Data Security & Compliance Stance
At Care GP, safeguarding patient information and upholding trust is at the core of everything we do. We’ve built our platform from the ground up with strict healthcare data security, privacy, and compliance in mind—meeting and exceeding industry standards.
Certified to Meet Industry Standards
We hold CyberCert Gold Certification, which independently validates that our systems and controls meet advanced security, risk management, and operational resilience benchmarks.
As a certified member of the Best Practice Partner Network, we’ve passed rigorous compliance reviews, including:
As a certified member of the Best Practice Partner Network, we’ve passed rigorous compliance reviews, including:
- Independent penetration testing to assess system resilience
- Privacy and data handling audits aligned with Australian Privacy Principles
- Infrastructure and access control assessments
- Verified disaster recovery and data logging protocols
We’re also in the process of becoming ISO 27001 compliant, further strengthening our approach to information security and governance. This step reflects our commitment to continuous improvement and tighter controls across all levels of our business.
Data Residency & Hosting
All data is securely hosted in Australia. We use localised cloud infrastructure to ensure compliance with Australian data sovereignty laws and to align with Best Practice’s storage requirements. This ensures patient data remains within Australian borders—secure, protected, and under local jurisdiction.
Encryption & Access Controls
End-to-End Encryption: All data is encrypted both in transit and at rest using industry-standard protocols such as TLS.
Multi-Factor Authentication (MFA): Required for all users, MFA provides added protection by reducing risk in case of compromised credentials.
Multi-Factor Authentication (MFA): Required for all users, MFA provides added protection by reducing risk in case of compromised credentials.
Data Storage & Deletion Policy
We take a conservative and secure approach to data storage. By default, all uploaded and stored files are encrypted and automatically deleted after 12 months.
We also understand that every clinic has different preferences. If you'd like to shorten your data retention period, we’re happy to work with you to align with your policies and adjust accordingly. You remain in control of your data lifecycle.
We also understand that every clinic has different preferences. If you'd like to shorten your data retention period, we’re happy to work with you to align with your policies and adjust accordingly. You remain in control of your data lifecycle.
.svg)
Let’s Connect
Ready to simplify your clinic’s workflow?
Discover how much time and money you can save with Care GP. Whether you’re just curious or ready to dive in — we’ve got you covered.
Hi, I'm Trevor! I'll take care of all your medical document needs
.png)