Healthcare Innovation

Compliance for Australian Users: BastionGPT and the Australian Privacy Principles (APPs)

December 6, 2024
Edited By:
Josh Spencer
Compliance for Australian Users: BastionGPT and the Australian Privacy Principles (APPs)

BastionGPT (“we, “our”, or “us”) is a healthcare-specific AI service offered by FortaTech Security and designed with Australian privacy, security, and compliance at its core.  We protect your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This is an addendum to our BastionGPT Privacy Policy and Terms of Use.

Compliance with the 13 Australian Privacy Principles

1. Open and Transparent Management of Personal Information

We are transparent and open about how we manage your personal information. Our privacy policy outlines how we collect, manage, store, and disclose your data.

2. Anonymity and Pseudonymity

We allow users to interact anonymously or use pseudonyms wherever possible. We only collect the minimal information necessary to validate your identity to provide our services.  You can use whatever information you deem necessary and in alignment with your policies within the tools.

3. Collection of Solicited Personal Information

We gather only personal information that is necessary for us to provide services:

·      Contact details (name, e-mail address, phone number)

·      Personal information (company, title)

·      Payment information

·      Data from the use of our services

·      Any other information you provide directly to us

4. Dealing with Unsolicited Personal Information

If personal information is collected that we did not solicit in accordance with APP-3, we will destroy or de-identify it if it is lawful and reasonable to do so.

5. Notification of the Collection of Personal Information

When we collect personal information, we will take reasonable steps to notify you about:

·      Our identity and contact details.

·      The entities or types of entities with which we share information.

·      Information about how you can access and correct personal information.

6. Use or Disclosure of Personal Information

BastionGPT only uses or discloses customer data based on customer instructions or lawful requests. The use of personal information is strictly limited to providing the requested services, such as generating documentation or analysis. Your data is not used to improve AI models like ChatGPT and Claude.

We will only use or disclose personal information for the purpose it was collected or:

·      If you have consented to share the data.

·      You would reasonably expect us to disclose the information to provide our services.

·      As otherwise required by law.

7. Direct Marketing

BastionGPT only uses your information for direct marketing purposes if we collect the information from you and in relation to our services.  You may opt out of receiving direct marketing communications by contacting us directly or using the mechanisms in our communications.

8. Cross-border Disclosure of Personal Information

We adhere to requirements for data residency, security, transmission, and encryption. User data is stored in Australia for accounts registered in Australia. Regardless of data location, we adhere to stringent data protection standards to comply with cross-border privacy requirements.

9. Adoption, Use, or Disclosure of Government Identifiers

We do not identify you with government identifiers (such as Tax File Numbers) unless required or authorized by law.

10. Quality of Personal Information

We aim to maintain the quality of personal information through regular checks to ensure it is accurate, up-to-date, and complete.  If your information changes, you can update it directly or contact us for support to ensure accuracy.

11. Security of Personal Information

We use advanced encryption to protect personal information and restrict access based on the principle of least privilege. Our platform undergoes regular risk assessments, including third-party security reviews and penetration testing, to maintain high-security standards.  When your personal information is no longer required, we take reasonable steps to destroy or de-identify it unless legally required to retain it.

12. Access to Personal Information

You have the right to request your personal information at any time. Please contact our support team, and we will respond to your request within a reasonable timeframe. We will share the information per your request if it is reasonable and practicable to do so in accordance with the APPs.

13. Correction of Personal Information

If you believe any information is incorrect, you can modify your data to ensure it remains accurate and current. Our customer support team is available to assist you, further supporting the accuracy of the data. 

E-mail: [email protected]

Phone: +1 (214) 619-8696

Mailing Address: 11816 Inwood Rd #3181, Dallas, TX 75244

If you have any questions about adherence or specific legal requirements, you can reach out to our legal team at [email protected]

We are here to support your AI journey, and you can schedule time with us to discuss any questions you have around compliance with the APPs.

We are committed to resolving all complaints promptly. If you feel our response is inadequate, you can reach out to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: [email protected]

Get helpful business insights.

AI for Urgent Care and Walk-In Clinics: Documentation and Workflow Efficiency
Healthcare Innovation
AI for Urgent Care and Walk-In Clinics: Documentation and Workflow Efficiency
BastionGPT: The Safe, Compliant, and Credible AI Tool for Psychiatrists
Healthcare Innovation
BastionGPT: The Safe, Compliant, and Credible AI Tool for Psychiatrists

FAQs

Q1: Is AI documentation software HIPAA compliant for urgent care clinics?

Not all AI tools are. Consumer tools like ChatGPT and Google Gemini do not include a Business Associate Agreement and are not designed for use with protected health information. A HIPAA-compliant AI platform like BastionGPT is built specifically for healthcare settings, with a BAA included with every plan, AES-256 encryption at rest and in transit, and infrastructure hosted on HIPAA-compliant Microsoft Azure.

Q2: Can AI scribes be used in urgent care settings?

Yes. AI scribes are well-suited to urgent care because of the high visit volume and documentation pressure providers face. BastionGPT's AI Scribe captures audio from patient encounters and generates structured output including transcription, SOAP notes, DAP notes, and custom note formats. Multi-speaker recognition supports rooms where a patient, family member, and provider are all present.

Q3: What kinds of documents can AI help urgent care clinics generate?

Urgent care teams use AI to draft SOAP notes, procedure notes, discharge instructions, patient education materials, referral and consult letters, prior authorization requests, and internal operational templates like staff communications and clinic SOPs. Both clinical and administrative staff benefit.

Q4: Does AI for urgent care work with existing EMR systems like Epic or Cerner?

BastionGPT works alongside Epic, Cerner, Meditech, and other EMR systems without complex IT integration. Providers copy AI-generated documentation into their EMR or upload documents for analysis. There is no proprietary integration required, which makes adoption straightforward for urgent care clinics that cannot take on a long IT implementation.

Q5: How much does HIPAA-compliant AI cost for an urgent care clinic?

BastionGPT starts at $20/user/month for the Professional plan, which includes the core AI assistant, unlimited transcription, and a BAA. The Professional Plus plan at $45/user/month adds extended document capacity and multi-document reference. Urgent care groups with 100 or more users can contact BastionGPT for an Ultra plan quote, which includes SSO, custom branding, and dedicated account management. A 7-day free trial is available on all plans.