Skip to main contentSkip to navigation
DragatronDragatron

Privacy Policy

Last updated: 27 November 2024

Privacy Compliance

Dragatron is committed to protecting the privacy of healthcare professionals, patients, and all users of our Service. We collect, store, and process personal and health information in accordance with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy details how we handle personal information, including collection, use, disclosure, storage, and your rights regarding your information. You must comply with all applicable privacy laws when using our Service to collect, process, or store personal or health information.

Healthcare Data Requirements

If you are a healthcare provider using our Service:

  • You must ensure compliance with all relevant healthcare laws and regulations
  • This includes the Healthcare Identifiers Act 2010 and applicable state/territory health records legislation
  • You are responsible for obtaining necessary patient consents
  • You must maintain appropriate clinical documentation standards
  • Ensure your use complies with professional confidentiality duties

Data Security Measures

We implement industry-standard security measures to protect data stored in the Service:

  • Encryption: All network communications use HTTPS/TLS encryption
  • Access Controls: Restricted access to authorized personnel only
  • Security Testing: Regular vulnerability scans and penetration testing
  • Data Backups: Routine encrypted backups with disaster recovery plans
  • Secure Hosting: Cloud environment with robust physical security and monitoring
  • Staff Training: Privacy and security training for all personnel

However, no method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Retention and Deletion

We retain data in accordance with legal requirements and our data retention policies:

  • Healthcare providers must ensure our retention periods meet their obligations under health records legislation
  • Upon termination of subscription, data retained for reasonable period to allow reactivation or export
  • Data may be deleted after retention period in accordance with our policies
  • Some minimal information retained for compliance, auditing, or legal archival as required by law
  • Even after termination, retained data remains protected under our privacy and security policies

Third-Party Integrations

Our Service may integrate with various third-party systems including:

  • Medicare: For patient verification, claims processing, and eligibility checks
  • My Health Record: To retrieve or upload patient health information (with consent)
  • Pharmacy Networks: For electronic prescriptions and dispensing data
  • Other Digital Health Services: Pathology, radiology, and health insurance systems

When data is exchanged with third-party systems, we do so only with appropriate consent and authorization. Both our Privacy Policy and the third-party's policies may apply to integrated services.

Notifiable Data Breaches

Dragatron complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth):

  • In the event of a data breach likely to result in serious harm, we will assess and contain the situation
  • We will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required
  • Notifications will occur as soon as practicable after initial assessment
  • We maintain a breach response plan with defined roles and responsibilities
  • Users must notify us promptly of any suspected security incidents on their side

Your Rights and Choices

Under Australian privacy law and international standards, you have the right to:

  • Access and review your personal information
  • Request correction of inaccurate data
  • Request deletion of your data (where legally permissible)
  • Object to certain data processing activities
  • Data portability - receive your data in a standard format
  • Withdraw consent for non-essential processing

User Security Responsibilities

As a user, you share responsibility for keeping data safe:

  • Keep account credentials confidential and secure
  • Use strong, unique passwords and enable two-factor authentication
  • Only access data you are authorized to view
  • Maintain security of devices used to access the Service
  • Log out when not in use, especially on shared computers
  • Report suspected security incidents immediately

Privacy Inquiries

For privacy inquiries, requests to access or correct your information, or to report privacy concerns, contact our Privacy Officer at privacy@dragatron.com.au or call 0406 213 088 during business hours.