Whether your clinic is located in Australia or elsewhere, if you serve Australian residents, you must comply with the Australian Privacy Principles (APPs). As Finger-Ink has customers that reside in Australia, we also must (and do) comply with the APPs.
We've listed out the principles below, a short description of each, and details on how Finger-Ink complies, and helps your clinic to comply.
APP 1: Open and transparent management of personal information
Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.
Our data collection and management practices are detailed in our Privacy Policy, and in simpler terms in the Your Data in Finger-Ink article.
You can use Finger-Ink Forms to request that patients consent to your Privacy Policy, which updates the patient record.
APP 2: Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym.
Finger-Ink respects the choice of your patients to remain anonymous or use pseudonyms when filling out Forms.
You have the option to use Cliniko anonymously or under a pseudonym if you choose — which is then brought across to Finger-Ink.
APP 3: Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.
We collect essential information from clinics during the signup process and as part of ongoing service delivery. This includes details such as your clinic's name, practitioner details, and contact information to ensure effective account management and communication.
We also capture patient data on your behalf as dictated by your Forms. It is up to you to ensure that voluntary and informed explicit consent is given before collection.
APP 4: Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.
We only collect personal information directly relevant to the services we provide. In instances where unsolicited personal information is received, our protocol is to determine whether it could have been legitimately collected under APP 3. If it could not have been, we promptly remove this information.
We may indirectly collect unsolicited personal information when someone uses a Finger-Ink Form to store information about a particular patient — in the instance that the patient themselves is not filling out the Form. This can include sensitive health records.
All your data and that of your patients' is stored encrypted at rest, through our HIPAA-compliant host.
We also collect information related to your and your patients' devices, browsers & hardware used to access Finger-Ink.
Please see our Privacy Policy for more details on how unsolicited personal information is handled.
APP 5: Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must tell an individual about certain matters.
We'll notify you of any changes we make to our Privacy Policy, Terms of Service, contact details, or anything else related to how we collect and use personal information.
APP 6: Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
Finger-Ink is committed to using personal information solely for the purposes for which it was initially collected.
Any use or disclosure of personal information beyond the original scope is conducted only with your consent or as required by law.
APP 7: Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
We engage in direct marketing to an extent, primarily by informing existing customers about new features and updates. This is an essential part of keeping our users informed and enhancing their experience with our services.
We ensure that all direct marketing efforts, such as feature announcements, are conducted with the consent of the recipients. You have the option to opt-out of these communications at any time by clicking the unsubscribe link in the bottom of the email.
If you need help withdrawing your consent, please email our support team.
APP 8: Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
Finger-Ink collaborates with international sub-processors in order to provide our services. These partners are located in the USA, Switzerland, and the UK.
We take steps to ensure these international partners comply with the APPs, safeguarding the personal information they process.
Your clinic's data is only disclosed to these sub-processors when necessary for the services they provide, and with strict privacy safeguards in place.
APP 9: Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
While Finger-Ink enables the collection of government-related identifiers, such as Medicare numbers, in our Forms, we do not adopt them as our own identifiers.
Should we inadvertently receive any government-related identifiers outside of these contexts, they will be deleted.
APP 10: Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
Clinics have the ability to review and update their information within our system. If you need assistance with this, please email our support team.
In cases where patient information is involved, as the ultimate destination for patient data is in Cliniko, the data may be modified there and you may delete it from Finger-Ink.
APP 11: Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
Finger-Ink is committed to safeguarding the personal information of clinics and their patients against misuse, loss, unauthorized access, modification, or disclosure.
We employ robust security measures, including encryption and secure server practices, ensuring the confidentiality and integrity of the data we manage.
Additionally, clinics are empowered to manage their patient data responsibly within Finger-Ink. This includes the removal of patient data, such as by deleting Form Responses, when necessary.
APP 12: Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
If you'd like any of the personal information we have on file for you, email us and we'll get you what you need.
If one of your patients needs their information, you can export this from Cliniko.
APP 13: Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.
If you need to correct any of the personal information we have on file for you, email us and we'll sort it for you.
For patient data, since the primary records are maintained in Cliniko, corrections should be made directly there.
If you'd like your data erased completely, you can email us and we'll get it done.
You can also email us to withdraw your consent to process your information, and we'll get this sorted for you.
If you have any questions about this or anything else, please don't hesitate to reach out.