privacyHeader privacyHero

3.2.1 About Privacy

Privacy relates to the management and protection of an individual’s personal information. This can be information or an opinion about an identified or reasonably identified individual. The Privacy Act is the existing Commonwealth legislation that regulates the handling of personal information by Australian government agencies and businesses. Included within the Privacy Act are 13 Australian Privacy Principles that regulate the standards, rights and obligations for the handling, holding, accessing and correction of personal information.

It is integral for businesses to comply with the mandatory requirements of the Australian Privacy Principles, and as businesses increasingly move online, there is even greater importance on protecting an individual’s privacy in an electronic environment.

The Office of the Australian Information Commissioner (OAIC) is the federal Australian Government body responsible for privacy in Australia. The OAIC deals with complaints about the handling of an individual’s personal information and has powers to resolve investigations and promote privacy compliance.

Australian Privacy Principles:
The Office of the Australian information Commissioner is responsible for:

Conducting investigations

Reviewing decisions made under the Freedom of Information Act

Handling complaints

Monitoring agency administration

Providing advice to the public, government agencies and businesses.

  1. Open and transparent management of personal information
  2. Anonymity and pseudonimity
  3. Collection of solicited personal information
  4. Dealing with unsolicited personal information
  5. Notification of the collection of personal information
  6. Use or disclosure of personal information
  7. Direct marketing
  8. Cross-border disclosure of personal information
  9. Adoption, use or disclosure of government related identifiers
  10. Quality of personal information
  11. Security of personal information
  12. Access to personal infromation
  13. Correction of personal information

3.2.2 Privacy in General Practice

General practices play a fundamental role in ensuring the privacy of a patient’s personal information. General practices must comply with privacy legislation to ensure patient information remains private

Ensuring your practice is compliant with privacy legislation and has the required policies and procedures in place safeguards your own practice against potential data breaches and fines.

3.2.3 Improving patient safety through applying effective Privacy policies and procedures


Ensure your practice is compliant with the requirements of the privacy laws, and that staff members are aware of the procedures when handling patient information.


Legally, you must have a privacy policy accessible to your patients on your practice website or in printed form. You should also develop an internal privacy policy for your staff. Ensuring staff are aware of privacy policies and procedures will improve the overall safety of your patient’s information, and the practice information.


General practices need to have their privacy policy openly available for patients to view. The RACGP has a developed a privacy policy template for you to adapt to your individual practice. Download it here.

3.2.4 Privacy: A guide for General Practice


3.2.6 Are you across Privacy in your practice? Things to consider:

  1. Does your practice have an up-to-date, accessible and freely available privacy policy? This should include defined processes for handling enquiries and complaints.
  2. Do you have processes in place to detect, manage and report data breaches?
  3. Has your practice undertaken the RACGP Compliance Indicators for the Australian Privacy Principles check? This provides demonstrated evidence of compliance with the Australian Privacy Principles.
  4. Do you have a procedure for requesting and recording consent?
  5. Do staff understand the requirements surrounding this? This may include consent for primary data collection, although implied and expressed consent may be used, and consent for secondary disclosure and use.
  6. Do you have defined processes for information collection, to know when, what and how your practice collects information? Do you have a process or system in place to handle anonymity or pseudonymity? This may include manual procedures or the ability of your information and computer systems to handle the task.
  7. Do you have procedures for handling patient requests for access to, and correction of, their information? This should include how to assess requests, refusal procedures and access charges.
  8. What procedures are in place to de-identify patient information, and record occurrences of patient information use for quality improvement and continuing professional development?

3.2.7 Extra Resources

RACGP Compliance Indicators for the Australian Privacy Principles (APP)

Designed to help your general practice meet its legal obligations of the APP, by providing a brief explanation of each APP requirement and what steps are needed to ensure compliance.

View PDF

OAIC website

The OAIC has a range of resources around the changes to the privacy principles. Find out about changes to the law here:

Visit webpage

Find out what sort of information is covered by privacy here:

Visit webpage

The Australian Privacy Principles:

Visit webpage

AHPRA Guidelines for advertising regulated health services

As stated in the guidelines, these Guidelines were jointly developed by the National Boards responsible for regulating registered health practitioners in Australia. They:

  • explain and provide guidance on the obligations of advertisers under the National Law
  • describe advertising that is prohibited
  • comment on the use of factual information in advertising
  • explain that advertisers of regulated health services (whether registered health practitioners or not) have responsibilities under other legislation administered by other regulators, and
  • explain the consequences of a breach of the advertising provisions of the National Law.

Visit webpage


Recommended next topics

topicBtn topicBtn

The Royal Australian College of General Practitioners

General enquiries

Opening hours 8:00 am-8:00 pm AEDT

1800 4RACGP

1800 472 247 | +61 (3) 8699 0300 (international)

Follow us on

Follow RACGP on Twitter Follow RACGP on Facebook Follow RACGP on LinkedIn

Healthy Profession. Healthy Australia Logo

The Royal Australian College of General Practitioners (RACGP) ABN 34 000 223 807
RACGP House, 100 Wellington Parade, East Melbourne, Victoria 3002 Australia

Terms and conditions | Privacy statement