Privacy policy template


The RACGP has developed a privacy policy template for general practices to use as a way of meeting their compliance requirements with the Australian Privacy Principles (APPs). All general practices need a privacy policy that explains, in simple language, how the practice handles its patients’ personal information

This template was developed with assistance from the Office of the Australian Information Commissioner (OAIC). The OAIC does not endorse this or any specific privacy policy template. The advice in this template is general in nature and current at the time of publication.

This template captures all items required by the OAIC including: 

  • practice name and contact details 
  • details of what kinds of personal information is collected and stored 
  • how practices collect personal information and where it is stored 
  • the reasons why personal information is collected
  • how practices use and disclose personal information 
  • how patients can access their personal information, or ask for a correction 
  • how patients can lodge a complaint if they think their information has been   mishandled, and how practices handle complaints 
  • if practices are likely to disclose patient information outside Australia.

Practices should use this template as a guide only and must adapt its content to suit individual practice procedures. 

Download the template

The privacy policy template is designed to communicate to patients how the practice manages personal information and to complement other practice policies such as complaint resolution and breach notification procedures.

The sections in red text need to be revised and adapted to the specific procedures of each individual general practice.

The template contains highlighted sections with instructions, tips and additional information. Remove these highlighted sections as you progress.

Instructions

Instructions are indicated with a tick and highlighted in blue.

Tips

This template provides tips on what processes and procedures practices may need to change or be updated so they align with the information in the privacy policy.

Tips are indicated by a light globe and highlighted in yellow.

Additional Information

Additional information assists practices in determining the content of the overall policy and includes links to other RACGP resources and explanatory information.

Additional information is indicated by an exclamation mark and highlighted in red.

The finished policy should be relevant to how the practice handles information.

Once the privacy policy is complete its existence should be communicated to patients and it should be freely available. For example, display it at the practice reception and on the practice website and refer to it in practice registration forms and other forms or notices.

This policy should be reviewed regularly (annually is recommended) to ensure it remains applicable to current practice procedures and legal requirements. The policy should be updated if the way a practice handles patient information changes or if there are any relevant legislative changes.

Consider the audience as the privacy policy should not be treated as a legal document aimed at managing risk but as a tool to build trust with patients.

Customise the policy and make sure it is specific to the practice. Avoid just repeating content from the Australian Privacy Principles. 

Prioritise relevance by focusing on the most important aspects. Avoid covering every detail exhaustively. 

Keep it simple by using straightforward language. 

Adopt a layered approach, for example, for online publication provide a condensed summary of key points in the privacy policy with a link to the full version. 

For more information on privacy visit www.oaic.gov.au More information on privacy or for general practitioners (GPs) can be found on the OAIC website here.

Legal Compliance: General practices must comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs), which set out standards for handling personal information. 

Confidentiality: A privacy policy helps maintain the confidentiality of patients' health information, which is essential for patient trust and the integrity of the healthcare system. 

Patient Trust: Clear communication about how personal information is collected, used, and protected enhances patient trust and confidence in the practice. 

Risk Management: A privacy policy helps manage and mitigate risks associated with data breaches and unauthorized access to sensitive information. 

Transparency: It ensures transparency in the practice's operations, outlining patients' rights and the practice's obligations regarding personal data. 

Professional Standards: Adhering to privacy standards aligns with professional codes of conduct and ethical guidelines for healthcare providers. 

 

 


RACGP Privacy policy template

Advertising

Advertising