Additional Details 

1. Privacy Policy 

A legally compliant, custom-drafted privacy policy that: 

• clearly details the personal and sensitive information your entity collects and  holds; 

• states how your business collects and holds such information and why; • documents how an individual can get access to their information; 

• provides details on how an individual can lodge a complaint and how your entity  deals with the information; and 

• states what disclosure, if any, your entity will make to overseas recipients.

  2. Notifiable Data Breach Package 

A structured, practical framework for handling data breaches, including: 

• a Manual; 

• a Breach Assessment Process; and 

• a Patient Notification Letter. 

All of which you can deploy in your business to be confident you have a process and  procedure in place if there is a cyber incident and a data breach occurs, and you can  also be confident you will be able to meet your obligations as an APP entity. 

Once you Purchase the Notifiable Data Breach Package + Privacy Policy Bundle:

1. We will send you the complete Notifiable Data Breach Package by email. 

2. You can provide us with the information we need to prepare your Privacy Policy by  completing a simple questionnaire, or, if you prefer, by booking a call with one of our  senior lawyers to give your instructions directly. 

3. We will then prepare the first draft of the Policy based on your instructions.

4. We will provide the draft Policy to you by email. 

5.  You are welcome to either talk to us on the telephone (for up to 30 minutes) or email  your comments and questions about the draft Agreement. 

6. We will then finalise the Terms and Conditions and Policy (if any changes are required  and if instructions are received within 30 days of us sending you the first draft). 

7. You have a new asset to use in your Practice. 

Frequently Asked Questions 

If you are considering engaging You Legal to prepare Privacy Policy, here’s what you need to  know: 

As an APP entity (which includes all medical and health businesses) you must notify the Office  of the Australian Information Commissioner (OAIC) and any affected individuals where an  eligible data breach is likely to result in serious harm and undertake full assessments of  suspected data breaches. 

An eligible data breach occurs where there has been unauthorised access, disclosure or loss of  personal information where the loss is likely to result in serious harm. Sometimes this may be  obvious, however oftentimes it is not. 

A Privacy Policy is essentially a statement that declares your Practice’s Policy on collecting,  storing and releasing information, within the Practice and online. 

A Privacy Policy usually outlines the specific information that is collected by the Practice. It  states whether the information collected is kept confidential or shared or sold to researchers or  other third-party organisations. 

People have certainly become more aware of privacy in recent times. There are privacy laws that  regulate the handling of personal information collected by your practice. For example, if an  organisation collects any sensitive information, such as health information, a Privacy Policy is  legally required under the Privacy Act 1988.

A Privacy Policy is important as it provides transparency and clarity to customers or users about  how their personal information will be used and protected. Many practitioners have a tendency  to focus on the immediate medical needs of their patients, and quite rightly so. A Privacy Policy,  

however, is a mandatory and essential tool to ensure that your practice also works to protect  patient privacy and builds trust and credibility. 

A Privacy Policy should include information about what personal information is collected, how it  will be used, who it will be shared with and how it will be protected. It should also include  information about your users' rights, such as the right to access their personal information and  the right to request that their personal information be deleted. The Australian Privacy Act,  together with the Australian Privacy Principles (APP), outline the requirements for, and what  should be set out in, your practice’s Privacy Policy. 

Any organisation or agency that is covered by the Privacy Act 1988 (Cth) must have a privacy  policy – this includes organisations in Australia with an annual turnover of over $3 million, as  well as certain smaller types of organisations including all medical health service providers  (regardless of turn over). 

A Privacy Policy should be updated whenever there are changes to the way personal information  is collected, used, or protected. It should also be reviewed periodically, at least once a year, to  ensure that it remains accurate and up to date. 

Not a medical or allied health practice operating from a physical premises? Is your medical  clinic exclusively online? We can still help! If you are running a med-tech or health tech  business, or an online medical practice, you would already know some of the difficulties that  come with handling information. Contact us below to enquire about a Privacy Policy best suited  to your business. 

You are welcome to contact us if you have any other questions about this Fast Track Solution.

Have a question?