Privacy action plan for your health practice
Long text description
The Privacy Act 1988 (Privacy Act) requires you to be proactive in establishing, implementing and maintaining privacy processes in your practice.
The Office of the Australian Information Commissioner's Guide to health privacy sets out the key practical steps you should take to meet your privacy obligations and protect the personal information you hold:
Step 1: Develop and implement a privacy management plan
The Privacy Act requires you to be proactive in establishing, implementing and maintaining privacy processes that ensure you comply with the Australian Privacy Principles (APPs).
Step 2: Develop clear lines of accountability for privacy management
Knowing whom in the practice has the expertise and responsibility for meeting privacy requirements helps all staff respond efficiently to any privacy issues and seek prompt guidance when they need it.
Step 3: Create a documented record of the types of personal information you handle
Understanding your practice’s personal information holdings is an important foundation for effective privacy management and compliance.
Step 4: Understand your privacy obligations and implement processes to meet them
It is important to understand your privacy obligations and how key APPs apply to and operate in a healthcare context. Develop and implement processes that facilitate your practice’s compliance with those obligations.
Step 5: Hold staff training sessions on privacy obligations
Training staff on their privacy obligations and the importance of privacy will help to create a confident team that is able to handle personal information in a privacy-enhancing way.
Step 7: Protect the information you hold
The Privacy Act requires you to take reasonable steps to protect the personal information you hold from misuse, interference, loss, and from unauthorised access, modification or disclosure.
Step 8: Develop a data breach response plan
A data breach response plan is a tool to help you manage a data breach. It is a framework setting out how you will manage and respond to a data breach, including the steps you will take and the roles of various staff members.
For more information visit: oaic.gov.au/guide-to-health-privacy