Technical information relating to the data recording at Voix – summary after reviewing the specifications of the products employed at our clinic.
The transcribing tools employ a multi-faceted approach to data security, integrating stringent data handling protocols, advanced encryption methods, and robust access controls. The information flow protocols are designed to prevent unauthorised access, uphold patient anonymity, and securely dispose of sensitive data.
Local Transcription
The transcription process –converting speech into text – is performed exclusively within Australia. This localisation policy is critical to our data security framework. By confining transcription activities within our national boundaries, we effectively eliminate the risks of international data transfers. This procedure ensures compliance with domestic data protection laws and reinforces our commitment to patient privacy.
Immediate Audio File Destruction
The original audio files are quickly deleted after the Voix health practitioner creates the summary post-transcription. Our policy (at Voix) is to complete such records as soon as possible after seeing the patient – on the same day. This protocol drastically minimises the window of vulnerability that unauthorised entities could otherwise exploit. By doing so, sensitive data does not linger unnecessarily in the storage systems, significantly reducing the potential for unintended data breaches. This process is akin to maintaining a lean data footprint, whereby we handle only the necessary data and dispose of it securely and promptly.
Encryption Protocols
Robust encryption protocols act as an additional layer of security for patient data. This method transforms the information into an unreadable format, decipherable only by authorised entities possessing the correct 'key.' Thus, during data transit - when data is being moved from one place to another - and data at rest - when stored on the provider’s servers - your information remains secure and inaccessible to potentially malicious actors.
Redaction Algorithm
Commitment to privacy is further exemplified by using a specialised redaction algorithm. This algorithm scans the transcriptions identifies and removes any sensitive identifiable information before sending these documents to the underlying AI model. By ensuring that our AI only processes non-identifiable health information, we maintain a strict separation between personal data and medical information, preserving patient anonymity.
Access Controls
There is a need-to-know principle regarding data access. Strict access control measures ensure that only the concerned clinician can access the patient data. This further limit potential data exposure points, enhancing the overall security of your personal health information.
Data Retention Policy
The data retention policy complements our other security measures, balancing clinician access needs and patient privacy. By default, all patient notes are deleted from our servers after 24 hours. However, if clinicians require extended access, they can keep the data for 14 days (at Voix, we will NOT use this feature; the records will be deleted within 24 hours). Beyond this period, the data is irretrievably erased, helping to limit the accumulation of patient information on our servers.
