Epilepsy Network Australia
Privacy & Financial Consent
Please scroll to the bottom, read carefully, and tick “I Agree” to continue.
1 | Who We Are
Epilepsy Network Australia Pty Ltd (“ENA”, “we”, “our”, “us”) is a specialist neurology service based in Melbourne. Details about our clinical team and ethos can be found on our About Us page.
ENA complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant State health-records laws (e.g. Health Records Act 2001 (Vic)).
2 | What Information We Collect & Why
| Category | Examples (not exhaustive) | Examples (not exhaustive) |
| Personal | Name, date of birth, address, phone, email, Medicare details | Identify you and contact you |
| Health | Referrals, medical history, test results, treatment notes | Provide safe, high-quality care |
| Payment | Cardholder name, tokenised card data, billing history | Validate and process fees |
| Usage / device | Each time a secure link is opened, IP address, device type | Security, fraud prevention, audit |
If you choose not to provide certain information, we may be unable to offer you the full range of services or tailor your care appropriately.
3 | How We Collect Information
– Directly from you (online intake form, phone, email, in-clinic paperwork)
– From referring GPs, hospitals, or other health-care providers
– From Medicare, My Health Record, TAC / WorkCover, or authorised carers (with consent)
– Via secure payment portals embedded in our registration workflow
4 | Payment Security & Card Storage
To streamline check-in and keep our systems PCI-DSS Level 1 compliant, ENA uses StripeLink or an equivalent certified gateway embedded in our patient-intake platform.
1. Card entry takes place in an encrypted iFrame served by StripeLink or similar; ENA staff never see your full card number or CVV.
2. StripeLink or similar verifies your card with the issuing bank; you may be asked for an SMS code or banking app approval (3-D Secure).
3. The card is tokenised and stored securely; ENA receives only an anonymised token that can be used for approved charges.
4. If you delete the stored card in your ENA portal, the token is irreversibly “redacted” and cannot be reused.
5 | Use & Disclosure of Information
| Recipient | Reason for disclosure |
| Secure intake & form providers | e.g. StripeLink or similar – to validate & process card payments securely |
| Healthcare providers | Referring doctors, specialists, laboratories, hospitals |
| Regulatory / legal bodies | Medicare, Services Australia, courts or tribunals |
| IT & security vendors | Cloud hosting, back-up, and support vendors with confidentiality terms |
We share your data only with trusted parties where necessary for care or as required by law:
Overseas disclosure: ENA aims to store all clinical data in Australia. Where a vendor operates offshore, we take reasonable steps to ensure they meet Australian privacy standards (APP 8).
6 | Data Security & Retention
– Electronic records are encrypted in transit and at rest; nightly back-ups are stored securely.
– Physical notes are kept in locked cabinets within restricted areas.
– Health information is retained for 7 years after last contact (or until age 25 for minors), then securely destroyed or de-identified.
7 | Your Rights
You may access, correct, or transfer your record; request deletion of a stored payment token; or withdraw certain consents (clinical/legal exceptions apply). A reasonable administration fee may apply for extensive record retrieval.
8 | Financial Consent
By ticking “I Agree” and submitting this form you authorise ENA to:
1. Validate and store your card via StripeLink or similar (tokenised).
2. Charge your card on the day of service for consultation or diagnostic-testing fees in line with ENA’s current fee schedule.
3. Collect any cancellation or non-attendance fees as outlined in the clinic’s policy.
4. Seek payment from you if no third-party approval (e.g. TAC / WorkCover) is provided.
*For TAC accidents prior to 14 February 2018, written pre-approval from TAC is required.*
If you have questions about fees, payment security, or this policy, please contact us before your appointment.
9 | WorkCover / TAC Accounts
You must supply written confirmation that the insurer accepts financial responsibility. In the absence of approval and/or payment, you remain liable for the account.
10 | Complaints & Contact
Epilepsy Network Australia
Tel: 03 7066 4607 Email: [email protected]
We respond to written privacy complaints within 30 days. If you are dissatisfied, you may contact the Office of the Australian Information Commissioner (OAIC) – oaic.gov.au | 1300 363 992.
(Last updated July 2025 – Version 1.1)
