Privacy Policy — Fast Tracking Anaesthetic Billing Services

Effective date: 2 June 2026
Last reviewed: 2 June 2026

Fast Tracking Anaesthetic Billing Services (“FTABS”, “we”, “us”, “our”) provides anaesthetic billing and administrative support services to anaesthetists and related healthcare providers. In delivering these services, we may handle personal information and, where relevant, health information.

This Privacy Policy explains how we collect, hold, use, disclose, store, and protect information, and how you can access or correct it or make a complaint.

1) Scope and commitment

We are committed to protecting privacy and handling information responsibly. This policy applies to information we handle in the course of providing billing and administrative services (including via phone, email, customer support systems, and the software and automation tools we use to process billing).

We review this policy at least annually and sooner if our operations, systems, technology (including automation and AI tools), or legal requirements change, to ensure it reflects how we actually operate.

2) Definitions

Personal information: information about an identified individual, or an individual who is reasonably identifiable (e.g., name, contact details, Medicare number).
Health information: sensitive information about a person’s health or healthcare that may be included in billing-related documentation or administrative records.

3) What information we collect and hold

Depending on how you interact with us and the services we provide, we may collect and hold:

A) Patient/consumer information

  • Name, date of birth, address, phone number, email
  • Medicare and/or DVA details (where relevant to billing)
  • Private health insurance details and membership numbers (where relevant)
  • Billing and payment information (invoices, claim status, receipts, payment arrangements)
  • Information needed to respond to account enquiries and verify identity

B) Billing/episode-related information (may include health information)

  • Provider details, facility details, dates of service, item numbers, the procedure performed, and other billing-relevant information supplied by the engaged anaesthetist/practice/hospital (including in theatre lists and similar documents) and used for billing administration
  • Billing system records (MediTrust): We store and manage billing administration records in MediTrust, which may include patient identifiers, service dates, item numbers, invoice/claim status, and payment history, to the extent required to provide billing services.

C) Enquiries and communications

  • Email correspondence, phone call notes, and customer support tickets
  • Records of requests for access/correction or privacy complaints

D) Website, analytics and technical information

  • Basic usage and security logs (e.g., IP address, time of access) for maintaining system security
  • Website analytics and cookie data collected through Google Analytics (e.g., pages viewed, approximate location, device and browser information, and a cookie identifier) to help us understand and improve our website. This information is processed by Google and may be handled outside Australia (see Section 9). You can control cookies through your browser settings and any cookie banner we provide.

4) How we collect information

We may collect information:

  • From the anaesthetist/practice/hospital that engages us, and from systems they use for billing administration
  • Directly from patients/consumers when they contact us about an account
  • From third parties involved in billing/claims processes (e.g., private health funds, Medicare/DVA, payment providers) where required or authorised

When you contact us directly and we collect your information, this Privacy Policy serves as our notice to you about how that information is handled.

5) Why we collect, use and disclose information

We collect, use and disclose information for billing administration and compliance purposes, including:

  • Preparing and issuing accounts, processing payments, and managing billing enquiries
  • Claims processing and reconciliation (where relevant)
  • Reading and extracting billing details from documents (such as theatre lists) to prepare accounts accurately (see Section 12)
  • Quality assurance, staff training, and service improvement (de-identified where practicable)
  • Managing our operations and meeting legal, regulatory, audit, and insurer obligations
  • Protecting our systems and preventing fraud or unauthorised access

We generally only use and disclose information for the primary purpose it was collected, or a related purpose you would reasonably expect, unless otherwise required or authorised by law.

6) Authority and consent (how this works in a billing service)

FTABS acts as a billing and administrative service provider. In most cases:

  • We receive information from the anaesthetist/practice/hospital that engaged us as part of lawful healthcare administration and billing functions, and on the basis of the authority and consent obtained by the patient’s treating practitioner.
  • If you contact us directly, we collect only what is necessary to verify identity and respond to your enquiry, manage payment arrangements, or resolve billing issues.

Where express consent is required for a secondary purpose (for example, direct marketing, research involving identifiable data, or training AI models using personal information), we will seek it.

7) Anonymity and pseudonymity

Where practicable, individuals may have the option of not identifying themselves or using a pseudonym when dealing with us. However, in billing and healthcare administration contexts, it is usually not practical to handle enquiries anonymously because we must verify identity to protect privacy and process accounts correctly.

If you request anonymity or pseudonymity, we will consider the request, but we may require identification where it is impracticable or legally required.

8) Who we disclose information to

We may disclose information to the extent necessary for billing administration and compliance, including:

  • The anaesthetist/practice that engaged us
  • Hospitals/day facilities (for reconciliation or account queries)
  • Medicare and/or DVA (where applicable) and private health funds/insurers (where relevant)
  • Payment providers and banks (to process payments)
  • Debt recovery providers (where instructed, lawful, and appropriate)
  • Our professional advisers (e.g., insurers, accountants, lawyers)
  • MediTrust (billing platform) and associated technical support providers (to the extent necessary to store, process, and manage billing administration records)
  • AI and analytics service providers we use to operate our services — currently Microsoft Azure OpenAI (to read and extract billing details from documents) and Google (website analytics). See Sections 9 and 12.
  • IT and support service providers who host or support our systems
  • Telecommunications and voice service providers (including SIP trunking providers) for inbound/outbound calls, call routing, and service continuity.

We take reasonable steps to ensure third parties we engage handle information appropriately (including confidentiality and security expectations).

9) Storage location, overseas storage and disclosure

We use a mix of Australia-based systems and cloud services.

Australia-based storage and processing

  • Billing platform (MediTrust): We store billing administration records in MediTrust, which (based on MediTrust’s published information) hosts its servers in Melbourne, Victoria, Australia.
  • AI document processing (Microsoft Azure OpenAI): To prepare billing from theatre lists and similar documents, we use Microsoft Azure OpenAI hosted in the Australia East region. This processing takes place in Australia, and the information is not used to train AI models. Under Microsoft’s standard service terms, content may be retained by Microsoft for a limited period (up to around 30 days) for the purpose of detecting misuse, and — only where content is automatically flagged — may be reviewed by authorised Microsoft personnel who could be located outside Australia. Routine billing documents are not expected to be flagged. We take steps to minimise the information sent to this service.
  • Business email (Microsoft 365): Our business email is hosted on Microsoft 365 in an Australian tenant.

Overseas storage / overseas disclosure

We are likely to disclose personal information to overseas recipients through the use of the following cloud-based systems:

  • Customer support platform (LiveAgent): Our LiveAgent environment is currently configured to store and process customer support data in the United States (Virginia). This may include patient names, contact and account details and, occasionally, health-related context contained in enquiries. We are moving customer support to an Australian-hosted platform and will update this section once that change is complete.
  • Website analytics (Google): Our website uses Google Analytics. Google may process website usage and cookie data on servers located in the United States and other countries.
  • Telecommunications/voice services: We use telecommunications and voice service providers (including SIP trunking) to enable inbound and outbound calls. These providers may process call-related information such as phone numbers, call timing/duration, and routing data, and may store or process this information in Australia and/or overseas depending on service configuration and network architecture.

Where we disclose personal information overseas, we take reasonable steps to ensure appropriate safeguards are in place and that overseas handling is consistent with Australian privacy requirements. We will update this section if our systems or their data-centre regions change.

10) Research, quality improvement, education and training

We may use information for internal service improvement, staff training, and quality assurance, de-identified where practicable.

If we ever participate in research that requires identifiable information, we will seek express consent and ensure appropriate approvals and privacy requirements are met.

11) Direct marketing

We do not use patient information for direct marketing.

If this position changes, we will only use personal information for direct marketing with express consent and will provide a clear opt-out mechanism.

12) Use of Artificial Intelligence (AI) and automation

We use a limited number of AI and automation tools to support our administrative work. Currently these are:

  • Document data extraction: We use Microsoft Azure OpenAI (hosted in Australia — see Section 9) to read theatre lists and similar billing documents and extract the booking and billing details (such as patient name, date of birth, Medicare/DVA number, health fund, and the procedure) into our billing system. These documents may include health information.
  • Support workflow tools: limited automation to help route or template customer-support messages.

Where we use AI or automation:

  • A staff member reviews and remains responsible for the output before billing records are relied upon; items that are uncertain or fail our checks are reviewed and corrected by a person.
  • We do not use automated decision-making to make decisions that have legal or similarly significant effects on individuals without human involvement.
  • We do not use personal information to train or develop AI models, and our AI service provider does not use your information to train its models.
  • We take steps to minimise the information sent to AI services and to keep processing within Australia where practicable.

13) Data quality

We take reasonable steps to ensure the information we hold is accurate, complete, up to date, and relevant. If you believe information is incorrect, please contact us and we will address it.

14) Data security, retention and data breaches

We take reasonable technical and organisational steps to protect information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include access controls and limiting access to those who need it, multi-factor authentication on key accounts, device and disk encryption, secure storage of credentials, staff confidentiality and privacy practices, and appropriate ICT and security measures.

We retain billing and administrative information for as long as it is needed to provide our services and to meet our legal, professional, tax and insurance obligations. When information is no longer required for those purposes and any minimum retention period has passed, we securely destroy or de-identify it.

Data breaches: If a data breach occurs that is likely to result in serious harm, we will respond in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), including notifying the Office of the Australian Information Commissioner and affected individuals as required.

15) Access to and correction of information

You may request access to your personal information and request corrections.

To request access or corrections:

  1. Contact our Privacy Officer in writing (email is acceptable).
  2. We may ask you to verify your identity before releasing information.
  3. We will respond within 30 days, where practicable.

A small fee may apply to cover reasonable administrative costs (but you will not be charged for making the request).

16) Privacy enquiries and complaints

If you have questions, concerns, or want to make a privacy complaint, please contact:

Privacy Officer: Practice Manager / Privacy Officer
Fast Tracking Anaesthetic Billing Services
Postal: 97 Forest St, Bendigo VIC 3550
Email: [email protected]
Phone: 03 5323 0275

We will acknowledge your complaint and work with you to resolve it.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

17) Updates to this policy

This policy was last updated on 2 June 2026. We review this privacy policy at least annually, or when there are changes to operations, legislation, or relevant technology. Significant changes may be communicated via our website or by other appropriate means.