As of 12 March 2014, significant changes to the credit reporting regime under the Privacy Act 1998 (Cth) will impact on how dentists handle patients’ credit related information .
Are dentists credit providers?
- Do you provide credit in full or in part for at least seven days?
- Do you offer structured payment plans for your patients?
- Do you arrange treatment finance for your patients?
If the response is “yes” to any of the above, then you are considered to be a “credit provider” under the Act. Situations that trigger the credit provider obligations include:
- orthodontists who customarily ask for a substantial deposit and subsequent monthly payments over an extended period;
- dental practices that offer patients staged payment options with or without a plan fee; and
- dental practices that offer standard payment terms for 14 days or more.
Dentists simply introducing patients to treatment financing organisations (e.g. Mediplan) are not acting as agents of a credit provider unless dentists process or manage credit on their behalf.  Dentists processing credit card payments or using HICAPS are not agents, whereas dentists who are Mediplan representatives and process credit applications on its behalf will be.
Dentists who are recognised as credit providers must comply with the new credit reporting regime under the Act and the Credit Reporting Privacy Code (CR Code).
Managing credit related information
Under the new privacy reforms, dentists who are credit providers must:
- adopt practices, procedures and systems that comply with the Act and the CR Code. Dentists must ensure the credit related information is accurate, up-to-date and complete and protected from misuse, interference and unauthorised access. Patients must have access to the credit information and dentists must have procedures in place that allow corrections to be made within 30 days or a longer period agreed in writing to the patient.
- have in place a complaints handling process which enables patients to report non-compliance with the credit reporting regime. Dentists need to acknowledge the complaint within seven days and provide a response within 30 days.
The above obligations to a large extent replace the new Australian Privacy Principles (APPs), which deal with personal information. Dentists who are credit providers under the Act should revise their practices and procedures for managing credit related information to ensure they comply with the Act and the CR Code.
Handling credit related information
Dentists may use credit reporting bodies (e.g. Veda Advantage, Dunn & Bradstreet, Experian) to obtain credit eligibility information about a patient to determine whether to allow the patient to enter into a structured payment plan, without being a member of a recognised external dispute resolution scheme (EDR scheme) (e.g. Credit Ombudsman Services Limited).
However, the disclosure by a dentist of credit related information is more strictly regulated.
For example, if a patient is defaulting on payment, a dentist may threaten to report the default information directly to a credit reporting body. Any such disclosure cannot take place unless the dentist is a member of a recognised EDR scheme and the patient is provided with written notice of the disclosure beforehand. However, a dentist does not need to be a member of a recognised EDR scheme to disclose default information to a debt collection agency for the purposes of collecting the overdue payment on behalf of the dentist.
Further, dentists and dental specialists (e.g. orthodontists) who carry on separate practices in a clinic must take great care with disclosing credit eligibility information to one another. A dentist who refers a patient to another dentist and discloses the patient’s payment information to assist with assessing whether to allow that patient to enter into a structured payment plan, does not need to be a member of a recognised EDR scheme, but must obtain express consent from the patient to the disclosure for that purpose.
When or before a dentist collects personal information about a patient, if that information is likely to be disclosed to a credit reporting body, the dentist must notify the patient of the credit reporting body’s name and contact details. This is in addition to complying with the obligations under APP 5, which relate to notification requirements for collecting personal information.
According to the CR Code, a public expressed statement of notifiable matters in relation to credit related information on the dentist’s website will suffice.
If dentists disclose such information for improper purposes, they can face a civil penalty of up to $340,000.
Unfair contract terms
Patients often enter into a service agreement with dentists under standard terms and conditions contemplating the provision of credit. Dentists need to ensure that their standard terms, particularly the interest charged for overdue payments and penalty type provisions, are fair and reasonable and do not breach the unfair contract terms regime under the Australian Consumer Law.
Dentists who are credit providers must review their practices, procedures and systems to ensure compliance with the new credit reporting regime and the CR Code. We urge dentists to have:
- revised privacy policies in relation to credit related information complying with the prescribed requirements under the Act and the CR Code;
- set procedures that satisfy the notification requirements, access and correcting obligations and complaints mechanism under the Act and the CR Code; and
- training programs for staff about the changes in the collection, use and disclosure of credit related information.
Indeed, the new credit reporting regime has a new bite to it. The Privacy Commissioner has greater investigative and enforcement powers, and the civil penalties for non-compliance are too onerous for dentists to ignore these changes. We encourage dentists to take action!
Dentists may also need to be an authorised credit representative or obtain an Australian credit licence from ASIC if they provide credit to their patients in certain circumstances, or arrange for the provision of credit by a medical finance company to their patients.
For more information, please contact Principal Mark Fitzgerald. This article was published in the May 2014 edition of NSW Dentist.