Data security

HealthEngine is serious about maintaining the confidentiality, integrity and availability of data.

We prevent the compromise of personal information of both our users and staff by implementing business-tailored, industry-standard security controls and following best practice security advice. We maximise security by minimising the amount of data transmitted between our servers and your PMS. Data is always transmitted securely over an encrypted channel (TLS encryption in transit), with sensitive data always encrypted at rest, within the database.

HealthEngine websites and mobile application are subject to penetration testing and regular security reviews, adhering to stringent Australian Digital Health Agency operating standards and our software packages are digitally signed to prevent tampering.

HealthEngine Practice FAQ

How does HealthEngine interact with our practice management software?

The HealthEngine appointment connector, which is deployed alongside your PMS, facilitates the exchange of information between you and HealthEngine, and complies with HealthEngine’s obligations owed under the Privacy Act and as an Australian Privacy Principle entity, and adheres to ADHA operating standards.

How do you ensure data is transferred securely?

HealthEngine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and is committed to ensuring compliance with those requirements.

HealthEngine minimises the amount of data transmitted between our servers and your practice management software (PMS). Data is always transmitted using Transport Level Security (TLS) standards on an as-needed basis. Sensitive data is encrypted at rest, within the database.

Are you collecting data from the PMS regarding non-HealthEngine registered patients?

HealthEngine will only access personal information of non-registered individuals where it has been directed to by the practice customer. In these circumstances, HealthEngine is effectively acting as a messaging gateway. The information enabling the communication to be sent on behalf of the practice customer remains at all times under the effective control of the practice customer. Accordingly, there is no “disclosure” of personal information by the practice customer to HealthEngine.

How does HealthEngine store my patients' data?

HealthEngine takes its responsibility for handling personal information seriously, and we have put measures in place to maintain the integrity of personal information and provide full transparency on our conduct. HealthEngine is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth), and is committed to ensuring compliance with those requirements.

When providing its services, HealthEngine minimises the amount of data transmitted between our servers and your practice management software (PMS). Data is always transmitted using Transport Level Security on an as-needed basis. Sensitive data is encrypted at rest, within the database.

How does HealthEngine use patient data?

We use the patients’ personal information for the primary purpose for which it was collected, to provide the services the patient elected to receive.

We may also use the patients personal information for secondary purposes, such as where:

The patient has provided express consent for us to do so.

It might reasonably expected for us to do so, for example, auditing or using de-identified and aggregated personal information to identify insights into the Australian health care sector.

It is required by law or court order.

Does HealthEngine sell my patients' data to third parties?

HealthEngine does not sell user databases to third parties, refer to “How does HealthEngine use patient data” for more information

How safe is my patients' data from a breach?

HealthEngine prevents the compromise of personal information of both our users and staff by implementing business-tailored, industry-standard security controls and following best practice security advice. We also maximise security by minimising the amount of data transmitted between our servers and your PMS.

Data is always transmitted securely over an encrypted channel (TLS encryption in transit), with sensitive data always encrypted at rest, within the database. We conduct regular penetration testing and security reviews and adhere to Australian Digital Health Agency operating standards.

If you have any questions or concerns whatsoever, please don’t hesitate to get in touch. Our team is ready and waiting to address any queries you may have.