Contents
Each day, more and more businesses are moving online to make services more accessible to customers. One type we’ve seen significant growth in is health care services, or telehealth services, which makes it easier for people to access medical care from the comfort of their own homes.
Usually, these services are delivered through websites or mobile apps. But just like any other online platform, it’s important to ensure you have the proper legal frameworks in place – including Terms and Conditions, a Privacy Policy, and a Service Agreement – to protect both your business and your customers.
- Terms and Conditions
- Privacy Policy
- Service Agreement
From the business owner’s perspective, it’s essential to mitigate the risks that come with providing health services. We’ll get into the details of why shortly, but first let’s clarify what exactly constitutes a healthcare service in today’s digital landscape.
How Do I Know If I Provide A Healthcare Service?
In 2025, healthcare and telehealth services are not restricted to hospitals and pharmacies. They now extend to offerings such as supplying medical equipment for specific conditions or operating online platforms that connect patients with qualified practitioners. This broader definition means that many businesses might be managing what is legally considered “health information”.
For example, BetterHelp is a well-known online service that connects people with licensed counsellors for psychological support. While BetterHelp encountered controversy over its Terms and Conditions several years ago, it has since updated its policies to comply with modern regulatory standards and ensure transparency.
So, if you’re developing an online healthcare app or website for your telehealth business, you’re in the right place.
We’ll discuss the essentials you need to consider before you build your platform, as well as the legal documents required to mitigate risks associated with providing health services online. It’s all about protecting your business and giving your customers confidence in your service.
Mixing health and technology can be incredibly convenient for your customers – but it also means extra responsibility on your end!
Privacy
Just like any online service, privacy is paramount when dealing with health information.
Online businesses routinely handle high volumes of personal and sensitive data – and this is especially true for healthcare services. If you’re building a healthcare app or website, remember that you’ll be collecting and managing sensitive health information. In Australia, such data is subject to strict regulations to ensure it is handled securely and responsibly.
As of 2025, the Privacy Act 1988 continues to serve as the foundation for privacy law, setting out the requirements for handling data through the 13 Australian Privacy Principles (APPs). We’ve covered these principles in detail here.
Typically, a privacy policy is only required for online businesses with an annual turnover of over $3 million that collect personal information. However, if you’re a healthcare service provider, you are an exception to this rule – even if your turnover is below $3 million, you must have a Privacy Policy in place due to the sensitive nature of the information you handle.
Why?
Health information is classified as ‘sensitive’ under Australian privacy laws. This means you must have a comprehensive Privacy Policy in place and it’s advisable to have a lawyer draft and review the document to ensure it complies with the 13 APPs. For tailored advice, consider speaking with our Privacy Lawyers.
What Is A Privacy Policy?
A Privacy Policy details the types of information you collect from clients or customers and explains how that data is used and shared with any relevant third parties. In the case of healthcare services, you must clearly explain how you share patients’ health information with the medical practitioners you connect them with. A good starting point is to have a chat with a legal expert specialising in privacy law.
If you’re providing telehealth services – for example, via Zoom – it’s crucial to ensure that the platform setup meets your privacy requirements. Consider questions such as whether sessions will be recorded, and if so, ensure that you disclose this policy and obtain your clients’ consent.
What Is Considered ‘Health Information’?
You might be operating a service that appears to be similar to a healthcare provider, but how do you know if you’re actually handling “health information”?
Generally speaking, ‘health information’ can include:
- Symptoms reported by a patient
- Details about diagnoses or illnesses
- Medical test results or reports
- Prescriptions
- Information regarding medications being taken
- Other general personal information collected by a health service provider
Also, when it comes to collecting health information, you must obtain the individual’s consent before you collect any data.
Fortunately, a Privacy Policy can be easily incorporated into your Terms and Conditions – sometimes as simply as requiring customers to tick a box when they sign up. We’ve detailed more about privacy policies for healthcare service providers here.
So, what should your Terms & Conditions include?
Terms & Conditions
Just like any other website, if you’re providing an online healthcare service, you need to have robust Terms and Conditions in place.
In simple terms, your customers must agree to adhere to certain rules in order to use your service. These rules may cover aspects such as:
- How online payments will be processed
- Dispute resolution procedures
- Methods for collecting and sharing personal information
- Limitation of liability in case something goes wrong
This applies equally if your service is offered via an app on Google Play or the App Store – customers must be able to easily access and agree to these Terms before using your service.
Given the nature of healthcare, there are generally higher risks involved. It’s therefore essential to disclose all relevant details and risks associated with your service. For instance, you might inform users about the limited liability of your employees or affiliated medical practitioners in the event of technical failures or data loss.
Example Let’s say you run an online healthcare service called Doctors2Go, which connects people with the appropriate doctor based on their needs. Sam wants to book a quick consultation with a GP and prefers bulk-billing. On the website, he sees a doctor described as “bulk-billed” and books an appointment. Later, Sam discovers that the doctor does not actually offer bulk billing, resulting in him having to pay the full fee with no Medicare rebate. Here’s how this situation might be affected by your Terms and Conditions (T&Cs): • If your T&Cs exclude liability for inaccurate information displayed on your website, you would not be liable – as Sam agreed to this clause when creating his account. An example clause might read, “We are not liable for any inaccuracies on our website and this does not constitute professional medical advice.” • If your T&Cs lack an exclusion of liability clause, you could potentially be held responsible for Sam’s reliance on the inaccurate bulk billing information. It is essential to ensure that customers acknowledge their responsibility for verifying details that may not be 100% accurate. When drafting exclusion of liability clauses, you aim to protect your business by clarifying that any loss incurred is solely between the customer and the medical practitioner. In essence, your service serves only as an introductory platform, and you are not liable for any subsequent issues that may arise – although you should always consult a lawyer for advice tailored to your specific circumstances. |
What Happened With BetterHelp?
Back in 2018, BetterHelp’s Terms and Conditions sparked a controversy after a sponsored YouTube video triggered widespread online debate. Although the initial allegations – suggesting that users had to verify counsellors’ licensing details, thereby implying some counsellors might not be fully accredited – were eventually debunked, the incident remains a useful reminder of the importance of clear legal disclosures.
In response, founder Alon Matas clarified that all counsellors on BetterHelp are fully licensed and undergo a rigorous hiring process. This example underscores why having up-to-date and transparent T&Cs is vital, especially in the sensitive healthcare sector.
Even though the controversy was resolved years ago, it highlights the necessity for healthcare providers to maintain clear, accurate, and robust legal documentation to protect all parties involved.
Anything Else To Cover?
If you’re a telehealth service provider, it’s crucial to have a detailed Telehealth Service Agreement in place. Telehealth means providing health services remotely, and your agreement should cover aspects such as:
- How online payments will be secured
- How liability will be limited
- How information will be handled and protected
- What services are provided and what are not
Next Steps
As of 2025, online healthcare services continue to grow rapidly, offering patients convenient access to medical care when they need it most. However, for business owners, this advancement comes with increased responsibility to manage risks and ensure full compliance with privacy and consumer protection laws.
A good place to start is to have a chat with a Privacy Lawyer to set up the right Terms and Conditions, Agreements, and Policies. You can reach out to us at team@sprintlaw.com.au or call us on 1800 730 617 for an obligation-free chat.
Additionally, in the fast-evolving legal landscape of 2025, it’s essential to regularly review and update your legal documents. Staying informed with the latest regulatory changes ensures your Terms and Conditions and Privacy Policy remain compliant and effective at protecting your business and your customers.
Meet some of our Consumer Law Lawyers
Get in touch now!
We'll get back to you within 1 business day.
0 Comments on "Are You Reading The Fine Print In Health Care Apps? (2025 Updated)"