Lyrebird Health leads in medical privacy and security, employing a comprehensive privacy-first strategy to safeguard patient information in compliance with the highest standards outlined by Australian regulations.
Strict Adherence to Australian Privacy Principles
Lyrebird Health prides itself on full compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles, particularly APP 3 which is related to the collection of personal private information. We ensure that:
Data Sovereignty: All sensitive health information is processed and retained within Australia, ensuring complete data sovereignty and negating any risks associated with overseas data handling.
No Permanent Storage: Post-consultation, audio information is automatically destroyed.
Robust Encryption and Data Handling Standards
Our infrastructure is designed to offer maximum security:
Encryption Protocols: We employ bank-level 256-bit encryption for all data in transit and at rest, housed on Lyrebird Health’s Australian Amazon Web Services (AWS) infrastructure.
Controlled Access: Under stringent data processing agreements with AWS, access to stored information is tightly regulated, ensuring that no external parties, including AWS, can access or alter patient data.
Localised Data Processing
To further enhance security and compliance, Lyrebird Health maintains all data processing activities within Australian borders:
Real-Time Transcription: All audio from consultations is transcribed in real-time on Australian servers and not stored thereafter, maintaining the integrity and confidentiality of patient discussions.
AI & LLM Usage: All AI-driven processes and large language model computations are performed locally, with immediate deletion of data post-processing unless otherwise requested for retention by the healthcare provider.
Legal and Ethical Compliance
Lyrebird Health not only meets but exceeds regulatory standards:
MDO Approval: We are certified by Medical Defence Organisations (MDOs) for our compliance and safety measures.
TGA Compliance: While exempt from the Therapeutic Goods Administration (TGA) Software as a Medical Device regulation, we maintain rigorous standards to ensure non-reliance on software for clinical decisions.
Enhanced Access Controls and Data Retention Policies
Lyrebird Health implements strict access controls based on the principle of 'Least Privilege':
Access Management: Access to sensitive information is stringently controlled, ensuring it is only available to Lyrebird personnel who absolutely need it to perform their duties.
Data Retention: Our default policy involves storing information for no more than seven days, significantly reducing the risk of unauthorised access over time.
By integrating advanced technological safeguards with a strict adherence to regulatory standards, Lyrebird Health sets the benchmark for privacy and security in digital health consultations. Our protocols are meticulously crafted to prevent unauthorised access, ensure data integrity, and protect patient anonymity across all stages of the information lifecycle. At Lyrebird Health, we believe in maintaining the highest level of trust and safety in all our patient interactions.
If you wish to learn more about our privacy and security practices, please contact us.