Medical Data Privacy

Why are privacy and confidentiality important?

Health professionals are ethically obligated to protect patient confidentiality. The Code of the Australian Medical Association (AMA) (Code of ethics revised 2016) provides that a health professional must ‘maintain the confidentiality of the patient’s personal information including their medical records, disclosing their information to others only with the patient’s express up-to-date consent or as required or authorized by law. This applies to both identified and de-identified patient data’.

The integrity of the health system relies on the protection of privacy and confidentiality because:

  • Patient autonomy requires that individuals be free to choose, except in certain limited circumstances, who accesses information about their health;

  • People may be reluctant to seek medical attention if they fear their information could be disclosed to others. This ‘chilling effect’ could have implications for the future prevention, treatment and study of medical conditions;

  • A health system with strong privacy mechanisms will promote public confidence in healthcare services; and

  • Disclosure that individuals have tested for, or are living with, HIV/AIDS or other STIs can invite social stigma and discrimination.

How is medical data kept safe?

When consumers lack trust in how their data is being used, they may be less likely to use digital services. At Gardian, we understand that security and privacy are of paramount importance to consumers and have ensured data is being protected and used in accordance with AMA Code of Ethics (2016).

We have made data protection and security a priority. All data is hosted by Google Cloud Services, a globally trusted cloud service, and only health authorities responsible for treating patients are allowed access to the data. 


In order to prevent cyber attacks, data is encrypted and can only be accessed by authorised roles and services with audited access to the encryption keys.

To learn more about how data is used, please refer to the Gardian Data Privacy Policy.