.jpg?width=80&height=80&name=Social_Profile_Mirko%20(2).jpg "Social_Profile_Mirko (2)")
Privacy
Data Privacy and Security
1. Introduction
At EchoHealth Hub ("we," "us," or "our"), we are steadfast in our commitment to safeguarding the privacy and security of your personal and health information. This Privacy Policy outlines the principles and practices we follow to ensure your data is handled with the utmost care, in strict compliance with the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic), and other relevant legislation. By using our services, you agree to the terms outlined in this policy.
2. Data Minimisation and Purpose Limitation
EchoHealth Hub adheres to the principle of data minimisation, collecting only the information necessary to deliver high-quality healthcare outcomes. We deliberately avoid collecting identifiable patient data, such as names, dates of birth, and Medicare numbers, unless it is absolutely required by law or necessary to provide our services. Our data collection is purpose-specific, meaning we only collect and use data for clearly defined purposes that are directly related to your healthcare.
3. Consent and Transparency
We ensure that your consent is obtained prior to the collection, use, or disclosure of your personal information, particularly sensitive health information. Consent is informed, voluntary, and current, and you have the right to withdraw it at any time. We will clearly explain the purposes for which your data is collected and how it will be used, ensuring full transparency.
4. Automatic Redaction and De-Identification
All personally identifiable information (PII) is automatically redacted from consultation transcripts during transcription. This process is rigorously designed to ensure that no patient names, dates of birth, or other sensitive data are stored within our systems. The only identifiable information we retain is your mobile number, which is secured with industry-standard 256-bit encryption. De-identified data is subject to stringent safeguards, including clustering and other measures to prevent re-identification.
5. Secure Communication via Twilio
EchoHealth Hub integrates Twilio's advanced communication technologies to facilitate secure and encrypted patient-doctor interactions. Twilio complies with all Australian privacy standards, and our Data Processing Agreements (DPAs) ensure that your data is protected throughout all stages of communication. We do not allow third-party access to your data at any point during the communication process.
6. Data Security and Encryption
We implement bank-grade 256-bit encryption to protect your data both in transit and at rest. Access to your data is restricted to authorised personnel only, following the principle of Least Privilege. Regular security audits and assessments are conducted to identify and mitigate potential risks. In the unlikely event of a data breach, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC), in compliance with the Notifiable Data Breaches (NDB) scheme.
7. AI & LLM Processing on Closed Servers
All AI and Large Language Model (LLM) processing is conducted on closed servers, with no third-party access. We guarantee that your data is never used for training purposes or shared with external entities without your explicit consent. This ensures that your information remains strictly confidential and secure.
8. Use of De-Identified Data
The de-identified data we collect may be used for the following purposes:
- Service Improvement: To analyse and enhance the functionality and quality of our services.
- Research and Development: To develop new products and improve existing ones, with a focus on healthcare outcomes.
- Predictive Analytics: To create and refine predictive models that assist in healthcare delivery.
- Aggregated Insights: To generate reports and insights for internal use or for sharing with partners, ensuring that no personal information is disclosed.
9. Provision of Analytical Data to Users
De-identified analytical data, including various health and clinical metrics, is provided back to healthcare providers using our services. This data is intended to support clinical decision-making and improve patient outcomes, while fully complying with privacy regulations.
10. Third-Party Data Sharing and Onselling
We may share de-identified data with third parties, including business partners, research organisations, and commercial entities, for purposes such as product development, research, and market analysis. These third parties are contractually obligated to handle the data in accordance with the strict privacy and security standards outlined in this policy. Under no circumstances will we share your personal or sensitive health information with third parties without your explicit consent.
11. Data Retention and Disposal
Healthcare providers using our platform have the flexibility to establish their own data retention policies, balancing the need for data accessibility with privacy protection. Data that is no longer required is securely destroyed or de-identified in accordance with applicable laws and our internal data retention guidelines.
12. Access and Correction Rights
You have the right to access and correct any personal information we hold about you. We will respond to access requests within a reasonable timeframe, as required by the Privacy Act 1988 and the Health Records Act 2001 (Vic). If you believe that any information we hold is inaccurate, incomplete, or outdated, you may request a correction, and we will take reasonable steps to update or correct your records.
13. Compliance with Australian Privacy Principles and Ethical Standards
EchoHealth Hub is designed in compliance with the Australian Privacy Principles (APPs) and the Privacy Act 1988. We maintain the highest ethical standards in the handling of personal and health information, and we seek to obtain relevant regulatory approvals to ensure our practices align with the legal and ethical requirements of the healthcare industry.
14. Clarification on TGA Compliance
EchoHealth Hub is not classified as a Software as a Medical Device (SaMD) and is therefore not regulated by the Therapeutic Goods Administration (TGA). Our platform serves as a digital transcription and analytical support tool, and it does not influence clinical judgments or decision-making. Healthcare professionals are responsible for reviewing and verifying the accuracy of all documentation generated by EchoHealth Hub.
15. Changes to This Privacy Policy
We review and update this Privacy Policy regularly to reflect changes in our practices, legal obligations, or technological advancements. Any material changes to this policy will be communicated to users promptly, and we will seek renewed consent where necessary. We encourage you to review this policy periodically to stay informed about how we protect your privacy.
16. Contact Us
If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us: security@echohealthhub.com
17. Acceptance of This Policy
By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. Your continued use of our services constitutes your acceptance of any updates to this policy.