practiceprosolutions.com.au

Get In Touch

Privacy Policy

Privacy & Data Handling Policy

Version:* 1.1
Effective Date:* April 2026
Review Date:* April 2027

 1. Introduction

PracticeProSolutions Pty Ltd (“PracticeProSolutions”, “we”, “us”, or “our”) is an Australian healthcare technology company that develops software solutions for medical practices and allied health providers.

Our platform provides administrative tools, patient engagement capabilities, analytics, and AI-assisted workflow support while preserving Best Practice Software’s Bp Premier as the authoritative clinical record.

Our platform may include:

  • Administrative management and workflow tools;
  • Appointment and patient booking functionality;
  • Patient portal capabilities;
  • Reporting and analytics features;
  • AI-assisted administrative support tools.

Important Architecture Principle

The AI assistance layer operates outside Bp Premier and does not directly access, query, modify, or connect to Bp Premier, My Health Record, or any primary medical record system.

Bp Premier remains the sole authoritative source of clinical information.

 

2. Legislative and Regulatory Framework

PracticeProSolutions is committed to complying with applicable Australian laws and regulatory frameworks, including:

  • Privacy Act 1988 (Cth);
  • Australian Privacy Principles (APPs);
  • Notifiable Data Breaches (NDB) Scheme;
  • My Health Records Act 2012 (Cth);
  • Health Records and Information Privacy Act 2002 (NSW);
  • Best Practice Software Partner Network requirements;
  • Australian Digital Health Agency requirements;
    Security of Critical
  • Infrastructure Act 2018 (Cth), where applicable.

 

3. Data Architecture and System Boundaries

Our platform is designed with strict system boundaries to preserve the integrity of Bp Premier as the primary medical record.

Zone 1 — Bp Premier

  • Clinical records remain within Bp Premier.
  • Access occurs through approved Halo Connect API endpoints only.
  • No direct database access is performed.
  • AI systems have no direct access to Bp Premier.

Zone 2 — PracticeProSolutions Platform

The application layer may provide:

  • Administrative workflow tools;
  • Appointment booking functionality;
  • Patient portals;
  • Reporting and analytics capabilities.

Data within this layer is encrypted both in transit and at rest.

Zone 3 — AI Assistance Layer

AI tools:

  • Operate only on de-identified or pseudonymised information where possible;
  • Have no direct connection to Bp Premier;
  • Produce advisory outputs only;
  • Never modify medical records.

 

4. Collection of Personal Information

We may collect:

Patient Information

  • Name;
  • Date of birth;
  • Contact information;
  • Medicare information;
  • Appointment information;
  • Health information where authorised;
  • Pre-consultation responses;
  • Prescription and referral information.

Practitioner and Staff Information

  • Identity information;
  • Professional registration details;
  • Employment information;
  • Access credentials.

 

5. Use and Disclosure of Information

Information is used only for legitimate purposes including:

  • Delivering healthcare-related services;
  • Appointment management;
  • Patient portal access;
  • Practice administration;
  • Regulatory compliance;
  • Quality improvement activities.

Information is disclosed only where:

  • Required for treatment;
  • Required by law;
  • Necessary for approved integrations;
  • Authorised by the individual concerned.

6. Data Security

PracticeProSolutions implements technical and organisational safeguards including:

  • TLS 1.3 encryption;
  • AES-256 encryption at rest;
  • Multi-factor authentication;
  • Role-based access controls;
  • Audit logging;
  • OAuth 2.0 API security;
  • Regular vulnerability management;
  • Data minimisation practices.

 

7. Data Retention

Information is retained only as long as required by law or legitimate business purposes.

Following expiry of applicable retention periods, information is securely destroyed or de-identified.

 

8. Individual Rights

Individuals may:

  • Request access to their information;
  • Request corrections;
  • Make privacy complaints;
  • Request restrictions on certain AI processing activities where applicable.

 

9. Data Breach Response

PracticeProSolutions maintains a formal Data Breach Response Plan.

Where required under Australian law, affected individuals and regulators will be notified of eligible data breaches.

10. AI Governance

Our AI principles include:

  • Isolation from primary medical records;
  • Data minimisation;
  • Transparency;
  • Human oversight;
  • Auditability;
  • Provider due diligence;
  • Protection of sensitive information.

AI outputs are advisory only and do not automatically modify clinical records.

11. Policy Administration

This policy is reviewed:

  • At least annually;
  • Following material changes;
  • Following eligible data breaches;
  • In response to legislative or regulatory changes.

Contact

PracticeProSolutions Pty Ltd

For privacy enquiries, requests, or complaints, please contact us through the contact details published on our website.