Introduction
Smartconsult.app (the “Website”) is a website operated by SmartSphere ("we", "us","our"). We provide medical transcription, clinical documentation production and other AI-powered automated services to health care professionals via our SmartConsult app (the “Services”).
This Privacy Notice outlines how we manage the personal information we collect in connection with operation of theWebsite and provision of the Services. We treat all personal information with theutmost integrity and respect. We comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) to protect personal information.
We may update this Privacy Noticefrom time to time. We will notify you of any changes by uploading an updatedversion of the Privacy Notice to the Website
What personal information do we collect?
‘Personal information’ (also known as‘personal data’) is information that can be used alone or in combination withother information to personally identify an individual. We only collectpersonal information that is reasonably necessary for the operation of ourbusiness and the Website and provision of the Services.
We collect personal information from subscribers to our Services (“you”, “your”).
The kinds of personal information we may collect from you, or our prospective customers includes:
(a) your name, email address, practice address, phone number and provider number
(b) information about the Services you haveused or enquired about; and
(c) your opinion about us, the Website and the Services, if you respond to feedback questionnaires.
We do not collect or retain yourpayment card information. All payments are processed by our third-party paymentprocessor, Stripe, in accordance with Stripe’s own privacy notice, available ontheir website.
Medical Practice Information
In your use of the Services, you will provide us limited access to information related to your patients (“MedicalPractice Information”). As a Service provider to you, we hold and process the Medical Practice Information on your behalf, in accordance with your instructions, consistent with our terms of service with you.
Medical Practice Information may include personal information of your patients. You are responsible for maintaining your own compliant privacy notice governing the collection, use and disclosure of patient personal information and for obtaining the required authorisations and consents before any Medical Practice Information containing patient personal information is made available to us for provision of the Services.
(c) all methodologies and processes associated with the Services(“Intellectual Property Rights”)
We understand that Medical PracticeInformation includes sensitive health-related information of your patients. We have incorporated security measures and processes into our Services commensurate with the heightened sensitivity of such information, including:
(a) The SmartConsult app records and transcribes patient consultations using a voice-to-text (V2T) API and converts the transcription to a summary and/or clinical documentation, using a large-language model (LLM) API. MedicalPractice Information is encrypted in transit and at rest (using industry leading TLS 1.2 or higher).
(b) V2T and LLM servers are located withinAustralia. No Medical Practice Information is processed or stored outside ofAustralia.
(c) The SmartConsult app provides a live feed of the patient consultation summary on your PC or device, allowing you to correct errors in real time, helping you to ensure the accuracy of patient personal information and facilitating compliance with your own privacy obligations.
(d) The patient consultation recording, summary and clinical documentation are automatically deleted from servers after24 hours, allowing you a reasonable window to download the summary to the patient file. Alternatively, you may choose to have this information deleted immediately after you save it to the client file.
(e) You have the option to opt-in to our retention of de-identified information for the purpose of analytics and product improvement purposes.]
Further information for patients is provided at the end of this document.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. You can turn these off at any time through your own browser settings.
We use cookies to improve your experience on our Website, including:
(a) to understand how you use our Website; and
(b) provide you with targeted information that you may be interested in.
How do we collect your personal information?
Whenever it is reasonable and practicable to do so, we will collect your personal information directly from you.
We may collect personal information in ways including:
· through your access to and use of the Website via your browser’s cookies;
· through your access to and interactions on our social media accounts;
· when you make an enquiry, meet with us or enter into a contract with us;
· through your participation in feedback surveys or questionnaires; and
· through your communications with us including conversations, letters,emails or other methods of communication.
We may also receive your personal information from reputable lead generation providers.
What happens if we are not able to collect your personal information?
If you decide not to provide us withthe personal information described above, the following may happen:
· we may not be able to provide Services to you;
· we may not be able to provide you with information about the Services; and
How and why do we collect, store, use and disclose your personal information?
We collect, store, use and disclose your personal information for the following purposes:
· to administer our relationship with you, communicate with you, and do all other things reasonably required to provide you with the Services;
· to answer your enquiries and provide you with information and updates about the Services;
· to provide you with information and special offers on our products and services we think you might like;
· to enforce our policies and terms of use;
· to improve the Services and make beneficial content available to our clients;
· to investigate fraud;
· to assess the performance of the Website and make improvements to it;
· for security and risk management purposes;
· for business planning and quality control;
· to process and respond to any requestor complaint made by you;
· to update our records; and
· to comply with any applicable law, rule, or regulation.
Who do we disclose your personal information to?
We may disclose your personal information for the purposes described in this Privacy Notice to:
· consultants, agents or contractors acting on our behalf;
· parties to whom we have outsourced various functions, including contractors and services providers for the purposes of operating the Website and our business, IT systems administrators, providers of software applications, WHS consultants, insurance brokers, insurers, bookkeepers, and professional advisors such as lawyers, accountants and business advisors;
· regulatory authorities or government agencies, including local councils, where required by law; and
· the general-public if you agree to a published testimonial.
If all or part of our business is sold to or merged with a third party, we may transfer any personal information we hold about you to that third party. We may also disclose personal information to prospective purchasers on a confidential basis.
Where we disclose any personal information to a third party, we request that those parties do not use the information for their own purposes and comply with this Privacy Notice.
Do we disclose your personal information outside Australia?
We store your personal information within Australia. Some software applications we use may store personal information on servers located outside of Australia, in jurisdictions that may not have equivalent levels of data protection as Australia. We will take steps to ensure your personal information receives an adequate level of protection in the jurisdictions in which we process it.
Direct marketing communications
We may send you direct marketing communications consisting of information about the Website or the Services that we think may be of interest to you. These communications may be sent by email or post in accordance with the Spam Act 2003 (Cth). We only do this when you consent to being contacted in this way.
How do we keep personal information secure?
We use reasonable technical and organisational security safeguards to protect your personal information against unauthorised access, use, disclosure, loss, modification, or destruction. Our staff are required to maintain the confidentiality of the personal information we hold.
How long do we retain your personal information?
We will keep your personal information for the minimum period necessary for the purposes set out in this Privacy Notice, namely:
· for as long as you are a user or supplier of our Services, or we reasonably believe you may require our Services again in the future;
· for as long as is reasonably necessary for business purposes related to provision of ourServices, such as internal financial accounting and reporting purposes; and
· for as long as is reasonably necessary for the lawful purposes set out in this PrivacyNotice.
Once the above mentioned periods have concluded, we will permanently delete, destroy or de-identify your personal information.
Third party links
The Website may contain links towebsites operated by third parties. We are not responsible for the privacypractices or the content of any third-party websites. The privacy policies ofthose websites may differ from this Privacy Notice.
How can you access and correct your personal information?
You may request access to or correction of the personal information we hold about you by contacting us using the contact details provided below.
Where we hold information that you are entitled to access, we will provide a suitable means for you to access it, such as by emailing or mailing it to you. We may charge you our reasonable fees for providing the information to you.
There may be instances where we cannot provide you with access to your personal information. For example, we may need to refuse access where giving access would breach the privacy of another individual or would result in a breach of confidentiality. If that happens, wewill give you written reasons for the refusal.
If you believe your personal information is incorrect, incomplete or inaccurate, you may request that we amend it. We will consider whether the information requires amendment. In some cases, we may not agree that there are grounds for amending your personal information. If that happens, we will add a note to your personal information stating that you disagree with it.
Contact us at: hello@smartconsult.app
Attention: Privacy Officer
How can you make a complaint?
You can make a complaint about the way we have handled your personal information by contacting us using the details provided above.
You can report a complaint to theOffice of the Australian Information Commissioner at: https://www.oaic.gov.au/privacy/privacy-complaints/
Further information for patients
We process personal information of patients for the purpose of providing our Services to practitioners(transcribing and summarising of consultations and production of clinical documents). The types of patient personal information that may be included in the Medical Practice Information inputted to our app by a practitioner may include medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors. The personal information is not collected from any source other than the practitioner’s use of the app and is temporarily stored on servers located inAustralia. Patient information is never transferred outside of Australia. After transcribing and summarising the information for the practitioner and producing clinical documents requested by the practitioner (with the assistance of our third-party vendors), all patient personal information is destroyed by us and is retained only by the practitioner. De-identified and aggregated information may be retained for statistical, research and Service improvement purposes. An individual may request access and/or correction to their personal information held by us. We will comply with such requests if the information has not already been destroyed. After that time, access and correction requests should be made to the practitioner. Individuals are entitled to make complaints to theOAIC as provided above.
