Understanding privacy laws: How to protect your patients’ personal information

While Cliniko does meet or exceed many of the world's privacy laws, protecting your patients' data is a shared responsibility. Learn how Cliniko helps you comply with various laws and where you can get more information on the requirements for your practice.

Doug Pohl·

A folder containing patient information and a book of law on either side of a set of scales.

For a while now, we’ve been noticing some confusion around the privacy requirements of different countries and which regulations your practice needs to follow.

That’s totally understandable. Data privacy can be a tricky topic, and sometimes it’s tough to know what info you can trust. But for the sake of your patients and your business, it’s important to get it right.

That’s why we wanted to take a quick moment to share some of what we know about the various privacy laws, help you find more info, and let you know how Cliniko helps you comply with the different requirements.

What are the privacy laws for each country?

There are too many different laws to include in one article (at least in an article you might actually read). So instead, we’ll focus on the privacy laws that are most likely to affect our customers.

Our team has written thorough articles that take deep dives into each law. They’re all linked below, and in them, you’ll find lots of great info about what’s required of your practice and how Cliniko helps you comply. Just find the country or legislation you’re looking for and dive on in.

Australia

The Australian Privacy Principles (APPs) include topics ranging from anonymity to disclosure to security. Cliniko complies with every principle, and in some cases, we exceed the requirements.

To learn more about how Cliniko can help you follow the APPs, head over to our help site where we discuss each privacy principle and how Cliniko helps you stay in compliance.

European Union

The General Data Protection Regulation (GDPR) safeguards the privacy of all citizens within the European Union (EU) and the European Economic Area (EEA). And, for now, that still includes the UK.

It’s a stringent set of laws that require taking some sizable steps in order to comply, like establishing a Data Processing Addendum, designating an in-house Data Protection Officer, and appointing an EU-based privacy representative.

If you have no idea what these things are, don’t worry. It’s all explained in the GDPR article on our help site.

Canada

Canadian privacy laws are somewhat unique in that provincial regulations supersede the national privacy law known as PIPEDA. This means clinics are first required to follow the requirements of their home province.

Thankfully, the courts have decided that all of the provincial laws are substantially similar to PIPEDA. So when a clinic complies with the laws of its home province, it becomes exempt from having to follow the national law.

There is a caveat to keep in mind, though. If you store or process data for clients based across provincial or national boundaries, you’ll need to stick to the requirements laid out in PIPEDA.

Take a look at our PIPEDA help article to get more details and learn how Cliniko can help you comply with these laws.

United States

The privacy laws of the United States are known as HIPAA. We’ve done our best to make it easier for you to follow these regulations by creating a ‘HIPAA privacy setting’ within your Cliniko account.

Enabling this support setting will trigger in-app guidance, privacy alerts, activity monitoring, and a lot of other great tools to help you stay compliant while using Cliniko.

Learn more about HIPAA and how we can help your practice meet the requirements.

Cliniko protects patient privacy.

Yes, Cliniko meets or exceeds the legislative privacy requirements for Australia, New Zealand, the European Union, the United Kingdom, Canada, and the United States. We make sure of it.

It’s a bold statement, but true. We have two designated privacy officers within our team who—as crazy as it might sound—love working with privacy laws.

It’s their job to keep up with all things privacy related and advise our team on changes that might need to be made to ensure that Cliniko is always in compliance.

We’ve laid out our privacy policy and data security information in detail on our website. If you can’t find what you’re looking for in either of those documents, just reach out to our friendly support team. They’ll be happy to help.

You also have an important role to play in protecting your patients’ privacy.

When you store your data and your patients’ private information on our secure servers, it’s our job to protect it and keep it confidential. This is a serious responsibility, and we take every precaution.

But we can only help with the info that has been entered into your account. There’s not much we can do beyond the boundaries of our software. How you collect and handle private information outside of Cliniko is totally in your hands.

You’ll want to take extra care with any information that could have been collected on paper or stored locally on a device. If you keep hard copies of your records, it’s your responsibility to make sure those records are stored securely.

It’s also important to sign out of your account when you’re not using it (especially on a shared device) and be aware of what information might be visible to others on the screen you’re working with.

What should you be doing to comply with the laws and protect your patients’ privacy?

It can sometimes be tough to know when certain privacy regulations might apply to your practice. For many practitioners, you should only need to follow the laws of the country or region where your practice is located. However, there are some caveats to this.

For example, if you have patients who reside in a different jurisdiction from your practice, you may need to comply with the laws of that region as well. But not always. It depends on the variables involved.

Even if you feel confident in your knowledge of the laws, it’s worth making an effort to reach out to your professional organisation and ask for guidance. They make it their business to know these things and can often be your best resource.

With that in mind, there are some basic steps you can take that will go a long way toward protecting your patients and your business.

Create a privacy policy. You have good reasons for collecting the information you do. So let people know why you need it and what you’ll do with it. Be utterly honest and transparent. When it comes time to share your policy with patients, our secure digital forms are fully customisable and might be a good option for you.

Get patient consent. After you’ve created your privacy policy, be sure to get every patient’s signature to acknowledge their consent. It’s their personal info you’re working with. They deserve the chance to agree (or disagree) with how you plan to use it.

Train your team. Be sure that all your team members understand the best practices for protecting patients’ private info. They should also be well informed on your privacy policy and be able to answer questions for patients if needed.

Only collect what you need. When building new patient forms, make sure your practice truly needs the info you’re collecting. There should be a specific purpose for every piece of data. And re-examine your older forms while you’re at it. If something isn’t necessary, maybe you shouldn’t ask for it.

Don’t store data forever. The laws vary widely on how long you’re required to hold on to a patient’s data. But generally, the best practice is to not keep people’s private info for any longer than you’re required to. Check with the rules that apply to your jurisdiction as well as your professional association to determine the best plan for your practice.

If you have any questions on these steps or the laws that might affect your practice, it’s best to contact your professional association for guidance. And of course, you can reach out to our support team any time.

Author information

Doug is our in-house writer. When he's not banging on the keyboard, you'll probably find him listening to old Willie Nelson records or chasing chipmunks on a mountain trail.

Get the latest news, tips, and updates from Cliniko

Read Cliniko’s Terms and Privacy policy

Keep reading