Privacy Policy
Privacy Policy
This Fast-Track solution is best suited for medical or allied health practices that operate from physical premises.
A Privacy Policy is required by law for medical practices, who are responsible for collecting and handling sensitive information and protecting both personal and corporate data as part of their business. It is critical that your Privacy Policy is unique to your Practice for it to function effectively. Additionally, if you are working with any third-party applications or services that you share patient information with (like a third-party booking system through your website), you may need to update your practice’s Privacy Policy.
Note: Price does not include GST
Additional Details
A Privacy Policy is required to:
Clearly detail the personal and sensitive information your entity collects and holds;
State how your business collects and holds such information and why;
Document how an individual can get access to their information;
Provide details on how an individual can lodge a complaint and how your entity deals with the information; and
State what disclosure, if any, your entity will make to overseas recipients.
Interested in learning more about why your medical practice needs a Privacy Policy? You can read our article here.
Once you Purchase the Policy:
You will provide us with the information we need to prepare the Privacy Policy via an online form.
We will then prepare the first draft of the Policy based on your instructions;
We will provide the draft Policy to you by email;
You are welcome to either talk to us on the telephone (for up to 30 minutes) or email your comments and questions about the draft Agreement;
We will then finalise the Policy (if any changes are required and if instructions are received within 30 days of us sending you the first draft); and
You have a new asset to use in your Practice.
Frequently Asked Questions
If you are considering engaging You Legal to prepare a Privacy Policy, here’s what you need to know:
What is a Privacy Policy?
A Privacy Policy is essentially a statement that declares your Practice’s Policy on collecting, storing and releasing information, within the Practice and online.
A Privacy Policy usually outlines the specific information that is collected by the Practice. It states whether the information collected is kept confidential, or shared or sold to researchers or other third-party organisations.
Why do I need a Privacy Policy?
People have certainly become more aware of privacy in recent times. There are privacy laws that regulate the handling of personal information collected by your practice. For example, if an organisation collects any sensitive information, such as health information, a Privacy Policy is legally required under the Privacy Act 1988.
Why is a Privacy Policy important?
A Privacy Policy is important as it provides transparency and clarity to customers or users about how their personal information will be used and protected. Many practitioners have a tendency to focus on the immediate medical needs of their patients, and quite rightly so. A Privacy Policy, however, is a mandatory and essential tool to ensure that your practice also works to protect patient privacy and builds trust and credibility.
What should be included in a Privacy Policy?
A Privacy Policy should include information about what personal information is collected, how it will be used, who it will be shared with and how it will be protected. It should also include information about your users' rights, such as the right to access their personal information and the right to request that their personal information be deleted. The Australian Privacy Act, together with the Australian Privacy Principles (APP), outline the requirements for, and what should be set out in, your practice’s Privacy Policy.
Who should have a Privacy Policy?
Any organisation or agency that is covered by the Privacy Act 1988 (Cth) must have a privacy policy – this includes organisations in Australia with an annual turnover of over $3 million, as well as certain smaller types of organisations including all medical health service providers (regardless of turn over).
How often should a Privacy Policy be updated?
A Privacy Policy should be updated whenever there are changes to the way personal information is collected, used, or protected. It should also be reviewed periodically, at least once a year, to ensure that it remains accurate and up-to-date.
Not sure if this solution is right for you?
Not a medical or allied health practice operating from a physical premises? Is your medical clinic exclusively online? We can still help! If you are running a med-tech or health tech business, or an online medical practice, you would already know some of the difficulties that come with handling information. Contact us below to enquire about a Privacy Policy best suited to your business.
Does your practice also have a website? You can purchase our Website Terms and Conditions, as well as a Privacy Policy, here.
When implementing your Privacy Policy, you may want to do so together with a Data Breach Response Plan. We offer a Notifiable Data Breach Package, which you can find here.
Have a question?
Please be aware that our Standard Terms apply to this engagement: https://youlegal.com.au/standard-terms/