You probably have robust, compliant, and patient-focused privacy and confidentiality procedures in place in your practice for treating and communicating with patients and their families.

But what do you have in place for people visiting your website? Did you know that you need a website privacy policy too?

Many first-time clients are unaware that their website needs a privacy policy. This is often one of the first things we remedy because to protect you from legal action that could threaten your business. We also know that the lack of a website privacy policy can seriously undermine your marketing efforts because search engines and social media platforms penalise you for it.

Why do I need a website privacy policy?

Your website collects private information from each visitor. Sometimes that’s obvious – the person has filled in an online form, created an account or booked an appointment online. Other times, it happens behind the scenes if your website uses cookies or collects the IP addresses of visitors. Whether you know it or not, your website is always collecting data.

As a healthcare provider collecting personal (and potentially sensitive) information from patients, you’re required to have a website privacy policy by Australian privacy laws, Google and Facebook to name just a few.

We have partnered with a legal agency, Onyx Legal to ensure we maintain compliance when working with anyone in the healthcare sector. As our business partners Onyx Legal explain on their blog,

“..all health services (including allied health practitioners) are bound to comply with Australian privacy laws irrespective of business size. There are also international considerations applicable if you collect personal information from patients or suppliers in other countries or jurisdictions.”

Even if you “only” have to worry about Australian privacy laws, the penalties can be steep if you get it wrong.

Having a website privacy policy and terms and conditions tailored to your practice is the best way to ensure that you’re complying with the Privacy Act 1988.

So, whether you’re designing a new website, redesigning an existing one or trying to drive more traffic to your website through digital advertising, a privacy policy on your website is a necessary tool.

Does my practice privacy policy cover our website?

Probably not, and if it does, you still need to make sure that it is properly published and referenced online for your website to be considered compliant.

What does a website privacy policy include?

Your website privacy policy is effectively a statement which explains how you collect, store, use and (where applicable) share information from your website.

This includes things like website cookies, tracking pixels, where your website is hosted and the collection of data through forms. As you can see, these are all topics that are unlikely to be covered by any existing privacy policy you have for your practice.

Offering telehealth? You need to ensure this is covered in your website privacy policy.

If you started offering telehealth in 2020, then you need to ensure your website privacy policy addresses it.

Australian Privacy Principle 11 focuses on the security of personal information and requires you to take those reasonable steps to secure that information. That means telehealth providers must take reasonable steps to secure personal information in an online context.

Your website privacy policy should address what information you will collect for telehealth appointments, how you gather it, and how you protect it.

In addition to a website privacy policy, do you have T&Cs on your website?

Often we find healthcare professionals don’t display any terms and conditions on their website.

Your website terms and conditions should cover the types of activities your website offers visitors. They provide a governance framework and offer protection from any potential claims by website users. Your practice’s website terms and conditions should include:

  1. Information around the use of the website
  2. Description of the practice and how the practice website works
  3. Disclaimers relating to limitations of liability
  4. Confidentiality and details of ownership of intellectual property on the website
  5. Membership terms and conditions – important if you have a login portal for patients or other health professionals where they can access information or share information with one another.
  6. Sales and checkout information if you’re selling products through your website.
  7. Terms around telehealth bookings through the website.

While website terms and conditions aren’t mandatory, many legal professionals (and healthcare marketing agencies like Splice) will recommend them.

How much of a priority is it to fix my website privacy policy?

We understand you have many other pressing concerns, but even if you manage to escape scrutiny from the Office of the Australian Information Commissioner (OAIC), big online players like Google and Facebook consider your privacy policy and/or website terms and conditions to be mandatory for use of their advertising platforms.

In addition, many third party apps like HotDoc and HealthEngine also require you to have appropriately published privacy policies as part of their contracts with you.

As doctors like to say prevention is better than cure. While you may get away with running ads or using your booking app before a problem is identified, once your website is found to be non-compliant, it often takes weeks not days to resolve issues. That’s a long time to be missing out on patient enquiries or appointment bookings.

So, if you care about your bookings and your bottom line, then you should prioritise fixing your website to include a privacy policy (and terms and conditions).

Can I just google a privacy policy template to use?

Think about all the times your patients tell you they googled their symptoms. You’d know better than we do how the internet can sometimes get it very wrong when it comes to medical conditions, treatments and prognosis.

The same principle applies to googling things like legal advice and compliance. You’d have to make sure that the information was applicable to Australia (including your state or territory in some cases), up to date and accurate.

Even if you’re certain you’ve found a compliant privacy policy online, you also have to make sure you have permission to use it. Copying someone else’s and just adding your practice details in there can leave you open to copyright infringements.

It’s a pretty big gamble to take.

Where can I get help with my website privacy policy?

The first step is to contact your medico-legal provider. They will be able to draft a privacy policy for your practice.

Alternatively, Splice and Onyx Legal have created a website privacy policy specifically for health professionals which sells for only $280 + GST. Call or email us to get your copy of the privacy policy.

Tailored to your practice, your website privacy policy will not only ensure legal compliance but also incorporate best practices for digital marketing to ensure you’re set up for success from your paid digital advertising campaigns.

Get in touch if you’d like to get started on your privacy policy.


Disclaimer: Please be aware that this blog is for general guidance only.