Deafening silence, organised chaos, old news – we all love a good oxymoron. Unfortunately, ‘data security’ feels like an oxymoron these days too, especially after the high-profile Medibank and Optus hacks of 2022. 

Yet, data security is a vital part of healthcare marketing. Your website and other activities inevitably collect data and you are obliged to handle it carefully. Here’s what you need to do. 


1. Have a privacy policy on your website

In Australia, anyone providing services relating to health (including fitness and wellness services) must comply with privacy law. That’s true whether you’re running a microbusiness or a global enterprise.

Australia’s privacy law seeks to protect personal information. That’s information that can identify a person, either on its own or when combined with other information. It includes things like photos, addresses, phone numbers and other personal details.  

You should have a privacy policy on your website, explaining what information you collect and what steps you take to protect people’s data against theft, misuse and other risks. 

While it’s tempting to download a template from the internet (or get CHATGPT to write one for you), we’d urge you to consult a lawyer. Your privacy policy needs to be tailored to your needs and accurate for your jurisdiction. 

Of course, once you have a privacy policy, you need to follow it! Review your internal processes and make any necessary changes. 


2. Have a cookie policy too!

Cookies track users’ behaviour across websites. Cookies may help: 

  • The user – it’s handy when a system remembers your logins, fills in forms for you or remembers which products you were browsing most recently
  • The website – some cookies and scripts are essential for a website to function so that pages load and navigation works
  • Google Analytics – this helps improve website performance by counting visits, assessing which pages are most popular and watching how visitors move around the site
  • Marketing efforts – businesses may use Facebook, LinkedIn and Google’s cookies to track how well their marketing is working. 

We strongly recommend you have a cookie policy on your website (here’s an example) and ask users to agree to the use of cookies. 


3. Use a security certificate

An SSL certificate (secure sockets layer) is a digital certificate that authenticates your website and enables an encrypted connection. 

All websites need this. 

It’s especially important if you’re using online forms to collect data – that could be everything from people signing up to a newsletter to doctors referring patients to you. 

Besides, if you don’t have an SSL certificate, Google tends to warn people away from your site, which is very bad for business!


4. Password security

As our digital coordinator, Jacob Zammit explains, “Brute force hackers just use trial and error to crack passwords. Protecting yourself is all about the maths, really. They can crack a short and simple password quite easily but it’s exponentially harder to crack a long, complicated one.”

Unfortunately, it’s exponentially harder to remember a long, complicated password too! That’s why so many of us use the same password for everything – probably the dog’s name with a few symbols thrown in! 

This is terribly unsafe behaviour. It’s the digital equivalent of walking through a rough neighbourhood at night waving around a stash of new iPhones. 

We strongly recommend using a different password for every one of your logins. You’ll never remember them all (and writing them down isn’t secure) so use a password manager. It’s well worth the subscription fee and can significantly reduce your risk of getting hacked.  

If you’ve got 4 minutes to spare and fancy a giggle, 

watch comedian Michael Macintyre try to remember his password



5. Protect financial information 

E-commerce requires a high level of protection. The simplest way to meet your obligations here is to run your payments through PayPal or Stripe – these companies already have appropriate protection in place, saving you the trouble of setting it up for yourself. 


How can we help? 

If you’re concerned about data security in healthcare marketing, please get in touch. We’d be happy to help strengthen your protection so you can put your mind at ease. 

Book your free consultation today.