Data Security
Data security is at the centre of what we do. We take privacy very seriously, and use high level data security protocols. We adhere to the Australian Privacy Principles and GDPR. The Secured Data transmitted between NovoPsych and the end user is protected using 256bit encryption with SSL certificates issued monthly. While using NovoPsych, browsers will indicate that you are using a SSL certificate keeping online interactions private. For example, Chrome displays a green padlock in your internet browser which means data sent to you is safe.
Some users choose to also enter ID numbers instead of the client’s full name so that no identifiable information is stored in NovoPsych.
Australian Compliance
The Australian Privacy Act 1988 and Australian Privacy Principles govern the standards and obligations to Australian organisations, including the following:
- the collection, use and disclosure of personal information
- an organisation or agency’s governance and accountability
- integrity and correction of personal information
- the rights of individuals to access their personal information
- The infrastructure we use complies with the Commonwealth Government standards governing the security of IT systems and infrastructure.
- The data centre is an enterprise grade data centre with world-leading Class 1IDC infrastructure. This is the same data centre used and approved by the Department of Health and Ageing.
- Data is fully monitored with 24×7 security guards onsite and premises under constant CCTV surveillance.
- To comply with Australian Laws, all data, backups and offsite backups are stored within Australia.
- The data you enter in NovoPsych is replicated among several database servers, as well as backed up off-site to prevent a single failure from causing data loss.
- The multiple redundant VMware platform utilised offers, load balanced ESX servers to maximise performance and availability which has a minimalistic chance of unavailability
European Compliance (GDPR)
The European General Data Protection Regulation (GDPR) sets out clear standards for data protection, which NovoPsych meets or surpasses. In 2018 NovoPsych reviewed our security to ensure we met GDPR standards, including:
- documented a privacy by design approach to compliance
- demonstrated compliance with privacy principles
- enhanced transparent information handling practices
United States regulations (HIPPA Compliance)
NovoPsych has not undertaken the audit process to document compliance with HIPPA regulations given that we have chosen not to operate in the United States.