Privacy policy and ADAVB surprise

The ADAVB came out with some surprising items on “Privacy” last week.

One surprise was a free practice privacy manual.
It was great to get something included for our branch fees and I congratulate the ADAVB this.

I was also surprised with some of the wording of the ADAVB manuals ‘example privacy policy’:

1. Sending information overseas.
I was amazed by the ADAVB example policy included the possibility of overseas ‘disclosure’. (Note: Disclosure is when you actually intentionally pass on the personal information rather than ‘use’, which would be simply utilising overseas storage where the storage facility would not access the information.)
It surprised me that there would be dental practices that would send information overseas to be ‘disclosed’ to an overseas recipient. Is anyone really getting an overseas agency to answer the phones or bill patients?

Any practice that does send information overseas this might like to consider the customer friendly statement in this area –

“We take steps to ensure that our service providers are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.”

2. Complaints

The ADAVB policy says
“If you would rather not raise the matter with the practice directly you can complain directly to the Office of the Australian Information Commissioner (OAIC).”
This is a surprising statement to have in the policy when the OAIC states that if people complain to the OAIC then the first thing the OAIC will tell them to do is go back to the organisation and attempt to sort it out the issue! (Check out for some informative easy to read material).

It would be unfortunate to think that a patient would be made to feel that they couldn’t or wouldn’t raise an issue such as this with the dental practitioner or staff due to the way the privacy policy is written. Again the Coles privacy policy, as an example, shows consumer-friendly sounding wording-
“For information about privacy generally, or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at and on 1300 363 992.”
The other area where I received questions from dental practitioners who read the ADAVB manual was in regard to “direct marketing”.

There are two separate issues here. The ADAVB has done well to address both issues:

  1. Using patients information within direct marketing
  2. Sending out direct marketing to patients – e.g. newsletters.

The ADAVB rightly points out the complications that can occur with de-identification of personal information.
Practices also need to have a simple system for patients to withdraw from any direct marketing. The new Australian privacy principles focus on this issue of making sure consumers can withdraw from direct marketing.

Of course the ADAVB privacy manual is a place for dentists to start with their own privacy policy development and I would encourage practices to take a look at a few corporate privacy policies (e.g. and check out the web resources– or you could look at the resources developed within SmartDentist! (We have a privacy policy already for you to easily alter or adapt as is along with many other resources including staff training online for easy access 24/7)

The benefit of looking at the simple to read banking or corporate policies is that they have customer satisfaction at the core of their information development.

At this time 9th March 2014 neither ADAVB nor the ADA Inc. web sites had organisational privacy policies available on their own web sites. The OAIC recommends that organisations have their privacy policy freely available on their web site.

Personally I am looking forward to a simple way to withdraw from some the non-relevant direct marketing. The ADA Inc. recently changed it’s site so practitioners can now very simply opt in and out of the ADA Inc.’s own newsletter! Great work! I look forward to being able to make the choice on other marketing.

PS. At the time of publishing this blog (9pm on 11 March neither ADAVB nor ADA Inc have a APP policy on their own sites – maybe they aren’t required to because of their size?)