be disclosed to a particular health professional or organisation.

If you are a patient, with your consent we may disclose your personal information to Heidi for the purposes related to the use of the Heidi note-taking tool described above (see the ‘Halaxy and Heidi’ section in this Policy).

If you are a person other than a patient, such as service providers, contractors and third parties we engage with, we may disclose your personal information to manage our relationship with you.

We will otherwise only disclose your personal information to other persons:

  • for other purposes for which you have provided consent. For example, if you are a patient who requires ongoing clinical care, we may seek your consent to refer you to an appropriate health professional for that care;
  • for purposes which are directly related to these main purposes for which the information was collected, in circumstances where you would reasonably expect us to disclose your information for these purposes;  or
  • where we are otherwise required or authorised by law to do so, for example:
    • where disclosure is necessary under law, such as where we need to comply with a subpoena or Court order; or
    • where it is unreasonable or impracticable to obtain your consent and we reasonably believe disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

 

Automated decision making and use of artificial intelligence (AI)

With your consent, our health practitioner staff may use the Heidi AI-assisted note-taking tool, to help prepare clinical notes during your consultations (see the ‘Halaxy and Heidi’ section in this Policy).

All draft clinical notes generated using Heidi are reviewed, edited and approved by your health practitioner before being added to your health record stored by us. 

We do not make decisions which could reasonably be expected to significantly affect the rights or interests of patients or other individuals solely by means of automated decision making or the use of AI, and all AI use is subject to human oversight and clinical judgement.

We will inform you through this Policy if in future we use any other computer programs or AI systems that use personal information to make automated decisions that could reasonably be expected to significantly affect the rights or interests of an individual. This will include information about the kinds of personal information used in, and types of decisions made by, such computer programs or AI systems that use personal information to make such decisions.

 

De-identified information

Information where we have removed any material that would reasonably identify you or any other person (‘de-identified information’), is not personal information. 

We may de-identify your personal information and use and disclose the de-identified information for research, training and education purposes. 

 

Will we transfer your personal information interstate or overseas?

We will comply with the requirements of the APPs and HPPs if it is necessary to disclose your personal information interstate or overseas.

It may be necessary to disclose your personal information to persons or organisations interstate or overseas to provide you with ongoing care (for example, where a referral is made by our medical staff to a health professional located interstate or overseas). 

We will only disclose your personal information interstate or overseas if we would be lawfully permitted to disclose it to a recipient in Australia, and:

  • we have taken reasonable steps to ensure that the interstate or overseas recipient of your personal information does not breach the APPs or HPPs; or
  • the interstate or overseas recipient is subject to a law, binding scheme or binding contract that provides substantially similar protection to the APPs and HPPs which you can access and enforce; or 
  • the disclosure interstate or overseas is otherwise required or authorised by law.

 

How do we store and secure your personal information?

The security of your personal information is important to us. We take reasonable steps to protect your information from misuse, interference and loss, and from unauthorised access, modification or disclosure. 

These steps include technical and cybersecurity measures to protect our information technology systems and networks, organisational measures including strict authorisation and password requirements for patients and our staff to access our systems, ensuring the third-party service providers we engage with comply with applicable privacy laws, and requiring our staff to maintain the privacy of personal information in accordance with this Policy.

We keep your personal information for the time periods required by law. When your personal information is no longer required (and in the case of your health information, the information has been retained for the required periods under the HPPs or otherwise under law) we will take steps to securely destroy the information or to ensure that the information is permanently de-identified.  The minimum required retention period for health information under the HPPs is usually 7 years from the date of last service for adults, or for health information collected from a child it must be retained until they are 25 years of age.

 

How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information we hold about you. 

You may request access to the personal information that we hold about you, using our contact details set out below. In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.

If you believe that the personal information we hold about you requires correction (for example, because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected using our contact details set out below.

If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.

 

Website privacy

We may collect your personal information through your interactions with us via our website. 

We will deal with any personal information collected via our website in accordance with this Policy and the law. 

We also collect data through our use of ‘cookies’ and other internet technologies. 

Cookies are small data files which are stored on your device’s browser. Cookies are stored in order for your internet browser to navigate a website. Cookies will not identify you, but they do identify your internet service provider and browser type. 

We will not use cookies to collect your identifying personal information. The cookies may collect statistical information about your visit to our website (such as the pages you visit on the website) in order to remember your preferences and allow you to navigate the website more easily.

The default setting of most internet browsers is to accept cookies automatically, but you can choose whether to allow cookies through your browser settings. 

If we provide links through our website to third-party websites, or other third party applications, we are not responsible for the content provided, privacy policy and practices of such third-parties.  You should familiarise yourself with the privacy policies of any such third parties.

 

Data breaches

We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act. The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.

An ‘eligible data breach’ occurs when:

  • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
  • this is likely to result in serious harm to one or more individuals; and
  • the organisation has not been able to prevent the likely risk of serious harm with remedial action.

An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.

Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act. 

 

Privacy related questions and complaints

We respect your privacy and we take all complaints regarding privacy very seriously. 

If you have any questions about privacy-related issues, or wish to complain about a breach of your privacy or the handling of your personal information by us, you may lodge your question or complaint in writing to us using the contact details below.  We will respond to you as soon as possible, but no later than 30 days from receipt of your question or complaint.

If you are not satisfied with our response, or if you do not wish to raise a question or complaint with us directly, you may wish to contact: 

  • the Office of the Australian Information Commissioner. See www.oaic.gov.au; or
  • the Victorian Health Complaints Commissioner.  See www.hcc.vic.gov.au.

 

Our contact details

If you would like to contact us regarding any privacy matters, including where:

  • you would like to request access to or correction of your personal information; or
  • you have a complaint or concern regarding your privacy,

please contact us using the following details:

  • Email address: support@rowiehealth.com.au
  • Address: 101 West Fyans Street, Newtown, VIC, 3220

 

Updates to this Policy

We may update this Policy from time to time. We will notify you about any changes to this Policy through our website, and we will make the most current version of the Policy available to you when you receive services from us, or on your request. 


Last updated: March 2026

Rowie is expected to launch in mid-2026. Online bookings will be available closer to launch.

Rowie is expected to launch in mid-2026. Practitioner profiles and availability will be updated closer to launch.