Keeping your customers’ health information secure is both a requirement and responsibility.
According to Australian law, the Privacy Act 1988 applies to private sectors that handle health information and conduct activities that involve handling personal information, even if your business doesn’t primarily offer health services.
Remember that most people think of their health information as private, so if your business can protect their privacy, it can give them the assurance they need to keep using your products and services.
To help you protect your customers’ health information and follow the law, here’s what you need to know about operating your business under healthcare privacy laws in Australia.
1. Privacy Act and What It Applies To
The Privacy Act applies to any opinion or personal information about a person who can be reasonably identified from their given information.
This is regardless of whether or not the information is true or false, and if they are documented in written or recorded form or not.
However, the Privacy Act is not applicable to any information on deceased individuals. An exception for this is if information about living persons included those of the deceased.
It means that the privacy interests of the living person should be taken into consideration when dealing with this type of information.
Also, if your business is working with BPO companies, it’s an ethical and responsible practice to apply the Privacy Act as well.
2. What You Should Do Under the Privacy Act
The Privacy Act requires all sectors covered under it to follow thirteen Australian Privacy Principles or APP.
The APP is a guideline that shows the requirements on how to handle personal information.
Here are three of the APP:
Transparent and open management of personal information.
This sets the requirements for your business on the transparent and open management of your customers’ personal information, such as through privacy policies.
Patients who want to use pseudonyms or be anonymous.
Some clients will want to remain anonymous, so your business should offer the option for them to be unidentified such as using a pseudonym.
However, if the law authorizes or requires it, or if it’s not practical for them to be unidentified, then they should disclose their real information.
The collection of personal information.
Your business should only collect personal information through fair and lawful ways.
Personal data like health information can only be collected if the individual gives consent, and only if the information is required for the activity or function.
Personal information must also be collected directly from the customer unless they are unable to do so.
3. Australian Privacy Principles
Under the Privacy Act, if you violate the APP or commit an “interference with privacy,” you’ll be subjected to an investigation by the Information Commissioner after a complaint has been filed.
An investigation doesn’t happen right after the complaint has been filed against you.
Instead, if the individual submitted a complaint to you first, but you failed to reply within thirty days, then the investigation will be conducted.
Although conciliation through negotiation and discussion is used to resolve complaints, a civil penalty can be imposed on those who commit repeated or severe breach of privacy.
One of the best ways for your business to be compliant with healthcare privacy laws in Australia is to implement excellent privacy practices to prevent any breach.
As a business owner, there are many factors that you must consider to preserve the integrity of your business and your customers.
Doing so helps ensure that your business doesn’t violate the law, protects your customers’ interests, and preserve your reputation as a secure and reliable company.
Did you find this information useful?
Contact us to find out more.