Articles and Case Studies

Does Your Privacy Policy Measure Up?

10 Jan 2015

Karen Stephens

by Karen Stephens

Woman completing paperwork

Privacy law1 requires medical practices to have a privacy policy – now some practices are being put to the test. 
Dear Doctor 
This letter is to advise you of the Office of the Australian Information Commissioner’s (OAIC) intention to undertake an assessment of [your practice’s] privacy policy… 
And so started a letter to 40 GP practices, randomly selected in May – June 2015 by the OAIC. The assessments intended to examine whether the GP practices had privacy policies which:
  • are clearly expressed
  • are up to date
  • cover the required topics
  • reflect the use of Personally Controlled Electronic Health Records (PCEHR), where relevant.

Clear expression

An OAIC guide to preparing a privacy policy2 includes the following tips:
  • Think about your audience and word it accordingly.
  • Keep it simple and easy to read.
  • Use the terms “you” and “us/we”, rather than “patient” and “the practice”.
  • Don’t just repeat the words in the Australian Privacy Principles (APPs) – make it specific to your practice.
  • Arrange information in a way that makes sense for your patients.
  • Be as specific as possible.
  • Provide more detail about areas of information handling that patients are most concerned about, are unaware of, won’t reasonably expect or may not understand easily.
  • Seek input from your staff.
  • Contact your medical indemnity insurer.
  • Test it out on readers – it should be able to be easily read and understood by a 14-year-old.

Up to date

Changes to Australian privacy law came into effect on 14 March 2014, with the APPs replacing the National Privacy Principles. Your policy must reflect the current law.
A summary of the APPs is available in the OAIC’s Privacy Fact Sheet 17.3
Your policy must outline how your practice currently deals with personal information – if procedures change, your policy should also change accordingly. Regularly review and update your policy. Include the date and version number on the document.

Required topics

As specified in APP1 a practice privacy policy must cover:
  • the kinds of information collected or held
  • how it is collected
  • for what purposes it is collected, held or used
  • disclosure to any other persons or agencies – identity of agencies, what is disclosed, for what purpose(s)
  • the process for an individual to access the information
  • where access is withheld, why and how the individual is notified
  • the consent process for collection of information
  • situations where consent is not required, e.g. an emergency
  • the process for individuals to complain about a breach of privacy
  • whether information is disclosed to overseas recipients and to what countries.

Use of Personally Controlled Electronic Health Records (PCEHR)

If your practice uses PCEHR, your privacy policy should include:
  • what information you add to and access from patients’ eHealth record and what you do with the information
  • procedures to ensure compliance with the Personally Controlled Electronic Health Records Act 2012
  • how an eHealth record may be used in an emergency situation.


  1. The Privacy Act 1988 (Cth).
  2. Office of the Australian Information Commissioner. Guide to Developing an APP Privacy Policy. Canberra: OIC, 2014.
  3. Privacy Fact Sheet 17: Australian Privacy Principles. 2014. Available at: resources/privacy-fact-sheets/other/privacy-fact- sheet-17-australian-privacy-principles.
Confidentiality and Privacy, Practice Management, Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Practice Manager Or Owner, Psychiatry, Radiology, Sports Medicine, Surgery, Physician, Geriatric Medicine, Cardiology, Plastic And Reconstructive Surgery, Radiation Oncology, Paediatrics, Independent Medical Assessor - IME


Doctors Let's Talk: Get Yourself A Fricking GP

Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.


25 Oct 2022

Systematic efforts to reduce harms due to prescribed opioids – webinar recording

Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

Diplomacy in a hierarchy: tips for approaching a difficult conversation

Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.