Data Security and Confidentiality

Our Commitment

We are committed to protecting the security and confidentiality of all personal, health, and business information entrusted to us. This policy outlines how we safeguard data, control access, and maintain confidentiality in line with Australian privacy laws, NDIS requirements, and allied health professional standards.

This policy applies to clients, NDIS participants, carers, referrers, partner organisations, providers, contractors, employees, and users of our digital systems and portals.

Data Security

Secure Data Storage

All personal and health information is stored securely within Australia using access-controlled systems. We do not store sensitive information overseas.

System Access Controls

Access to information is restricted to authorised personnel only and is based on role and responsibility. Authentication measures are used to prevent unauthorised access.

Technical Safeguards

We implement reasonable technical and organisational measures to protect data, including:

  • Secure servers and encrypted connections
  • Role-based access controls
  • Monitoring and logging of system access
  • Regular system updates and security reviews
Third-Party Systems

Where third-party service providers are used (such as clinical software or IT services), we take reasonable steps to ensure they meet Australian data security and privacy requirements.

Confidentiality

Confidential Handling of Information

All personal, clinical, and business information is treated as confidential. Information is only accessed or disclosed where it is necessary for service delivery, care coordination, operational purposes, or as required by law.

Staff and Contractor Obligations

All employees and contractors are required to comply with confidentiality obligations as part of their engagement. This includes maintaining confidentiality during and after their role with us.

Information Sharing

Information is shared only with authorised parties, such as treating clinicians, referrers, partner organisations, and funding bodies, and only where relevant and permitted.

Breach Management

We take data security incidents seriously. In the event of a suspected or actual data breach, we will:

  • Investigate and contain the incident promptly
  • Assess the impact and risks involved
  • Notify affected parties and relevant authorities where required under Australian law
  • Take steps to prevent future occurrences
Data Retention and Disposal

Information is retained in line with legal, healthcare, and NDIS record-keeping requirements. When information is no longer required, it is securely destroyed or de-identified to prevent unauthorised access.

Responsibilities

Maintaining data security and confidentiality is a shared responsibility. All staff, contractors, and partners are expected to comply with this policy and report any concerns or incidents promptly.

Questions or Concerns

For questions about data security or confidentiality, or to report a concern to operations@betterhealthgroup.au