Notifiable Data Breach Package + Privacy Policy Bundle
Notifiable Data Breach Package + Privacy Policy Bundle
APP Entities, including medical and allied health practices that collect sensitive health information, are legally required to comply with the Australian Privacy Principles and understand their obligations under the Notifiable Data Breach Scheme.
A Privacy Policy is also required by law for medical practices, as they are responsible for collecting, handling, and protecting both personal and corporate data. To be effective, your Privacy Policy must be tailored to your specific practice, and if you use third-party applications or services (such as an online booking system), it may need to be updated to reflect how patient information is shared and safeguarded.
This Fast Track solution ensures your practice has both a compliant Privacy Policy and a Notifiable Data Breach Response Plan in place — giving you the confidence that you are meeting your legal obligations while protecting your patients and your business.
Note: Price does not include GST
Additional Details
1. Privacy Policy
A legally compliant, custom-drafted privacy policy that:
clearly details the personal and sensitive information your entity collects and holds;
states how your business collects and holds such information and why; • documents how an individual can get access to their information;
provides details on how an individual can lodge a complaint and how your entity deals with the information; and
states what disclosure, if any, your entity will make to overseas recipients.
2. Notifiable Data Breach Package
A structured, practical framework for handling data breaches, including:
a Manual;
a Breach Assessment Process; and
a Patient Notification Letter.
All of which you can deploy in your business to be confident you have a process and procedure in place if there is a cyber incident and a data breach occurs, and you can also be confident you will be able to meet your obligations as an APP entity.
Once you Purchase the Notifiable Data Breach Package + Privacy Policy Bundle:
We will send you the complete Notifiable Data Breach Package by email.
You can provide us with the information we need to prepare your Privacy Policy by completing a simple questionnaire, or, if you prefer, by booking a call with one of our senior lawyers to give your instructions directly.
We will then prepare the first draft of the Policy based on your instructions.
We will provide the draft Policy to you by email.
You are welcome to either talk to us on the telephone (for up to 30 minutes) or email your comments and questions about the draft Agreement.
We will then finalise the Terms and Conditions and Policy (if any changes are required and if instructions are received within 30 days of us sending you the first draft).
You have a new asset to use in your Practice.
Frequently Asked Questions
If you are considering engaging You Legal to prepare Privacy Policy, here’s what you need to know:
What actually is a ‘notifiable data breach’?
As an APP entity (which includes all medical and health businesses) you must notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals where an eligible data breach is likely to result in serious harm and undertake full assessments of suspected data breaches.
Ok...so then what is an ‘eligible data breach’?
An eligible data breach occurs where there has been unauthorised access, disclosure or loss of personal information where the loss is likely to result in serious harm. Sometimes this may be obvious, however oftentimes it is not.
What is a Privacy Policy?
A Privacy Policy is essentially a statement that declares your Practice’s Policy on collecting, storing and releasing information, within the Practice and online.
A Privacy Policy usually outlines the specific information that is collected by the Practice. It states whether the information collected is kept confidential or shared or sold to researchers or other third-party organisations.
Why do I need a Privacy Policy?
People have certainly become more aware of privacy in recent times. There are privacy laws that regulate the handling of personal information collected by your practice. For example, if an organisation collects any sensitive information, such as health information, a Privacy Policy is legally required under the Privacy Act 1988.
Why is a Privacy Policy important?
A Privacy Policy is important as it provides transparency and clarity to customers or users about how their personal information will be used and protected. Many practitioners have a tendency to focus on the immediate medical needs of their patients, and quite rightly so. A Privacy Policy,
however, is a mandatory and essential tool to ensure that your practice also works to protect patient privacy and builds trust and credibility.
What should be included in a Privacy Policy?
A Privacy Policy should include information about what personal information is collected, how it will be used, who it will be shared with and how it will be protected. It should also include information about your users' rights, such as the right to access their personal information and the right to request that their personal information be deleted. The Australian Privacy Act, together with the Australian Privacy Principles (APP), outline the requirements for, and what should be set out in, your practice’s Privacy Policy.
Who should have a Privacy Policy?
Any organisation or agency that is covered by the Privacy Act 1988 (Cth) must have a privacy policy – this includes organisations in Australia with an annual turnover of over $3 million, as well as certain smaller types of organisations including all medical health service providers (regardless of turn over).
How often should a Privacy Policy be updated?
A Privacy Policy should be updated whenever there are changes to the way personal information is collected, used, or protected. It should also be reviewed periodically, at least once a year, to ensure that it remains accurate and up to date.
Not sure if this solution is right for you?
Not a medical or allied health practice operating from a physical premises? Is your medical clinic exclusively online? We can still help! If you are running a med-tech or health tech business, or an online medical practice, you would already know some of the difficulties that come with handling information. Contact us below to enquire about a Privacy Policy best suited to your business.
You are welcome to contact us if you have any other questions about this Fast Track Solution.
Have a question?
Please be aware that our Standard Terms apply to this engagement: https://youlegal.com.au/standard-terms/