Let’s Work Together

Privacy Policy

Authentic Echo– Speech Pathology, Coaching, Consulting, Education & Training Services
South Australia

1.      Who can I contact about this policy? 

For enquiries concerning this policy, you can contact:

Tara Bell via email: connect@authenticecho.com

2.      When and why is your consent necessary? 

When you register as a client of Authentic Echo, you provide consent for Tara Bell and Authentic Echo team members to access and use your personal information required to facilitate services specific to you. Your personal information is only shared with team members who require it to provide you services or for administrative and billing reasons.

If we ever use your personal information for purposes other than outlined in this document, we will obtain additional consent from you. It is important to us that as our client you understand why we collect and use your personal information.

Sometimes, we need to contact third-parties or are required to share you information for legal reasons.

By acknowledging this Privacy Policy you consent to us collecting, holding, using, retaining and disclosing your personal information in the manners described below.

3.      Why do we collect, use, store, and share your personal information? 

Authentic Echo collects, uses, stores, and shares your personal information primarily to adequately meet your health and personal needs. This includes providing healthcare services, managing administrative records, and ensuring accurate billing and payments. Additionally, we may utilise your information for internal quality and safety improvement processes such as practice audits, accreditation purposes, volunteer or staff training to maintain high-quality service standards and the safety of our consultants.

4.      What personal information is collected? 

The information we will collect about you includes: 

·       names, date of birth, addresses, contact details 

·       medical information including medical history, medicines, allergies, and adverse reactions immunisations, social history, family history, education history, work history and risk factors 

·       healthcare identifier numbers (National Disability Insurance Scheme, Medicare number for identification and claiming purposes) 

·       health fund details

·       relevant goals or any other information you believe is important and directly relates to your care

5.      Can you deal with us anonymously? 

You can deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. We may not be able to provide services if you do not provide us with your identity.

6.      How is personal information collected? 

We may collect your personal information in several different ways and at different times while providing services to you.  

When you make your first appointment, the consultant will collect some sensitive personal and demographic information via online forms, telephone or email.

Further information throughout your engagement with our services may be collected when you visit our website, send us an email or SMS, telephone us, make an online appointment, or communicate with us using social media. 

In some circumstances, personal information may also be collected from other sources, including: 

·       your guardian or responsible person

·       other involved healthcare providers, such as specialists, educators, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services

·       your health fund, Medicare, or the National Disability Insurance Agency (if relevant)

We will always comply with privacy obligations when collecting personal information from third-party sources. This includes ensuring transparency with patients, obtaining necessary consents, maintaining data accuracy, securing the information, and using it only for specified purposes.

Various types of images may be collected and used, including: 

7.      When, why and with whom do we share your personal information?  

We sometimes share your personal information: 

with third parties for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy 

·       with other healthcare providers (e.g. case discussions)

·       when it is required or authorised by law (e.g. court subpoenas) 

·       when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the client’s consent 

·       to assist in locating a missing person 

·       to establish, exercise or defend an equitable claim 

·       for the purpose of confidential dispute resolution process 

·       when it is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification) 

·       when it is required to meet expectations of outer agencies or funding bodies involved in your care, e.g., National Disability Insurance Scheme reports

Only people who need to access your personal information will be able to do so. Other than providing services or as otherwise described in this policy, the practice will not share personal information with any third party without your consent. 

We do not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent. 

8.      Will your information be used for marketing purposes? 

Authentic Echo may contact you regarding changes to, or additional services in line with the

 If you do consent, you may opt out of direct marketing at any time by notifying Authentic Echo via email connect@authenticecho.com.

9.      How is your information used to improve services?  

The practice may use your personal information to improve the quality of the services offered to clients through research, analysis of client data for quality improvement and for training activities with Authentic Echo volunteers or staff.

At times, we are approached by research teams to recruit eligible patients into specific studies which require access to identifiable information. You may be approached by a member of our team to participate in research. Researchers will not approach you directly without your express consent. If you provide consent, you would then receive specific information on the research project and how your personal health information will be used, at which point you can decide to participate or not participate in the research project.

10.     How is document automation technology used? 

Document automation is where systems use existing data to generate electronic documents relating to personal information and healthcare.  

The practice uses a secure practice management system (Cliniko) to store your personal information, generate case history forms, summaries of communication correspondence, session information and for billing.

A hardcopy (considered the main copy) will be stored in a locked file, or in storage facilitates suitable to the nature of the document on the business premises.

All Authentic Echo team members and users of Cliniko software have their own unique user credentials and password. This ensures they can only access information that is relevant to their role, see Cliniko security roles.

11.    How is your personal information stored and protected? 

Your personal information may be stored in various forms, such as paper records, electronic records, visual records (e.g., images or work samples), audio recordings and visual-audio recordings.

All of your personal information is stored securely in electronic systems, external storage devices or as a hard copy in a locked file on the business premises.

12.    How can you access and correct your personal information at the practice? 

You have the right to request access to, and correction of, your personal information. 

We acknowledge clients may request access to their records. 

Requests can be made by sending an email to connect@authenticecho.com.

We will respond to any requests to access or correct your personal information within 30 business days.

We will take reasonable steps to correct your personal information where the information is not accurate or up to date. Sometimes, we will ask you to verify your personal information held by the practice is correct and current.

13.    How can you access and correct your personal information at the practice? 

We will take reasonable steps to contact you and make you aware and rectify the breach by:

·   Containing the breach

·   Assessing the risk

·   Notifying affected individuals

·   Notifying the Office of the Australian Information Commissioner (OAIC) and/or Speech Pathology Australia

·   Preventing future breaches through the revision of our policies and procedures.

14.    How can you lodge a privacy-related complaint, and how will the complaint be handled Authentic Echo? 

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have. We will then attempt to resolve it in accordance with Authentic Echo’s Complaints and Grievances Policies and Procedures.

If you do not feel we have resolved your issue, you may also contact:

The Office of the Australian Information Commissioner www.oaic.gov.au on 1300 363 992. 

Health and Community Services Complaints Commissioner on 8226 8666

Speech Pathology Australia on 1300 368 835 or +61 3 9642 4899 Email: office@speechpathologyaustralia.org.au

15.    How is digital privacy maintained?  

At Authentic Echo any personal information you share with us through website, email, and social media, is handled securely and confidentially. Authentic Echo will not share any of your information unless you have provided consent or as soon as possible following collection of information.

Cliniko practice management system
Cliniko is used for:

Client profiles/Case history information
Appointment scheduling
Session information and additional notes
Invoicing
Secure messaging

Cliniko provides:
Encryption in transit and at rest
Secure Australian‑based servers
Strict access controls
Secure backups
Compliance with Australian Privacy Principles
Cliniko may use international sub‑processors for infrastructure support. These providers must meet strict privacy and security requirements.

Microsoft 365
Used for:

email (Outlook)
File storage (OneDrive, SharePoint)
Document creation (Word, Excel, PowerPoint)

Microsoft may store data in overseas data centres (United States, Europe, Asia).
Reasonable steps are taken to ensure compliance with the Australian Privacy Principles.

Google Workspace
Used for:
Google Drive
Docs, Sheets, Forms
Calendar
Gmail
Google may store data overseas.
Google complies with major international privacy and security standards.

Security measures:
• Encryption
• Password protection
• Multi‑factor authentication
• Limited staff access
• Audit logs
• Staff confidentiality agreements
• Staff training in privacy and child safety
• Secure disposal of records

You may access more information about how your digital privacy is managed by the digital platforms used by Authentic Echo via the links below (cookies, affiliates).

Cliniko – practice management software

Zoom – virtual sessions

Teams -– virtual sessions

Facebook (Meta) – business page

Instagram (Meta) – business page

www.authenticecho.com (website hosted by Squarespace) – business website

Google (Workspace, email) – administrative platforms

Microsoft OneDrive Cloud storage – administrative, record keeping platform

16.    Policy review statement 

We ensure our privacy policy is regularly reviewed to ensure compliance with current obligations.  

If any changes are made: 

·       they will be reflected on the website

·       significant changes may be communicated directly to patients via email or other means

Please check the policy periodically for updates and let us know if you have any questions or feedback.

Policy date:                8th of February 2026

Review date:              8th of June 2026

Changes to this policy
This policy may be updated to reflect changes in laws, standards, or practices.
The most current version is published on the website.

Current as of the 9th of February 2026.