NACCHO Health News Alert : Improving privacy in Australia’s general practices a joint effort


“Privacy is fundamental to the trusted relationship between a doctor and a patient and practices go to great lengths to protect this. The assessment report shows that some may need more guidance on how to develop transparent and robust privacy policies. The AMA is actively helping them with this.”

Chair of the AMA Council of General Practice, Dr Brian Morton

Acting Australian Information Commissioner, Timothy Pilgrim, has today welcomed a series of actions by Australia’s peak medical groups to improve privacy practices at Australia’s GP clinics.

“A recent assessment of GP practices by the Office of the Australian Information Commissioner (OAIC) suggests that many practices could use more practical support to improve or establish privacy policies,” said the Commissioner.

“The OAIC appreciates that many GP practices are small to medium sized businesses and so practical, industry-relevant support is an effective way to improve privacy outcomes for practices and patients.”

“So I welcome the fact that the Australian Medical Association (AMA), the Royal Australian College of General Practitioners (RACGP), the Australian College of Rural and Remote Medicine (ACRRM) and the Australian Association of Practice Management (AAPM) have come together with the OAIC to provide practical support to their members to deliver open and transparent privacy policies within their practices.”

The OAIC regulates Australia’s Privacy Act1988 and last year conducted an assessment of the privacy policies of 40 GP practices from across Australia. When the assessments revealed room for improvement, medical peak bodies were approached to help deliver training and practical solutions to assist GP practices.

Chair of the AMA Council of General Practice, Dr Brian Morton, said that “privacy is fundamental to the trusted relationship between a doctor and a patient and practices go to great lengths to protect this. The assessment report shows that some may need more guidance on how to develop transparent and robust privacy policies. The AMA is actively helping them with this.”

The Royal Australian College of General Practitioners President, Dr Frank R Jones, said the report was a timely reminder for general practices to review their privacy policies. “The RACGP provides useful resources to general practices to make adherence to the rules straightforward and our goal is to improve the practical help and support we already provide.”

Danny Haydon, President of AAPM, confirmed that Practice Managers have a key role in ensuring their practice has an easily accessible privacy policy in place and that AAPM assists practice managers to implement this through a range of resources.

ACRRM President Professor Lucie Walters said, “rural and remote doctors are keenly aware of the importance of privacy issues, especially given the circumstances of rural medical practice. ACRRM will be doing as much as possible to support its members to ensure that both the documentation and implementation of practice privacy policies are consistent with the requirements of the Privacy Act”.

Commissioner Pilgrim emphasised that a collaborative approach to create strong privacy governance in Australian businesses was always the OAIC’s preferred approach.

“The OAIC works constructively with businesses and the wider community to build an integrated approach to privacy compliance,” said the Commissioner.

“Thanks to the efforts of these peak bodies and the OAIC’s team, that preferred approach will lead to improved privacy management for Australian GPs and their patients.”

About the report

The report focused on assessing the privacy policies of 40 General Practice Clinics against Australian Privacy Principle (APP) 1 under the Privacy Act 1988. APP1 has a focus on open and transparent management of personal information.

The purpose of the assessment was to assist GP clinics to improve or enhance their existing privacy policy, taking into account the requirements under the Privacy Act 1988 (Privacy Act).The assessment aimed to enhance the GP clinics’ understanding of privacy and their obligations under the Privacy Act.

It examined the content, layout and availability of the privacy policy but did not consider how the information handling procedures set out in the privacy policy were implemented in practice. This report does not make conclusions about broader privacy practices of GP clinics beyond the scope described above.

The General Practice Clinics APP 1 Privacy Policy assessment report was conducted under Section 33C of the Privacy Act 1988.

To access the report, please visit

About the OAIC

The Office of the Australian Information Commissioner (OAIC) has a range of regulatory responsibilities and powers under the Privacy Act 1988 and other legislation including the Freedom of Information Act 1982.

The OAIC is headed by the Acting Australian Information Commissioner. The Information Commissioner is supported by the Assistant Commissioner, Regulation & Strategy and the Assistant Commissioner, Dispute Resolution, and OAIC staff.

For further information about the OAIC, please visit or follow @OAICgov.


The AMA acknowledges the release of the privacy assessment report undertaken by the Office of the Australian Information Commissioner (OAIC), which examined the privacy policies of 40 general practices across Australia.

Chair of the AMA Council of General Practice (AMACGP), Dr Brian Morton, who runs a busy suburban general practice in Sydney, said today that patient privacy is a priority for every GP and every general practice.

Dr Morton said that the OAIC report showed that some general practices needed to do more to ensure that they had a privacy policy that was fully compliant with the Australian Privacy Principles (APP). The report does not suggest that patient privacy had been in any way compromised by any of the practices.

“Privacy law is a very complex area and this report, which looked at a small sample of practices, is an important reminder that general practices should review and update their privacy policies on a regular basis,” Dr Morton said.

The OAIC report provides some useful guidance for GPs, highlighting how practices could improve their privacy policies, including:

  •  how easily policies could be read and comprehended;
  •  the provision of appropriate contact information, and provisions in the event an individual wanted to access or correct information held about them, or make a complaint;
  •  identifying the kinds of personal information collected and held, as well as why and how it is collected and held;
  •  describing the reasonable steps the practice took to protect patient information, and how a privacy complaint is dealt with; and
  •  how health information (including Individual Health Identifiers and prescribed medicines) is collected, used, or disclosed through the MyHealth Record system and the Electronic Transfer of Prescriptions (eTP) service.

Dr Morton said that patient privacy is fundamental to the trust relationship between doctors and patients, and practices go to great lengths to ensure the privacy of their patients’ records.

“General practices are serious about protecting patient privacy, but the report sends a clear signal that we can do better, including with getting all the paperwork right,” Dr Morton said.

“The AMA has already acted upon the concerns of the OAIC, updating our own Privacy and Health Record Resource Handbook to include an updated privacy policy template to guide practices when writing or updating their privacy policy.

“This resource is available on the AMA website at

“The AMA will continue to work with practices to help them to navigate privacy laws, and have in place the right policies and processes to satisfy their legal and ethical obligations,” Dr Morton said.


Leave a Reply

Your email address will not be published. Required fields are marked *