Atidia Privacy Policy

Augment Health Solutions Pty Ltd (trading as Atidia) operates secure, internet-based health communication software platforms and related services, developed by doctors for use by patients, hospitals, doctors, nurses and administrative staff. Our products are utilized by healthcare institutions and providers to deliver health services, advice and communications to optimize patient care.

We understand and respect the importance of the doctor-patient relationship and the significance of keeping your personal information, particularly your health information, private, secure and confidential.

This privacy policy outlines how Augment Health Solutions Pty Ltd ABN 19 635 412 467 and its related bodies corporate and associates (we, us or our) collects, holds, uses and discloses personal information as required by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act), including the reforms enacted through the Privacy and Other Legislation Amendment Act 2024 (Cth).

1. Kinds of Personal Information We Collect

1.1 Personal Information About Patients and Caregivers

Personal information identifies you as an individual, whether you are a user, patient, health professional, customer, potential customer, contractor, or other person who comes into contact with us. Personal information is defined as any information or opinion about you where your identity is apparent or can reasonably be ascertained.

The kinds of personal information we may collect and hold include your name, address, phone numbers, email address, date of birth, and health information.

Health information is all identifying personal information collected to provide a health service. Under the APPs, health information is classified as sensitive information; and receives the highest level of privacy protection.

We also collect information about how you use our products and services, including which pages you visit and how you interact with our platforms.

1.2 Personal Information About Healthcare Providers

If you are a physician, healthcare provider, medical provider (provider), or an individual authorised by a provider or healthcare institution to access and use our services (designee), we collect your name, specialty, email address, phone number, and professional credentials. We do not collect health information about providers or designees.

2. How We Collect Personal Information

We generally collect personal information about you directly through:

  • Integration with hospital system
  • Health questionnaires forms that you submit to us (electronically)

We may also collect information from your referring physician and other specialists as required to ensure a complete picture of your medical history.

If you are a patient, we will only collect your health information after you (or your healthcare provider or designee) have been registered to use our services and have provided consent. For patients under 18 years of age, consent is obtained from a parent or legal guardian through our health questionnaire process.

3. How We Use Personal Information

We will only use personal information for the following purposes, unless otherwise required or permitted by law:

  • To allow your healthcare professionals and designees to communicate with you about your care
  • To enable your healthcare professionals to provide health advice and treatment
  • To allow designees to provide information and advice regarding your treatment plan
  • To enable you to share health information with other authorized Atidia users
  • To send correspondence to your referring practitioner, nominated practitioners, specialists, and healthcare practitioners involved in your care (consistent with accepted health industry practice)
  • For internal management and business purposes, including data analysis, audits, and developing new products and services
  • To comply with legal and regulatory obligations
  • For other purposes reasonably necessary in connection with our normal functions and activities

If we are unable to collect personal information relating to you, we may be unable to provide our services or continue our relationship with you.

4. Disclosure of Personal Information

We may disclose personal information to the following entities for the purposes mentioned above:

  • Your healthcare professionals and their designees
  • Hospitals and healthcare institutions you are receiving care from
  • Our contractors, consultants, and advisors
  • Our related entities and associates
  • Third-party service providers who assist us in operating our platforms, including cloud hosting providers (AWS), communication service providers for SMS and email delivery, and providers who assist with analytics and development operations
  • Any industry body, tribunal, court, or government authority as required by law or in connection with any complaint
  • Other entities with your consent or as permitted or required by law

All personal information is stored and processed within Australia. We do not transfer personal information overseas. All of our third-party service providers that hold personal information maintain Australian data centers or store data within Australia in accordance with our data residency requirements.

5. How We Hold and Protect Personal Information

We hold personal information in electronic form using secure, high-durability storage systems hosted within Australia.

We have implemented technical and organizational measures to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. These measures include:

  • Encryption of data in transit and at rest
  • Role-based access controls and authentication systems
  • Regular security audits and monitoring
  • Secure coding practices and code review processes
  • Regular data backups and disaster recovery procedures
  • Staff training on privacy and security obligations

Our security measures meet or exceed Australian standards and industry best practices for healthcare data protection.

6. Data Retention and De-identification

We retain personal information only as long as necessary to fulfill the purposes for which it was collected.

For patient health information, we:

  • Retain identifiable data while there is an ongoing need to support continuity of care or fulfill obligations to healthcare institutions
  • De-identify information when it is no longer needed in identifiable form
  • Use de-identified data for quality improvement, research, and product development

De-identification involves removing all information that could identify you as an individual, including your name, date of birth, contact details, and Medicare number. De-identified information cannot be used to identify you and is not considered personal information under privacy law.

We will delete identifiable information earlier if:

  • You or the healthcare institution requests deletion
  • We determine there is no ongoing need to retain it

You may request deletion of your identifiable information at any time by contacting our Privacy Officer.

7. Data Breach Notification

We maintain a comprehensive Data Breach Response Policy in accordance with the Notifiable Data Breaches scheme under the Privacy Act.

In the event of an eligible data breach that is likely to result in serious harm, we will:

  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC)
  • Provide information about the breach, the kinds of information involved, and steps you can take to mitigate potential harm
  • Take immediate action to contain and remediate the breach

We conduct regular security assessments and maintain incident response procedures to prevent, detect, and respond to data breaches.

8. Access to and Correction of Personal Information

You have the right to access and request correction of personal information we hold about you. To request access or correction, please contact us using the details below.

When you request access, we will:

  • Verify your identity
  • Provide the requested information as soon as reasonably practicable
  • Provide information in a format you have requested, where reasonable and practicable

There may be occasions when access is denied, such as where disclosure would have an unreasonable impact on the privacy of others, or where access is prohibited by law. If we deny access, we will provide you with written reasons for the denial.

If you believe any personal information we hold about you is inaccurate, incomplete, or out of date, please contact us and we will take reasonable steps to correct it.

9. SMS and Electronic Communications

When your healthcare provider uses our services, you may receive SMS messages or electronic communications from us. These communications may include:

  • Requests for health information via questionnaires
  • Reminders regarding your medical treatment
  • Advice and follow-up regarding your care

By providing your mobile number to your healthcare provider or to us, you consent to receiving these healthcare-related communications.

Opt-out: You can opt out of SMS communications at any time by replying STOP to any message. Please note that opting out may impact your healthcare provider's ability to communicate important information about your care.

10. Children's Privacy

We may collect and process personal information about patients under 18 years of age in connection with surgical care and related health services.

For patients under 18:

  • Consent for collection and use of personal information is obtained from a parent or legal guardian
  • Healthcare institutions have obtained necessary consents before we collect any information
  • Health questionnaires are completed by parents or legal guardians
  • All children's data is subject to the same high security standards as adult patient data

We comply with the Australian Privacy Principles regarding the collection and handling of children's personal information and will comply with the Children's Online Privacy Code when it comes into effect.

11. Your Privacy Rights

Under Australian privacy law, you have the following rights regarding your personal information:

  • Right to access: Request access to personal information we hold about you
  • Right to correction: Request correction of inaccurate or incomplete information
  • Right to complain: Lodge a complaint if you believe we have breached your privacy
  • Right to withdraw consent: Withdraw consent for specific uses of your information (where consent is the legal basis)

To exercise any of these rights, please contact our Privacy Officer using the details below.

12. Privacy Complaints

If you believe we have breached the Australian Privacy Principles, the Privacy Act, or any related privacy code in our handling of your personal information, you may make a complaint by writing to us using the contact details below.

When you make a complaint, we will:

  • Acknowledge receipt of your complaint within 5 business days
  • Investigate the matter thoroughly
  • Provide you with a response within 30 days (or notify you if more time is required)
  • Explain our findings and any steps we will take to address the issue

If you are not satisfied with our response to your complaint, you may make a complaint to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

13. Changes to This Privacy Policy

We may review and update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, and business operations. The current version will always be available on our website at atidia.health/privacy-policy. We encourage you to review this policy periodically. Material changes will be notified to active users via email or through our platform.

14. Contact Us

For all privacy-related inquiries, complaints, or requests to access or correct your personal information, please contact:

Privacy Officer
Augment Health Solutions Pty Ltd
info@atidia.health

This privacy policy was updated in February 2025 to comply with the Privacy and Other Legislation Amendment Act 2024 (Cth) and reflects our ongoing commitment to protecting your personal information in accordance with Australian privacy law.