Are you confident you know where your data is?

By Mark Pirotta | Sep 09, 2015

Looking deeper... Have you considered *where* your data is stored in the cloud?

Demand for patient and practice management solutions are on the rise and cloud enabled technology is making it easier for applications to be developed. As a result, the market is seeing a number of new local and overseas practice management solutions enter the market. As a participant and supporter of health-tech innovation I can say this an exciting time, however there are some risks which health providers may not be aware of.

Considerations when choosing a practice management solution

When looking for a cloud patient and practice management solution (PMS) there are obvious considerations, such as:

  • Price;
  • Features;
  • Where the company is based; and
  • What country they cater for – as healthcare needs are different in every country…

But have you considered… Where is your data stored?

Data hosted in Australia vs United States

If your cloud PMS vendor hosts their data in the United States, your data falls under the jurisdiction of The Patriot Act 2001 (“The Patriot Act”). First passed in 2001 as a reaction to the terrorism threat, The Patriot Act expands the United States’ Government’s warrant-less surveillance power to:

  • Look at records on an individual’s activity being held by third parties;
  • Search private property without notice to the owner;
  • Collect foreign intelligence information; and, among many other things,
  • Collect information about the origin and destination of communication

Therefore, the risk of using a PMS hosted in the US is that your allowing the US Government full access to your patient information. What could potentially be worse, is that if the government deems your cloud PMS or any of its customers to be involved in terrorist related activities, it has the right to “search and seize” the data and/ or infrastructure.

The Safe Harbor Privacy Principles

You may see some cloud PMS’s who host their data in the United States stating that they or hosts participate with Safe Harbor Privacy Principles (“Safe Harbor”). As a bit of background, Safe Harbor was brought into existence as a reaction from the public to The Patriot Act. It’s a self certified opt-in set of principles designed to prevent accidental information disclosure or less. There is no external governance in place for those who self certify which means anyone can claim to be Safe Harbor compliant. Safe Harbor only covers personal information captured from EU/EEA and Switzerland so therefore does not protect data captured from within Australia.

Your data is safer in Australia

There are no explicit laws stating that cloud PMS vendors are required to host their data in Australia should Australian health practitioners be using their software. Its at the discretion of the cloud PMS vendor. The easiest way to ensure that your data and sensitive patient information is safe from warrant-less surveillance and potential seizure is to ensure your cloud PMS hosts their data within Australia.

If your cloud PMS hosts their data outside of Australia then questions may arise concerning the jurisdiction over the information and PMS provider’s obligations to meet the Australia Privacy Act 1988 (“Privacy Act”). For now, The Patriot Act doesn’t have any jurisdiction over data hosted in Australia.

The good news is coreplus host all their data and backups in Australia, and we make efforts to ensure that no sensitive information makes its way outside Australia.  We comply with the Australian Privacy Act and have a myriad of accredited security accreditations.

Learn more about coreplus data security.

When deciding what cloud PMS to choose, it would be wise to ask where their data and backups are located. If you are already using a cloud PMS which doesn’t host in Australia, it’s not too late to switch over to one who does.

Links to references:

Recent Stories


Transform your audiology practice with coreplus’ NEW Hearing Services Program integration

Welcome to the future of audiology practice management! coreplus is excited to introduce our latest… Read More

By Diana Younan | Dec 05, 2023


Extend the impact of your therapy sessions with the help of Theratrak, our newest Add On partner

Did you know that research suggests that the minute a patient walks out the door,… Read More

By Enzemam Moeen | Aug 17, 2022


How to Improve Success of Telehealth for Clients and Clinics

Clinics and clients both stand to benefit from telehealth services, but only when done correctly…. Read More

By Diana Younan | May 30, 2022

Subscribe to a weekly dose of coreplus news