The last thing busy doctors or practice managers want to think about is whether or not their Privacy Policy complies with the Australian Privacy Principles (APPs), or whether or not their website has adequate Terms and Conditions.

When you are dealing with critical medical emergencies or the challenges of running the administrative side of a busy practice, these documents can seem trivial, but they are essential when it comes to protecting your practice.

You know the importance of privacy when it comes to a patient's health information, but protecting their details online and as they engage on your website is also vital too. Whether you have a general practice or a specialist clinic, privacy policies for medical practices in Australia are a must.


People have certainly become more aware of Privacy in recent times. There are Privacy laws that regulate the handling of personal information collected by your General or Medical Practice. If an organisation collects any sensitive personal information, such as health information, a Privacy Policy is legally required.

A Privacy Policy is essentially a statement that declares your Practice's Policy on collecting, storing and releasing information, within the Practice and online.

A website Privacy Policy usually outlines the specific information that is collected by the Medical Practice. It states whether the information collected is kept confidential, or shared or sold to researchers or other third-party organisations. As website owners have little control over who is accessing their website, a Privacy Policy is an important tool to create and maintain trust between a user and a Practice.

General and Medical Practices have close relationships with their patients and in the course of providing medical services, sensitive health information is shared by patients, which makes a Privacy Policy mandatory.

The Australian Privacy Act, together with the Privacy Principles (APP) guidelines together with the Privacy Act, which outline what should be set out in your practice's Privacy Policy.

Many Medical Practitioners have a tendency to focus on the immediate medical needs of their patients, and quite rightly so. A Privacy Policy, however, is a mandatory and essential tool to ensure that your Practice also works to protect patient privacy.


Whilst a Privacy Policy is mandatory for general and medical practices, website Terms and Conditions are not. This may seem like a great opportunity to bury your head in the sand and say, 'Well let's not bother with them then!', but this could not be further from the truth.

If your Practice has a website, then Terms and Conditions are highly recommended.

Terms and Conditions are essentially a legal contract between yourself and your patients, and anyone else using your website. They provide a governance framework outlining what must be complied with in order to access and utilise the website, and they are essential in providing you with protection from any potential claims by website users. Terms and Conditions also provide a platform to address commonly asked questions and to clarify specific items that may, or may not be, clear through the practice's other methods of advertising.


Medical Practices can have three distinct areas that Terms and Conditions need to cover, depending on how the Practice's website operates

  1. Use of the website, together with terms and conditions that affect the services that the practice provides
  2. Membership terms and conditions (if applicable), and
  3. The sale of items and products through the website

Naturally, these three areas are different, and all three may not apply to your Practice. No two Practices are the same, which is why Terms and Conditions specifically tailored to your practice are essential.

Generally speaking, some of the standard provisions of website Terms and Conditions include:

  • Descriptions of the functionality of the Practice's website.
  • An outline of services and products that are offered.
  • Terms relating to payment.
  • Disclaimers relating to limitations of liability.
  • Restrictions relating to user conduct, such as age.
  • Dispute resolutions processes, and
  • Confidentiality and details of ownership of intellectual property.

These provisions certainly indicate the overall objective of website Terms and Conditions, which is that they are a preventative measure against any potential claims that may be made by a user/patient as a result of the site. So, while this protection measure is not mandatory, like a Privacy Policy, medical practices in Australia with a website should consider having Terms and Conditions as a form of insurance - a great way to avoid a dispute.

You also may find that you have entered into contractual relationships that require you to have Website Terms and Conditions. If, for example, your Practice is running Facebook ads, or if you are a HotDoc client, you definitely need to have the T's crossed and the I's dotted.


As a Medical Practice, an APP compliant Privacy Policy is legally required under National legislation. If you do not currently have this in place, it requires your immediate attention.

Terms and Conditions in some cases might be considered a 'nice to have' but if your Practice has third party relationships (or is planning to have them soon), offers products for sale directly through the site, or takes booking and pre-payments online, then your Website Terms and Conditions are equally as important.