Let's Chat

03 9430 1788


How to check Healthcare Compliance – Can you answer YES to 3 simple questions


Healthcare Compliance

Ever wondered if your practice is compliant or not?  Do not make Healthcare Compliance any more complex than it already is.   Answer these three simple questions to check your Healthcare Compliance.

What is required

We have written several articles on the topic of Healthcare Compliance although none of them specifically list what is required to be a Healthcare compliant organisation.    Healthcare compliance can be a complex topic although we have simplified it for you.   This article provides you with three simple questions to answer which will provide you with an indication of where you stand.    Before we get into the questions, it is important to understand what we are trying to comply with.

Healthcare Compliance OAIC

Regulation and compliance

The Department of Health administer regulations and compliance for Healthcare providers in Australia.    Information from the Department of Health and the various Acts that they audit can be found here.   What is relevant to you as an Australian Healthcare provider is the Privacy ACT 1988 when it comes to collecting, storing and transmitting patient data.    There are other Healthcare Compliance requirements that are relevant although the Privacy ACT is our main focus here.   

Healthcare Compliance Privacy Act

The Privacy ACT 1988

The Privacy Act 1988 (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations handle personal information.    Broadly, the act states “with an annual turnover of more than $3 million.   The Privacy Act has specific clauses for healthcare professionals stating the annual turnover rule does not apply to allied health professionals.   This is a catch all clause that covers anyone holding any patient data.   The Office of the Australian Information Commissioner actually states “Australian privacy law has strict rules about how a health service provider can collect, use and disclose your health information.”  The Office of the Australian Information Commissioner is responsible for privacy functions that are conferred by the Privacy Act and other laws.    Healthcare Compliance is a role that The Office of the Australian Information Commissioner has the regulatory responsibilities and powers to enforce.

Your Practice vs the Dark Web

Therefore as a healthcare provider, you are holding patient data which is protected by the Privacy Act and enforced by the Office of the Australian Information Commissioner.   It is important to note that patient data or “identifiable medical data” is the most valuable data on the dark web.    Considerably more valuable than any other type of personal data.    This makes your patient data an obvious target.

If you are audited then there are certain things that need to be in place to ensure you have been diligent in protecting the information you hold.  

Healthcare Compliance checks

The 3 Questions

Work through the below questions to assess how your practice would fare if it was to be audited.    All answers would need to have a yes answer against them for you to survive an audit.   If you answer no to any of the questions, there is some guidance on what needs to be done;

1. Does your organisation have a clearly expressed and up to date privacy policy?

The first thing you will be asked is the question above.  The Office of the Australian Information Commissioner states “Any organisation or agency the Privacy Act 1988 (Privacy Act) covers must have a privacy policy.”

An organisations privacy policy must provide the following:

  • their name and contact details
  • what kinds of personal information they collect and store
  • how they collect personal information and where it is stored
  • the reasons why they need to collect personal information
  • how they’ll use and disclose personal information
  • how you can access your personal information, or ask for a correction
  • how to lodge a complaint if you think your information has mishandled, and how they’ll handle your complaint
  • if they are likely to disclose your information outside Australia and, if practical, which countries they are likely to disclose the information to

2. Does your organisation have someone responsible for overall privacy management?

Knowing who in the practice has the expertise and responsibility for meeting privacy requirements helps all staff respond efficiently to any privacy issues and seek prompt guidance when they need it.   Someone needs to take responsibility for this role.   Typically, this responsibility is given to the practice manager.   

If you have a privacy policy in place and have appointed responsibility to someone then you are 2/3 of the way there.   One final question to answer.

3. Does your organisation have IT security processes and controls in place to protect personal information?

The Office of the Australian Information Commissioner’s Guide to securing personal information sets out a number of IT security steps that Healthcare Providers need to consider to protect the patient information they hold.

Relevant IT Security Policies to consider are;

      • software security
      • encryption
      • network security
      • whitelisting
      • blacklisting
      • testing
      • backing up
      • email security.

All of the above bullet points should be covered in IT Policies that you have set out and developed for your practice.   We have developed IT policies for many Healthcare Providers over the years and can provide you with any assistance you may require.    Once those policies are in place, your systems and applications need to adhere to them.

Answering the above three questions is a simplified method of determining the many requirements of being and staying compliant.   Being able to answer yes to all of the above does show you have been diligent in your responsibility as a Healthcare organisation.

If you are unable to truthfully answer yes to all of the three questions, putting in place what is required is not difficult or expensive.    All it takes is reaching out to us to assist.

Want to stay up to date with useful tech-tips?  

Follow us on LinkedIn, Facebook or Twitter to be notified when we post new content. Or, even better, scroll down to the very bottom of this page to sign up for our Newsletter. We only send them once a month and you can always unsubscribe.