5. Data Security and Privacy

Client privacy is critical. It is the responsibility of PHNs, service providers, and the department to ensure client information is managed appropriately and in accordance with respective obligations under legislation and the Australian Privacy Principles. Personal information of clients, and the results of their measures will be sent only to their health care provider. All entered data are communicated and stored in compliance with Australian privacy and data security legislation. This includes encrypting all information in transit and ensuring that only appropriate and approved people have access to that information.

The collection of client measures through the OMSSS as implemented by the PMHC MDS complies with the Commonwealth Privacy Act 1988 and the Australian Privacy Principles. Organisations utilising the OMSSS API to collect measures directly are responsible for ensuring appropriate privacy requirements are complied with.

Information is stored in OMSSS only while it is in use and for a limited time. Collection data can only be submitted up to 7 days after the record has been created and after a collection has been submitted. The results are only stored for a maximum of 7 days. All data except logs are automatically deleted after a period of 7 days, and can also be deleted earlier at the request of the integrator. Results pertaining to deleted data will be inaccessible after deletion, and the retained logs do not contain any personally identifying information.

For more about client consent and privacy, please visit https://pmhc-mds.com/resources/ and https://docs.omsss.online/en/latest/data-security-privacy.html