dociva-logoDociva

Security and Compliance

Dociva takes the privacy and security of personal and health information seriously. We use a combination of technical, organisational and administrative safeguards to help protect information submitted through our platform.

No online service can guarantee absolute security. However, we take reasonable steps to protect personal information, reduce security risks and maintain appropriate controls for the nature of the information we handle.

Our security practices are reviewed as our platform, services and regulatory obligations evolve.

Our Approach to Data Security

Dociva is designed with security, privacy and clinical responsibility in mind. We apply security controls across our website, application systems, internal staff tools and supporting infrastructure.

These controls are intended to help protect information from unauthorised access, misuse, loss, interference, modification or disclosure.

Access to sensitive systems is restricted to authorised personnel who require access for their role.

Key Security Measures

  • Secure connections: We use HTTPS and Transport Layer Security (TLS) to help protect information transmitted between your browser and our systems.
  • Access controls: Internal systems are protected using role-based access controls and authentication measures designed to limit access to authorised users.
  • Staff portal protections: Access to staff systems is restricted and protected using additional security controls appropriate for sensitive operational systems.
  • Audit and monitoring: We maintain system logging and monitoring to help identify unusual activity, investigate issues and support accountability.
  • Data protection: We use technical safeguards to help protect stored personal and health information.
  • Operational controls: We maintain internal processes for reviewing access, managing incidents and improving security practices over time.

Data Storage and Third-Party Providers

Dociva uses reputable technology and service providers to support secure delivery of our platform. Where practical, core application systems and health-related operational data are hosted using Australian infrastructure.

Some third-party services may process or store limited information outside Australia, depending on the service being used. This may include services such as payment processing, email delivery, analytics, communication tools, support tools or other operational providers.

We assess third-party providers based on their role, the type of information involved and the safeguards they make available. More information about how information may be handled is set out in our Privacy Policy.

Secure Communications

Dociva uses secure HTTPS connections to help protect information exchanged between users and our website.

Users should also take reasonable precautions when using online services, including using secure devices, avoiding shared or public devices where possible, protecting passwords and being careful when forwarding or storing documents.

Email and SMS communications may not always be fully secure, so users should take care when sharing or forwarding sensitive information.

Authentication and Access Management

Access to Dociva internal systems is restricted to authorised users. We use access controls designed to ensure staff and practitioners only access systems and information required for their role.

Access permissions may be reviewed, changed or removed where a user's role changes or access is no longer required.

Users are responsible for keeping their own login details, email accounts and devices secure.

Web Application Security

Dociva applies web application security practices to help reduce common risks such as unauthorised access, injection attacks, cross-site scripting, insecure configuration and abuse of public-facing services.

Security controls may include input validation, access controls, secure configuration, rate limiting, monitoring and regular review of application behaviour.

We continue to improve our systems as new risks, platform changes and service requirements emerge.

Infrastructure Safeguards

Dociva uses infrastructure safeguards designed to help protect platform availability, integrity and confidentiality.

These safeguards may include network protections, firewall rules, access restrictions, backups, monitoring, update management and controls intended to reduce the risk of unauthorised access or service disruption.

We do not publicly disclose detailed security configurations, as doing so may reduce the effectiveness of those protections.

Security Testing and Maintenance

We review and maintain our systems to help identify and address security issues. This may include software updates, vulnerability reviews, configuration checks, monitoring and other security improvement activities.

Where appropriate, Dociva may engage external providers or security specialists to assist with testing, review or remediation.

Security is an ongoing process, and we aim to improve our controls as the platform grows.

Privacy and Health Information

Dociva handles personal and health information in accordance with its Privacy Policy and applicable Australian privacy obligations.

Health information is sensitive. We take reasonable steps to limit access to authorised personnel and to use information only for appropriate purposes such as clinical review, service delivery, payment processing, support, audit, compliance and safety.

Users should not submit false, misleading or unnecessary information and should avoid sharing another person's health information unless they are authorised to do so.

My Health Record and Government Health Systems

Where Dociva accesses or integrates with government health systems, including My Health Record services where applicable, access is managed in accordance with relevant participation, security, access and compliance requirements.

Only authorised users may access such systems, and access must be for an appropriate healthcare-related purpose.

Dociva maintains policies and processes intended to support responsible access, user identification, auditability, training and compliance where those systems are used.

Authorisation and Training

Personnel who handle personal or health information are expected to follow Dociva policies and procedures relating to privacy, confidentiality, security and appropriate system use.

Access to sensitive information is limited based on role and operational need.

Training, guidance and internal processes may be updated as Dociva's services, systems and compliance obligations evolve.

Risk Management

Dociva treats security and privacy risk management as an ongoing responsibility.

We work to identify, assess and respond to risks that may affect the confidentiality, integrity or availability of our systems and the information we handle.

Risk controls may include technical safeguards, internal processes, staff guidance, access controls, monitoring, incident response processes and continuous improvement activities.

Incident Response

If a security or privacy incident occurs, Dociva will take steps to investigate, contain and respond to the issue as appropriate.

Where required by law, affected individuals, regulators or other relevant parties may be notified.

We may also take steps to improve systems, processes or controls following an incident.

User Responsibilities

Users also play an important role in protecting information. You should keep your email account secure, use strong passwords, protect your devices and avoid sharing certificates, prescriptions or health information unnecessarily.

If you believe your account, email address, device or Dociva-related information has been compromised, please contact us promptly.

Transparency and Security Requests

Dociva aims to be transparent about its security and privacy practices without disclosing sensitive technical details that may increase security risk.

Customers, partners or authorised stakeholders may request further information about Dociva's security and compliance approach. In some cases, additional information may only be provided after appropriate confidentiality arrangements are in place.

Contact and Support

If you have questions about Dociva's security, privacy or compliance practices, please contact us.

If your concern relates to your personal information, health information or a potential security issue, please include enough detail for our team to review and respond appropriately.