Privacy, security and medico-legal checklist
Handle consent, privacy and information securely, every consult.
What this is: a practical checklist for getting privacy, security and medico-legal handling right in virtual care.
Who it's for: clinical leads, quality leads, and the staff running consultations.
Virtual care handles sensitive health information across a video link, which makes privacy and security central, not optional. Get it right and virtual care is as safe as any in-person consult. The good news: most of it comes down to consistent habits, applied every time. Use this as a working checklist, not a one-off read.
This is general guidance, not legal advice. Confirm your obligations under the Privacy Act and your own policies, and seek advice for specific medico-legal questions.
Consent
- Confirm consent before each consultation and record it in the resident's record.
- Make sure consent covers who takes part and how information is shared.
- Obtain additional, specific consent if any part may be recorded or images taken.
- Where a resident lacks capacity, follow your policy for substitute decision-makers.
- Honour withdrawal of consent at any time, and record it.
Who's in the room
- Confirm who is present on both sides of the call, including family, interpreters or trainees.
- Introduce everyone at the start so the resident knows who can see and hear them.
- Make sure only people involved in the resident's care take part.
Privacy during the consult
- Use a private space. Manage screens and audio so conversations can't be overheard or seen.
- Use signage for shared rooms.
- Share only the information necessary for the resident's care.
- Don't use personal messaging apps for clinical information.
Security of information
- Use only approved, secure platforms and devices.
- Treat images and device outputs as health information: store and share them only via approved systems.
- Don't keep clinical files on personal devices.
- Make sure devices have the access controls, accounts and any multi-factor authentication your policy requires.
- Use encrypted connections for video and data transmission.
Recording
- Don't record sessions unless approved under your policy and specific consent is obtained.
- If a recording is ever made, explain why, get consent first, and store it as health information.
Documentation
- Document every consultation in the resident's clinical record, the same as an in-person visit.
- Record consent, participants, the clinical outcome, and any changes to medications, referrals or the care plan.
- Store images and files only in approved locations.
If something goes wrong
- Report any privacy incident immediately using your home's incident management process.
- If resident safety was affected, log a clinical incident as well.
- Review incidents and near misses, and use them to improve practice.
Underpinning standards
This checklist supports your obligations under the Privacy Act and the Strengthened Quality Standards, particularly around information management, clinical care, and the safe use of digital tools and third-party platforms. Where you use an external platform, remember you remain responsible for privacy, security and continuity of care, so confirm any platform meets Australian privacy and data protection requirements.
A quick pre-consult privacy check
A short mental checklist for staff before each consult:
- Consent confirmed and recorded.
- Private space, screens and audio managed.
- Only the right people present, and introduced.
- Approved device and platform only.
- A plan for where notes and images will be stored.
Need help?
- Visionflex support: visionflex.com/support | support@visionflex.com | +61 2 8914 4000 (9am to 5pm AEST)
- See also: Records and documentation standards and the Virtual care policy template.
This is general guidance, not legal or medico-legal advice. Confirm your obligations and seek professional advice where needed.
Visionflex acknowledges the Traditional Custodians of Country throughout Australia and pays respect to Elders past, present and emerging.