Why tenant doctors should have their own privacy policy

You Legal


You Legal logo
You Legal has always been focused on making the provision of legal services about YOU! You Legal humanises the experience of engaging lawyers and gives you the confidence to lead, the courage to act, and freedom to make your impact in the world. We provide our services Australia-wide. Our team are experts in commercial law, it is our main focus with protecting the purpose of our clients being front and centre of why we do what we do, as a health law firm.
Tenant doctors, as independent business owners, must ensure that they maintain policies that protect patient privacy.
Australia Privacy
To print this article, all you need is to be registered or login on Mondaq.com.

Doctors have been confidently referred to and characterised as independent contractor doctors for years. However, following recent case law, there has been a shift. The Thomas v Naaz case, in particular, shone a light on how a medical practice can be exposed to such a hefty retrospective payroll tax bill, as payments made to independent contractors can be considered payments made under a 'relevant contract' (under payroll tax legislation) and hence subject to payroll tax. Subsequently, we have seen an increase in medical practices reviewing and investing in new Agreements, including those which characterise the relationship as that of a landlord and tenant, i.e. like a serviced office arrangement, as there are usually some services that a clinic will provide to the doctor. Therefore, it is a prudent time for tenant doctors to consider what other legal documents they may need in place, including a Privacy Policy.

Patient Privacy

In recent years, there has been increasing scrutiny on the privacy of personal information held by businesses, including medical practices. This issue is particularly important in the medical and health professions, where patient privacy is of the utmost importance. While medical practices are required to have privacy policies under the Australian Privacy Principles (APPs), there is also a growing need for tenant doctors to have their own privacy policies. This article will explore the reasons why tenant doctors in Australia should have their own privacy policies.

APP Entity

First and foremost, tenant doctors in Australia are considered independent of the medical practice. They are not employees of the medical practice. This means that they are responsible for their own privacy obligations and must ensure that they are complying with the APPs. As an independent business that collects sensitive patient information, the Australian Privacy Act considers tenant doctors to be an "APP Entity".

All APP Entities are required to have a Privacy Policy in place. This will also allow tenant doctors to clearly outline their privacy commitment and provide transparency to their patients on how their personal information is collected, used and disclosed.

Flexibility & Consistency

Secondly, tenant doctors often work across multiple medical practices and may have access to different systems and databases that contain patient information. This can make it difficult to ensure consistency in privacy practices across different practices. Having their own privacy policy ensures that the tenant doctor can be consistent and in control of their privacy practices across all practices they work at.


Thirdly, tenant doctors may also have their own staff or contractors working for them(maybe a bookkeeper or virtual assistant). These individuals may have access to patient information, and therefore, it is important for the tenant doctor to have their own privacy policy that extends to their staff and contractors. This ensures that everyone involved in the provision of healthcare services is aware of their privacy obligations and is complying with the APPs.

The Ordinary Course of Business

Tenant doctors, by the nature of their business operation, are involved in the collection, use and disclosure of sensitive health information. This information must be treated with the utmost care and attention to ensure that patient privacy is protected. A tenant doctor having their own privacy policy allows them to clearly outline how they will protect patient privacy and ensure that patient information is only used for the purposes for which it was collected.


Having their own privacy policy also provides protection for the tenant doctor in the event of a privacy breach. If a privacy breach occurs and patient information is compromised, having a privacy policy in place demonstrates that the tenant doctor took reasonable steps to protect patient privacy and can assist in mitigating any potential liability. The tenant doctor will then be in control of the response and can work through the Office of the Information Commissioner's site with respect to the mandatory notification.

Commitment to Privacy

Finally, having their own privacy policy demonstrates to patients that the tenant doctor takes their privacy obligations seriously and is committed to protecting their personal information. This can help to build trust and confidence in the tenant doctor and their practice.

Practitioner Websites

Some medical practices are asking tenant doctors to create their own independent websites. Whilst this does create a level of independence that may protect the medical practice, it may expose the tenant doctor to more risk if this website is not equipped to adequately protect the tenant doctor. It's important for tenant doctors who are setting up their own websites to consider website terms and conditions, together with a Privacy Policy. Website Terms and Conditions are essentially a legal contract between the tenant doctor and their patients and anyone else using the website. They provide a governance framework outlining what must be complied with in order to access and utilise the website, and they are essential in providing you with protection from any claims by website users.

Leverage an Expert

In summary, tenant doctors in Australia should have their own privacy policies for a range of reasons, including:

  • To ensure compliance with the APPs;
  • Consistency in privacy practices across different practices
  • Extension of privacy obligations to staff and contractors;
  • Protection of sensitive health information;
  • Protection in the event of a privacy breach; and
  • To build trust and confidence with patients.

It is important for tenant doctors, as independent business owners, to understand their privacy obligations and take steps to ensure that they are meeting these obligations to protect patient privacy.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More