Privacy Policy

The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). The APPs regulate the collection, use and disclosure of personal information, and also allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7) and cross-border disclosure of personal information (APP 8). Further information regarding the APPs are set out on the Australian Government website www.oaic.gov.au.

There are 13 Australian Privacy Principles and they govern standards, rights and obligations around:

  • the collection, use and disclosure of personal information
  • an organisation or agency’s governance and accountability
  • integrity and correction of personal information
  • the rights of individuals to access their personal information

The Australian Privacy Principles are principles-based law. This gives an organisation or agency flexibility to tailor their personal information handling practices to their business models and the diverse needs of individuals. They are also technology neutral, which allows them to adapt to changing technologies.

Similar to the Australian privacy principles, New Zealand law lays out 12 information privacy principles (NZ IPPs) for the proper handling of personal information of Kiwi citizens, and these principles can be found at http://privacy.org.nz/information-privacy-principles . The Act and 12 IPPs presume that trans- border data flows are permissible provided the IPPs are preserved, which are the case with IDXt.

As is the case with Australian privacy laws, IDXt’s handling of personal information under its Privacy Policy is perfectly aligned with the 12 NZ IPPs, including those directing that personal information be collected for lawful purposes (e.g., for processing customer service issues), that data should be collected directly from individuals (e.g., end users using the IDXt platform), that notice of collection of data and purpose of the data collection is provided, that data be collected in a legal manner, or that individuals have right to access and correct their data.

Data Protection

Data protective teleradiology requires medical secrecy ensuring the patients’ right of information and transparency, correction of false and the up-to-date deletion of information that is no longer necessary, as well as secure data processing. All IDXt electronic processing of patients’ data meets the requirements of data security, i.e. the confidentiality, the integrity, the availability of the data at any time and the verifiability of the data processing is ensured at all times. For this, electronic signatures and security encodings are used, medical information systems are protected effectively against any risks resulting from open networks, particularly the Internet, and data processing is constantly monitored. Electronic patient files may only be opened by the treating physician and the medical assistants up to extent necessary. Any access beyond that requires the special consent of the patient and is prohibited without consent. All patient data is routinely purged when no longer required to provide a teleradiology consultation.