How does Healthi keep my health records secure?

The protection and security of your personal information is something we take very seriously. We are committed to keeping your personal information secure. We take robust precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a secure application.

Your personal information is transmitted from the My Health Record system directly to Healthi over the internet, not via any server operated by Chamonix Health. The information is protected while in transit using TLS 1.2, a protocol approved by the Australian Government for protecting sensitive information in transit over public networks.

Chamonix Health employees do not have access to the personal information in your My Health Record. Any information that you directly provide to us via the support centre is protected by a robust system of policies, firewalls and access controls.

We monitor the usage of Healthi through anonymous Microsoft analytics to detect suspicious or inappropriate behaviour.

How does Healthi protect the information that it stores?

When you first launch Healthi on your device you will choose a secret PIN code. Healthi uses your PIN code to derive an encryption key for storing other information inside the app. The PIN code itself is not stored. The key derivation is performed using Password-Based Key Derivation Function 2 (PBKDF2).

If you consent to allow Healthi to access the My Health Record system in your name, the My Health Record system will provide a secret access token to Healthi. This access token is included in each request that Healthi makes to access the My Health Record, allowing the system to identify you and present the records that you are authorised to view. Healthi stores the access token in the system KeyChain on Apple devices, and in a Keystore in the secure storage area on Android devices, encrypted with the key derived from your PIN. This encryption is performed using 256-bit AES, an algorithm approved by the Australian Government for protecting sensitive information. This ensures the token can only be used after entering your PIN code.

Healthi does not retain any information from the health records that it presents for you to view. The healthcare information is temporarily stored in your device memory while you are viewing it, and immediately removed when you close Healthi or switch to another app. If you switch to another app and come back to Healthi you will need to re-enter your PIN code and choose the record again.