Services › Compliance Readiness

Compliance Readiness

Understand exactly where your practice stands against the regulations that apply to you.

Australian medical practices sit at the intersection of more than ten overlapping regulatory frameworks. This service maps your current posture against each one that applies to your practice — giving you a clear, framework-by-framework picture of where you're compliant, where you have gaps, and exactly what to do about each one. Unlike a broad security assessment, this is focused specifically on your regulatory obligations.

Book a Free Scoping Call Compare with the Security Health Check

Frameworks we assess against

We assess your practice against every framework that applies to your specific situation — not a generic checklist that treats all practices the same.

Privacy Act 1988 & Australian Privacy Principles

All 13 APPs assessed against your current privacy practices, policies, and patient data handling.

All practices

Privacy & Other Legislation Amendment Act 2024

POLA 2024 changes including technical and organisational measures requirements and the new statutory tort.

All practices

Notifiable Data Breaches Scheme

Assessment of breach identification, assessment, containment, and notification procedures against NDB obligations.

All practices

My Health Records Act 2012 (incl. Rule 42)

Written security and access policy requirements, authorised access controls, and breach notification obligations.

Practices registered with My Health Record

RACGP Standards for General Practices (5th Edition)

Information security and privacy documentation requirements relevant to accreditation and PIP payments.

General practices seeking accreditation

Cyber Security Act 2024

Ransomware payment reporting obligations and applicable critical infrastructure requirements.

Practices with turnover above $3M

Not all frameworks apply to every practice. During the scoping call, we identify which apply to you — so the assessment covers exactly what's relevant, not unnecessary territory.

How this differs from the Security Health Check

Two complementary services with different lenses. Many practices benefit from both.

Security Health Check

  • Broad assessment across 9 security domains
  • Evaluates technical controls, processes, and practices
  • Identifies security weaknesses and risks
  • Produces a risk-rated security posture report
  • Asks: how secure is your practice?
Learn more

Compliance Readiness

  • Focused assessment mapped to specific regulatory frameworks
  • Reviews documentation, policies, and procedures against each obligation
  • Identifies specific compliance gaps by framework and clause
  • Produces a gap analysis report with framework-by-framework actions
  • Asks: are you meeting your legal obligations?

What you receive

A structured gap analysis report — not a theoretical compliance checklist, but a practical roadmap of what your practice needs to do to meet its obligations.

Framework-by-framework gap analysis

Each applicable framework assessed separately, with your current state, the specific obligation, the gap, and the recommended action clearly documented.

Prioritised action plan

Gaps ranked by regulatory risk and remediation effort — so you know what to address first and what can wait.

Document review findings

We review your existing policies, procedures, and records against each framework's requirements — not just asking what you have, but reviewing what's actually there.

Accreditation-ready summary

For practices preparing for RACGP accreditation or an OAIC review, we provide a summary document mapping your compliance status that can be included in your accreditation evidence.

What's included and what it costs

One fixed-fee engagement covering the full assessment, report, and delivery walkthrough.

Gap Analysis

Compliance Readiness Assessment

Framework-by-framework gap analysis and action plan

From $1,500 ex GST
  • 1

    Scoping call

    Identify which frameworks apply to your practice and what documents to gather

  • 2

    Document and policy review

    We review your existing policies, procedures, and records against each framework's requirements

  • 3

    Assessment session

    60–90 minute guided session covering areas not captured in documentation review

  • 4

    Compliance gap analysis report

    Framework-by-framework assessment of your current state, gaps, and specific actions to close each one

  • 5

    Walkthrough call

    We walk through the findings and help you understand the priority and sequencing of remediation steps

Best for: Practices preparing for RACGP accreditation, practices that have received an OAIC enquiry, or any practice wanting a clear map of their compliance position.

Pricing note: Final fee depends on practice size and the number of applicable frameworks. Most single-site practices fall within $1,500–$2,200. Confirmed after a free scoping call.

Book a Free Scoping Call

How it works

A structured process that minimises disruption while giving you a thorough, framework-specific picture.

1

Scoping call

15–20 minutes to identify which frameworks apply to your practice, what documents to send us, and confirm scope and fee.

2

Document review

You send us your existing policies, procedures, and relevant records. We review them against each applicable framework before the assessment session.

3

Assessment session

60–90 minute guided session — by video call or onsite in Adelaide metro — covering areas not captured by your documentation.

4

Report and walkthrough

Gap analysis report delivered within 5–7 business days, followed by a walkthrough call to discuss findings and prioritise next steps.

Know where you stand before you're asked

Start with a free 15-minute scoping call. We'll confirm which frameworks apply to your practice, what's involved, and provide a fixed quote — no obligation.

Book a Free Scoping Call Send Us a Message

Or try our free online security check for an instant snapshot of your practice's security and compliance posture.

Frequently asked questions

How is this different from a Security Health Check?

The Security Health Check is a broad assessment of your practice's security posture across 9 domains — it tells you how secure you are. Compliance Readiness focuses specifically on your regulatory obligations — it tells you whether you're meeting your legal requirements under each framework that applies to you. Many practices benefit from both; the Health Check is often a useful starting point before the Compliance Readiness assessment.

Do I need this if I already have policies?

Possibly. Having policies isn't the same as having compliant policies. We often find that practices have generic templates that don't address specific regulatory requirements — for example, a data breach response plan that doesn't reference the NDB scheme notification timeline, or a privacy policy that predates the POLA 2024 amendments. The gap analysis looks at what you have and whether it actually meets the relevant obligations.

Is this useful if we're preparing for RACGP accreditation?

Yes — particularly for the information security and privacy components of the RACGP Standards. The accreditation-ready summary we provide can be included directly in your accreditation evidence folder and demonstrates you've conducted a formal compliance review against the relevant standards.

Have a question not answered here?

Get in touch