The Australian Privacy Principles (APPs) were introduced in March 2014, to supplement the Privacy Act. The APPs apply to all health service providers. If you run a medical business, you need to make sure your Privacy Policy complies with the APPs, to comply with the law, as there are considerable fines for breach.

A thorough and up-to-date privacy policy will also help show your clients that you respect their personal information and take steps to keep it safe.

A Privacy Policy for a medical business needs to address the items set out below.

Collection of Personal Information

First, set out what type of information your business collects. Personal information includes:

  • name;
  • contact details;
  • date of birth;
  • demographics; and
  • preferences.

If your business receives personal information from third parties, you should indicate that you do so, and explain that you will protect this third party information in the same way you protect information collected directly.

Medical businesses also collect sensitive information, which is a subset of personal information. This is given higher protection under the APPs.

Sensitive information includes:

  • information or an opinion about an individual’s race, political opinions, religions and beliefs, memberships of a particular association, sexual orientation, or criminal records, which are also personal information;
  • health information;
  • genetic information (that is not otherwise health information); and
  • biometric information.

Use and Disclosure of Personal Information

Your Privacy Policy needs to set out how personal information will be used and disclosed. Personal information should not be used without consent.

Uses may include contacting and communicating with clients, for internal record keeping, marketing, and providing information to third parties.

You are allowed to disclose personal information to credit reporting agencies and courts where your clients fail to pay for any goods or services you provided, to law enforcement agencies as required by law, and to third parties who may assist in providing information, products or services to the client.

In relation to sensitive information, use and disclosure is stricter.

For a medical business, generally, sensitive information may only be used or disclosed under the following circumstances:

  • if the client would reasonably expect the business to use or disclose the information for a secondary purpose, and only if that secondary purpose is directly related to the primary purpose for which the sensitive information was collected;
  • if it is required or authorised by law;
  • if you reasonably believe that the disclosure is necessary for law enforcement purposes; or
  • if a permitted health situation exists.

A permitted health situation only exists where the information is necessary to provide a health service to the individual and the collection is either:

  • required or authorised by or under an Australian law; or
  • in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.

 Storage and Security

You need to show your client that you are committed to keeping personal and sensitive information secure. You should outline what procedures you have in place to protect information such as physical, electronic or managerial procedures.

However, to limit your liability, it is wise to explain that whilst measures are taken, no information transmitted over the internet can be guaranteed to be secure.

Contact Details

You must provide details of how people can contact you in regards to the personal information that is held with your business and how they can correct this information.

Conclusion

When you operate a medical business, you collect, use and disclose personal and sensitive information on a regular basis. It is important that this information is protected. You need a good quality Privacy Policy in place and you need to follow it. To ensure that your Privacy Policy complies with the APPs, and covers your business, you should check the Privacy Act or have assistance from a lawyer.

Ursula Hogben
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Ursula about this topic, or ask us any other question? Please fill out the form below to send Ursula a message!

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy