Updated 30 May 2024

MediRecords Pty Limited (“MediRecords,” “we,” “us,” “our”) is an Australian health technology company with offices in Sydney, Melbourne, and Brisbane and is a wholly owned subsidiary of AsteRx Pty Ltd.

MediRecords is a leading innovator in health practice management technology and has developed a world-class clinical and practice management solution (“CPMS”) used in private, corporate, and government settings by general practitioners (“GPs”), medical specialists, and allied health professionals. The CPMS product suite also includes a patient mobile app and appointment booking system. The MediRecords platform is highly connected to the Australian health ecosystem, supporting integrations with numerous Australian entities to enable seamless healthcare service delivery.

Information privacy is a core component of MediRecords’ business activities. We are committed to handling personal information responsibly and in compliance with the thirteen Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Privacy Act”). Additionally, we aim to comply with the General Data Protection Regulation (GDPR) of the European Union and relevant privacy laws in the United States, including the Health Insurance Portability and Accountability Act (HIPAA).

This Privacy Policy explains how MediRecords collects, uses, discloses, and protects personal information. Our Privacy Policy is reviewed annually and updated as needed to reflect new products and services, privacy legislation, and technology. We encourage you to review our policy from time to time.

If you have any questions or concerns about this Privacy Policy or our collection and handling of personal information, you may contact our Privacy Officer:

Phone: 1300 103 903
Email: support@medirecords.com (Attention: Privacy Officer)
Address: Privacy Officer, MediRecords Pty Limited, Level 5, 1 Elizabeth Plaza, North Sydney NSW 2060

1. Open and Transparent Management of Personal Information

MediRecords has implemented a privacy management framework, which includes the MediRecords Privacy Policy and associated policies, practices, and procedures. This framework, informed by Privacy by Design principles, helps us manage the collection and handling of personal information, including sensitive and health information as defined by the Privacy Act.

2. Collection of Personal Information

You are required to provide personal information necessary for us to provide contracted services. If you do not provide this information, we may not be able to offer you access to our products or services.

We collect personal information for various purposes, including:

  • Personal details such as your name, title, and gender
  • Contact details such as your address, email address, and phone numbers
  • Employee contact information to facilitate user access to MediRecords products or services
  • Personal details related to support calls, inquiries, and complaints
  • Usage details and feedback about your use of our products and services
  • Online details such as your use of our website

2.1 Privacy Collection Notices

MediRecords collects personal information directly from customers and users of our patient mobile app through various methods, including forms, website interactions, surveys, emails, phone calls, and in person. We may also collect patient data from customers to enable the use of our products and services. In limited cases, we may obtain personal information from third parties.

We provide Privacy Collection Notices detailing the purpose(s) of collection, the consequences if information is not provided, and any usual disclosures to third parties, including overseas disclosures.

3. Use and Disclosure of Personal Information

MediRecords uses and discloses personal information for the primary purpose of collection or a permitted secondary purpose, including purposes to which you have consented. Our Privacy Collection Notices may provide more specific information about the use and disclosure of your personal information.

4. Direct Marketing

When MediRecords undertakes direct marketing, we let you know. If you do not wish to receive direct marketing communications from us, you can opt-out via the link provided in our marketing emails or by contacting us directly.

5. Cross-border Disclosure

MediRecords stores data in highly secure Australian data centres, ensuring personal information remains in Australia. Occasionally, customer data may be disclosed to our contracted software developer in Indonesia and the Philippines for development and technical support purposes. MediRecords ensures these disclosures comply with the APPs, GDPR, and HIPAA.

6. Security and Retention of Data

MediRecords is committed to best practice information security. We store data in secure data centres in Australia and maintain administrative, physical, and technical safeguards to protect personal and health information. Personal and health information is encrypted in transit and at rest. We monitor our security posture regularly and have policies in place for handling potential privacy incidents.

7. Information Collected through Technology

MediRecords uses cookies, web beacons, and other technologies to improve your experience on our website and services. These technologies help us understand website usage and engagement. You can disable cookies in your web browser, but this may affect usability. We use third-party services like Google Analytics and Google AdWords, which may transfer information outside of Australia, the EU, and the USA.

8. Quality of Data, Access, Correction and Complaints

Our products and services allow customers and individuals to access and correct their information to ensure it remains accurate. You may request access to, or correction of your personal information held by MediRecords by contacting us. We aim to respond to such requests within 30 days.

If you have complaints about our handling of your personal information, you may contact us using the provided details. If you are dissatisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) or the relevant data protection authority in the EU or the USA.

9. MediRecords Privacy Contact Information

Phone:            1300 103 903

Email:              support@medirecords.com (attention Privacy Officer)

Address:          Privacy Officer

                          MediRecords Pty Limited

                          Level 5, 1 Elizabeth Plaza

                          North Sydney NSW 2060