Protecting Patient and Clinical Data

Everything we do at PhysiPal starts with user data ownership, security and privacy

HIPAA Compliant
ISO27001 Compliant

Data Stored Nearby

Our data is securely stored in Azure and AWS data centers located in Melbourne and Sydney. All databases are encrypted both at rest and in transit using the Transport Layer Security (TLS) protocol. We employ 256-bit encryption, a robust standard adopted by leading organisations focused on privacy.

Our hosting partners are fully certified.

  • FIPS 140-2 (US Federal Information Processing Standard)
  • ISO 27001 (Information Security Management System)
  • PCI DSS Level 1 (Payment Card Industry Data Security Standard)

End to End Encrypted Calls

All video and audio calls utilise WebRTC and are end to end encrypted. Besides an initial handshake to establish communication all call data is peer to peer meaning no outside systems (including PhysiPal) have access to the call data unless one of the two connected parties records it themselves.

Sensitive Files are Obfuscated and Encrypted

For particularly sensitive files such as clinical reports we have SecBox which ensures files are not only encrypted at rest and transit but also obfuscated. Access to files requires a deliberate unlock action by an authenticated user which grants ephemeral access to the file. All SecBox file links are short lived making them useless for threat actors even in phishing scams outside PhysiPal.

Data is Physically Secure

All data is stored in secure data centers with guarded access with georedundancies to ensure high levels of data availability and security.

Self Hosted AI System

We guarantee no data is stored or used for training. Rather than relying on third party APIs we work directly with Microsoft to host our AI models domestically. As we manage the data ourselves we don't have to trust a third party is being responsible with your data. We also do not rely on georedundancy fallbacks, features or cost savings by running AI compute in certain countries to ensure maximum security and peace of mind, even at cost to our business operations.

Total Control - Your Right to be Forgotten

We believe our users own their data and as such have provided the ability for any account to delete all their data and related information in PhysiPal, permanently and irreversibly.