Additional Details 

1. Privacy Policy 

A legally compliant, custom-drafted privacy policy that: 

• clearly outlines the personal and sensitive information your practice collects and holds;

• explains how and why your practice collects and holds this information;

• details how patients can access, correct or request deletion of their information;

• provides details on how an individual can lodge a complaint and how your entity deals with the information; and

• states what, if any, disclosures your practice makes to overseas recipients;

• reflects current requirements around the use of automation and AI in practice operations; and

• demonstrates the safeguards your practice uses to protect data, including both technical and organisational measures.

  2. Notifiable Data Breach Package 

A structured, practical framework for handling data breaches, including: 

• a Manual; 

• a Breach Assessment Process; and 

• a Patient Notification Letter. 

All of which you can deploy in your business to be confident you have a process and  procedure in place if there is a cyber incident and a data breach occurs, and you can  also be confident you will be able to meet your obligations as an APP entity. 

Once you Purchase the Notifiable Data Breach Package + Privacy Policy Bundle:

1. We will send you the complete Notifiable Data Breach Package by email. 

2. You can provide us with the information we need to prepare your Privacy Policy by  completing a simple questionnaire, or, if you prefer, by booking a call with one of our  senior lawyers to give your instructions directly. 

3. We will then prepare the first draft of the Policy based on your instructions.

4. We will provide the draft Policy to you by email. 

5.  You are welcome to either talk to us on the telephone (for up to 30 minutes) or email  your comments and questions about the draft Agreement. 

6. We will then finalise the Terms and Conditions and Policy (if any changes are required  and if instructions are received within 30 days of us sending you the first draft). 

7. You have a new asset to use in your Practice. 

Frequently Asked Questions 

If you are considering engaging You Legal to prepare Privacy Policy, here’s what you need to  know: 

As an APP entity (which includes all medical and health businesses) you must notify the Office  of the Australian Information Commissioner (OAIC) and any affected individuals where an  eligible data breach is likely to result in serious harm and undertake full assessments of  suspected data breaches. 

An eligible data breach occurs where there has been unauthorised access, disclosure or loss of  personal information where the loss is likely to result in serious harm. Sometimes this may be  obvious, however oftentimes it is not. 

A Privacy Policy is essentially a statement that declares your Practice’s Policy on collecting, storing and releasing information, within the Practice and online. It explains what information is collected, how it is managed, and the systems and safeguards in place to keep it secure.

People have certainly become more aware of privacy in recent times. There are privacy laws that regulate the handling of personal information collected by your practice. For example, if an organisation collects any sensitive information, such as health information, a Privacy Policy is legally required under the Privacy Act 1988. It also demonstrates accountability and protects your practice from regulatory penalties.

A Privacy Policy is important as it provides transparency and clarity to customers or users about  how their personal information will be used and protected. Many practitioners have a tendency  to focus on the immediate medical needs of their patients, and quite rightly so. A Privacy Policy,  

however, is a mandatory and essential tool to ensure that your practice also works to protect  patient privacy and builds trust and credibility. 

A Privacy Policy should clearly outline what personal and sensitive information your practice collects and why, how it is stored, used, and shared, and what automated, or AI systems are involved in managing that information. It should also describe the technical and organisational safeguards in place to protect data such as encryption, multi-factor authentication, restricted access, and staff training. Additionally, the policy must explain how individuals can access or correct their information, and how privacy complaints are managed.

These elements together ensure compliance with the Privacy Act 1988 (Cth), together with the Australian Privacy Principles (APPs) and demonstrate your practice’s commitment to transparency and patient trust.

Any organisation or agency that is covered by the Privacy Act 1988 (Cth) must have a privacy  policy – this includes organisations in Australia with an annual turnover of over $3 million, as  well as certain smaller types of organisations including all medical health service providers  (regardless of turn over). 

A Privacy Policy should be updated whenever there are changes to the way personal information  is collected, used, or protected. It should also be reviewed periodically, at least once a year, to  ensure that it remains accurate and up to date. 

Not a medical or allied health practice operating from a physical premises? Is your medical  clinic exclusively online? We can still help! If you are running a med-tech or health tech  business, or an online medical practice, you would already know some of the difficulties that  come with handling information. Contact us below to enquire about a Privacy Policy best suited  to your business. 

You are welcome to contact us if you have any other questions about this Fast Track Solution.

Have a question?