We have asked Ellie Bakker from Splice Marketing to help our clients out with everything they need to know about privacy policies.
You probably have robust, compliant and patient-focused privacy and confidentiality procedures in place in your practice for treating and communicating with patients and their families.
Splice Marketing has partnered with a legal agency, Onyx Legal to ensure we maintain compliance when working with anyone in the healthcare sector. As our business partners Onyx Legal explain on their blog,
“..all health services (including allied health practitioners) are bound to comply with Australian privacy laws irrespective of business size. There are also international considerations applicable if you collect personal information from patients or suppliers in other countries or jurisdictions.”
Even if you “only” have to worry about Australian privacy laws, the penalties can be steep if you get it wrong.
Probably not, and if it does, you still need to make sure that it is properly published and referenced online for your website to be considered compliant.
Australian Privacy Principle 11 focuses on the security of personal information and requires you to take those reasonable steps to secure that information. That means telehealth providers must take reasonable steps to secure personal information in an online context.
Often we find healthcare professionals don’t display any terms and conditions on their website.
Your website terms and conditions should cover the types of activities your website offers visitors. They provide a governance framework and offer protection from any potential claims by website users. Your practice’s website terms and conditions should include:
- Information around the use of the website
- Description of the practice and how the practice website works
- Disclaimers relating to limitations of liability
- Confidentiality and details of ownership of intellectual property on the website
- Membership terms and conditions – important if you have a login portal for patients or other health professionals where they can access information or share information with one another.
- Sales and checkout information if you’re selling products through your website.
- Terms around telehealth bookings through the website.
While website terms and conditions aren’t mandatory, many legal professionals (and healthcare marketing agencies like Splice) will recommend them.
In addition, many third party apps like HotDoc and HealthEngine also require you to have appropriately published privacy policies as part of their contracts with you.
As doctors like to say prevention is better than cure. While you may get away with running ads or using your booking app before a problem is identified, once your website is found to be non-compliant, it often takes weeks not days to resolve issues. That’s a long time to be missing out on patient enquiries or appointment bookings.
Think about all the times your patients tell you they googled their symptoms. You’d know better than we do how the internet can sometimes get it very wrong when it comes to medical conditions, treatments and prognosis.
The same principle applies to googling things like legal advice and compliance. You’d have to make sure that the information was applicable to Australia (including your state or territory in some cases), up to date and accurate.
It’s a pretty big gamble to take.
Ellie Bakker, co-founder and CEO of Splice Marketing, specialist healthcare marketing agency and Telehealth Mastery, the most sophisticated and accredited telehealth course for Australian GPs.
Disclaimer: Please be aware that this blog is for general guidance only.