Privacy Policy
Chris McAtomney — Clinical Naturopathy Last updated: 01/07/2026
1. About this policy
I take the privacy of your personal and health information seriously. This policy explains what information I collect, why I collect it, how I store and protect it, and the choices you have about it.
I am bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and by the health records laws that apply in New South Wales. Because I provide a health service, these obligations apply to my practice regardless of its size or turnover.
In this policy, "I", "me" and "my" refer to Chris McAtomney, trading as Chris McAtomney — Clinical Naturopathy (ABN 53133474520). "You" refers to my clients and prospective clients, and to visitors to my website at chrismcatomney.com.
2. The information I collect
Personal information — such as your name, date of birth, email address, phone number, and postal address.
Health information (a category of sensitive information under the Privacy Act) — such as your health history, symptoms, medical conditions, medications and supplements, lifestyle and dietary information, family history, results of any tests or assessments, and the clinical notes, treatment plans and prescriptions I create in the course of caring for you.
Payment information — such as records of payments made. Card details are handled by my payment provider and are not stored by me.
Website information — such as any details you submit through my contact or enquiry forms, and standard technical information collected by my website host.
I only collect health information with your consent, and only where it is reasonably necessary for me to provide your care.
3. How I collect your information
I collect information:
directly from you — through intake and consent forms, during consultations, and in written or verbal communication with me;
through AI-assisted clinical documentation during your consultations (see Section 5);
through my online booking system when you schedule an appointment; and
through my website when you complete a contact form or subscribe to updates.
Wherever it is reasonable and practical, I collect your information directly from you.
4. Why I collect and use your information
I collect and use your information to:
provide you with naturopathic care, including assessment, treatment planning, and prescribing;
create and maintain accurate clinical records, as I am professionally required to do;
communicate with you about your appointments, care, and results;
process payments and issue receipts;
meet my legal, professional, and insurance obligations; and
send you practice updates, if you have opted in to receive them.
5. AI-assisted clinical documentation
To create accurate clinical notes, I use an AI-powered clinical documentation tool (Heidi Health, an Australian provider) that transcribes and helps summarise our consultation. Before I use it, I will ask for your consent at each consultation. You may decline at any time, and declining will not affect the care you receive.
Where this tool is used, I review and edit every note for accuracy before it becomes part of your record — I remain responsible for your clinical record. My documentation provider stores its data in Australia and does not use your information to train its systems. You can ask me for more detail about how this tool works at any time.
6. How I disclose your information
I do not sell your information, and I do not share it for marketing purposes.
I may disclose your information:
to other health practitioners involved in your care, with your consent, for example when making a referral;
to my professional service providers who help me run my practice (see Section 7), under confidentiality obligations;
where I am required or authorised to do so by law, or where disclosure is necessary to prevent a serious threat to your life, health, or safety.
7. Service providers and data storage
I use trusted third-party services to run my practice. Depending on the service, your information may be handled by:
clinical records and practice-management software;
AI-assisted clinical documentation (Heidi Health);
online booking software;
website hosting;
email and business administration;
email/newsletter software (only if you have subscribed to updates); and
payment processing.
Some of these providers store or process data outside Australia, including in the United States. Where that is the case, I take reasonable steps to ensure your information is handled consistently with the Australian Privacy Principles. [Confirm and, if you wish, name your specific providers and the countries their data is stored in — this makes the policy more transparent and is best practice under APP 8.]
8. How I protect your information
I take reasonable steps to protect your information from misuse, loss, and unauthorised access or disclosure. These steps include storing records in secure, access-controlled systems, using reputable providers with recognised security standards, limiting access to your information to what is necessary, and securely destroying records when they are no longer required to be kept.
9. How long I keep your information
I am required to keep health records for a minimum period. In New South Wales:
for adults, records must generally be kept for at least 7 years from the date of your last consultation; and
for a person who was under 18 at the time of their last consultation, records must be kept until they turn 25.
After the required period, I securely destroy or de-identify records that are no longer needed.
10. Accessing and correcting your information
You have the right to ask for access to the personal and health information I hold about you, and to ask me to correct it if it is inaccurate, out of date, or incomplete. To make a request, contact me using the details in Section 14. I will respond within a reasonable time. In limited circumstances I may need to decline access, in which case I will explain why in writing.
11. Practice updates and direct marketing
If you have opted in, I may send you occasional practice updates by email. Every such email includes a way to unsubscribe, and you can opt out at any time by using that link or by contacting me directly. I will not send you marketing communications without your consent.
12. My website
When you visit my website, my website host may collect standard technical information (such as your browser type and general location) to keep the site secure and functioning. If you submit a form, the details you provide are used only to respond to your enquiry. My website may use cookies; you can control cookies through your browser settings.
13. Complaints
If you have a concern about how I have handled your information, please contact me first (Section 14) so I can try to resolve it. I take privacy concerns seriously and will respond within a reasonable time.
If you are not satisfied with my response, you can contact the Office of the Australian Information Commissioner (OAIC), which oversees the Privacy Act. Their current contact details are available at oaic.gov.au.
14. Contact me
For any privacy question, request, or complaint:
Chris McAtomney — Clinical Naturopathy Email: chris@chrismcatomney.com Location: Northern Rivers, NSW, Australia
15. Changes to this policy
I may update this policy from time to time to reflect changes in my practice or my legal obligations. The current version will always be available on my website, with the "last updated" date shown at the top.