100% compliant with the Australian Privacy Principles (APP) and NDIS Quality and Safeguards Commission.
To ensure Repnotes's integration with Cliniko and Nookal complies with the Australian Privacy Principles (APP) and NDIS Quality and Safeguards Commission requirements, we enforce the following strict protocols:
Security of Personal Information: We rigorously validate that the caller is authorized to view or manipulate data for a specific clinic. A malicious user cannot pass another clinic's ID and access or overwrite their data. We use strict server-side Role-Based Access Control (RBAC) for total security.
Collection and Use of Personal Information: The NDIS places a heavy emphasis on participant
consent. Repnotes explicitly requires a boolean consentToShare flag to be granted by the patient
before any clinical data (like treatment notes) is transferred to an external system.
Destruction of Data: NDIS guidelines mandate retaining adult clinical records for 7 years (and until age 25 for minors). Repnotes acts as an automated data conduit. Your PMS (Cliniko or Nookal) serves as the permanent Electronic Health Record (EHR). As long as data is successfully synced to your PMS, you remain fully compliant.
Strict Agreements: Your data is never shared with third parties or advertisers unless explicitly required by law. We enforce strict agreements governing how your information is protected at all times.
Google Secret Manager: We proudly utilize Google Cloud Secret Manager to securely encrypt your clinic's API keys at rest. This state-of-the-art, enterprise-grade encryption ensures your sensitive integration credentials remain completely locked down and protected against unauthorized access.
No Payment Data Needed: No payment details are ever stored on Repnotes servers. All subscriptions are processed using manual billing.
Right to Erasure: If you choose to remove your clinic's account, or if it remains inactive for over a year, all associated account data and configurations will be completely and securely deleted from our systems.
Privacy Officer: We believe in absolute transparency. If you have any concerns regarding data collection, storage, or security practices, you can contact our dedicated Privacy Officer ( admin+privacy@kinetec.com.au ) for clear answers and rapid resolution.
Repnotes provides practitioners with the means to create NDIS compliant notes by capturing the following data:
