Healthcare businesses and service providers encounter more complex risks than other businesses, given their services’ personal and invasive nature. Whether services are provided in person or online, it is critical to minimise risks by implementing appropriate protections. This article sets out the essential contracts that a health business should have.
Privacy Policy
Under the Privacy Act (Act), health businesses and health service providers that hold health information must comply with the Australian Privacy Principles (APPs). Under the Act, any personal information you collect in the course of providing health services is health information. Health information is classified as ‘sensitive information’. Therefore, strict handling requirements apply.
What is Health Information?
Health information includes:
- notes of an individual’s symptoms or diagnosis and the treatment provided;
- appointment and billing details;
- collecting an individual’s healthcare identifier to provide a healthcare service;
- prescriptions and other pharmaceutical purchases; and
- any other personal information collected to provide a health service.
Why Do I Need a Privacy Policy?
Healthcare businesses require a privacy policy to establish how the business handles health information. This includes how you collect, use, disclose and secure personal information.
Additionally, healthcare businesses must obtain consent from clients before collecting health information. For example, your business might ask clients to fill out a consent form before you perform specific services or treatments.
Some states and territories have specific health record legislation which lays out health privacy principles similar to the APPs. State and territory legislation also set out requirements for storing medical records. For example, healthcare businesses must retain information for seven years in New South Wales. However, if the business collects information from individuals under 18, they must retain it until the patient is 25.
Client Agreements
Having terms and conditions to govern how your service works is important, even as a healthcare business. The difference is that some higher risks must be detailed and disclosed in a healthcare business.
For example, if you intend to provide National Disability Insurance Scheme (NDIS) support services, your terms and conditions must meet NDIS obligations. These requirements depend on whether or not you are a registered NDIS provider.
Alternatively, suppose you develop a healthcare app for your business. In that case, your app terms and conditions must limit your responsibility for inaccurate information or loss of information if your app crashes or requires emergency maintenance. Overall, having well-tailored terms and conditions for your clients and patients is essential.
Facilities and Service Agreements
If you share your healthcare business space with other healthcare service providers, you should have a facilities and service agreement. This is in addition to a sublease or licence agreement with the other party.
The facilities and service agreement should set out:
- the responsibilities of each party in providing the practice management services;
- the type of insurance required; and
- how the space will be accessed.
Furthermore, knowing the legal impacts of sharing your premises and ensuring you have the proper agreements in place is prudent.
Employment and Contractor Agreements
Employees or contractors you engage with will likely come in contact with your client’s sensitive information. Therefore, your employment and contractor agreements are essential as they set out the obligations of your employee or contractor, respectively. Including confidentiality and privacy obligations in employment and contractor agreements will protect your business and client information.
Healthcare Insurance Agreements
As the healthcare industry is highly complex, it is essential to have insurance for your health business. For example, types of insurance include:
- healthcare staff protection;
- healthcare premises pollution liability; and
- professional indemnity.
We recommend you speak to an insurance provider on the appropriate insurance policy for your health business.

As an employer, understand your essential employment obligations with this free LegalVision factsheet.
Key Takeaways
Health businesses face complex risks, but implementing the correct contracts and safeguards can help minimise these risks. The law compels your business to comply with some contracts. However, other contracts can be created at your discretion and may help protect your business.
If you have further questions or need help drafting one of the above contracts for your health business, our experienced NDIS lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
Essential contracts for healthcare businesses include privacy policies, client agreements, facilities and service agreements and healthcare insurance agreements.
As a healthcare business, you will collect health information that is considered sensitive information under the Privacy Act. As such, you are legally required to comply with the Australian Privacy Principles (APPs) set out in the Act.
We appreciate your feedback – your submission has been successfully received.