SimpleClinic Online is a Software as a Service provider of practice management software for Naturopathic Practitioners and Complementary Health Care Providers in the Australia / New Zealand region. This document provides details on how we store, use, and collect the Personal Information and Sensitive Information about your patients. This document is for use by registered practitioners in formulating their own Privacy Policy to provide their patients. This document details our commitments to you our registered user in how we store, use and collect information you provide us.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of the Personal Information you provide us.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information you may provide us while using SimpleClinic include:
- patient details including: name, address, email address, phone numbers.
This Personal Information is obtained when you as a practitioner and registered user of our service enter the information into SimpleClinic through our platform. We also obtain personal information about your patient when the patient accesses public pages and provides personal information to us as part of an online booking, form submission, or invoice payment.
The Personal Information we collect from you is collected as part of us providing our services to you and is used purely in the provision of services to you. Personal Information you provide us about your patients is not used for our own marketing, or advertising purposes.
Personal Information collected when patients use public elements of our platform, such as online booking, form submission, or invoice payment, may be used for capacity planning purposes. The information used for this purpose is restricted to technical information and includes: the method of connection to the internet, device type, screen dimensions, operating system, and browser details. This information is anonymised and not linked directly to a patient record in SimpleClinic.
Sensitive Information
Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive Information you may provide us with while using the SimpleClinic platform include:
- patient health history information.
- your opinions, observations, and treatment programs for patients.
We may also obtain Sensitive Information about your patient when the patient accesses public pages and provides sensitive information to us as part of an online booking, form submission, or invoice payment.
The Sensitive Information provided by you, or your patients, is used only for the provision of our services to you as a registered user of SimpleClinic.
Third Parties
Personal Information and Sensitive Information stored within SimpleClinic is collected from you as a registered user of SimpleClinic on behalf of your patients, or provided directly to us by the patient when they access public elements of our platform such as online booking, form submission, or invoice payment.
We do not collect Personal Information or Sensitive Information about your patients from third parties other than what is provided directly by you, or your patients.
Disclosure of Personal Information and Sensitive Information
The Personal Information you store within SimpleClinic may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure including: payment gateway providers you have chosen to process payments through (Stripe & EziDebit), email service provides you have connected to your account (MailChimp, ActiveCampaign), financial and accounting providers (Xero), our upstream communications providers (Mailgun, Twilio, and FoneDynamics), external calendar providers you have chosen to integrate with (Cronofy, Google, Apple, Microsoft).
- As a registered user of SimpleClinic you control which services your patients Personal Information is disclosed to and which information is disclosed. You can control this through the SimpleClinic platform in your Business Setup, through your User Profile, and through the Integrations page.
- With your consent Personal Information and Sensitive Information you provide may be accessed by our support staff and contractors to assist in providing technical support and user support to you.
- In certain circumstances we may also be required by law to disclose the Personal Information you have provided to us.
Security of Personal Information and Sensitive Information
The Personal Information you provide while using SimpleClinic is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. We utilise a number of safeguards to protect Personal Information including:
- Username and password access to the SimpleClinic platform.
- Encryption of all Sensitive Information at rest using AES-256 bit encryption.
- Encryption of all Sensitive Information in transit using 256 bit SSL encryption.
- Encryption of all Personal Information in transit using 256 bit SSL encryption.
- Access logging and auditing of requests to access and modify Personal Information and Sensitive Information.
- Firewall and IP traffic monitoring for suspicious or malicious traffic.
When the Personal Information and Sensitive Information you provided us with is no longer needed for our provision of services to you, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information.
Access to your Personal Information and Sensitive Information
As a registered user you may access all the Personal Information and Sensitive Information you have provided us with for the provision of our services through the SimpleClinic platform.
Disposal of your Personal Information and Sensitive Information
When the Personal Information and Sensitive Information you provided us with is no longer needed for our provision of services to you, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information.
After termination of your services with SimpleClinic the Personal Information and Sensitive Information you have provided us is removed from our production environment within 90 days. Personal Information and Sensitive Information may still be stored in secured and encrypted backups until a full backup rotation has occurred. This may take up to 12 months after your account termination.
Policy Updates
This Policy may change from time to time and is available by emailing privacy@simpleclinic.net
Privacy Policy Complaints and Enquiries
If you have any queries or complaints about our Privacy Policy please contact us at:
SimpleClinic Online
65 Grand Plaza Drive
Browns Plains QLD 4118
info@simpleclinic.net
(07) 3040 0385