Additional Details

• Clearly outline the personal and sensitive information your practice collects and holds;

• Explain how and why your practice collects and holds this information;

• Detail how patients can access, correct, or request deletion of their information;

• State what, if any, disclosures your practice makes to overseas recipients;

• Reflect current requirements around the use of automation and AI in practice operations; and

• Demonstrate the safeguards your practice uses to protect data, including both technical and organisational measures.

Interested in learning more about why your medical practice needs a Privacy Policy? You can read our article here.

1. You will provide us with the information we need to prepare the Privacy Policy via an online form.

2. We will then prepare the first draft of the Policy based on your instructions;

3. We will provide the draft Policy to you by email;

4. You are welcome to either talk to us on the telephone (for up to 30 minutes) or email your comments and questions about the draft Agreement;

5. We will then finalise the Policy (if any changes are required and if instructions are received within 30 days of us sending you the first draft); and

6. You have a new asset to use in your Practice.

Frequently Asked Questions

If you are considering engaging You Legal to prepare a Privacy Policy, here’s what you need to know:

A Privacy Policy is essentially a statement that declares your Practice’s Policy on collecting, storing and releasing information, within the Practice and online. It explains what information is collected, how it is managed, and the systems and safeguards in place to keep it secure.

People have certainly become more aware of privacy in recent times. There are privacy laws that regulate the handling of personal information collected by your practice. For example, if an organisation collects any sensitive information, such as health information, a Privacy Policy is legally required under the Privacy Act 1988. It also demonstrates accountability and protects your practice from regulatory penalties.

A Privacy Policy is important as it provides transparency and clarity to customers or users about how their personal information will be used and protected. Many practitioners have a tendency to focus on the immediate medical needs of their patients, and quite rightly so. A Privacy Policy, however, is a mandatory and essential tool to ensure that your practice also works to protect patient privacy and builds trust and credibility.

A Privacy Policy should clearly outline what personal and sensitive information your practice collects and why, how it is stored, used, and shared, and what automated, or AI systems are involved in managing that information. It should also describe the technical and organisational safeguards in place to protect data such as encryption, multi-factor authentication, restricted access, and staff training. Additionally, the policy must explain how individuals can access or correct their information, and how privacy complaints are managed.

These elements together ensure compliance with the Privacy Act 1988 (Cth), together with the Australian Privacy Principles (APPs) and demonstrate your practice’s commitment to transparency and patient trust.

Any organisation or agency that is covered by the Privacy Act 1988 (Cth) must have a privacy policy – this includes organisations in Australia with an annual turnover of over $3 million, as well as certain smaller types of organisations including all medical health service providers (regardless of turn over).

A Privacy Policy should be updated whenever there are changes to the way personal information is collected, used, or protected. It should also be reviewed periodically, at least once a year, to ensure that it remains accurate and up-to-date.

Not a medical or allied health practice operating from a physical premises? Is your medical clinic exclusively online? We can still help! If you are running a med-tech or health tech business, or an online medical practice, you would already know some of the difficulties that come with handling information. Contact us below to enquire about a Privacy Policy best suited to your business.

Does your practice also have a website? You can purchase our Website Terms and Conditions, as well as a Privacy Policy, here.

When implementing your Privacy Policy, you may want to do so together with a Data Breach Response Plan. We offer a Notifiable Data Breach Package, which you can find here.

Have a question?