Q
Quicka Health
Healthcare-Grade Security

Security & Privacy

Patient data is sacred. Quicka Health is built with security and privacy at every layer — from encrypted storage to zero-retention AI pipelines — so you can focus on care, not compliance.

How We Protect Your Data

Enterprise-grade safeguards at every level of the stack, designed for healthcare from day one.

Encryption Everywhere

All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Encryption keys are managed through dedicated key management services and rotated regularly.

Zero-Retention AI Pipeline

Consultation audio is processed in real-time for transcription and is never permanently stored. AI providers receive no persistent access to your clinical data — nothing is used for model training.

Access Controls

Role-based access controls (RBAC) ensure that only authorised clinicians access patient data. Session tokens are short-lived and automatically expire. Multi-factor authentication is available for all accounts.

Audit Trail & Transparency

Every data access, modification, and administrative action is logged with timestamps, user identity, and action details. Audit logs are immutable and retained for compliance purposes.

Australian Data Residency

All patient data is stored in Australia. Data never leaves Australian jurisdiction unless explicitly configured by the customer. Our infrastructure is hosted in SOC 2 Type II certified data centres.

Incident Response

We maintain a documented incident response plan. In the event of a breach, affected parties are notified within 72 hours in accordance with the Notifiable Data Breaches scheme.

Tenant Isolation

Each clinic's data is logically isolated at the database level using row-level security policies. There is no cross-tenant data leakage by design.

BAA Available

We offer Business Associate Agreements (BAAs) for Enterprise customers and any organisation that requires one. Contact our team to initiate a BAA.

Data Handling Practices

Quicka Health processes sensitive clinical information with the highest standard of care. Our data handling practices include:

  • Minimum necessary principle: We only collect and process the minimum data required to deliver clinical documentation services.
  • Audio data: Consultation audio is processed in real-time for transcription and is never permanently stored. Only the generated transcript and clinical notes are retained.
  • No AI training on your data: Your clinical data is never used to train AI models. Our AI pipeline operates on a zero-retention basis.
  • Employee access: Access to production data is restricted to authorised personnel on a need-to-know basis, with all access logged and audited.

Compliance Standards

While headquartered in Australia and primarily governed by the Privacy Act 1988 (Cth), we design our systems to meet the expectations of:

  • APPs — Australian Privacy Principles
  • NDB — Notifiable Data Breaches scheme
  • HIPAA — U.S. Health Insurance Portability and Accountability Act
  • GDPR — EU General Data Protection Regulation (for applicable users)

Questions?

If you have questions about our security practices or need a BAA, please contact our team or email security@quicka.health.