‍

Security & Compliance

1. Data Sovereignty

We understand that health data is sensitive. CastHealth is built on a sovereign-first model. All patient and clinic data is hosted on secure, enterprise-grade servers located physically within Australia. This ensures full compliance with the Australian Privacy Principles (APP) regarding data storage and cross-border disclosure.

2. Encryption Standards

Your data is protected at every stage:

• In Transit: All information sent between your clinic and our servers is encrypted using TLS 1.2+ (Transport Layer Security).
• At Rest: Data stored in our database is encrypted using AES-256, the same standard used by major Australian banks and government agencies.

3. The "Minimal Data" Principle

To reduce your clinic's risk, CastHealth operates on a Minimum Necessary Data model. We do not ingest or store full clinical records, medical histories, or sensitive diagnosis notes. We only process the essential contact information required to automate the patient's referral journey.

4. Access Control & Identity

We follow the Australian Cyber Security Centre’s (ACSC) Essential Eight guidelines for access management:

• MFA (Multi-Factor Authentication): We support MFA to ensure that only authorised clinic staff can access the dashboard.
• Role-Based Access: Permissions are strictly controlled, ensuring staff only see the information required for their specific role.

5. Continuous Monitoring

CastHealth is built with "Secure-by-Design" principles. We perform regular vulnerability scans and maintain tamper-evident audit trails, so you always know who accessed what data and when.

‍