Privacy

About this notice

MedDocFlow is a clinical-document portal used by healthcare practices to route inbound documents into their Cliniko account. This notice explains what personal and health information passes through the service and how it is handled, consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

MedDocFlow handles this information on behalf of, and on the instructions of, the practice. Because it handles health information, MedDocFlow is also itself bound by the Privacy Act and the APPs as an APP entity— the small-business exemption does not apply to handlers of health information — so the protections below are our own obligations, not only the practice’s. The practice is the entity with the primary relationship to the patient; its own privacy policy governs the patient record overall. Patients with questions should contact their practice in the first instance.

Information we handle

• Health informationcontained in uploaded documents — for example referrals, results and letters — which may include a patient’s name, date of birth, referrer, clinical details and the document file itself.
• Account information for practice staff who use the portal, managed through Amazon Cognito (such as email address and role).
• Audit metadata about actions taken in the system. This log is kept free of patient identifiers (see Security and retention).

How information is collected

Health information is collected directly when an authorised staff member uploads a document to the portal. MedDocFlow does not crawl, purchase or otherwise acquire patient information from third parties.

Why we collect and use it

Information is collected for a single purpose (APP 3 and APP 6): to read an inbound clinical document, match it to the correct existing patient, let a reviewer confirm the details, and file it into the practice’s Cliniko account. Document content is processed by an AI vision model to extract and classify the relevant fields. Patient information is never used for advertising, marketing, profiling, or sold to any third party.

Automated processing and AI

MedDocFlow uses an AI vision model (run on Amazon Bedrock) to read each uploaded document and to extract and classify its contents — for example pulling out a patient’s name and date of birth, identifying the document as a referral, result or letter, and suggesting which existing patient it most likely belongs to.

No decision that significantly affects a patient is made by the model alone.A human reviewer checks every document and confirms the patient match before anything is written to Cliniko, so the AI assists a decision rather than making one. The personal information used by the model is the content of the uploaded document itself; its outputs are the extracted fields, the classification and ranked match suggestions. We do not use this information to build profiles of patients, and — because a model can misread a document — every extracted field is checked by a person before filing (APP 10 accuracy).

We provide this disclosure in line with the Australian Privacy Principles’ transparency requirements for automated decision-making (introduced by the Privacy and Other Legislation Amendment Act 2024 and commencing 10 December 2026) and the OAIC’s guidance on privacy and the use of commercially available AI products.

Disclosure

Document content is disclosed only to the practice’s own Cliniko account — the destination the practice has configured. The infrastructure providers that host the service (AWS, in the Sydney region) process data strictly to operate it. AI processing is performed within Australia under a contractual arrangement in which prompts and outputs are not retained by the model provider or used to train models.

Cross-border disclosure

MedDocFlow keeps patient information in Australia. Storage, processing and AI inference all take place in the AWS Sydney region (ap-southeast-2), with AI inference pinned to an Australia-only profile, and the service does not route patient data to overseas AI endpoints. Because patient data is not sent to any overseas recipient, there is no cross-border disclosure to manage under APP 8.

Security and retention

We hold information securely and for the shortest time practical (APP 11):

• Encryption in transit (TLS 1.2+) and at rest (AWS KMS, customer-managed keys).
• Mandatory multi-factor authentication and least-privilege roles for staff.
• Purge on success: once a document is verified as written to Cliniko, its extracted health information and stored file are deleted from MedDocFlow. Cliniko then holds the record.
• Documents that fail or are rejected are automatically removed after 30 days.
• The audit log records the acting user, timestamp, a content hash and Cliniko identifiers — but not patient names or dates of birth.

Access and correction

Because the patient record lives in the practice’s Cliniko account (and MedDocFlow purges its copy once filing succeeds), requests to access or correct patient information (APP 12 and APP 13) are handled by the practice through Cliniko. Practice staff seeking changes to their own portal account should contact their administrator.

Data breaches

MedDocFlow is built to support the practice’s obligations under the Notifiable Data Breaches scheme. The audit log and minimal data footprint are designed to help assess the scope of any incident quickly. A suspected eligible data breach is assessed promptly — within 30 days — and, where the serious-harm threshold is met, reported to affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

External requests and tracking

MedDocFlow does not use advertising or analytics trackers and does not set marketing cookies. Authentication uses a session cookie that is necessary for the portal to function. For transparency: the current interface loads its typefaces from Google Fonts, which causes the browser to make a request to a Google service; self-hosting these fonts to remove that external request is a planned hardening step.

Complaints and contact

Patients should raise privacy questions or complaints with their practice first. If a concern cannot be resolved, it can be referred to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Changes to this notice

We may update this notice as the service evolves — for example when new integrations are added. The “last reviewed” date at the top of this page reflects the most recent change.