Privacy Policy

Context

ArgusConnect is the developer of Argus software, an email-based program that enables the secure transfer of encrypted clinical information between healthcare providers. The services provided by ArgusConnect include customer support, which involves the customary testing of messages sent/received by client practices to ensure that messages have been received by the recipient practice and that the data sent maintains its integrity during the encryption and decryption process. ArgusConnect acknowledges that patient personal information may be exposed to Argus staff during these processes.

Patient personal information is any information relating to a person's health or medical history, or demographic information.

ArgusConnect Staff Confidentiality Agreement

All ArgusConnect employees are required to enter into an agreement that binds them to confidentiality of any data, clinical or otherwise, or other information that may be exposed to them during the undertaking of their duties, that belongs to other persons or clients or agencies thereof which have or do not have agreements with the Company.

Access to Client Systems

ArgusConnect guarantees that only authorised personnel are permitted to access a client's system remotely to perform agreed installation, testing or troubleshooting duties and then:

• only with the express permission of the client to perform these duties at a predetermined date and time and only on that occasion; or
• only with the express permission of the client to perform these duties at times chosen by ArgusConnect authorised personnel such as after hours when it is not possible to perform the duties during normal business hours.

In so doing ArgusConnect authorised personnel will have access only to the client's system and will not access any patient or other clinical data that may reside within the client's system except with the express permission of the client and then must be dealt with as defined in ‘Purging of Patient Personal Information' below. When logged into a client site for the purpose of sending test messages from the client system, ArgusConnect staff will only access the client's ‘test patient' or other data file set up or made available by the client for testing purposes.

Purging of Patient Personal Information

ArgusConnect staff are required to ensure that no personal patient information should be kept on, used by or transferred from their personal computers or servers in the course of activities such as training, promotion or for any other purpose. There should be no time that any data relating to actual patients should be retained. If actual patient data should ever need to be used, it must be done under strict patient confidentiality protocols and either deleted or modified to disguise the patient name and other details so that no patient personal information can ever be recognized as belonging to an actual person.

ArgusConnect staff must ensure that any patient personal information captured is safely deleted by ArgusConnect as soon as testing is completed and not retained in any files owned by ArgusConnect or placed in any situation or location where the information can be exposed to the public or other individuals.

Hardware and Software Integrity

ArgusConnect staff are required to ensure that their personal computers and servers are equipped with adequate virus protection software that is capable of preventing outside sources from hacking into their systems, to ensure protection of any patient personal information that may reside in their systems at the time of installation, testing or troubleshooting. Additionally all ArgusConnect staff are required to ensure that operating systems on their personal computers and servers are upgraded as soon as updates are available.