MediCompare Guide to Understanding Telehealth Providers’ Privacy Policies

Telehealth providers’ privacy policies are an important aspect of any telehealth service you receive. They outline the measures a provider takes to keep your data safe from the moment you browse their website to the collection and storage of your sensitive personal and health data. Often, they use jargon or very specific terms you may not be familiar with. For example, these policies generally refer to the Privacy Act 1988 and the Australian Privacy Principles (APPs). So, if you’re wondering: What does ‘secure’ really mean? This explainer is for you.

A telehealth provider’s privacy policy explains how your personal and health data is collected, used, stored, and shared [1]. This includes sensitive information such as your contact details, DOB, medical records, Medicare information, and credit card details.

First, you need to understand that the provider needs your explicit consent to use your information. The provider is supposed only to use it to deliver healthcare-related services requested by you. If necessary, they may share it with other health services, for example, through MyHealthRecord, or, with your permission, with third parties, like family members or carers.

1. Privacy and Confidentiality: Telehealth consultations and your information should be kept as confidential and private as in-person appointments. Due to the virtual nature of service delivery, providers must use secure platforms that support private, confidential consultation environments.
2. Consent and Sharing: Providers must obtain your consent before using your information or providing any services. This generally happens the moment you sign up and agree to their terms and conditions. However, some providers simultaneously get your content to share your data with third parties or to contact you for marketing purposes. Some services may also de-identify your data for research purposes. The privacy policy must give you information on how to opt out or revoke your consent. Providers may share your information with other health services or government agencies, as required by law.
3. Secure Environment: Similar to the privacy provided in a doctor’s office, telehealth consultations must be conducted in a quiet, private setting to protect your privacy. Ideally, you should also be participating from a safe and private environment. Beyond the consultation, providers must use secure systems for video or phone calls, as well as for data storage and transmission. If there is a security breach, telehealth providers have to inform you promptly.
4. Data Access and Control: The Privacy Act gives you the right to access your health information. Many telehealth providers add this information to your My Health Record, which lets you control who sees your data in your privacy settings. Providers may also store your information, but they must give you access to view and correct their records, if necessary. Any of the providers’ staff must be trained in how to record, store, and access your information safely. The privacy policy may outline measures such as encryption, passwords, 2FA, or MFA.
5. Cross-Border Data Sharing: Most providers do not share your information with third parties overseas, as they may be subject to different privacy laws. However, some providers choose to share parts of your data. They must inform you if this is the case. If you are concerned about your data security, this is something to watch out for.

• Information Collected: Personal details, health records, and billing information.
• Purpose of Collection: The provision and management of the provider’s telehealth services.
• Consent and Access: Only essential staff should be able to access your information. Additional consent is required for other uses, such as marketing.
• Data Security: Providers must take reasonable steps to keep your information secure. This includes the use of encrypted and password-protected email communication and safe video consultation environments.
• Disclosure: Information may be shared with other health services or government agencies, often with your consent or as required by law. Some services may de-identify your data for research purposes.

Health information is classed as “sensitive information” under the Privacy Act 1988, which requires stricter handling and security measures. Using an online environment means providers must have safeguards in place to protect your data from unauthorised access. A clear privacy policy helps you understand how your information is used and protected. It pays off to read them closely.

Understanding how your personal information is handled and kept safe online is an integral part of protecting yourself online. You should choose only providers who adhere to these principles, the APPs. You can confidently use these telehealth providers, knowing your privacy is a priority.

For more information on individual providers’ privacy policies, visit MediCompare’s in-depth reviews.

This article is for informational purposes only and is no substitute for professional medical advice. Please choose your provider with care. Always consult your doctor or a qualified health professional regarding any health-related questions or concerns.

[1] https://www.oaic.gov.au/__data/assets/pdf_file/0020/251183/Guide-to-Health-Privacy-Collated-May-2025.pdf