Privacy Policy

This Privacy Policy explains how Clarirad Pty Ltd ("Clarirad," "we," "us," or "our") collects, uses, discloses, and protects information, including Patient Health Information (PHI), when you use our radiology information system (RIS) platform and related services.

Patient Health Information (PHI) Collection

Our platform processes Patient Health Information on behalf of healthcare providers. This includes:

• Patient demographics (name, date of birth, contact information)
• Medical record numbers and patient identifiers
• Medical history and clinical notes
• Radiology reports and imaging study information
• Referring physician information

Healthcare providers remain the data controllers for PHI. Clarirad acts as a data processor, processing PHI only as directed by healthcare providers and in accordance with applicable healthcare privacy regulations.

Data Encryption

We implement comprehensive encryption to protect all data:

• At-Rest Encryption: All data stored in our systems is encrypted using AES-256 encryption
• In-Transit Encryption: All data transmitted between systems is encrypted using TLS 1.3
• Key Management: Encryption keys are managed through secure key management systems with regular rotation

Data Storage and Retention

Data is stored in secure, geographically distributed data centers with redundancy and disaster recovery capabilities.

Retention periods are determined by healthcare providers in accordance with applicable regulations and contractual requirements. We retain data only as long as necessary to provide our services and comply with legal obligations.

Access Controls

We implement strict access controls to protect data:

• Role-Based Access Control (RBAC): Users can only access data necessary for their role
• Multi-Factor Authentication: Required for all user accounts
• Audit Logging: All access to PHI is logged and monitored
• Regular Access Reviews: Periodic reviews of user access rights

Patient Rights

Patients have rights regarding their health information, which are exercised through their healthcare provider:

• Right to access their health information
• Right to request corrections to their records
• Right to receive an accounting of disclosures
• Right to request restrictions on certain uses

Healthcare providers should direct patients to contact them directly for any requests regarding their health information.

Third-Party Sharing

We may share information with third parties only in the following circumstances:

• With service providers who assist in operating our platform (under strict contractual protections)
• When required by law or legal process
• To protect the health or safety of individuals in emergency situations
• With patient consent as directed by healthcare providers

Breach Notification

In the event of a data breach affecting PHI, we will:

• Notify affected healthcare providers promptly
• Assist with breach investigation and response
• Support compliance with breach notification requirements
• Implement remediation measures to prevent future breaches

Compliance

Our privacy practices comply with applicable healthcare privacy regulations including:

• Australian Privacy Principles (APP) under the Privacy Act 1988
• New Zealand Privacy Act 2020
• Health Records Acts in applicable Australian states and territories

Information We Collect (Non-Patient Data)

For users of our platform (healthcare staff, administrators), we collect:

• Account information (name, email, role)
• Usage data (login times, features used)
• Device and browser information
• Communications with our support team

How We Use Your Information

We use non-patient information to:

• Provide and improve our services
• Provide customer support
• Communicate about service updates and changes
• Ensure platform security and prevent fraud
• Comply with legal obligations

Contact Us

For privacy-related inquiries, please contact our Privacy Officer:

Email: [email protected]