GP’s hold and have privileged access to the most sensitive of patient information, therefore keeping your medical privacy policy up to date is critical.

A review by the Australian Information Commissioner found that: 

  • 1 in 10 GP clinics don’t have a Privacy Policy, and  
  • Only 20% of Clinics documented how they collected and stored patient information.   

These gaps, amongst others, potentially leave GP’s exposed if there ever is a breach of patient confidentially. Protecting personal and corporate data is now an absolute must for all General Practice Clinics. 

The Australian Privacy Principles requires all APP entities to have a compliant Privacy Policy.   

For this reason, it’s critical that your Privacy Policy is unique to your Practice for it to function efficiently.  

During its drafting and implementation, you should consider: 

  • current and future employers/employees; and 
  • your future and present patients 

Placing a strong focus on a well-documented Privacy Policy, today, will create trust in your Practice and help to enhance your reputation. This means moving beyond just repeating the words in the Australian Privacy Principles but developing a well-constructed Privacy Policy that focuses on your particular entity. 


Here are our top tips: 

1.Make Your Privacy Policy Accessible and focused on Practice-Specific Content

  • Think about your Practice and make sure the Policy reflects your specific operations.  
  • Consult and discuss on its content and delivery (and how employees and patients will access it) 
  • Make sure you keep it readable and understood by using simple language and an easy to read font (try to avoid legal jargon and terms) 
  • Focus on the essentials.  


TIP:  So people aren’t thrown by the length of the document – consider initially providing a summary version of your Policy which highlights the key points with a link to the full extract.  


2.Provide employees with adequate Training

Providing proper training to your employees when implementing (or updating) your Privacy Policy will ensure it’s well understood and accessible. To assist with implementation and compliance ensure the Policy is aligned with internal processes and procedures. 

Allocating one key person to be accountable for its implementation and adherence will create less confusion, especially if questions and issues arise. Depending on the size of your Practice – this may be a dedicated role or a part of an existing employee’s overall job responsibilities. 

It’s important to reiterate that everyone in your Practice is aware of who is responsible for privacy, including the role they play.  


3.Consider Special Circumstances that may arise

Take time to consider situations that are outside your day-to-day operations. As it’s important that your Privacy Policy covers special projects or situations: 

  • Such as when new responsibilities are taken on  
  • New information is captured and stored, or  
  • Handling practices differ from the usual.  

An example would be working with an overseas partner – in this case, don’t also forget to ensure an overseas recipient will comply with the Australian Privacy Principles. 


4.Prepare for any potential Data Breaches

Finally, when you implement your Policy do so together with a Data Breach Response Plan. A new Notifiable Data Breaches scheme comes into effect on 22 February 2018. It will apply to any organization who must comply with the current Privacy Principles.  

A ‘Notifiable Data Breach’ is a breach that is ‘likely to result in serious harm’ to the person to which the data relates. If an organisation believes that there has been a data breach (of any size) they must, in the first instance, undertake and complete an assessment within 30 days of identifying the (possible) violation.  



Want to get started right now on implementing or updating your Privacy Policy?  

To get started, please complete our online questionnaire.

More information on Privacy Policy requirements specific to GP’s can be found here. 



Feel free to [get in touch] if you have any further questions regarding your Privacy Policy – we are here to help and support.