Each day, we see more and more businesses moving online to make services more accessible to customers. One type we’ve seen is health care services, or telehealth services, so that it’s easier for people to seek medical care. 

Usually these are in the form of websites, or even apps. But it’s important to note things like:

  • Terms and Conditions
  • Privacy Policy
  • Service Agreement

From the business owner’s point of view, it’s essential to mitigate the kinds of risks that come with providing health services. We’ll get into the details of why, but first, let’s briefly go through what is actually considered a healthcare service. 

How Do I Know If I Provide A Healthcare Service?

Healthcare or telehealth services are not limited to hospitals and pharmacies. It can extend to services such as providing medical equipment to people who have conditions, or an online business that connects people to qualified practitioners. 

For example, BetterHelp is an online service that connects people to qualified therapists for psychological help (they had a few controversies with their Terms & Conditions, which we’ll discuss later). 

So, if you’re building an online healthcare app or website for your online healthcare business, you’ve come to the right place. 

We’ll go through the basics of what you need to know before you build your app, and the legals you’ll need to consider to mitigate the risks involved with health services. 

Mixing health and tech is convenient and simple on the customer’s end, but this also means more responsibility on yours! 


Just like anything else you find online, privacy is one of the most important things to think about. 

Online businesses deal with high volumes of personal or sensitive information, and this is very much the case with healthcare services. If you’re building a healthcare app or website, remember that you’ll be collecting and managing people’s health information. In Australia, this kind of sensitive information attracts some pretty serious laws. 

Mainly, the Privacy Act 1988 governs rules around privacy and handling all sorts of information. These are covered in great detail in the 13 Australian Privacy Principles (APPs), which we’ve written about here

The general rule when it comes to privacy in e-commerce is that you only need a privacy policy if you’re an online business with an annual turnover of more than $3 million, and you collect personal information. However, if you’re a healthcare service provider, you are an exception to this rule. This means that even if your turnover is less than $3 million, you still need a privacy policy.


Health information is considered ‘sensitive’ information under Australian privacy laws. So, you’ll need to have a Privacy Policy in place. It’s a good idea to have a lawyer draft and review this for you as it needs to be compliant with the 13 APPs. 

What Is A Privacy Policy?

A Privacy Policy will essentially set out what information you will be collecting from your clients or customers, and how you will be disclosing this to any relevant third parties. So, in this case, you’ll need to tell customers how you’ll be sharing their health information with the medical practitioners you’ll be connecting them to. 

If you’re providing telehealth services (e.g. via Zoom), you need to make sure this setup is compliant with your privacy requirements as well. For example, will you be recording your zoom sessions? If this is permitted, you need to disclose this to your clients and get their consent. 

What Is Considered ‘Health Information’?

You might be running something similar to a healthcare service, but how do you know if you’re actually managing ‘health information’? 

Generally speaking, ‘health information’ can include:

  • Symptoms that a patient reports having
  • Details about a diagnosis or illness they have
  • Medical test results or reports
  • Prescriptions 
  • Details about medication a person is taking
  • Other general personal information collected by a health service provider

Also note that when it comes to health information, you need the person’s consent before you collect it. 

Thankfully, a Privacy Policy can be conveniently attached to your Terms and Conditions. It can even be as simple as checking a box when a customer makes an account! We’ve written more about privacy policies for healthcare service providers here

So, what should your Terms & Conditions look like?

Terms & Conditions

Just like any other website, you want to have Terms and Conditions if you’re providing an online healthcare service. 

Put simply, customers need to agree to do, or refrain from doing, certain things in order to use your service. This may include:

  • How payment will work
  • How disputes will be handled
  • How personal information will be collected and shared
  • How your liability will be limited in case something goes wrong 

This is also the case if your service is being provided through an app on Google Play or the App Store. You still need terms and conditions that customers can easily access and agree to before they get started. 

Since we’re dealing with health, there are generally some higher risks with your service. So, you want to make sure you disclose all the relevant details and risks associated with your business. 

For example, before a client makes an account, you may want to disclose the limited liability of your employees or medical practitioners in case the website crashes and information is lost. 


Let’s say you run an online healthcare service called Doctors2Go. This service connects people to a doctor depending on their specific needs. 

Sam wants to book a quick consultation with a GP, but he prefers for it to be bulk billed. On the website, he finds a doctor whose description says “bulk-billed”, so he books an appointment with her. Later, he discovers that she does not, in fact, offer bulk billing and ends up having to pay the full price himself, with no Medicare rebates. 
Let’s look at how this would play out depending on how you’ve drafted your terms and conditions (T&Cs):

• If your T&Cs exclude liability for inaccurate information on the website, you will not be liable since Sam would have had to agree to this condition when he made an account. For example, your clause could look something like, “We will not be liable for any inaccurate information presented on our website, and this does not constitute medical advice.” 

• If your terms and conditions do not have an exclusion of liability clause, this might be troublesome for you. It is likely that you’d be held liable for Sam’s reliance on that representation of bulk billing. It’s essential that you disclose the customer’s responsibility for relying on information that isn’t guaranteed to be 100% accurate or correct. 

When it comes to exclusion of liability clauses, you want to protect your business by ensuring any losses are kept between the customer and the medical practitioner. 

In other words, you want to make it clear that you are an introductory service and that any medical issues that arise are not your fault (but of course, this depends on the nature of the business you’re running. You should speak to a lawyer to help you with this!). 

What Was The Case With Betterhelp?

In 2018, there was some controversy around Betterhelp’s T&Cs. More specifically, Betterhelp had sponsored a video created by a content creator on Youtube. Unfortunately, an online fight broke out which saw some commentary and criticism of Betterhelp’s T&Cs. 

One of the comments made was that Betterhelp made a disclaimer that users need to verify their counselor’s licensing information, which implied that their counselors were not professional or licensed. 

Founder Alon Matas released a statement in October 2018 claiming this is not true, and clarified that every counsellor on Betterhelp is fully licensed and goes through a rigorous hiring process. 

While the rumours turned out to be untrue, it still raises some interesting concerns around healthcare T&Cs generally. While putting something online might make things easier to work around, it doesn’t necessarily mean you can skip over some essential legals, such as terms and conditions for providing your healthcare service. 

You want to be transparent with your customers about what you’re providing and how you go about doing that. 

At the end of the day, healthcare is an important industry when it comes to handling sensitive information and dealing with people’s health, so you need to make sure you’ve mitigated the relevant risks. 

Anything Else To Cover? 

If you’re a telehealth service provider, you’ll need a Telehealth Service Agreement. Telehealth just means that you provide health services remotely or online. So, your agreement should cover things like

  • How payment will be secured online
  • How liability will be limited
  • How information will be handled
  • What the provider will and won’t do

Next Steps

Healthcare services being offered online is a big step, and a convenient way to access help when you need it. But from the business owner’s perspective, this comes with certain risks and the need to ensure compliance with privacy laws. 

A good place to start is to have a chat with a Privacy Lawyer, so you can set up the right T&Cs, Agreements and Policies. You can reach out to us at team@sprintlaw.com.au or contact us on 1800 730 617 for an obligation-free chat.

About Sprintlaw

Sprintlaw's expert lawyers make legal services affordable and accessible for business owners. We're Australia's fastest growing law firm and operate entirely online.

(based on Google Reviews)
Do you need legal help?
Get in touch now!

We'll get back to you within 1 business day.

  • This field is for validation purposes and should be left unchanged.

Related Articles
What Documents Are Required For A Company?
How To Initial A Document