Services › Security Policy Packages

Security Policy Packages

Customised, practice-specific security policies that meet your regulatory obligations — without the legal jargon.

Every Australian medical practice is legally required to have documented security policies. But a generic template downloaded from the internet doesn't reflect your systems, your workflows, or the way your team actually works. We create policies tailored to your practice — written in plain language, covering the frameworks that apply to you, and ready to use from day one.

Book a Free Scoping Call Not sure what you need?

Why your practice needs documented policies

Documented security policies aren't optional for Australian medical practices — they're a regulatory requirement across multiple frameworks.

Requirement Source What It Means
Written privacy policy Privacy Act 1988 (APP 1) Must be clearly expressed, up to date, and available to patients
Technical and organisational measures Privacy Act (APP 11, POLA 2024) Documented policies are now explicitly required, not just "nice to have"
Written security and access policy My Health Records Rule 42 Mandatory for any practice registered with the My Health Record system
Information security documentation RACGP Standards (5th Edition) Required for accreditation and Practice Incentives Program (PIP) payments
Data breach response procedures Notifiable Data Breaches scheme Must be able to assess, contain, and notify — requires documented processes
Ransomware payment reporting Cyber Security Act 2024 Practices with turnover above $3M must report ransomware payments

Most practice managers we speak to assume the Privacy Act is their only obligation. In reality, medical practices sit at the intersection of 10+ overlapping regulatory frameworks. Documented policies are how you demonstrate compliance across all of them.

Two packages to suit your practice

Whether you're starting from scratch or need comprehensive coverage, both packages are customised to your specific practice — not generic templates.

Core Policy Pack

5 essential policies

From $1,100 ex GST
  • 1

    Acceptable Use Policy

    Rules for how staff use practice technology and systems

  • 2

    Password & Authentication Policy

    Password standards, MFA requirements, account management

  • 3

    Data Breach Response Plan

    Step-by-step procedures for responding to and reporting breaches, including NDB scheme and My Health Records obligations

  • 4

    Privacy Policy (Patient-Facing)

    Compliant with APPs and POLA 2024 amendments, ready to provide to patients

  • 5

    Staff Offboarding Security Checklist

    Ensures all access is revoked when staff leave — PMS, My Health Record, email, pathology portals, physical access, and more

Best for: Solo GPs, small practices (1–4 practitioners), allied health practices starting from scratch.

Get Started with Core
Full Coverage

Extended Policy Pack

13 comprehensive policies

From $2,200 ex GST

Everything in the Core Pack, plus:

  • 6

    Access Control Policy

    Role-based access levels, granting, reviewing, and revoking access, privileged accounts

  • 7

    Backup & Recovery Policy

    Backup requirements, testing, recovery procedures, and recovery time objectives

  • 8

    Remote Access & Telehealth Security Policy

    Secure remote access requirements and telehealth platform standards

  • 9

    Vendor & Third-Party Management Policy

    Requirements for vendors handling patient data, contract clauses, IT provider access controls

  • 10

    Physical Security Policy

    Premises security, server room access, workstation positioning, clean desk policy

  • 11

    Incident Response Plan

    Broader security incident response beyond data breaches — malware, intrusions, system outages

  • 12

    BYOD (Bring Your Own Device) Policy

    Conditions for personal device use, minimum security requirements, lost device procedures

  • 13

    Records Retention & Disposal Policy

    Retention periods by record type, secure disposal methods for electronic and paper records

Best for: Medium practices (5–10+ practitioners), specialist practices, practices preparing for RACGP accreditation.

Get Started with Extended

What makes these different

Not another template pack. Policies that actually reflect how your practice operates.

Customised to your practice

Every policy references your actual systems — your PMS, your telehealth platform, your booking system, your IT provider. Not generic placeholders.

Written in plain language

Your reception staff and nurses need to understand these, not just your IT provider. No unnecessary jargon — just clear, practical guidance.

Aligned to your obligations

Each policy maps to the specific regulations that apply to Australian medical practices — Privacy Act, POLA 2024, My Health Records, RACGP Standards.

Ready to use from day one

Delivered as editable documents with version control headers, review dates, and staff acknowledgement sections built in. Drop them into your practice handbook immediately.

How it works

Minimal disruption to your practice — we do the heavy lifting.

1

Scoping call

15–20 minutes to learn about your practice: what systems you use, how your team works, and any specific concerns or upcoming accreditation.

2

We build your policies

Each policy is customised to your practice's specific systems, structure, and workflows. We handle the research and drafting.

3

Receive your policy pack

Delivered as editable Word documents and PDF versions via secure file transfer, typically within 2–3 weeks.

4

Walkthrough session

We walk you through the policies, explain how to implement them, and answer any questions from you and your team.

Ready to get your policies in order?

Start with a free scoping call. We'll confirm which package suits your practice, answer any questions, and provide a fixed quote — no obligation.

Book a Free Scoping Call Not Sure? Start with a Health Check

A Security Health Check will tell you exactly which policies your practice needs and what they should cover — so you get the right pack, not just the nearest one.

Frequently asked questions

Can I just download free policy templates from the internet?

You can, but generic templates won't reference your specific systems, workflows, or the regulatory requirements that apply to Australian medical practices. In an OAIC investigation or accreditation assessment, policies that clearly don't reflect your actual practice are worse than helpful — they suggest a tick-box approach to compliance.

How long does it take to receive the policies?

Typically 2–3 weeks from the scoping call. The Extended Pack may take slightly longer for larger or more complex practices.

Will I need to update these policies?

Yes — policies should be reviewed at least annually. Each policy includes a review date. We can help with annual reviews as a follow-on service.

What format are the policies delivered in?

Editable Word documents (.docx), so you can make minor updates as your practice evolves. We also provide PDF versions for distribution to staff.

Do staff need to sign something to acknowledge the policies?

Yes — each policy includes a staff acknowledgement section. We recommend having all staff read and sign upon implementation, and again at each annual review.

Have a question not answered here?

Get in touch