Health information is sensitive information under Australian law. MedExtract is built from the ground up for Privacy Act 1988 compliance, Australian data sovereignty, and defensible handling of medical records.
Every design decision in our pipeline — from infrastructure to model selection to output delivery — is made with Australian privacy obligations in mind.
All medical records are processed and stored within Australian infrastructure. No health information leaves Australia at any point during processing, storage, or delivery. This meets the cross-border disclosure requirements of APP 8.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Access controls enforce least-privilege principles. Audit logs track every access event.
Client medical records are never used to train, fine-tune, or improve AI models. Records are processed solely for producing requested outputs, consistent with APP 6 primary purpose limitations.
Every output is verified by a qualified human reviewer before delivery. AI performs extraction; humans ensure accuracy. No raw AI output reaches your desk.
Confidence scores per extraction, source page citations, model provenance logs, and reviewer sign-off. Every output can be traced back through the complete processing chain.
Records are retained only for the period required to deliver outputs and fulfil contractual obligations. Secure deletion on request or at the end of the retention period, in accordance with APP 11.2.
The Privacy Act 1988 contains 13 Australian Privacy Principles. These are the ones most relevant to AI processing of health information, and how MedExtract addresses each.
| Principle | Requirement | How MedExtract Complies |
|---|---|---|
| APP 1 | Open and transparent management of personal information | Privacy policy publicly available. Data processing agreement provided to all clients. This page documents our practices. |
| APP 6 | Use or disclosure only for primary purpose of collection | Records are processed solely to produce requested outputs (chronologies, summaries, de-identification, audit reports). No secondary use. No model training on client data. |
| APP 8 | Cross-border disclosure of personal information | Not applicable — all processing and storage occurs within Australia. No data leaves Australian infrastructure. |
| APP 11 | Security of personal information | AES-256 encryption at rest, TLS 1.3 in transit. Least-privilege access controls. Audit logging on all access events. Secure deletion at end of retention period. |
| APP 12 | Access to personal information | Clients can request access to any information held about their cases. Access requests fulfilled within 30 days. |
| APP 13 | Correction of personal information | Clients can request correction of any information. Human review layer ensures errors are caught before delivery; corrections handled promptly post-delivery. |
Health information in Australia is also subject to state and territory legislation. MedExtract's handling practices are designed to comply with the most stringent requirements across all jurisdictions — whether processing workers' compensation or personal injury records.
Health Privacy Principles (HPPs) governing collection, use, and security of health information by Victorian organisations and health service providers.
Health Privacy Principles for NSW public and private sector health organisations. Additional protections for health information beyond the federal APPs.
Privacy principles specific to health records in the Australian Capital Territory, with specific access and correction provisions.
Duty of confidentiality owed by health practitioners, legal professional privilege, and client confidentiality obligations all apply to records handled by MedExtract.
Our de-identification process follows the OAIC's De-identification Decision-Making Framework, the authoritative guidance for Australian organisations handling health data.
Names, dates of birth, addresses, Medicare numbers, phone numbers, email addresses, and other direct identifiers are detected and removed or replaced with tokens.
Rare conditions, unusual treatment combinations, specific workplace details, and other quasi-identifiers are assessed for re-identification risk and generalised where necessary.
De-identified outputs are evaluated against re-identification risk thresholds. The "motivated intruder" test from the OAIC framework is applied to assess whether a determined person with access to public data could re-identify the individual.
A qualified reviewer checks all de-identified outputs before delivery. Automated de-identification is effective but not infallible — the human layer catches edge cases.
The Privacy Act Review's first tranche of amendments passed in December 2024. Here's what's relevant for organisations using AI to process health information.
Increased requirements to be transparent about the use of automated processing involving personal information. MedExtract's audit trail and provenance logging provide full visibility into how records are processed.
Individuals can now pursue legal action for serious invasions of privacy. This raises the stakes for any organisation handling health data — proper controls and compliance are no longer just best practice, they're risk mitigation.
The OAIC has been given expanded powers to investigate and enforce privacy obligations. Organisations processing health information at scale should expect increased regulatory scrutiny of their data handling practices.
We understand that using an AI tool for health information requires internal approval. Here's what we provide to make that process straightforward.
Written agreement covering data handling, security standards, retention periods, deletion procedures, breach notification obligations, and permitted uses. Available before the pilot begins.
Technical documentation covering encryption standards, access controls, infrastructure architecture, and incident response procedures. Available on request for your IT and compliance review.
Every delivery includes an audit report showing how each extraction was produced — model used, confidence score, source citation, reviewer sign-off. Defensible chain of evidence.
We're happy to speak directly with your privacy officer or compliance team to address specific questions about how MedExtract fits within your organisation's data governance framework.
Book a call to discuss how MedExtract handles your specific privacy and data sovereignty requirements.
Book a Call