Privacy Policy
We prioritise transparent data security.
We do not train our AI on patient data.

Table of Contents

1.We’re here to help.

You can contact us any time with any questions you have about our data security mechanisms. 

If you would like to:

  – Ask a question
  – Update your user information
  – Update or delete your Silknote account
  – Opt out of our newsletters 

Or anything else you can think of…
We’re only one click away.

Feel free to reach out via contact@silknote.com.au .

2. About Us

As part of our service, we provide the Silknote application (Platform) to healthcare professionals. 

The Platform streamlines healthcare workflow to improve care delivery including by:

We, our or us, meaning Silknote Health Pty Ltd (ACN 674 007 768)

‍Our services, meaning the provision of the Platform to you and related services that we provide.

You, meaning the reader of this policy.

Your information, meaning your personal information within the meaning of the Australian Privacy Act1998 (Cth) (Privacy Act)

Privacy laws, meaning all privacy and data protection laws that apply to us when we handle your information, including applicable health information laws, the Australian Privacy Principles and the Privacy Act.

3.Privacy

Privacy and Data Protection is at the heart of Silknote’s mission to deliver an exceptional service while respecting the confidentiality and integrity of our users’ information.

3.1 Privacy and Data Protection

We understand the sensitivity of the personal and medical data you entrust to us and are committed to protecting it with the highest standards of security and compliance.

3.2 We Value Privacy

This Privacy Policy applies to all personal information collected by us via the website located at www.silknote.com.au and app.silknote.com.au.

4 Information We Protect.

Certain types of information are protected by law and there are regulatory guidelines on the types of information that can be collected and how it can be used.

4.1 What is “personal information”?

The Privacy Act 1988 (Cth) currently defines “personal information” as information or an opinion about an identified individual or an individual who is reasonably identifiable: (i) whether the information or opinion is true or not; and (ii) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “personal information” and will not be subject to this privacy policy.

4.2 What is “sensitive information”?

Personal information can be collected without consent – unless it is sensitive information. The Privacy Act 1988 (Cth) currently defines “sensitive information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable regarding their: (i) Racial or ethnic origin; (ii) Political opinions; (iii) Membership of a political association; (iv) Religious beliefs or affiliations; (v) Philosophical beliefs (vi) Membership of a professional or trade association; (vii) Membership of a trade union; (viii) Sexual preferences or practices; or (ix) Criminal record. Sensitive information includes health information which is further legally regulated. Please note that in some cases sensitive information may only be collected with consent.

4.3 What is “health information”?

In the Australian Privacy Principles, “health information” is defined as information or an opinion about an identified individual or an individual who is reasonably identifiable including: (i) the health or a disability (at any time) of an individual); (ii) a health service provided, or to be provided, to an individual; (iii) other personal information collected to provide, or in providing, a health service; (iv) an individual’s expressed wishes about the future provision of health service; (v) other personal information about an individual collected in connection with the donation, or intended donation, by the individual of their body parts, organs or body substances; (vi) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual; (vii) other types of genetic information that are not health information; or (viii) any information that is classified as ‘sensitive information’ as outlined above.

5. Information We Collect

We may collect personal information from you whenever you input such information into our platform.

5.1 Other Collection Methods

We collect cookies from your computer which enable us to tell when you use the website and also to help customise your website experience.

5.2 Information Types

The kind of personal information that we collect from you will depend on how you use our platform. In line with the Australian Privacy Principles we endeavour to minimise the data we collect. The personal information which we collect and hold about you may include: (i) your name; (ii) contact details; (iii) occupation / field of practice; (iv) AHPRA registration number; and (v) workplace details (Name and type of workplace, contact details, location).

6. Data Protection

We use proven data encryption to protect your health records and your personal information.

6.1 Data Encryption

We store your patients’ health information temporarily under multiple levels of ‘strong encryption’.

6.2 Controlled Use

There are only two known circumstances where health information may leave the platform against a person’s wishes: (i) if your login details are compromised – it remains your responsibility to keep your own login details secure; and (ii) if we were compelled to modify the platform to do so by a valid court order.

6.3 Data Protection

Data exploit attempts are common despite the best efforts of security experts, governments, and law enforcement agencies worldwide. While we believe our encryption and other security measures will provide a high standard of protection, unknown circumstances could arise if previously unknown or novel security exploits were illegally used against the platform. Please refer to our Data Breach Policy.

6.4 Proven Security Protection

There is currently no known way to break the ‘strong encryption’ (AES256) that we use to store health data. It is a proven to work in healthcare, financial and defense industries. This means health information you input or generate is inaccessible to anyone except you while you are logged in. We may use other, proven, methods of encryption for data transfer and storage.

6.5 Where Data is Stored

All personal and health information is only stored within Australia with multiple levels of encryption and can never be viewed by anyone other than you or those to whom you allow access – other than the limited exception outlined above.

6.6 Artificial Intelligence Constraints

Due to the nature of processing data through AI and Large Language Models, information must be temporarily within an unencrypted state. This is true of all Large Language Models at present. We take multiple security measures to ensure that this state is cryptographically protected and never visible.

6.7 Data Collection and Use

We only collect information that is necessary to provide our services, including personal identification, health information, and usage data. As discussed above, this information is used to personalise your experience, improve our platform, and communicate effectively about your platform usage and the healthcare you provide, and to let you know if there are any changes to our services.

6.8 Data Security

Our platform employs state-of-the-art security measures, including encryption, firewalls, and ISO27001 secure server facilities, to protect your information from unauthorised access, disclosure, alteration, or destruction. We regularly update our security practices and invest in our infrastructure to defend against emerging threats.

7. User Rights

You have the right to access, correct, or delete your personal information at any time.

7.1 Privacy Tools

Silknote provides tools and settings to manage your data and privacy preferences, and we will also promptly inform you of any data breaches that may affect your personal information.

7.2 Consent and Control

Your privacy is respected at every level of our operations. We will not use or share your personal information without your explicit consent, except as required by law or to provide the services you have requested. Please be assured that we respect your control and you can change your consent at any time.

7.3 Transparency and Communication

At Silknote, we believe that transparency and open communication are foundational to building trust and accountability with our users. We are dedicated to being clear about our practices, policies, and the choices available to our users.

8. Our Policies

We commit to clearly communicating with you about any changes to our policies or practices and will aim to do so in clear and understandable language.

8.1 Change Notification

Prior to changes taking effect, we will notify you through our platform, email, or other direct communication methods, allowing you to review the changes and make informed decisions. Please periodically check to see if changes have been made as we may do so without notifying you.

8.2 User Feedback

We actively encourage and value feedback from our users as it plays a crucial role in our continuous improvement process. You can contact us through multiple channels provided on the Platform to share feedback, concerns or suggestions.

8.3 Transparency Reports

Silknote will publish annual transparency reports detailing any general and non-identifiable information about requests for user data by legal authorities, data breaches, and our responses to these events. It is our clear intention that these reports will affirm our commitment to user privacy and data protection.

9. Ethical Standards

Silknote is built on a foundation of integrity, respect for individual privacy, and the promotion of user welfare.

9.1 Our Ethical Commitments

Our commitment to ethical standards is unwavering, guiding our operations, our interactions with users, and our business practices.

9.2  Integrity in Operations

We conduct our business with the highest level of integrity, adhering to legal and ethical standards in all our operations. This includes compliance with applicable healthcare, privacy, and data protection laws and regulations.

9.3 Respect and Dignity

We treat all users with respect and dignity, recognising the importance of their data and the trust they place in us. That is why we aim to design our platform so it is inclusive, accessible, and free from discrimination.

9.4 User Welfare

Our primary concern is the welfare of our users. We strive to ensure that our platform not only meets their needs, but to also contribute positively to the health, safety, and privacy of our users and their patient.

10. Accountably 

We hold ourselves accountable for adhering to these ethical standards and we are committed to regular audits, user feedback, and continuous learning to uphold our ethical commitments.

10.1 Collection of Sensitive and Health Information

We collect sensitive and health information to allow temporary storage and retrieval where that is necessary for the effective delivery of healthcare services.

10.2 Access and correction

Australian Privacy Principle 12 permits you to obtain access to the personal information we hold about you in certain circumstances, and Australian Privacy Principle 13 allows you to correct any inaccurate personal information subject to certain exceptions. If you would like to obtain such access, please contact us. 

10.3 Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us as set out below. All complaints will be considered by Silknote Health Pty Ltd and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

10.4 Consultation

All complaints will be considered by Silknote Health Pty Ltd and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

10.5 Overseas transfer

Your personal information will not be disclosed to recipients outside Australia unless you expressly request us to do so. Please take care as if you request us to transfer your personal information to an overseas recipient, as any overseas recipient will not be required to comply with the Australian Privacy Principles. Where we act on your instructions we will not be liable for any mishandling of your information in those circumstances.

Data Security Policy

At Silknote, we recognise the critical importance of securely protecting your data. Our strong commitment to data security means we employ a multi-layered approach to safeguard your information against unauthorised access, disclosure, alteration, and destruction.

1. Security Measures

Our data security practices are designed to protect your personal and medical information and to ensure the confidentiality, integrity, and availability of your data.

1.1. Encryption Technology

Strong encryption technologies are used to protect data during transmission over the internet and while at rest.

1.2. Encryption Standards

This includes the use of SSL/TLS protocols for data in transit and advanced encryption standards (AES) for data at rest, ensuring that your information is accessible only to authorised personnel. We encrypt all health information that we store with AES-256, specific to the user. This means if our database were compromised, no decipherable health information can be derived from it. We further encrypt the database as a whole with AES-256 also. We only use proven encryption algorithms that have never been broken for both information transfer and storage.

1.3. Access Controls

Access to personal and sensitive information is strictly limited to authorised employees and partners who need to access the information to provide services.

1.4. Further Protective Measures

We enforce role-based access controls (RBAC), employing the principle of least privilege to minimise the risk of unauthorised access.

1.5. Secure Infrastructure

Our platform operates on secure, resilient infrastructure designed to withstand various threats and vulnerabilities. Firewalls, intrusion detection systems, and regular security scanning are used to protect our network and data storage.

1.6. Data Integrity and Availability

Robust data backup and recovery procedures are deployed to ensure the integrity and availability of your information.

1.7. Backups and Storage

This includes regular backups and redundant storage solutions to protect against data loss and ensure that our services remain available even in the face of hardware failures or natural disasters.

2. Security Practices

2.1. Regular Security Audits

Silknote conducts regular security audits and assessments to identify potential vulnerabilities within our system and processes. These audits help us to continuously improve our security posture and ensure compliance with industry standards and regulations.

2.2. Security Training

All employees and contractors receive comprehensive security training, focusing on the importance of data security, privacy protection, and responsible handling of user information. Ongoing training ensures that our team remains vigilant against new threats.

2.3. Incident Response

We have an established incident response plan to quickly address any security breaches or incidents. We are required by law to report any breaches of health data to both the Office of the Australian Information Commissioner (OAIC) as well as to the affected users. We adhere to guidelines laid out by the OAIC on necessary steps to respond to a data breach. This plan includes procedures for investigation, notification, and remediation to minimise the impact on our users and prevent future occurrences.

3. User Responsibilities

While we take extensive measures to protect your data, security is a shared responsibility. We encourage our users to:

  – Use strong, unique passwords for their accounts and enable two-factor authentication (2FA) if available.

  – Be cautious of phishing attempts and suspicious links or emails claiming to be from Silknote.

  – Keep their software and devices updated to protect against security vulnerabilities.

4. Reporting Security Concerns

We are committed to transparency and open communication regarding security. Please contact us immediately if you have any concerns about the security of your data or suspect a security vulnerability within our platform. We take all reports seriously and will promptly investigate and respond.