Privacy and managing health information in general practice

Information management for general practice business information

Marketing

  1. References

Last revised: 24 May 2023

Marketing

 

Marketing

  • Health information must not be used or disclosed for direct marketing without patient consent.
  • Your practice must obtain patient consent to any services with commercial aspects, such as vaccinations.
  • Sending unsolicited commercial communications to your patients is generally prohibited.


Prohibitions on direct marketing

General practices might not ordinarily consider themselves as engaging in marketing activities. However, any promotion of a practice’s services, even scheduled reminders or as part of recommended clinical practice, might be considered direct marketing and therefore have privacy considerations.

Direct marketing in a clinical setting refers to any marketing technique where a practice is promoting goods and services directly to patients. Practices should note some daily clinical initiatives might inadvertently breach these laws. For example, letters that use or disclose personal information to promote and advise patients about flu vaccination services could be considered direct marketing.

In contrast, the Australian Privacy Commissioner considers that letters relating to ongoing care are less likely to breach privacy laws, especially if the letters simply inform the patient of scheduled assessments and do not specifically promote any services.

To avoid inadvertently breaching these laws, practices should obtain patient consent by:

  • requesting consent (via opt-in or opt-out mechanisms) on patient registration sheets and recording this consent in the management software
  • asking for consent as patients present to the practice
  • undertaking a directed consent campaign.
 

Refusal requests for marketing

Practices must have adequate procedures in place to ensure marketing messages are not sent to patients who have expressed their refusal.


The Spam Act and Do Not Call Register

It is important practices are aware of the applicable prohibitions (and their exceptions) when sending electronic (email or text messages) or telephone communications. The Privacy Act defers to the operation of the Spam Act 2003 and the Do Not Call Register Act 2006.

Generally, these Acts prohibit practices from sending unsolicited communications (by email, text message or telephone call) with the aim of selling goods or services. Practices sending solicited communications must ensure they meet any requirements first; for example, providing an unsubscribe function for mobile text message reminders.
 

  1. [Accessed 7 November 2022].
  2. [Accessed 16 January 2023].
  3. [Accessed 7 November 2022].
  4. [Accessed 16 January 2023].
  5. [Accessed 16 January 2023].
  6. [Accessed 16 January 2023].
  7. [Accessed 16 January 2023].
  8. [Accessed 8 November 2022].
  9. [date unknown] [Accessed 8 November 2022].
  10. [date unknown] [Accessed 16 January 2023].
  11. [Accessed 16 January 2023].
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log

Advertising