DirectMeds Privacy Policy
Privacy Protection Commitment
DirectMeds is committed to protecting your personal health information under the Australian Privacy Act 1988, Australian Health Records and Information Privacy Act, and international medical privacy standards including HIPAA-equivalent protections.
Health Information Collection
We collect personal health information including medical history, current symptoms, medication details, consultation records, prescription information, payment data, and communication records for the purpose of providing comprehensive telehealth services.
Data Protection and Security
Patient data is encrypted using AES-256 encryption, stored on secure Australian servers, protected by multi-factor authentication, regularly backed up with disaster recovery protocols, and monitored with 24/7 security systems to prevent unauthorized access.
Information Sharing and Disclosure
Patient information is only shared with licensed practitioners for consultation purposes, pharmacy partners for prescription fulfillment, payment processors for billing, and healthcare authorities when legally required. No marketing or commercial sharing occurs without explicit consent.
Patient Privacy Rights
Patients have the right to access their medical records, request information corrections, receive copies of consultations, delete account data, withdraw consent, and file privacy complaints with the Office of the Australian Information Commissioner (OAIC).
Data Retention and Deletion
Medical records are retained for 7 years as required by Australian medical record-keeping standards. Payment information is retained for accounting purposes. Personal data can be deleted upon request except where legal retention requirements apply.
Data Breach Procedures
In the event of a data breach, affected patients are notified within 72 hours, the OAIC is informed as required, remediation steps are immediately implemented, and additional security measures are deployed to prevent future incidents.
