How it works
Sign Up
Sign in

Privacy Policy

Air Health Group Privacy Policy

Air Health Group Pty Ltd ACN 637 287 560 and its related entities (Air Health, we, us) understand the importance of, and are committed to, protecting privacy. We comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), which regulate how we may collect, use and disclose personal information.

About Our Service

Air Health operates a business-to-business (B2B) secure communications platform, including secure email and data transfer services, designed for healthcare providers (the AirHealth Platform). Our services enable healthcare practices and providers to securely transmit patient records, clinical documents and other sensitive health information to other healthcare providers or directly to patients.

Air Health does not provide healthcare services and does not have a direct relationship with patients. We provide technology infrastructure that enables our business clients (healthcare practices and providers) to communicate securely.

Who does this Privacy Policy apply to?

This Privacy Policy applies to:

Business Clients: Healthcare practices, providers and organisations that subscribe to and use the AirHealth Platform.

Authorised Users: Individuals (such as practice staff, healthcare professionals and administrators) who are authorised by a Business Client to access and use the AirHealth Platform.

Recipients: Healthcare providers or patients who receive documents or communications transmitted through the AirHealth Platform.

If you do not agree with the practices described in this Privacy Policy, please do not provide us with your personal information or use the AirHealth Platform.

Our Role: Data Processor

When handling patient health information transmitted through our platform, Air Health acts as a data processor. This means we process personal and health information on behalf of, and under the instructions of, our Business Clients (who are the data controllers). Our Business Clients determine why and how patient information is collected and are responsible for obtaining any necessary patient consents.

Air Health does not collect patient information directly from patients. Any patient information we hold has been provided to us by our Business Clients for the purpose of secure transmission and temporary storage.

What information do we collect?

Information about Business Clients and Authorised Users

We collect personal information directly from our Business Clients and Authorised Users, including: business name, ABN and contact details; names, email addresses and phone numbers of Authorised Users; login credentials and account information; billing and payment information; AHPRA registration details (where applicable); and records of communications with us.

Patient Health Information

Through the operation of our platform, we may hold patient health information that our Business Clients transmit or store using our services. This may include: patient names and contact details; medical records, clinical notes and treatment plans; diagnostic reports, imaging and test results; referral letters and specialist correspondence; Medicare numbers and private health fund details; and any other health information our Business Clients choose to transmit.

Important: We do not access, review or use patient health information for any purpose other than providing our secure transmission and storage services, unless required by law or with explicit authorisation from the relevant Business Client.

Technical and Usage Information

We automatically collect certain technical information when you use our platform, including: IP addresses and device information; browser type and settings; access dates, times and duration; usage logs and activity records; and system-generated metadata.

How do we use information?

Business Client and Authorised User Information

We use information about our Business Clients and Authorised Users to: provide, maintain and improve our services; process payments and manage accounts; communicate about service updates, security matters and support; comply with legal and regulatory obligations; detect and prevent fraud, security incidents and misuse; and enforce our terms of service.

Patient Health Information

We only process patient health information for the following limited purposes: facilitating secure transmission between authorised parties; temporary storage within our platform as directed by Business Clients; maintaining audit trails and access logs for security and compliance; and complying with legal obligations, including responding to lawful requests from authorities.

We do not use patient health information for marketing, analytics, research or any secondary purpose. We do not sell, rent or trade patient health information to any third party.

Data Retention

Business Client and Authorised User information is retained for the duration of the service relationship and for a reasonable period thereafter to comply with legal obligations and resolve any disputes.

Patient health information transmitted through our platform is retained in accordance with the settings and instructions of the relevant Business Client. Business Clients can configure retention periods within the platform. Upon request from a Business Client, or upon termination of services, patient data will be securely deleted in accordance with our data destruction procedures.

Security of Information

Air Health is committed to protecting the information we hold. We implement industry-standard security measures including: encryption of data in transit and at rest; secure data centres located in Australia; access controls and authentication requirements; regular security assessments and penetration testing; audit logging of all system access and activities; staff training on privacy and security obligations; and incident response and data breach procedures.

While we take all reasonable steps to protect information, no system is completely secure. We cannot guarantee the absolute security of information transmitted through the internet or stored electronically.

Disclosure of Information

We may disclose information in the following circumstances:

As directed by Business Clients: Patient health information is disclosed to recipients as directed by the transmitting Business Client (e.g., to another healthcare provider or to a patient).

Service Providers: We engage trusted third-party service providers to assist in operating our platform, including cloud hosting providers, security services and technical support. These providers are contractually bound to protect information and only process it as instructed by us.

Legal Requirements: We may disclose information where required by law, regulation or court order, or to respond to lawful requests from government authorities.

Safety and Security: We may disclose information where necessary to protect the safety of any person or to investigate suspected fraud, security incidents or violations of our terms.

Subprocessors and Overseas Disclosure

We use third-party service providers (subprocessors) to help deliver our services. Our primary hosting infrastructure is located in Australia. However, some subprocessors may store or process data in servers located outside Australia.

By using our services, Business Clients acknowledge that data may be transferred to and processed by subprocessors in accordance with our agreements with those providers. We ensure all subprocessors are bound by appropriate contractual terms and maintain security standards consistent with Australian privacy requirements.

A list of our current subprocessors is available on request.

Data Breach Notification

Air Health has procedures in place to detect, investigate and respond to data breaches. In the event of an eligible data breach involving patient health information, we will:

Notify the affected Business Client(s) as soon as practicable, provide information to assist the Business Client in meeting their own notification obligations, cooperate with any investigation by the Office of the Australian Information Commissioner (OAIC), and where required, notify the OAIC directly in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

Business Client Obligations

Our Business Clients are responsible for: ensuring they have appropriate legal authority and patient consent to collect and transmit patient health information using our services; complying with all applicable privacy laws and professional obligations; ensuring Authorised Users are appropriately trained and authorised; maintaining the confidentiality of login credentials; and notifying us promptly of any suspected security incidents or unauthorised access.

Patient Rights and Enquiries

As Air Health does not have a direct relationship with patients, any patient enquiries regarding access to, correction of, or complaints about their health information should be directed to the relevant healthcare provider (our Business Client) who transmitted or holds that information.

If a patient contacts us directly, we will direct them to the appropriate Business Client or assist where reasonably practicable and permitted by law.

Accessing and Correcting Information

Business Clients and Authorised Users may request access to or correction of their personal information held by us by contacting our Privacy Officer. We will respond to such requests within a reasonable time.

If we refuse a request for access or correction, we will provide written reasons for the refusal and information about how to complain.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified to Business Clients via email or through our platform. The updated policy will be posted on our website with the date of the update shown. Continued use of our services after changes are notified constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns or complaints about this Privacy Policy or how we handle personal information, please contact our Privacy Officer:

Air Health Group Pty Ltd

Address: PO Box 462 Fortitude Valley QLD 4006

Email: [email protected]

We take all complaints seriously and will respond within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner

Address: GPO Box 5218, Sydney NSW 2001

Telephone: 1300 363 992

Website: www.oaic.gov.au

Last updated: 03/02/2026