Data Security – 2021

Data security is at the centre of what we do. We take privacy very seriously, and use high level data security protocols. We adhere to the Australian Privacy Principles and GDPR.  The Secured Data transmitted between NovoPsych and the end user is protected using 256bit encryption with SSL certificates issued monthly. While using NovoPsych, browsers will indicate that you are using a SSL certificate keeping online interactions private.  For example, Chrome displays a green padlock in your internet browser which means data sent to you is safe.

Some users choose to also enter ID numbers instead of the client’s full name so that no identifiable information is stored in NovoPsych.

Australian Compliance

The Australian Privacy Act 1988 and Australian Privacy Principles govern the standards and obligations to Australian organisations, including the following: 

  • the collection, use and disclosure of personal information
  • an organisation or agency’s governance and accountability
  • integrity and correction of personal information
  • the rights of individuals to access their personal information

NovoPsych is compliant with these regulations and takes great care to protect the privacy of our user’s information. We do not disclose any identifiable information to any third parties. Below are some of the processes that we have implemented to protect your security.

  • The infrastructure we use complies with the Commonwealth Government standards governing the security of IT systems and infrastructure.
  • The data centre is an enterprise grade data centre with world-leading Class 1IDC infrastructure. This is the same data centre used and approved by the Department of Health and Ageing.
  • Data is fully monitored with 24×7 security guards onsite and premises under constant CCTV surveillance.
  • To comply with Australian Laws, all data, backups and offsite backups are stored within Australia.
  • The data you enter in NovoPsych is replicated among several database servers, as well as backed up off-site to prevent a single failure from causing data loss.
  • The multiple redundant VMware platform utilised offers, load balanced ESX servers to maximise performance and availability which has a minimalistic chance of unavailability

European Compliance (GDPR)

The European General Data Protection Regulation (GDPR) sets out clear standards for data protection, which NovoPsych meets or surpasses. In 2018 NovoPsych reviewed our security to ensure we met GDPR standards, including:

  • documented a privacy by design approach to compliance
  • demonstrated compliance with privacy principles
  • enhanced transparent information handling practices

Australian and GDPR requirements are complimentary. Both sets of laws foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected. Both laws require businesses to implement measures that ensure compliance with a set of privacy principles, and both take a privacy by design approach to compliance. Data breach notification is required in certain circumstances under the GDPR and under the Privacy Act (from February 2018). In addition, privacy impact assessments, mandated in certain circumstances under the GDPR, are expected in similar circumstances in Australia. 

Although not a requirement of GDPR, large organisations in Europe with internal governance guidelines may opt for servers to be located within their own country, which can be accommodated by NovoPsych under the Enterprise Plan. 

United States regulations (HIPPA Compliance)

NovoPsych has not undertaken the audit process to document compliance with HIPPA regulations given that we have chosen not to operate in the United States.