Australian health service providers’ Privacy Policy NO LONGER AN OPTION!

Commencing 12 March 2014, significant privacy law reform changes were made to the Privacy Act 1988; demanding privacy standards comply with Australian Privacy Principles (APPs). These changes affect all health service providers handling personal information in any form (e.g. paper, electronic, visual such as x-rays, and audio records).

Health service providers are strongly advised to renew their workplace privacy policies to ensure they are not at risk of being penalised for breaching the new laws.

Background to privacy laws

There is no specific privacy legislation for the private sector; however the Privacy Act 1988 applies to all individual and institutional organisations and entities in the private and public sectors, in all States and Territories of Australia. As a result of the recent law reform, the most significant change to this Act is the inclusion of Australian Privacy Principles (APPs), as they directly apply to all health professionals.

Up until March 2014, health service providers were only required to assure each patient of their right to privacy; there was no legal requirement that they be provided with a Privacy Policy document. So long as patients were made aware that all staff were committed to maintaining confidentiality of their personal health and records, nothing further was necessary.

How can Practices comply with these new obligations?

  • All health providers are required to have a clearly expressed and up-to-date Privacy Policy that outlines how they manage personal information.
  • The Policy must outline the kinds of personal information the provider collects and holds, how they collect and hold such personal information, and how an individual may access and correct their individual personal records. In addition, the Australian Privacy Principles also require the provider to take reasonable steps to notify patients of other matters such as the provider’s contact details. (ClinLegal’s Privacy Policy incorporates these matters).
  • The provider must make their Privacy Policy available free of charge and ‘in such form as is appropriate.’ For example, it may be readily accessible by displaying it as a sign in a location visible to patients, it may be posted on the provider’s website and/or a hard copy of the Policy may be given directly to patients.

For further information or advice, contact us at [email protected] or visit and refer to Privacy Policy.

Leave a Comment

Your email address will not be published. Required fields are marked *