The Practice Manager
MARCH 2026
AAPM Member Benefits
AAPM’s supports and promotes members’ personal and professional growth through a system of:
CORE PRINCIPLES
ADVOCACY
AAPM representation on government and industry advisory groups.
HR ADVISORY SERVICE
Comprehensive HR support and advice through telephone, email, website resources and templates.
MEMBER ASSISTANCE PROGRAM
Confidential assistance to support health and wellbeing of members.
PULSE+IT SUBSCRIPTION
Asia Pacific’s eHealth and Health IT digital platform.
MEMBERSHIP BADGE
Recognition of AAPM membership.
THE PRACTICE SPACE
Dedicated fortnightly eNewsletter providing latest industry updates.
THE PRACTICE MANAGER JOURNAL
AAPM’s national journal, delivered electronically to members each quarter.
AAPM EDUCARE
Access to AAPM’s Educare program at member rates. Includes a series of webinars and face-to-face event delivery.
NATIONAL CONFERENCE
Premier annual conference for Practice Management professionals at member rates.
NETWORKING MEETINGS
Share knowledge and information. Connect with, and support your peers.
ONLINE LEARNING MODULES
Self-guided learning through Practice Management topics.
SCHOLARSHIPS
Expand your skills through AAPM funded scholarships delivered though UNE Partnerships.
PRACTICE MANAGEMENT AWARDS
Prestigious national industry awards program that recognises acknowledges Practice Management professionals.
CONTINUAL PROFESSIONAL DEVELOPMENT
CERTIFIED PRACTICE MANAGER (CPM)
Cerification membership to recognise experience and skills in the profession of Practice Management.
FELLOWSHIP
A prestigious honour in recognition of significant commitment and contribution to the profession of Practice Management.
CORPORATE PARTNERS
Exclusive access to resources, savings and benefits from AAPM’s corporate partners.
DEDICATED ONLINE MEMBERS FORUM
Dedicated and exclusive member only forum to share ideas, insights, information and support.
AUSDOC SUBSCRIPTION
Free subscription to AusDoc. The leading communication platform for Australian Doctors.
WEBSITE ACCESS
Access latest news, industry information, and member-only resources.
National President's Message
Deb Walter
National President
The Enduring Value of the Certified Practice Manager and AAPM Fellowship
Practice Managers are the steady, skilled leaders who ensure that healthcare organisations remain safe, efficient, compliant, and person‑centred. AAPM is committed to supporting effective practice management through professional recognition, continuing education, capability development, and strong professional standards. Two of the most significant pathways that reflect this commitment are the Certified Practice Manager (CPM) credential and the AAPM Fellowship (FAAPM). These professional recognitions are far more than post‑nominals. They represent dedication, professionalism, and a deep commitment to excellence in healthcare leadership.
Healthcare continues to evolve rapidly, shaped by regulatory change, digital transformation, workforce pressures, and rising expectations from the communities we serve. In this environment, the role of the Practice Manager has never been more critical.
The AAPM Certified Practice Manager credential provides a nationally recognised benchmark of capability. It demonstrates proven competence across the core principles of practice management, a commitment to ongoing professional development, alignment with national standards for quality and governance, and the ability to guide teams and practices through complexity and change. For employers, CPM offers confidence. For patients and communities, it strengthens trust. For Practice Managers, it is a meaningful milestone that validates expertise and supports career progression.
The AAPM Fellowship represents the highest level of professional recognition within our association. It acknowledges advanced capability, leadership, contribution, and service to the profession. Fellows demonstrate excellence in practice management, contribute to the advancement of the profession, and uphold the values of integrity and collaboration. In a healthcare environment where governance and strategic leadership are essential, FAAPM stands as a respected and meaningful credential that reflects both achievement and influence.
Maintaining professionalism is an ongoing responsibility and a cornerstone of our identity. It is essential that we remain mindful of the AAPM Code of Conduct, uphold the reputation of our profession, and recognise the reputational risks that can arise, particularly online and on social media. As colleagues, we each play a role in elevating the profile of practice management with clinicians, industry stakeholders, and government. The way we conduct ourselves shapes how our profession is perceived and strengthens the trust placed in us as leaders.
As we continue to advocate for the profession, these pathways strengthen capability, support high‑quality care, and build the next generation of healthcare leaders. Together, we elevate our profession and contribute to a stronger, more sustainable healthcare system.
From the CEO's Desk
Miranda Grace Chief Executive Officer
AAPM continues to strengthen its role as the leading professional body for healthcare Practice Management in Australia. Our mission remains clear: to empower Practice Managers, streamline operational excellence, and foster a community that thrives on collaboration, innovation, and leadership.
AAPM will focus on key strategic priorities that will deliver tangible value to our members and the broader healthcare community. We are rolling out a series of targeted professional development programs designed for Practice Management team members with the skills required to navigate an increasingly complex healthcare environment. The 2026 Educare series will deliver a series of webinars and face to face events, featuring industry experts. AAPM is focusing on providing, high quality education that enables Practice Management professionals to maintain operational efficiency but also anticipate the challenges within their organisations.
Second, we are expanding our advocacy engagement efforts. AAPM is committed to ensuring that the voices of Practice Managers are heard. This work is critical in shaping a healthcare system that values efficiency, sustainability, and patient centered outcomes.
Third, we are enhancing our community engagement initiatives. AAPM’s strength lies in the power of connection. We have launched our new Member Engagent Groups, which offers our Practice Management community to connect from wherever they are across the country, with like minded peers, in their particular healthcare cohort. These groups will assist AAPM in its advocacy endevours and enable further connection between members.
Beyond these initiatives, I want to leave our members with a thought that guides everything we do at AAPM: the success of any healthcare practice is driven not only by systems and processes but by the people who lead with integrity, vision, and resilience. I encourage every member to embrace opportunities for growth, challenge the status quo, and inspire those around them.
In this spirit, AAPM remains committed to supporting members. The road ahead is full of possibilities, and I am confident that with our collective expertise, passion, and dedication, we will continue to achieve excellence, overcome challenges, and set new benchmarks for Practice Management across Australia.
Environmental Sustainability in Health Practice _ an introduction
Sophie Piron
Business Manager
As I write this article, I can only guess what many of you might be thinking. That you have enough to do as a Practice Manager without adding responsibility for environmental sustainability to your list of duties.
Having spoken to many Practice Managers and also Doctors on this issue over a number of years, many see becoming environmentally active as an add on rather than a fundamental part of what they do. Comments such as: It’s too expensive; Oh, you mean recycling paper; and We don’t need to do anything as we don’t have an impact, are indicative of the types of statements that have been made to me when I discuss environmental sustainability with healthcare providers.
However, I would argue that you as a Practice Manager are ideally placed to champion environmental sustainability in your organisation. Every day, you are involved in making decisions which directly impact the purchase, use and disposal of resources. Adding environmental sustainability to the mix when considering the impact of a decision on the practice can only have positive impacts, both for the practice and for the planet. The environmental impact of decisions should be a key consideration in decision making, in much the same way as financial, HR and risk considerations are taken into account in most of the decisions we make as practice managers and in the recommendations we make to our practice owners.
It can be argued that the bulk of recommendations made on environmental grounds have significant additional benefits to the practice – be they financial, a streamlining of workload, a reduction of waste generation or a positive impact on workplace culture.
Looking at the bigger picture it is important to consider why we should consider environmental sustainability be a priority for health practices? According to the World Economic Forum’s Global Risks Report 2021, the failure to mitigate and adapt to climate change is “the most impactful” risk facing communities worldwide. As climate change transforms global ecosystems, it affects everything from the places we live to the water we drink to the air we breathe. And though climate change affects everyone in some way, it’s indisputable that its most negative impacts are borne disproportionately by certain groups: women , children , people of color, Indigenous communities , and the economically marginalized Climate is a human rights issue. (World Economic Forum, The Global Risks Report, 2021).
It is estimated that the Australian health system makes up 5.44% of Australia’s total greenhouse gas emissions, of these, 59% results from the provision of health care services; 33% from the provision of residential care and social assistance services and 8% from the production of pharmaceutical and medicinal products. (Estimates of Australian Health System
Greenhouse Gas Emissions 2021 22, Interim Australian Centre for Disease Control, Department of Health and Aged Care, Australian Government).
My own experience as someone who has prioritized environmental sustainability in our practice for the last 15 years has been that the more you do, the more you want to do. I love it when a staff member comes to me and lets me know of a new local government initiative for recycling that we can add to our list of recycling practices. It is certainly my experience that an attitude of ‘every little bit helps’, no matter how small, fosters in people a sense of wanting to do more and a culture of positive action and inquisitiveness about what is possible.
Initial key areas which health practices can consider to determine where best to put their energies include:
Use of power and water, these can include big ticket items such as the installation of solar panels and batteries to small ongoing changes such as more efficient use of power and water. Asking questions such as:
○ does it need to be turned on?
○ are there any government energy saving schemes which might be available to us
○ do we have the most energy efficient lighting and appliances available – consider those when replacing existing appliances
○ are our water heaters the most efficient available?
Waste Management / Recycling
○ what strategies could we implement to improve our waste management and recycling efforts. These could include:
○ Recycling bins in every room –
make it easy for people
○ Waste management as part of orientation
○ Introducing additional recycling stations
○ Soft plastics
○ Printer Cartridges (Close the Loop)
○ Batteries
○ Pens
○ Blister Packs
○ e recycling
○ Compostables
○ Research if frequently used items are recyclable – you might be surprised
○ Learn the difference between recyclable, biodegradable and compostable.
Office Waste: look at ways of reducing paper use. Encourage the use of electronic transfer of information for sending and receiving documents. Develop an understanding of the environmental impact of cloud storage and how to minimize this.
Purchasing Decisions: consider the environmental impact of purchasing decisions and look for environmentally sustainable alternatives. This may include:
○ Purchasing energy efficient equipment
○ Reducing use of single use plastics
○ Not over ordering (even if it is free)
○ Purchasing environmentally friendly products
○ Sourcing locally produced goods and services
○ Asking the question – do we really need to buy a new one?
Advocacy / Education: as you become more engaged in introducing environmental initiatives within your own practice, you will see countless opportunities for engagement and advocacy at a broader level. Make sure that your share your efforts with your patients; question suppliers; regularly review local government initiatives and lobby and engage with Government when opportunities arise.
My recommendations when looking at developing a sustainability plan for your practice would be to look at each of these areas individually and determine your starting point, where are you now and then to develop some strategies for improved efficiency. If this is new to your practice, start small and build on it.
On a final note I would suggest that whether you are introducing environmental sustainability initiatives into your practice for the first time, or building on an already well established record of action, it is important to embed a positive approach to environmental ‘activism’ into your practice culture. Here are my top tips for achieving this:
○ Incorporate sustainability into your Business Plan
○ Make a record of your starting point
○ Turn your projects into QI activities
○ Start small and gather speed
○ Focus on the things you can control
○ Be optimistic but realistic
○ Didn’t achieve your objective –identify why?
○ Choose a champion(s)
○ Make it easy for people
○ Share your successes
Payday super is coming.
Is your business ready?
From 1 July 2026, super must be paid at the same time as wages. Every pay cycle, without delay.
It’s the biggest compliance change in years, and it will impact your cashflow, your payroll systems, and the way you onboard new employees.
The good news? You don’t have to face it alone.
The new rules will create real-world pressures. We’re here to help you navigate them:
Payroll systems and processes
Streamline your payroll, automate super payments and eliminate errors so you meet every deadline with confidence.
Budgeting and cashflow forecasting
Understand the impact of more frequent super payments and keep your cashflow stable with clear forecasting.
Compliance support
Stay on top of the new rules with expert guidance that helps you meet every obligation and protect your business.
Practical strategies
Learn what to prioritise and refine your onboarding and payroll processes to save time, money and stress.
Payday Super: What it means for employers and employees
Stuart Chan Partner, Cutcher & Neale Specialist Medical Services
Big changes are on the way for superannuation in Australia. From 1 July 2026, employers will be required to pay their employees’ superannuation at the same time as their wages. This “Payday Super” regime aims to improve transparency, increase retirement savings, and crack down on unpaid super. Here’s what you need to know.
What Is Payday Super?
Currently, employers only need to pay superannuation contributions quarterly. This system has led to delays and, in some cases, unpaid super slipping under the radar. Payday Super changes all that. From 1 July 2026, super contributions will align with payday – this means employers must pay super into employees’ accounts on payday, and it must be received by the super fund within seven days of each pay run.
Why the Change?
This move is about making sure employees get what they’re entitled to when they’re entitled to it. By matching super contributions with wages, employees can see their retirement savings growing in real time. It’s also going to make it harder for non compliant employers to dodge their obligations.
What Employers Need to Know
Here’s a quick breakdown of what’s coming and how it might impact you as an employer:
Super Deadlines:
Super must be paid to an employee’s fund on payday and received by the fund within seven business days. Missing this deadline could result in penalties.
New Super Guarantee (SG) Charge: If you miss payments, the updated SG Charge will kick in.
This includes:
Outstanding Shortfall: Any unpaid super.
Notional Earnings: Interest calculated daily to compensate employees.
Administrative Uplift: An extra charge of up to 60% to reflect enforcement costs.
Leave Entitlements: Annual leave and long service leave often count towards an employee’s
Ordinary Time Earnings (OTE), which directly affects their super contributions. If leave balances and payments aren’t tracked properly, it could lead to underpayments or missed deadlines – both of which can be costly.
Onboarding New Employees:
Employers will need super fund details from new starters as a priority so contributions can be processed quickly after their first pay run. Missing or delayed information can quickly lead to late payments and penalties.
Cashflow Impact: Shifting to Payday Super will change the rhythm of cashflow. For businesses with tight margins or significant payroll costs, this means keeping a closer eye on cashflow forecasts and ensuring there’s always enough liquidity to meet obligations on time.
Changes to Payroll and Reporting
The introduction of Payday Super means adjustments to payroll systems and processes:
Single Touch Payroll (STP): Employers will need to report both OTE and total super liabilities for each employee.
Clearing House: The current Small Business Superannuation Clearing House will be retired, the ATO will assist with this transition.
Error Resolution: Expect stricter standards and quicker turnarounds to fix payment errors, thanks to updated SuperStream rules.
Getting Ready for Payday Super
The 1 July 2026 start date might feel like a long way off, but employers should start preparing now:
Review Payroll Systems: Make sure they can handle real time super payments and updated reporting requirements.
Train Your Team: Finance and payroll staff need to understand the new rules and their implications.
Communicate: Keep employees informed about what Payday Super means for them.
Contact our Xero Experts: You should plan ahead and implement new payroll software or upgrade your subscription (if required) from 1 July 2025, to ensure you are comfortable using the software before the deadline and know how to efficiently process your
superannuation obligations.
The Importance of a Good Payroll System
A solid payroll system is going to be your best friend as businesses change to Payday Super. With super payments happening more often and reporting requirements getting stricter, there’s no room for mistakes.
A great payroll system can handle the heavy lifting – automating super contributions, syncing with Single Touch Payroll (STP), and catching any issues before they turn into big problems. It’s not just about ticking compliance boxes; it’s about saving time, reducing stress, and keeping both you and your employees happy. Early preparation will help avoid unnecessary compliance issues, reduce the risk of underpayments and give you time to iron out any kinks well before 1 July 2026
Contact our award winning team today and make sure you’re prepared for the upcoming changes with our expert advice.
CUBIKO
Clean data, better care: how data hygie drives quality improvement in general practice
Every general practice in Australia has a practice management system, often holding decades of patient information. But how much of that data is actually complete, up to date, and genuinely useful?
In our experience working with practices across the country, the answer is often less than you'd expect. And the consequences aren't just administrative. Gaps in patient records directly impact the quality and continuity of care your team delivers every day.
The link between data and patient outcomes
When a patient's record is missing key demographic or clinical information, clinicians are making decisions without the full picture. Information such as ethnicity, preferred language, smoking status, family history, or chronic condition indicators all inform clinical decision making. Without them, care becomes reactive rather than proactive.
Consider a patient with an unrecorded chronic condition. Without that flag in the system, they may not appear on the practice's chronic disease register. That means they're not being recalled for regular care plan reviews, health assessments, or preventive screening. They're not falling through the cracks because of a clinical oversight. They're falling through because the data wasn't there in the first place.
Now multiply that by dozens or
hundreds of patients. Across a practice cohort, incomplete data creates systemic gaps in care that are invisible until someone goes looking.
What data hygiene looks like in practice
Data hygiene doesn't mean perfection. It means having a systematic approach to keeping patient records accurate, complete, and up to date.
For practice managers, this starts with understanding where the biggest gaps are. Which demographic fields have the lowest completion rates? Which patient cohorts are most affected? What's the practice's ethnicity recording rate compared to the RACGP standard?
Under the RACGP Standards for General Practices (5th edition), criterion QI 2.1 requires that at least 75% of active patient health records contain a current health summary. This summary should capture key details such as ethnicity and cultural background. The draft 6th edition goes further, proposing that demographic records also include assigned sex at birth, gender, and pronouns.
These aren't arbitrary requirements. They exist because better data and deeper context with patients leads to better care.
Ethnicity recording: a quality improvement initiative worth prioritising
Of all the data hygiene improvements a practice can make, ethnicity recording is both impactful
and relatively straightforward. It's why ethnicity recording is the featured activity in Cubiko's quality improvement calendar for February, giving practices a timely prompt to focus on this area.
When clinicians know a patient's cultural background, they can better tailor screening, communication, and referral pathways accordingly. Some populations have a higher prevalence of specific conditions including cardiovascular disease, type 2 diabetes, thalassaemia, and particular cancers. Having ethnicity recorded allows clinicians to apply evidence based screening frameworks, rather than relying on generic guidelines that may overlook the varying needs of different ethnic backgrounds. It also supports culturally safe care. When a practice understands the cultural
makeup of its patient population, it can invest in interpreter services, develop culturally appropriate resources, and create an environment where patients feel recognised and understood. The RACGP Standards are clear on this point: understanding the demographics and cultural backgrounds of your patients helps you provide the most appropriate care.
For Aboriginal and Torres Strait Islander patients, accurate identification is especially important. It opens access to targeted health programs, including the annual health check (MBS item 715), one of the most comprehensive preventive health tools available. Many eligible
patients are missing out simply because their Indigenous status hasn't been recorded. This represents a lost opportunity for early detection and timely intervention.
Reliable ethnicity data also strengthens a practice's relationship with its broader community. Primary Health Networks use demographic data to plan services, allocate resources and design targeted health programs. Practices with reliable ethnicity data are better positioned to advocate for their patient population and participate in funded initiatives that directly benefit the people they serve. And it's worth noting: the conversation itself is a positive one. When reception and clinical staff frame the question as "we ask everyone this so we can make sure you're receiving the best possible care," patients generally respond well. It signals that the practice sees them as individuals.
Making it practical
Quality improvement works best when it's becomes part of everyday workflows rather than an extra task layered on top.
A sensible starting point is to audit current completion rates and set realistic goals, you may consider focusing on one demographic item at a time, and cycle through new goals in a regular routine, so patients and reception staff do not get fatigued. Improving ethnicity recording takes time, and a PDSA (Plan Do Study Act) cycle provides clear structure and accountability without overwhelming the team.
Reception teams are best placed to capture and verify demographic data, during check in, new patient registration and at billing post consult. Equipping front desk staff with simple, respectful scripts
removes the hesitation and makes these conversations feel more comfortable for everyone involved. Tracking progress matters too. When practices can see their ethnicity recording rate improving month by month, the initiative gains momentum. As the team starts to see the flow on effects, patients being identified for health assessments they would otherwise have missed, chronic condition cohorts being managed more proactively, population health insights becoming clearer, data hygiene stops feeling like a chore and starts feeling like a genuine contribution to patient care.
The bigger picture
Data hygiene is ultimately about creating the conditions for better care. Accurate and complete patient records help clinicians to individualise care, enable practices to identify and address health gaps across their population, and support the quality improvement activities that underpin accreditation.
The financial benefits, including appropriate billing for health assessments, care plan items, and incentive payments, tend to follow naturally when the clinical foundations are in place. These outcomes matter, but they're a by product of good care, rather than the primary driver.
For practice managers, data hygiene is one of the most tangible levers you have to improve patient outcomes at scale. It doesn't require new technology or additional staff. It requires attention, consistency, and a commitment to getting the basics right.
Is it time to upgrade your Practice IT?
Key signs your healthcare techonology may be holding you back
In today’s healthcare environment, technology is no longer just a back-office function, it underpins nearly every aspect of patient care, compliance, and business operations. From appointment scheduling and clinical software to telehealth, cloud systems, and cyber security, your IT environment directly impacts how smoothly your practice runs each day.
Yet many practices continue operating on ageing systems that were implemented years ago, often with little review since. While these systems may still “work,” they may also be quietly increasing risk, creating inefficiencies, and limiting growth.
So how do you know when it’s time to consider an IT upgrade?
Below are some of the most common signs your practice’s technology may be ready for change, and how a proactive approach to IT can support better outcomes for your team and your patients.
1. Frequent Slowdowns, Crashes, or Freezing Systems
If staff regularly experience slow logins, frozen applications, or system crashes, it’s more than just an inconvenience.
These issues often indicate:
○ Ageing servers or workstations
○ Outdated operating systems
○ Insufficient hardware resources
○ Poorly optimised networks
The result? Lost productivity, frustrated staff, longer patient wait times, and increased reliance on workarounds.
Modern IT environments are designed for speed, reliability, and scalability. Upgrading infrastructure and optimising systems can significantly reduce disruptions and improve the day to day experience for your team.
2. Increasing Cyber Security Concerns
Healthcare remains one of the most targeted industries for cybercrime. Patient data is highly valuable, and even a single breach can result in:
○ Regulatory penalties
○ Reputational damage
○ Operational downtime
○ Loss of patient trust
Warning signs that your cyber security may be falling behind include:
○ No multi factor authentication (MFA)
○ Infrequent patching or updates
○ Limited visibility over threats
○ No centralised monitoring
If your practice relies primarily on basic antivirus alone, this may no longer be sufficient.
A modern cyber security approach includes layered protection, continuous monitoring, managed detection and response (MDR), regular vulnerability assessments, and staff cyber awareness training. Upgrading your IT environment
allows these protections to be built in by design.
3. Backups Are Unclear, Untested, or Inconsistent
Many practices assume backups are running, but are they verified, monitored, and regularly tested?
Common risks include:
○ Backups stored on site only
○ No offsite or cloud replication
○ No documented recovery process
○ No regular restore testing
In the event of ransomware, hardware failure, or accidental deletion, unreliable backups can lead to prolonged downtime or permanent data loss.
An upgraded IT environment should include:
○ Automated, monitored backups
○ Encrypted offsite or cloud storage
○ Regular test restores
○ Clearly documented disaster recovery plans
This ensures business continuity and peace of mind.
4. Your Practice Has Outgrown Its Current Setup
Growth is a positive sign, but it often exposes IT limitations.
Examples include:
○ Adding new clinicians or locations
○ Implementing telehealth services
○ Increasing reliance on cloud based systems
○ Introducing new clinical or practice management software
Older infrastructure may struggle to support additional workloads, leading to bottlenecks and instability.
Modern IT environments are designed to scale easily, allowing practices to grow without constant “patch up” fixes.
5. Staff Are Creating Workarounds
When systems don’t work well, staff naturally find ways around them:
○ Using personal email or cloud storage
○ Writing down passwords
○ Sharing logins
○ Avoiding certain systems altogether
While understandable, these behaviours increase security risk and reduce efficiency.
Upgrading IT systems can simplify workflows, improve usability, and reduce the need for risky workarounds.
6. You’re Unsure Who Is Responsible for Your IT
Many practices operate with a mix of internal knowledge, ad hoc contractors, and vendor support. Over time, this can create gaps in accountability.
Signs of this include:
○ No clear point of contact
○ Slow response times
○ Unclear documentation
○ Reactive rather than proactive support
A modern IT model provides a dedicated team that proactively manages, monitors, and supports
your environment, rather than waiting for issues to arise.
7. Compliance Requirements Are Becoming Harder to Meet
Healthcare compliance obligations continue to evolve. Practices must consider:
○ Data protection and privacy
○ Cyber security frameworks
○ Industry standards and best practices
○ Vendor and software compliance Without proper systems, policies, and monitoring in place, compliance becomes increasingly difficult.
Upgrading IT allows compliance to be built into everyday operations rather than treated as an afterthought.
8. What an IT Upgrade Really Means Today
An IT upgrade is not just about replacing computers. It’s about implementing a modern, secure, and well managed environment that includes:
○ Proactive monitoring and maintenance
○ Advanced cyber security protection
○ Reliable backups and disaster recovery
○ Optimised networks and infrastructure
○ Cloud and remote work readiness
○ Ongoing support and strategic guidance
For Practice Managers, this translates to fewer emergencies, better budgeting, improved staff satisfaction, and stronger risk management.
A Practical First Step
If you’re unsure whether your practice’s IT environment is still fit for purpose, Databox Solutions offers a complimentary IT health check for AAPM members.
This structured review provides a clear snapshot of your current IT environment, identifies risks and improvement opportunities, and offers practical recommendations to support security, compliance, and performance.
To arrange a complimentary IT health check, visit https:// databoxsolutions.com.au or contact our team on 1300 603 505
Flu Season is coming...
With flu season fast approaching, our annual 'Flu Clinic Kit' is almost here. Be the first to receive it!
Each Flu Kit Includes:
PMS set-up guides (for BP, MD & ZM)
Checklist of considerations
HotDoc Product Guide
Patient communication templates (SMS & email)
HotDoc’s Flu Set Up Masterclass
Flu Vaccine Clincial Update 2026 Webinar
Scan the QR code to secure your copy of our Flu Kit
Avant for practices
PracticeHub
Quality, compliance, staff readiness and peace of mind – simply and seamlessly in one digital platform.
Designed for GPs, specialists and other healthcare practices.
From only $1,188 per year, get started with PracticeHub today to:
9 Streamline compliance
9 Simplify risk management
9 Reduce admin
9 Access RACGP accreditation support. Join practices across the country already saving time and staying ahead of regulatory obligations with PracticeHub. Avant for practices Speak with our
1800 010 236 | practicesolutions@avant.org.au *T&Cs apply. See website for details.
Attracting new Doctors through digital presence
○ Your online presence can shape how potential doctors see it.
○ Simple tweaks can make a big difference.
○ Outdated or patient-only messaging can repel talent.
○ Every channel matters in attracting the right doctors.
Trying to attract new GPs is something most practices are familiar with, especially the newer ones out there.
In fact, such requests have been a growing theme here at HeartBeat Digital.
“Recruiting new doctors has become a much more common need, even a major campaign focus in some instances,” says HeartBeat Digital Owner & Founder, Lachlan McPherson.
Consider this: LinkedIn/Talentegy data shows around 71% of candidates research a company before applying.
The behaviour is not unique to healthcare, but the stakes often are.
In a climate where many Australian practices struggle to attract doctors, understanding the subtleties of digital perception can really make a difference.
In brief: Common repellers and how to fix them
Repeller 1: A digital presence that speaks only to patients
Practice websites often explain
services, but say little about the working environment, which can leave questions unanswered for anyone viewing the practice as a potential workplace.
Fix: Add light signals about how the practice operates. A short note on team structure, support staff, or clinical collaboration is often enough.
“Dedicated pages to nursing staff and even consultation room images and descriptions of equipment are good examples,” explains HeartBeat Digital’s Mick Carney.
“I think that this messaging can really resonate with both patients and potential doctors, it’s a ‘two birds’ fix".
Repeller 2: Outdated content
Old imagery, broken links, or generic bios introduce uncertainty. They can suggest the practice is not keeping pace.
Fix: Update imagery and team information so the site reflects how the practice runs today.
Repeller 3: No sense of what it is like to work there
When people and the work environment are invisible, it is harder to imagine belonging.
Fix: Use real photography or brief content that shows everyday practice life. Social media and website blogs can often prop this up.
“A simple news section can do the trick,” says Mick.
“Remember, you can share these posts on social media and via eDM emails, which link back to your
website”.
Repeller 4: Stagnation
An inactive website or social feed can suggest stagnation, even when a practice is actively evolving.
Fix: Simple, semi regular updates are often enough. A new team member, service change, or community moment signals momentum.
“The most recent post containing COVID updates from 2020 isn’t a good look,” adds Mick.
Channel-specific tweaks that help Websites
This isn't really about recruiting doctors, but it does showcase how the practice operates.
Navigation, language, and structure can answer questions like: Is this organised? Is this current? Does this reflect how the practice actually runs? And, importantly, does it look good?
Simple changes, such as clearer team pages, updated imagery, or a short explanation of how clinicians work within the practice, help reduce that uncertainty.
Landing pages
A dedicated landing page for prospective doctors can also be powerful. Not a job ad, but a clear, well structured page that outlines how the practice operates, what support looks like day to day.
Even the lifestyle benefits of the local area can answer questions before they’re asked, and act as a sweetener.
Social media
Social media tends to reveal what a practice values, even unintentionally. Long gaps between posts, overly promotional content, or stock imagery can flatten perception.
Consistency and authenticity are big pillars of a practice that shows moments of real activity, whether that is welcoming a new team member or sharing a behind the scenes update.
HeartBeat Digital Social Media Manager, Benedicta Genoveva, has seen it all before.
“When practices post intentionally, not “just coz”, it changes the tone completely. It signals that the practice is present and paying attention”.
Search visibility and discoverability
We’re talking about when people look up a practice name, location, or general role related information. Inconsistent details, outdated pages, or missing information introduce friction.
Search visibility can provide accurate, current information that is easy to find when someone goes looking.
“If a practice is hard to understand online, people assume it’ll be hard to understand offline and leave the website” Mick notes.
“That assumption may be unfair, but it happens. This relates to bounce rates, when someone comes to a website and leaves quickly without engaging”.
Data, ads, and email touchpoints
These tend to sit in the background, but they reinforce patterns. Data highlights which content people return to. Ads shape perception
even when they are not clicked. EDM emails reveal how a practice communicates over time.
Mick sees this as a consistency issue rather than a marketing one.
“When the messaging across channels lines up, it creates trust. When it doesn’t, people hesitate, even if they can’t explain why”.
“Sometimes, a single digital presence can look like several different businesses, you don't want that”.
Recruitment decisions can often be shaped by a collection of small signals that either build confidence or introduce doubt.
Lachlan McPherson frames it simply:
“Most practices already have what doctors are looking for. The challenge is that their digital presence doesn’t always reflect it.
“As such, who knows what it’s like to actually support healthcare there?”
With a few adjustments and a bit of curation, your digital presence can communicate reassurance, stability, and momentum instead.
FAQs answered by the HeartBeat Digital team
Q1: With regard to attracting new doctors, what’s the first thing practices should do to their digital presence?
A: Look at it in your own time. On a day off, when you’re not amongst it, look at your website and socials on your phone. Does it look great? Does it make you feel like you love working there?
If not, imagine it from an outside perspective, someone who doesn't know the ins and outs.
Q2: If we overhaul our online presence, how long will it take to attract new doctors?
A: This is one of those “it depends” answers. External factors like location make a difference, but put it this way; if potential new staff research you and the practice down the street, there’s more reasons to choose you if your online presence has greater impact.
Of course, most practices need a patient first (not patient only) approach.
Q3: And, is overhauling it expensive?
Considering the amount of work that can be involved, we don't believe so. Using analysis, experience and your goals means a customised, targeted approach. We would never recommend a hammer to tighten screws.
No suprises: strengthening informed financial consent in your practice
Dr Sally Parsons GP and Medical Advisor, Avant BMBS DCH FRACGP
Ms Ruanne Breli Senior Legal Advisor, Avant BA, LLB (Hons)
Six practical steps to get informed financial consent right
Obtaining informed financial consent to treatment
Informed financial consent is often treated as an administrative formality. In reality, it’s one of the most common sources of patient frustration and one of the easiest ways for practices to find themselves on the back foot when a complaint arises.
Patients don’t just consent to treatment, they consent to the cost of treatment. When fees, rebates or out of pocket expenses come as a surprise, dissatisfaction can escalate quickly, even when the clinical care itself was appropriate.
Doctors have a professional obligation under the Medical Board’s Good medical practice: a code of conduct for doctors in Australia to obtain informed financial consent (IFC). In practice, it’s appropriate these conversations are led and supported by staff. It makes clear systems, consistent messaging and good documentation essential.
Tribunals have consistently maintained that doctors are entitled to set their own private fees. The issue is not necessarily what you charge, it’s whether the patient was provided with enough information to make an informed decision before costs were incurred.
Strong IFC processes protect patients, staff and the practice. The following six steps will help reduce disputes, complaints and unnecessary stress.
1. Start the conversation early
Patients should be informed about likely costs before they’re incurred – for example, before they arrive for their appointment, not when they are standing at reception or after treatment has already started.
Early disclosure gives patients time to consider their options, ask questions or make alternative arrangements. It also reduces pressure on staff who are otherwise left managing difficult fee conversations in the moment.
Practical steps include:
○ publishing billing policies and consultation fees on your website
○ including fee information in online and telephone booking processes
○ clearly displaying bulk billing policies and standard fees in waiting areas
When patients know what to expect, cost discussions are easier and less confrontational.
2. Help patients plan for the full cost of care
Informed financial consent isn’t limited to your consultation fee. For many patients, the real cost lies in what follows, such as referrals, investigations, procedures and medications.
While referring doctors aren’t expected to know exactly what another provider will charge, they should help patients understand the types of costs they may encounter and where to find that information.
This might include:
specialist consultation fees
hospital or theatre charges
pathology and imaging costs
medication costs, particularlywhere PBS subsidies don’t apply
For specialist practices, sharing fee information with referring practices or publishing it online, can help everyone align expectations early.
3. Match the financial consent process to the complexity of costs
Not every situation requires the same level of financial disclosure. The IFC process should be proportionate to the complexity and significance of the costs involved.
A single, fixed fee consultation may only require verbal consent at the time of booking. By contrast, procedures involving multiple providers, staged treatment, or variable out of pocket costs will usually require more detailed explanation and written confirmation.
Importantly, cost complexity doesn’t always mirror clinical complexity.
A seemingly straightforward investigation, such as an endoscopy, may involve multiple providers, separate bills and unanticipated out of pocket expenses.
4. Be consistent and update patients when things change
Inconsistent information creates confusion and undermines trust.
Practices should have clear, documented billing policies that all staff understand and apply consistently. If only some doctors bulk bill, or different fees apply depending on appointment length or time of day, patients need to know this upfront.
Make sure patients are informed about:
○ longer or complex appointment fees
○ telehealth charges
○ after hours or call out fees
○ fees that apply even if treatment does not proceed
If fees or arrangements change, update the patient as soon as possible.
5. Use the right format for the situation
Patients are often absorbing a large amount of clinical information. Financial details can easily be missed or forgotten.
Written information, including item numbers, allows patients to check rebates with their insurer and consider costs in their own time. This is particularly important for procedures and ongoing treatment. For simpler interactions, verbal disclosure may be appropriate, but written confirmation provides clarity and reduces misunderstandings. Many practices now use electronic consent at the time of booking, which can be a good opportunity to remind patients of the cost of the appointment.
6. Document consent properly
Good documentation is your safety net.
How consent is documented should reflect the complexity of the costs involved:
○ verbal consent for a consultation fee can be noted in the clinical record
○ electronic consent during booking provides a time stamped record
○ brochures or fee schedules should be documented as having been provided, including the version used
○ significant or complex costs should be documented in writing and acknowledged by the patient (for example, via a read receipt, a signature or other written confirmation).
Clear records make it much easier to respond to billing disputes, complaints or regulatory scrutiny.
7. Why IFC matters for your practice and patients
A robust approach to financial consent supports respect for patient autonomy and professional integrity. It enables patients to make informed choices about whether to proceed, seek alternatives or plan financially for their care. It recognises that for many, financial considerations are as significant as clinical ones.
While even the best IFC process cannot prevent every complaint, patients are far more likely to challenge a bill, or escalate concerns, when costs come as a surprise, particularly if they are already unhappy about an aspect of their care.
Clear communication, consistent processes and thorough documentation help build trust, reduce disputes, support staff, and protect the practice’s reputation. Ultimately informed financial consent isn’t just a compliance requirement; it is a commitment to transparency, trust and the prevention of avoidable conflict.
References and further reading
Avant factshet
Informed financial consent
Avant case study
Doctor found guilty of unprofessional conduct for overservicing and not gaining financial consent
Avant factsheet
Managing difficult interactions with patients
These unwelcome events can be stressful and costly, for you and your practice.
Avant Practice Medical Indemnity Insurance with Cyber Insurance
With Avant Practice Insurance, you’re covered for the actions of staff and claims made against the practice. And for eligible practices, we include Cyber Insurance to help protect your practice against cyber extortion, privacy liabilities and damage to digital assets.
Protection for your practice and staff avant.org.au/practiceinsurance 1800 128 268
MIGA
Chaperones and observers in medical practices: and old fashioned word with modern importance
The word chaperone often sounds like it belongs in a period drama, perhaps uttered by someone wearing gloves and carrying a lace fan. But many people are surprised to learn it still has a place in modern healthcare, and is far from a quaint or outdated concept. Instead, it remains a practical safeguard that protects patients, clinicians, and the practice itself.
Why chaperones still matter today
Intimate examinations can be uncomfortable for patients and stressful for clinicians, and even when everything is done correctly, misunderstandings can arise about what was said or why a particular step was necessary. A chaperone provides an extra layer of reassurance. A chaperone is a trained staff member who supports the patient, observes the interaction, and can offer an independent account if concerns arise later.
A common misconception is that chaperones are only relevant when a male doctor examines a female patient. In reality, medicolegal risk can arise in any consultation, regardless of the age or gender of those involved, which is why a chaperone should be offered irrespective of who the clinician or patient is. This approach protects everyone and avoids assumptions that can unintentionally create blind spots.
For practices, chaperones are not simply a courtesy. They are a key part of a strong risk management culture, and when used well, they help prevent complaints, reduce uncertainty, and reinforce trust between patientsUnderstanding the medicolegal landscape
The medicolegal risks associated with intimate examinations are significant. Allegations in this area are among the most serious a practice can face, and even when a claim is unfounded, the emotional and administrative burden can be substantial. Australian standards and guidelines highlight the importance of clear communication, informed consent, and professional boundaries. The Medical Board of Australia’s Good Medical Practice: A Code of Conduct for Doctors in Australia sets expectations for respectful and transparent care. The Australian Commission on Safety and Quality in Health Care standards emphasise patient rights, communication, and clinical governance. State and territory privacy and health records laws also apply, particularly when documenting whether a chaperone was offered, accepted, or declined. These standards do not require a chaperone for every intimate examination. However, they do require practices to have systems that support safe and respectful care. Offering a chaperone when appropriate and recording the patient’s decision is a simple but powerful way to meet these expectations.
Putting
chaperone
policies into practice
Practice Managers are the architects of reliable chaperone systems. Effective policies usually include clear guidance on when chaperones should be offered, who can act as one and how the process should be explained to patients. Staff training is essential so everyone understands their role, and documentation should be consistent and easy to follow. Patients should be reminded that they can request a chaperone at any time. A chaperone should always be a trained member of the practice team. Family members or friends may provide comfort, but they do not fulfil the formal role of an observer. Before the examination begins, both the patient and the clinician should understand the chaperone’s purpose and presence.
Information in this article does not constitute legal or professional advice. Please call Miga if you need advice on any of the issues covered in this article.
Cyber Risk in 2026:
Part 1: Be Prepared
Miroslav Doncevic Managing Director Digital Medical Systems
The cyber security risk landscape has shifted decisively during 2025, and in 2026, for all Australian organisations that capture, hold and process Personally Identifiable Information (PII), and Protected Health Information (PHI), which of course includes Australian healthcare providers, which are Australian Privacy Principles (APP) entities under the Commonwealth Privacy Act 1988. 1
The decisive shift that has occurred is that Australian regulators, the Australian Securities and Investments Commission (ASIC), and the Australian Information Commissioner (AIC), in particular, are enforcing laws that perhaps have previously been perceived, incorrectly, as “guidelines” or to put it another way, moving from cyber security “best practices” to enforceable legal requirements and obligations with substantial penalties being sought and have been imposed by the Federal Court for cyber security failures.
The Australian Security and Investments Commission (ASIC) is the regulator for corporations, markets, financial services and consumer credit, under the Commonwealth Corporations Act 2001. 2
The Australian Information Commissioner (AIC) is the regulator for the Commonwealth Privacy Act 1988, 3 , which includes “13 legally binding Australian Privacy Principles (APPs). The APPs apply
to organisations and government agencies covered by the Privacy Act (APP entities).” 4
To fully understand the legal implications regarding adequate cyber security and risk management measures, it is worth reviewing in some detail the summaries of three recent Federal Court judgements for cyber security failures from May 2022 through to February 2026.
These three cases highlight the decisive shift to the enforcement of laws and regulations regarding cyber security obligations, with the Federal Court increasingly imposing significant penalties for failing to protect clients and patients Personally Identifiable Information and Protected Health Information, by not taking “adequate cyber security measures” and for failing to take “reasonable steps” as defined in the Australian Privacy Principles.
2022
RI Advice Group Pty Ltd (RI Advice) was an Australian Financial Services (AFS) licensed advisory firm previously owned by ANZ until it was sold to IOOF on 1 October 2018. RI Advice operated via Authorised Representatives (AR network) to provide financial advice services to retail customers, numbering up to 60,000 at times, and held confidential and sensitive personal and financial information about their clients.
Nine cybersecurity incidents occurred at AR practices between June 2014 and May 2020.
In ASIC vs RI Advice Group Pty
Ltd (RI Advice), in orders made by Federal Court Justice Rofe on 5 May 2022, the Court declared that 5 :
“RI Advice contravened ss 912A(1)(a) and (h) of the Corporations Act from 15 May 2018 to 5 August 2021 as a result of its failure to have documentation and controls in respect of cybersecurity and cyber resilience in place that were adequate to manage risk in respect of cybersecurity and cyber resilience across its AR network, and as a result of this conduct , it:
(a) failed to do all things necessary to ensure the financial services covered by the Licence were provided efficiently and fairly, in contravention of s 912A(1)(a) of the Corporations Act; and (b) failed to have adequate risk management systems , in contravention of s 912A(1)(h) of the Corporations Act. “
(Note - Bold emphasis added)
The Court ordered that RI Advice must engage a cyber security expert (Security in Depth):
○ “…to identify what, if any, further documentation and controls in respect of cybersecurity and cyber resilience are necessary for RI Advice to implement to adequately manage risk in respect of cybersecurity and cyber resilience across its AR network ( Further Measures)”
○ “…agree upon the earliest reasonably practicable date by which RI Advice will implement the Further Measures ( Agreed Date)
○ “Within 30 days … RI Advice must provide ASIC with a
written report from Security in Depth, reporting as to whether Further Measures are required to be implemented, and if so, what the Further Measures are and the Agreed Date.”
○ “RI Advice must commence implementing the Further Measures by no later than 90 days from the engagement referred to in paragraph 3(a) and complete implementation by the Agreed Date
○ “RI Advice must provide ASIC with a written report from Security in Depth, within 30 days after the Agreed Date reporting on the outcome of the implementation of the Further Measures, including whether, and to what extent, the Further Measures have been fully and appropriately implemented.”
○ “The engagement of Security in Depth referred to in paragraph 3(a) is to commence by no later than 1 month from the date of these Orders…”
○ “The costs of Security in Depth and the implementation of any Further Measures are to be paid by RI Advice.”
○ The Court ordered RI Advice to pay ASIC legal costs totalling $750,000.
Note that no pecuniary penalty was imposed in this case.
In a Media Release on 5 May 2022, ASIC Deputy Chair Sarah Court said:
“These cyber-attacks were significant events that allowed third parties to gain unauthorised access to sensitive personal information. It is imperative for all entities, including licensees, to have
adequate cybersecurity systems in place to protect against unauthorised access.
‘ASIC strongly encourages all entities to follow the advice of the Australian Cyber Security Centre and adopt an enhanced cybersecurity position to improve cyber resilience in light of the heightened cyber-threat environment.” 6
2025
Australian Clinical Labs Limited (ACL) is a listed public company and is a “leading provider of pathology services in Australia…”. 7 ACL acquired Medlab Pathology Limited on 19 December 2021. Medlab experienced a cyber attack and ransomware demand on 25 February 2022 by Quantum Group, resulting in “…86 gigabytes of data, including the personal and sensitive health information of more than 223,000 individuals, being exfiltrated and subsequently published on the dark web.” 8
In ASIC vs ACL, in orders made by Federal Court Justice Halley on October 8, 2025, the Court declared the following contraventions under the Privacy Act 1988 9 :
“Breach of APP 11.1 – failure to take reasonable steps to protect personal information
1. In contravention of s 13G(a) of the Privacy Act 1988 (Cth) (Privacy Act), in the period between 19 December 2021 and 15 July 2022, the respondent (ACL) engaged in a practice that was an interference with the privacy of one or more individuals because, having acquired the assets of Medlab Pathology Pty Limited (Medlab) on 19 December 2021, ACL did not have in place
adequate cybersecurity controls, which meant that it did not take reasonable steps to protect the personal information of those individuals that ACL held on certain Medlab servers from unauthorised access, modification or disclosure, in contravention of Australian Privacy Principle 11.1(b) (Personal Information Contraventions)
Contravention of s 26WH(2) –failure to carry out a reasonable and expeditious assessment
2. In contravention of s 13G(a) of the Privacy Act, within 30 days of 2 March 2022, in circumstances where in or around February 2022, the computer systems ACL had acquired from Medlab in December 2021 were the subject of a cyberattack ( Medlab Cyberattack ), ACL failed to take reasonable steps to ensure it carried out a reasonable and expeditious assessment of whether there were reasonable grounds to believe that the circumstances of the Medlab Cyberattack amounted to an eligible data breach within the meaning of s 26WE of the Privacy Act, in contravention of s 26WH(2) of the Privacy Act ( Assessment Contravention).
Contravention of s 26WK(2) –failure to notify of data breach
3. In contravention of section 13G(a) of the Privacy Act, having formed the view by at least 16 June 2022 that there were reasonable grounds to believe that there had been an eligible data breach in the circumstances of the Medlab Cyberattack, ACL failed to prepare and give to the Australian Information Commissioner (Commissioner), as soon as practicable, a statement concerning the Medlab
Cyberattack outlining the matters set out in section 26WK(3) of the Privacy Act, in contravention of s 26WK(2) of the Privacy Act ( Notification Contravention).
THE COURT ORDERS THAT:
4. ACL is to pay to the Commonwealth of Australia, within 30 days, a civil penalty of $5,800,000, comprised of:
(a) $4,200,000 in respect of the Personal Information Contraventions;
(b) $800,000 in respect of the Assessment Contravention; and
(c) $800,000 in respect of the Notification Contravention.
5. ACL is to pay to the Commissioner, within 30 days, a contribution of $400,000 towards the Commissioner’s costs in the proceeding.”
The judgement in AIC vs ACL is noteworthy as it is the first case of civil penalties being imposed under the Commonwealth Privacy Act 1988.
In the OAIC Media Release on 9 October 2025, Privacy Commissioner Carly Kind reinforced this milestone judgement as a “turning point in the enforcement of privacy law in Australia” 10 :
“This outcome represents an important turning point in the enforcement of privacy law in Australia. For the first time, a regulated entity has been subject to civil penalties under the Privacy Act, in line with the expectations of the public and the powers given to the OAIC by parliament. This should serve as a vivid reminder to entities, particularly providers operating within Australia’s healthcare system, that there will be
consequences of serious failures to protect the privacy of those individuals whose healthcare and information they hold.”
2026
FIIG Securities Limited (FIIG) is a “leading Fixed Income specialist for Australian investors and financial advisers. FIIG has grown to service over 6,000 clients and over 1,200 adviser accounts with more than $4.5bn in funds under advice…”11
FIIG’s IT systems were subject to a cyberattack from 19 May 2023, and “approximately 385GB of data, which included personal information of FIIG’s clients, was downloaded from its servers. Subsequently, screenshots of two documents containing some of that client information were published on the dark web.” 12
In ASIC vs FIIG, in orders made by Federal Court Justice Derrington on 9 February 2026, the Court declared that 13:
1. “Pursuant to s 1317E of the Corporations Act 2001 (Cth) (Corporations Act), at all times during the period between 13 March 2019 and 8 June 2023 the defendant (FIIG) failed to:
(a) have available the technological resources:
(i) comprising the “Adequate Cybersecurity Measures” (as that term is defined in the Statement of Agreed Facts and Admissions dated 23 January 2026) (Adequate Cybersecurity Measures); and
(ii) necessary to comply with its legal obligations;
(b) have available human resources with the skills, responsibility and capacity necessary to:
(i) put in place and maintain the Adequate Cybersecurity Measures;
(ii) implement the controls identified and established as part of its risk management system to mitigate the cybersecurity risks it faced;
(iii) ensure that it complied with its legal obligations;
(c) provision sufficient financial resources to enable FIIG to:
(i) have in place the Adequate Cybersecurity Measures;
(ii) put in place the human resources (either within the organisation or outsourced from a third party) with the skills, responsibility and capacity necessary to:
1. have in place the Adequate Cybersecurity Measures;
2. implement the controls identified and established as part of its risk management system to mitigate the cybersecurity risks it faced;
3. ensure that it complied with its legal obligations;
and thereby failed to have available adequate resources (including financial, technological and human resources) to provide the financial services covered by its Australian Financial Services Licence (number 224659) (Licence) as required under s 912A(1)(d) of the Corporations Act, and thereby contravened s 912A(5A) of the Corporations Act .”
2. Pursuant to s 1317E of the Corporations Act, at all times between 13 March 2019 and 8 June 2023, FIIG failed to implement the controls identified in its risk management system to mitigate the cybersecurity risks it faced, and thereby failed to have adequate risk management systems as required under s 912A(1)(h) of the Corporations Act , and thereby contravened s 912A(5A) of the Corporations Act .
3. Pursuant to s 1317E of the
Corporations Act , at all times during the period of 13 March 2019 to 8 June 2023, by reason of FIIG’s failures to:
(a) have in place the Adequate Cybersecurity Measures;
(b) have available adequate financial, technological and human resources to provide the services under the Licence; and
(c) have adequate risk management systems;
the defendant failed to do all things necessary to ensure that the financial services covered by the Licence were provided efficiently, honestly and fairly as required under s 912A(1)(a) of the Corporations Act , and thereby contravened s 912A(5A) of the Corporations Act
The Court ordered that:
Penalty
4. Within 30 days of this order, FIIG pay to the Commonwealth a pecuniary penalty of $2.5 million in respect of FIIG’s contraventions of s 912A(5A) of the Corporations Act.
Justice Derrington noted that the cost of having cyber security and risk management in place over the period from March 2019 to June 2023 would have cost approximately $1.2 million, whereas the cyber security remediation cost approx. $1.5m. Compliance programme
Justice Derrington has ordered that FIIG is required to undertake a compliance programme (Compliance Programme) with the following steps (in summary):
○ engage an expert as agreed between FIIG and ASIC, each party acting reasonably ( Independent Expert) and that:
○ …the Independent Expert to
prepare a written report ( First Report) which identifies what, if any, further documentation, resources and controls in respect of cyber security and cyber resilience are necessary for FIIG to implement, to reasonably manage risk in respect of cyber security and cyber resilience ( Remedial Actions);
○ the Independent Expert to deliver the First Report within 45 Business Days of the engagement of the Independent Expert…;
○ the Independent Expert will provide a copy of the First Report to ASIC within 7 business days of the First Report being delivered to FIIG by the Independent Expert;
○ If Remedial Actions are identified in the First Report, within 15 business days of the First Report being provided to ASIC, FIIG must, in consultation with the Independent Expert and ASIC, agree a timetable for the implementation of the Remedial Actions, including an end date by which all Remedial Actions must be completed (Agreed Date)…
○ FIIG must commence implementing the Remedial Actions no later than 45 days once the Agreed Date has been determined, … , and complete the implementation of the Remedial Actions by the Agreed Date;
○ “Within 90 to 180 days after the Agreed Date, or such other later time as agreed by ASIC in writing, the Independent Expert must deliver a further written report to FIIG which reports on the outcome of the implementation of the Remedial Actions, including whether, and to what extent, the Remedial Actions have been fully and
appropriately implemented (Final Report); and
○ “FIIG will provide to ASIC, within 10 days of the Final Report or such other date as agreed by ASIC in writing, an attestation from the Chief Executive Officer of FIIG, stating that they have read and understood the First and Final Reports and having made reasonable enquiries, believes the Remedial Actions have been implemented and is satisfied with how the Remedial Actions have been implemented”
○ The engagement of the Independent Expert and all cost will be paid by FIIG, and FIIG will provide all assistance, including all documentation, access to experts, systems and premises, etc., to the Independent Expert.
○ FIIG to provide a copy of any written correspondence between FIIG and the Independent Expert, as requested by ASIC from time to time (other than any documents or information subject to a claim of legal professional privilege)
Further, ASIC is to approve “the appointment of the Independent Expert and the engagement terms”. FIIG also is to acknowledge that “ASIC may from time to time publicly report on the progress of the Compliance Programme (for the avoidance of doubt, ASIC will not publish the First or Final Reports, or any other information where public disclosure may unduly pose a risk or threat to FIIG from a cyber security perspective); and “that the terms of engagement may only be varied with the agreement of ASIC.”
Costs FIIG was also ordered to “pay ASIC $500,000 towards
ASIC’s costs of and incidental to the proceeding” within 30 days of the order.
Now, it is important to note Justice Derrington’s observations as to cyber attacks and adequate cyber protections:
“It might be observed, at this point, that the mere fact of a successful cyberattack on an entity’s information technology systems does not necessarily indicate that the entity had failed to meet the statutory obligations imposed upon it concerning the protection of its information. It is notorious that certain countries hostile to Australia support the conduct of cyber attacks upon Australian companies and, necessarily, fund those malefactors to a large degree. It would be all but impossible to prevent every cyber attack. However, ASIC’s very legitimate concern does not seek to impose an unattainable standard of information protection. Rather, ASIC is concerned that entities which are subject to obligations under the Act have adequate cyber protection systems in place.”
In the ASIC Media Release on 9 February 2026, ASIC Deputy Chair Sarah Court said, ‘Cyber-attacks and data breaches are escalating in both scale and sophistication, and inadequate controls put clients and companies at real risk.
‘ASIC expects financial services licensees to be on the front foot every day to protect their clients. FIIG wasn’t – and they put thousands of clients at risk.
‘In this case, the consequences far exceeded what it would have cost FIIG to implement adequate controls in the first place.
‘This is the first time the Federal Court has imposed civil penalties for cyber security failures under the general AFS licensee obligations, setting a clear licence-to-operate expectation for robust cyber resilience.
‘Clients entrust licensees with sensitive and confidential information, and that trust carries clear responsibilities.
FIIG’s cyber security failures between 13 March 2019 to 8 June 2023 included examples where it did not:
○ allocate the necessary financial resources to have suitably qualified and experienced people available, or implement adequate technological resources to manage cyber security
○ implement adequate cyber security measures, including multi-factor authentication for remote access users, strong passwords and access controls for privileged accounts, appropriate configuration of firewalls and security software, regular penetration testing and vulnerability scanning
○ have a structured plan to ensure key software systems were being updated to address security vulnerabilities
○ have qualified IT personnel monitoring threat alerts to identify and respond to cyberattacks
○ provide mandatory cyber security awareness training to staff, and
○ have an appropriate cyber incident response plan that was tested at least annually.
‘Entities that fail to maintain
proper cyber security controls risk regulatory action by ASIC and exposure to malicious exploitation,’ the Deputy Chair said.
ASIC expects AFS licensees to prioritise cyber-resilience and invest in people, systems and governance which are fit-forpurpose for entity size and the sensitivity of client information held.” 14
Things have changed…
Organisations that hold sensitive PII and PHI data are on notice that they must heed the “Cyber Risks: Be Prepared” advice from ASIC back in 2022 15 , or to risk being held accountable for cyber security and risk management failures by the regulators and the Courts.
The regulators are enforcing the laws relating to cyber security and privacy obligations, and are seeking significant penalties from the Courts. Compliance is not optional. There are more cyber security and risk management cases before the courts…
Healthcare providers and practice managers must take “active measures” and reasonable steps” to protect patient data, or risk being held accountable before the Courts if these “adequate cyber security measures” highlighted by the three cases cited above are not in place, and are not managed appropriately.
Be cyber safe.
More to come on cyber security assessments for primary healthcare providers next issue…
References
1 OAIC, (2026)., retrieved from https:// www.oaic.gov.au/privacy/australian privacy principles
2 ASIC, (2026)., retrieved from https:// www.asic.gov.au/about asic/what we do/ our role/
3 OAIC, (2025)., retrieved from https:// www.oaic.gov.au/about the OAIC/what we do
4 OAIC, (2025)., retrieved from https:// www.oaic.gov.au/news/media centre/ australian clinical labs ordered to pay penalties in relation to medlab pathology data breach in first for privacy act
5 ASIC, (2022)., retrieved from https:// download.asic.gov.au/media/zhodijpp/22 104mr 2022 fca 496.pdf
6 ASIC, (2022)., retrieved from https:// www.asic.gov.au/about asic/news centre/ find a media release/2022 releases/22 104mr court finds ri advice failed to adequately manage cybersecurity risks/
7 ACL, (2026)., retrieved from https://www. clinicallabs.com.au/company profile
8 Federal Court of Australia, (2025)., retrieved from https://www.judgments. fedcourt.gov.au/judgments/Judgments/fca/ single/2025/2025fca1224
9 ibid
10 OAIC, (2025)., retrieved from https:// www.oaic.gov.au/news/media centre/ australian clinical labs ordered to pay penalties in relation to medlab pathology data breach in first for privacy act
11 FIIG, (2026)., retrieved from https:// www.fiig.com.au/about
12 ASIC, (2026)., retrieved from https:// download.asic.gov.au/media/o02h30dd/26 021mr asic v fiig securities limited judgment 13 feb 2026.pdf
13 ibid
14 ASIC, (2026)., retrieved from https:// www.asic.gov.au/about asic/news centre/ find a media release/2026 releases/26 021mr asic action sees fiig securities ordered to pay 2 5 million over cyber security failures/
15 ASIC, (2022)., retrieved from https:// www.asic.gov.au/about asic/news centre/ articles/cyber risk be prepared/
Leading IT Services for Medical Practices
Calls to the DMS helpdesk are answered literally within seconds, most issues are resolved within minutes.
Guaranteed Level 2 or Level 3 technicians with extensive experience in Australian medical software problem resolution.
Extensive experience and expertise in Australian medical software ecosystems.
87% of helpdesk calls resolved on the same day.
81% of helpdesk calls resolved on the first call.
Managed Cyber Security expertise. Security first approach with Cyber Security qualified staff.
Proactive Managed IT that is fully customised for Australian medical clinics, with high attention to detail.
DMS Private Cloud located in Melbourne and Sydney at leading Tier 4 data centres with latest high performance, and high capacity host servers.
Hayley Hughes, Practice Manager
AI powered receptionist support for GP practices 24/7
The AI Reception is saving our reception team time
-Grace
*Results vary by practice and duration of Helen
Why disconnected systems cost more than you think
Michael Strachan Head of Strategic Partnerships Magentus
It’s 9:15 on a Monday morning. Your phone is already ringing with patients asking whether their imaging results have arrived. Reception is fielding calls from a GP’s practice chasing a specialist report from last week. You’re manually re-entering patient details into another system because nothing connects to anything else.
This is the daily reality for practice managers. While healthcare leaders debate digital health policy and clinicians try to focus on patient outcomes, you’re left bridging the gaps between systems that won’t talk to each other. The recent AMA Digital Interoperability Report details what you already know –systems failing to connect remain one of the biggest frustrations in better healthcare.
What fragmentation actually costs
Conversation around interoperability usually centre on clinical benefits: safer prescribing, fewer duplicate tests, better continuity of care. These of course matter, but there are other issues that land squarely with you.
Every time your team manually transfers data between systems, you’re consuming staff time and risking transcription errors. Every phone call chasing missing information is administrative overhead. Every patient who cancels at the last minute because they haven’t yet managed to go for that pathology
test means lost revenue and wasted appointment capacity.
What changes with better connections
Practice managers already coordinate complex information flows between referring GPs, diagnostic providers, hospitals, allied health services, and patients. Without systems that properly connect, you’re doing manually what technology should handle: orchestrating information exchange, juggling multiple logins, troubleshooting when things fall through the cracks.
Better connected systems give you visibility into referral patterns. You can forecast capacity needs more accurately. You have actual data to make decisions about service expansion or resource allocation. You move from constantly firefighting to planning ahead.
The practical benefits
Patient safety drives many interoperability discussions, and rightly so. But there’s also a business case that specialist practice managers are well positioned to make.
Less administrative burden: Pathology and radiology results that flow automatically into your practice management system mean staff aren’t spending hours downloading, saving, and manually linking reports. That time gets redirected to patient interaction, appointment management, or claims processing.
Better patient satisfaction: Patients expect healthcare to work as smoothly as their banking or retail experiences. Online booking, automated reminders, digital access to results, and knowing their specialists have complete information from their GP all matter.
Improved cash flow: Smoother information exchange reduces the administrative delays that slow billing. Complete, accessible documentation means claims are submitted faster and rejected less often.
Lower risk: Proper digital audit trails and less reliance on manual processes reduce exposure to errors. Delayed or lost information between systems creates liability exposure for both the practice and the specialist.
What you can do now
The platforms you choose today shape your operational efficiency for years ahead. When evaluating practice management systems or considering upgrades, make connectivity a primary selection criterion. Ask vendors specific questions:
○ Which systems does your platform integrate with now?
○ What does implementation support look like?
○ Can you show us data flowing between systems, not just describe capabilities?
○ Where does FHIR (Fast Healthcare Interoperability Resources) fit into your roadmap and how are you reducing friction with other parts of the system I need?
Your expertise matters
Practice Managers understand workflow bottlenecks better than most IT vendors. You know which connections would deliver the most value because you’re dealing with the gaps every day.
That knowledge counts. Whether you’re participating in forums, giving feedback to software vendors, or discussing system requirements with the specialists in your practice, your perspective shapes what gets built. Practices that will thrive as healthcare becomes more connected are those where managers can treat connectivity as a core requirement.
Moving forward
Better connectivity won’t arrive overnight, but momentum is building. As mandated standards emerge and vendors respond to market pressure, the practices best positioned to benefit will be those that have already prioritised connected systems.
Start by assessing your current state. Where does information flow smoothly, and where does it break down? Where do your team members spend time on manual workarounds? Which connections, if solved, would deliver the greatest improvement?
Connected systems matter because they let practices work more efficiently. Staff can focus on what counts. Patients receive smoother care. Practice managers can proactively plan rather than constantly react to problems. With healthcare moving toward greater connectivity, now is the perfect opportunity to help shape that change in ways that serve your practice, your team, and your patients.
Elevate, Connect and Inspire
Why the 2026 AAPM National Conference in Brisbane is Unmissable!
In the rapidly evolving landscape of Australian healthcare, the role of a Practice Manager has never been more critical—or more complex. From navigating digital health transformations and compliance updates to managing diverse teams and ensuring financial sustainability, the demands are immense. This October 2026, the Australian Association of Practice Management (AAPM) invites you to pause, reflect, and recharge at the AAPM National Conference, held at the spectacular Brisbane Convention and Exhibition Centre (BCEC).
For seasoned veterans and emerging leaders alike, the 2026 conference promises to be a cornerstone event. It is not merely a series of sessions; it is an investment in your career, your practice, and your sanity.
Here are four reasons why you can’t afford to miss it.
Unparalleled Professional Development
The core of the AAPM conference is its commitment to high calibre education. The 2026 program has been curated to address the “now” and the “next” of healthcare management. Attendees can expect a robust program with keynote presentations, interactive workshops, and panel discussions led by industry experts.
Whether you are managing a small GP clinic or a large multi disciplinary practice the learning streams are designed to offer tangible value. Topics are expected to cover the most pressing issues facing our sector, including the latest updates on Medicare compliance, strategies for optimising practice efficiency through AI and technology, and essential updates on employment law. This is your opportunity to gain AAPM Continuing Professional Development (CPD) points while acquiring practical tools that you can implement the moment you return to your desk.
The Power of Connection
While the sessions provide the knowledge, the “hallway track” provides the wisdom. One of the greatest benefits of the AAPM National Conference is the networking. Practice Management can often feel like a solitary profession, but in Brisbane, you will be surrounded by hundreds of peers who understand exactly what your day looks like.
The conference facilitates connection through social networking events which include the First Timers Dinner supported by Best Practice, Networking Breakfast supported by Healthengine, Cubiko Cocktails, Happy Hour drinks, the exhibition area and casual breaks. End the conference with the Gala Dinner, where we celebrate a year of hard work and achievement. These interactions allow you to benchmark your practice against others, share
solutions to common problems, and build a support network that lasts long after the conference closes. Connecting with leading suppliers in the exhibition area also ensures you are up to date with the latest products and services that can streamline your operations.
Destination Brisbane
There is no better backdrop for professional growth than Brisbane in October. The Brisbane Convention and Exhibition Centre is centrally located in the South Bank precinct, offering easy access to worqld class dining, culture, and the stunning Brisbane River. The warm, sub tropical spring weather provides the perfect atmosphere to clear your mind and focus on your professional goals.
Invest in Your Future
Attending the AAPM National Conference in Brisbane is more than just a trip away; it is a strategic decision to elevate your professional standing. You will leave with a notebook full of ideas, a pocket full of business cards, and a renewed passion for the vital role you play in Australia’s healthcare system.
Mark your calendars for October 2026 and prepare to be inspired. For more information and to register your interest, visit www. aapm.org.au
What the Digital Health?
Paul Piltz
Best Practice Software
It starts with a simple request at the tearoom door: a GP has discovered a “game-changing” AI scribe, or a vendor is demonstrating a sleek new patient triage app.
As a Practice Manager, your first instinct may not be about the technology itself, but what it means in terms of impact. In a healthcare environment where digital transformation is accelerating, the regulatory landscape can feel complex. With updated guidance for AI scribes and the Australian Digital Health Agency preparing practices for the 2026 “Share by Default” changes, expectations are evolving quickly.
But here is the good news: compliance is not about mastering code or becoming an IT expert. It is about asking smart questions, setting clear processes, and maintaining strong governance. Think of it as modern digital housekeeping; structured, proactive, and entirely manageable. You are not just overseeing practice network security or setting password protocols. You are strengthening clinical safety and safeguarding data integrity in a rapidly advancing digital landscape. That’s an empowering position!
Is it a Toy or a Tool?
One of the most practical questions for a Practice Manager is determining when software crosses the line from convenience tool to regulated medical device. If a digital product goes beyond simple transcription or document generation and is used to diagnose, prevent, monitor, or treat disease, even in a suggestive capacity, it’s likely to fall within the TGA’s medical device software classification. This is where your due diligence shines. Before introducing a tool that claims to “identify” or “predict” patient risks, ensure it is:
○ Fit for purpose
○ Clinically reviewed before it approaches live data
○ Supported by clear accountability and oversight policies
When oversight is built in, risk remains controlled. The key is not avoiding innovation, it is choosing the right product and implementing it thoughtfully. With appropriately reviewed mechanisms and documented governance, your practice remains confidently in control.
Dealing with ChatGPT Health and the 2026 Countdown
AI generated health information is becoming part of everyday consultations. Initiatives such as OpenAI’s ChatGPT Health aim to provide increasingly personalised health insights, potentially integrating with medical records in the future.
Have you had a Patient turn up with AI generated diagnoses or treatment suggestions yet? With clear internal protocols for these new scenarios, your team can confidently:
○ Proactively manage patient engagement
○ Re centre clinical decision making with the GP
○ Reinforce evidence based care
AI may inform conversations, but clinical judgment remains firmly with the practitioner.
Supporting your team with evidenced guidance ensures these interactions strengthen, rather than strain, the GP patient relationship.
Sharing by Default
Circle the date: 1 July 2026.
From this date, pathology and diagnostic imaging reports will be shared to My Health Record by default. Some providers have already begun sharing common pathology results since October 2025.
Importantly:
○ Patients who opted out of My Health Record in 2019 remain outside the system.
○ Patients can still delete their record or adjust access controls at any time.
○ Sensitive results can be withheld from sharing upon patient request.
This reform enhances continuity of care and national data integration. With clear communication processes in place, practices can work with patients on Sharing by Default smoothly and confidently.
The Final Word: Becoming the ‘Digital Captain’
With acronyms like MHR, AI, ARTG and RACGP in constant circulation, it is easy to feel that digital healthcare is complex. In reality, your role is not to be an IT technician, it is to be a strategic leader. As a Practice Manager, you are the Digital Captain. You decide what comes on board. You ensure every system is fit for purpose. You chart the course for compliance, resilience and growth. Strong governance is not about avoiding penalties. It is about building a practice that is secure, adaptable and future ready. By implementing robust security policies and conducting structured vendor assessments, you transform digital uncertainty into competitive advantage. Innovation does not replace oversight; it thrives because of it. If aspects of the digital landscape still feel unclear, you are not alone and you do not need to navigate it in isolation. Join Best Practice at the AAPM Educare series, running across major capital cities. It is an opportunity to clarify emerging requirements, ask practical questions, and connect with peers facing the same transitions.
The digital shift is here. With the right preparation, your practice can lead it with confidence.
From vision to vigilance: building a secure digital future for health care
Will Sharpe Chief Information Security Officer Telstra Health
Ongoing large-scale data breaches and incidents make it clear that health care continues to be one of the most exposed sectors, responsible for 18% of notifiable incidents in Australia.
Each incident erodes public trust because the public expects their most intimate and sensitive information to be safeguarded without exception. When that trust is broken, confidence in digital healthcare services drops, disclosure becomes less honest and the willingness to adopt innovative technologies declines. Without trust, neither innovation nor quality patient care can progress.
Digital health adoption, from the national electronic health record system to telehealth, offers clear benefits, yet Australians continue to scrutinise how their information is handled.
Their willingness to share data depends on strong and visible safeguards, clear consent processes and confidence that governance keeps pace with the technology. Strengthening these foundations is essential as the sector shifts towards predictive and preventative models of care that depend on timely, accurate and responsibly managed data.
ChatGPT style health applications highlight a double edged sword of AI in health care. They can support clinical decision making and improve efficiency, but in the absence of strong governance, clinicians and
patients have every reason to be sceptical of their safety and reliability.
Secure by design principles and strong consent frameworks must be mandatory if we expect AI to enhance care without eroding trust. For technology leaders, embedding security into every platform and workflow from the outset is non negotiable. This means early collaboration between clinicians, risk teams and technologists, alongside clear guardrails for emerging technologies. Done well, security becomes an enabler, reducing remediation costs while driving safer, more efficient care.
Interoperability is equally vital. Open standards and APIs allow data to move seamlessly across systems while maintaining compliance. Achieving secure interoperability is not just technical, it requires collaboration across providers, technology partners and regulators to ensure that shared data remains protected end to end. Only then can we build connected ecosystems that clinicians can rely on, and patients can trust.
The path forward for secure and safe care has three core components:
○ Embed security and privacy into every digital innovation.
○ Adopt risk based governance that prioritises patient safety.
○ Develop consent frameworks that empower patients.
Progress will be measured not
by platforms deployed, but by patient experience: fewer retold stories, timely access to care, and confidence that their data, and health, are treated with integrity.
Market update: From recovery to realignment
As we settle into the first quarter of 2026, the Australian healthcare recruitment landscape is defined by a distinct shift from “recovery” to “realignment.” The vacancy rates and desperation hiring that characterised the immediate post COVID years (2023–2025) have stabilised, but the market remains exceedingly tight for quality talent. We have moved past the acute crisis phase into a new normal—one that is less volatile but perhaps, more demanding in its expectations of employers.
We have analysed the current recruitment trends facing private practices, breaking down the drivers of candidate behaviour, different challenges for different roles and provided practical actionable steps that you can implement in your practice for success in the year ahead.
The National Landscape: A Return to Permanence
The most significant trend of early 2026 is the move towards permanent hiring. The “locum carousel” that dominated the last three years is finally slowing down. For a long period, candidates could command premium daily rates as contractors, moving between practices with little incentive to settle. That dynamic has shifted – partially driven by the cost of living pressures felt by
Australians.
Private practices are prioritising workforce stability, recognising that the true cost of turnover— measured in lost productivity, disrupted patient care, and damaged team culture—far outweighs the investment in a permanent salary. Candidates are looking for security and predictability in their employment.
The Migration Lag: Why the Valve Hasn’t Fully Opened
While it has been years since COVID officially ended, the effects of staffing shortages are still being felt by private practices. It was thought that the reopening of international boarders would provide a solution to the staffing shortages in healthcare. In reality, the valve is only half open there is only a trickle of talent entering the market. The bottleneck of international talent is administrative in nature; processing time for credential recognition (AHPRA) and visa approvals have not yet recovered to pre pandemic efficiency. The delay has predominantly affected allied health (physiotherapists, podiatrists) and specialised nursing roles where Australian graduate/post graduate numbers are insufficient to meet demand. This is putting pressure on practice nurses who, frequently, have combined nursing/ administrative duties.
The good news is that the pipeline of international talent
is healthy. We expect the international supply of talent to normalise in the back half of the year. While private practices still must compete aggressively for local talent, this is short term. There are green shoots on the horizon!
The Wage Spiral and the “Public Sector Ripple”
The most active challenge for private practice heading into 2026 is salary. We cannot discuss salary trends in private practice without addressing the public sector and the recent wage increases.
The Victorian Nursing Enterprise Bargaining Agreement (EBA) have set a new standard for remuneration expectations across the healthcare sector nationally. Nurses in the public sector are set to receive a 28% increase in salary over the next four years. Naturally, your private practice nurses are looking at their colleagues in the public sector and wondering about their own remuneration. The ripple effect of this increase extends to those who work closely with nurses, your Practice Managers and Medical Secretaries. They are highly aware of the shifting pay scales and question their own pay rates.
Irrespective of the role you are recruiting for, candidates are actively comparing private practice offers against roles in the public sector. For most private practices, offering outdated rates in 2026 you will find yourselves
attracting either under qualified candidates or few appropriately qualified candidates.
Role-Specific Breakdown Practice Managers
The role of the Practice Manager has evolved significantly. We are seeing a “flight to quality” where experienced PMs are leaving smaller, under resourced more risky practices for larger group practices or corporate roles that offer better support structures and certainty. The burnout legacy of COVID is still real; PMs are no longer willing to be the “Chief Everything Officer” covering reception, IT, HR, and cleaning without adequate support. Draw these candidates in through the support team you can offer them.
Medical Secretaries and Admin
This segment is seeing the highest demand for flexibility. The traditional 9 to 5, Monday to Friday model is becoming a barrier to hiring. Talented administrative staff are seeking roles that offer 9 day fortnights, school hour shifts, or hybrid work options (e.g., work from home days for billing/typing). Practices that are embracing flexibility and innovation are more successful in retaining their talent.
Nurses
For Practice Nurses, the competition is fierce. The “Clinician Value Proposition” has shifted from purely clinical focus to lifestyle and autonomy. Private practice cannot always compete with hospital wages, but it can compete on work life balance and regular hours (no night shifts). Practices successfully recruiting clinical nurses have pivoted their “Total Value Proposition” to highlight these lifestyle benefits
over the raw salary figure.
Practical Priorities for Private Practice
For practice owners and managers, we are seeing that practices being cautious and delaying recruitment are suffering. Success in 2026 requires a proactive strategy. Here are four practical, high impact steps you can take immediately:
1. Audit Your “Total Value Proposition”
You may not be able to match the public sector dollar for dollar on base salary, but you can compete on the “Total Value” package. Candidates weigh the whole offer: salary + flexibility + culture + development. Conduct an honest audit: Do you allow flexibility? Do you fund professional development? Do you offer a clear pathway for progression? Is your technology modern, or will a new hire be frustrated by archaic systems? Marketing these non monetary benefits in your job ads is critical to attracting talent that values lifestyle over pure salary.
2. The “Two-Week Rule” for Hiring
Speed is your greatest asymmetric advantage over large hospitals and the public sector; their recruitment process can take up to 3–4 months. You can do it in two weeks. A qualified candidate in the current market will have multiple interviews within days of applying. If your process drags on, you will lose them. Streamline your process: review CVs daily, block out interview times in advance, and be empowered to make an offer immediately if you find the right person.
3. Conduct “Stay Interviews”
Most private practices rely solely on “exit interviews” to find out why staff leave. By then, it is too late. Implement “stay interviews”—informal but structured chats with your key staff to ask: “What keeps you working here?” and “If you were to leave, what would be the reason?”. This simple proactive step can reveal friction points (like roster rigidity, difficult personalities, or software frustrations) that you can fix before they become resignation letters. The best way to recruit is to retain!
4. Build Your Own Talent
With experienced talent in short supply, consider hiring for attitude and aptitude rather than just years of experience. The pool of “perfect” candidates (e.g., 5+ years experience, Genie software expert) is dry. Instead, look for smart, organized candidates from hospitality, retail management, or corporate admin. These industries train excellent customer service and multitasking skills. A candidate with the right attitude can be trained on your software in two weeks; a candidate with the wrong attitude but the right skills can damage your culture for years.
The Bottom Line: The outlook for the rest of 2026 is cautiously optimistic. Practices that are proactive in their retention; either financial or non financial incentives, and recruitment are on the front foot. These private practices will not just survive the tight market, they will define the new standard of employment in private healthcare.
