Privacy Policy
[ LAST UPDATED · 4 JULY 2026 ]
Next Healthcare Pty Ltd (“Next Healthcare”, “we”, “us”) of 227 Abbotsford St, North Melbourne VIC 3051 provides teleradiology reporting services to registered dental and health practitioners in Australia. This policy explains what personal information we collect, why we collect it, how we hold it, and the choices available to you. We are bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and where applicable by state and territory health records legislation.
What we collect
We collect two categories of personal information:
- Practitioner account information. When a practitioner registers, we collect their name, practice name, email address, phone number, professional registration details and billing records associated with their use of the service.
- Patient health information. Practitioners upload imaging studies for reporting together with the patient details needed to report them safely: the patient’s name, date of birth, sex, relevant clinical notes and the imaging itself (for example OPG, ceph, intraoral or CBCT studies). This is health information and sensitive information under the Privacy Act, and we treat it accordingly.
Why we collect it
We collect, hold and use this information for one purpose: providing radiology reporting services. That includes receiving and storing uploaded studies, having them reported by radiologists, returning the report to the referring practitioner, communicating about a study, processing payment, and meeting our legal and professional record-keeping obligations. We do not sell personal information, and we do not use patient health information for marketing.
How we handle information — the APPs
We manage personal information in accordance with the Australian Privacy Principles. We collect only what is reasonably necessary to report a study, we collect patient information from the treating practitioner rather than from the patient directly (as permitted for health service provision), and we use and disclose it only for the purpose it was provided or as otherwise permitted by law — for example, disclosure to the reporting radiologist, or where required by a court or regulator.
Storage and security
All information is stored encrypted, in Australia. Imaging and documents are held in Amazon Web Services (AWS) infrastructure in the Sydney region; our application database is hosted with Neon in the Sydney region. Data is encrypted in transit and at rest, access is restricted to personnel who need it to deliver the service, and access is logged and auditable.
Overseas disclosure
With one exception, we do not disclose personal information overseas. The exception: where a practitioner chooses to dictate report-related notes by voice, the dictation audio may be processed by US-based transcription providers (OpenAI or AssemblyAI) under API terms that prohibit the provider from retaining the audio or using it to train their models. This applies to the practitioner’s dictation audio only — patient imaging and records are never sent offshore. This disclosure is made in accordance with APP 8.
Payments
Payments are processed by Stripe. Card details are provided directly to Stripe and never touch our servers; we hold only a payment reference and receipt data. Stripe handles card information under its own privacy policy and PCI-DSS obligations.
Retention
We retain imaging studies, reports and associated patient information for the periods required by Australian health record-keeping laws, and practitioner account and billing records as required by tax and corporations law. When information is no longer required, we destroy or de-identify it securely.
Access and correction
Practitioners can access and correct their account information at any time through the portal, or by contacting us. Patients seeking access to or correction of health information we hold about them may contact us directly or via their treating practitioner; we will respond within a reasonable period and in accordance with the APPs. There is no charge for making a request.
Complaints
If you believe we have mishandled your personal information, please contact us first using the details below — we take complaints seriously and will respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.
Contact
Privacy questions, requests and complaints: cassie@nexthc.com.au, or write to Next Healthcare Pty Ltd, 227 Abbotsford St, North Melbourne VIC 3051.
We may update this policy from time to time; the current version will always be published on this page with its last-updated date.