Running a business in the healthcare industry carries several risks. As such, it’s essential that you’re well-protected by having the right legal documents in place. Our team can help you with your legal needs, from contracts to regulatory compliance and privacy obligations.
To open a healthcare or medical practice in Australia, you will need to prepare and register a variety of legal documents. Key requirements include:
- Registering your business name with the Australian Securities and Investments Commission (ASIC).
- Obtaining Workers' compensation insurance and business insurance (e.g. professional indemnity, public liability).
- Securing Council approval (if operating from a commercial premise) and a lease agreement (if renting premises).
- Registering with the Australian Health Practitioner Regulation Agency (AHPRA).
- Having Health and safety policies and procedures in place.
- Complying with privacy and data protection policies and procedures.
If you're running a health business, you're likely to be collecting and managing customers' health information. Under Australian privacy laws, health information is a lot more sensitive than standard data. As such, there are additional requirements that apply.
For instance, if your health business is collecting health information, you are legally required to have a Privacy Policy in place in accordance with the Privacy Act 1988 regardless of the small business threshold (that is, if you have an annual turnover of $3 million or more).
The sensitive nature of health information means that your business needs to have well-drafted Privacy Policies, Cookie Policies, NDAs and Terms and Conditions in compliance with privacy laws.
If you're conducting business in the EU, your Privacy Policy will need to be comply with the GDPR.
Yes, you can start a healthcare business or medical practice online. This is likely to be considered a telehealth business.
However, being online does not remove your legal obligations as a health business. The specific privacy laws for health information still apply to you, and you must take measures to ensure these obligations are met virtually.
For example, your online platform should have strong security systems and cyber security systems to keep your customers' data safe when being shared online. This may require two-factor authentication or training your staff with a Data Breach Response Plan.
You should also have the relevant NDAs, confidentiality agreements, T&Cs and disclaimers on your website to protect both you and your customers.
